Thursday, March 3, 2016

routing - ipv6: Explanation of prefixpolicies table



I am trying to understand the prefixpolicies.
Could somebody explain to me what the table from netsh interface ipv6 show prefixpolicies means on windows?



Precedence  Label  Prefix
---------- ----- --------------------------------
50 0 ::1/128
40 1 ::/0
35 4 ::ffff:0:0/96

30 2 2002::/16
5 5 2001::/32
3 13 fc00::/7
1 11 fec0::/10
1 12 3ffe::/16
1 3 ::/96


Above is an example from my laptop. I know that the leftmost column means priority. The higher it is, the more likely that it will be used. I guess the label is just for identifying the different rules.
But why are these specific rules there? I understand that the rule labeled 3 is representing the range the ipv4 addresses cover and I assume that this is rated lowest because then, windows will prefer any available ipv6 connection over its ipv4 counterpart.

And the rule labeled 0 is probably the loopback address.



What are the other rules there for? Why do the addresses starting with 2002 and 2001:0000 have less priority than basically every other address? (Comparing the priority of rules 1, 2, 5)



Edit:
::ffff:0:0/96 regards the IPv4-mapped IPv6 addresses as described here




IPv4 address embedding is used to create a relationship between an
IPv4 address and an IPv6 address to aid in the transition from IPv4 to

IPv6. One type, the IPv4-compatible IPv6 address, is used for devices
that are compatible with both IPv4 and IPv6; it begins with 96 zero
bits. The other, the IPv4-mapped address, is used for mapping IPv4
devices that are not compatible with IPv6 into the IPv6 address space;
it begins with 80 zeroes followed by 16 ones.




So that means my windows prefers mapped IPv4 connections over the real IPv4 addresses. Not sure why, just adding this for completeness.


Answer



2002::/16 is a specific prefix used for 6to4 translations. It can be used to tunnel IPv6 through IPv4.




2001::/32 is reserved for Teredo, another IPv6 tunneling mechanism.



Both of these should have a low priority, since they should only be used if no native IPv6 is available.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...