Four IPv6 Addresses

When working with IPv6 addresses for your host, you should be familiar with four different types:

  • DHCPv6
  • Autoconfigured Addresses (SLAAC)
    • Stable
      • EUI64
      • stable-privacy
    • Privacy temporary addresses

Quick review: an IPv6 address will have a 64 bit prefix portion, specifying the network (e.g., 2001:470:b:449) and a 64 bit suffix portion, specifying the host (e.g., 1e6f:65ff:feac:7d41).

(I skipped over static addresses as that is boring.)

DHCPv6 is listed first simply because it is the least interesting of those listed. This is the traditional way to receive an IP address, where a DHCP server on your network just picks one for you. I don’t like this approach — why depend on a DHCP server when we have IPv6 autoconfiguration? The only advantage I see is that DHCP servers I work with usually pick a shorter, easier to remember suffix, if you happen to want to memorize it. E.g., I received 2001:470:b:449::2d3, where ::2d3 is the suffix.

Stable SLAAC addresses are auto-configured, but according to a deterministic algorithm, such that you can rely on your IP address being the same every time. This is important if running a server, or for some firewall rules. The EUI64 algorithm generates this IP address by joining your network prefix to a modified form of the MAC address for your network interface. Since your MAC address is usually hardcoded into the hardware, you can rely on that not changing (often) and also figure it out in advance if you need to do so. E.g, my MAC address is 1c:6f:65:ac:7d:41, on network 2001:470:b:449, so my EUI64 address is 2001:470:b:449:1e6f:65ff:feac:7d41. ♬ here’s my number, so ping me maybe

Stable EUI64 addresses are a problem if you need privacy, because your IP suffix will remain the same on every ethernet or Wi-Fi network you visit, making it rather easy to track you. If you set your host’s network connection to use privacy temporary addresses (this might be the default) your system will generate a new IP address for you periodically, with a random suffix, and use one of these when you make a new connection.

There is also available a compromise between EUI64 and privacy temporary addresses, called stable-privacy. This generates an IP address for you deterministically based on some information on your system and some information in your network environment. Consequently, you get a different IP address for each network you visit, but it is the same address always paired to each network. Part of the formula involves a secret key on your host, so in principle the process can’t be fully reversed. So, basically, you get to be a different person on each network, but they recognize you when you come back.

In Gnome desktop (my version at least) you don’t get very much control of these options from the GUI widget. In my experience it is better to learn how to use the nmcli(1) command-line tool to control Network Manager directly.

2 thoughts on “Four IPv6 Addresses”

  1. ♬ here’s my number, so ping me maybe ♫ — HAHAHAHA! Love it.
    But seriously, if your on board NIC dies and you change the motherboard, then your mac address changes, so what to do to keep your server address?

    Like

  2. Well, you can always either (1) manually set your MAC address to match the old one or (2) manual set your IP to match the old one. Personally, though, I’d just update DNS to match the new MAC address.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s