The loopback IP address in IPv6 format is:
0000:0000: 0000:0000: 0000:0000: 0000:0001
which is shortened to:
0:0: 0:0: 0:0: 0:1
which is then shortened to (keep last 2 words, ie. 4 bytes, to match IPv4):
:0:1 (But I still don't know why it's double colons instead of single colon before 1, maybe for implying that there are 4 bytes here)
and simplified as:
::1
Expand ::1 into IPv4 format, it is:
0.0.0.1
But this is not the same as 127.0.0.1, where's the number 127?
First, :0:1 is not a valid IPv6 address. I'll explain why:
IPv6 address are 128 bit addresses written as eight hexadecimal parts separated by colons. Because this can be quite tedious to write, and because many IPv6 address (like 0:0:0:0:0:0:0:1) contain many parts that are zero, it's allowed to replace one sequence of zeroes with two colons. The full address is still the same. It's just easier to write :: than 0:0:0:etc.
IPv4 and IPv6 are two different protocols. You cannot compare the IPv4 loopback address 127.0.0.1 with the IPv6 loopback address ::1. They are completely unrelated. Both of them just happen to end with the same digit.
Related
Can someone explain exactly how CIDR blocks work and how it translates into 0.0.0.0/32 for example? Please use laymen’s terms or perhaps even an analogy to something not network related. Can’t seems to find an explanation that clicks with me. Thanks!!
Classless Inter-Domain Routing (CIDR) blocks are for specifying a range to IP addresses in format of IPv4 or IPv6. For the sake of simplicity I will explain rest of this in format of IPv4 however it is applicable to IPv6.
General format for CIDR Blocks: x.y.z.t/p
x, y, z and t are numbers from 0 to 255. Basically, each represents an 8 bit binary number. That's why it is range is up to 255. Combination of this numbers becomes an IPv4 IP address that must be unique to be able to identify a specific instance.
In case of AWS, p is a number from 16 to 28. It represents the number of bits that are inherited from given IP address. For example: 10.0.0.0/16 represents an IP address in following format: 10.0.x.y where x and y are any number from 0 to 255. So, actually it represents a range of IP addresses, starting from 10.0.0.0 to 10.0.255.255.
However for each CIDR block, AWS prohibits 5 possible IP addresses. Those are the first 4 available addresses and the last available address. In this case:
10.0.0.0: Network address
10.0.0.1: Reserved for VPC router
10.0.0.2: DNS server
10.0.0.3: Reserved for future use
10.0.255.255: Network broadcast
See here for official doc.
Actually this is one of the main reasons why AWS permits numeric value of p up to /28. Because for p=30, there will be 4 available values however AWS needs 5 IP address to use. In my opinion for p=29, they might found it inefficient to occupy 5 addresses to provide 3 possible IP address.
Number of possible IP addresses can be calculated by using this formula:
NumberOfPossibleIPs = 2^(32-p) - 5
Classless Inter-Domain Routing (CIDR) block basically is a method for allocating IP addresses and IP routing. When you create a network or route table, you need to specify what range are you working in. "0.0.0.0" means that it will match to any IP address. Some IP addresses are specific, like 10.0.0.0, which will match to any IP address beginning with 10. With any IP address range, you can be more specific by using a suffix(something like /32 from your example). These allow the notation to specify number of bits to be used from Prefix(actual IP-range like 10.0.0.0). It represents the bit length of the subnet mask, as indicated above. The subnet mask is like masking when painting. You place a mask over what you DO NOT want to paint on.
For example, 10.10.0.0/16 will have 256 * 256 IP address in its range.
NOTE: Some of the IP address in a range are reserved for various purposes. According to AWS VPC documentation, following are the reserved IP addresses.
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS. The IP address of the DNS server is always the base of the VPC network range plus two; however, we also reserve the base of each subnet range plus two. For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR. For more information, see Amazon DNS Server.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.
Hope this helps!
All of the above answers are great, but are missing something pretty important for the people who don't understand addressing.
IP addresses are literally just a string of binary, broken up into 4 "octets". Each octet is a 2^8 block; 00000000. So to a machine, an IP address looks like this (with (.) added for human-ness):
00000000(.)00000000(.)00000000(.)00000000
When we're talking about the "mask" on the IP address, it means "the bits that don't change". The /8 or /255.0.0.0 on the end of the block signifies the number of bits that are not allowed to be used by this network.
So, lets say we have a CIDR block of 10.0.0.0/8 - this can also be written in the format 10.0.0.0/255.0.0.0, and you may in fact see this for of notation in older versions of linux. You will also note that 255 is the decimal representation of the binary string 11111111 - 8 binary "ones". So what the machine sees is the following:
Net: 00001010(.)00000000(.)00000000(.)00000000
Mask: 11111111(.)00000000(.)00000000(.)00000000
The part of the mask with 0's is usable address space within the network.
So the following example addresses are valid in this network, because on the 0 parts of the masked range are changing:
00001010(.)00000001(.)00110000(.)00111000
00001010(.)00110001(.)00110100(.)00111001
When we say "cidr block" we simply mean "the human-readable shorthand way of expressing binary strings understood by a machine". In the above example, the first octet can be expressed as 10, and the latter octets 0. And the Mask can be expressed as 255 and the latter octets of 0, or; because the mask is always a sequence of 1's, then a sequence of 0's, the length of the 1's, i.e. 8
And as such, we get a cidr of 10.0.0.0/255.0.0.0, or 10.0.0.0/8
A few more examples:
-- 172.1.1.0/24
net: 10101100.00000001.00000001.00000000
mask: 11111111.11111111.11111111.00000000
^ 24 bits for the mask ^ 8 bits of usable space
-- 10.10.10.8/29
net: 00001010.00001010.00001010.00001000
mask: 11111111.11111111.11111111.11111000
^ 29 bits for the mask. ^ 3 bits of usable space
Importantly though, this is only one aspect of networking. Usually a couple of these are reserved for things. See other answers for AWS specific things. In their examples, the "first 4" ip addresses reserved for AWS will be the first 4 usable addresses, which would be
...00 - Network address
...01 - Router
...10 - DNS
...11 - Futureproofing
Currenly I have a c function that takes a ip address and subnetmask and checks if given ipv4 is private/public.
It does by following logic to matchsubnet:
(local ipv4 address && local subnetmask) == (given ipv4 && given subnetmask)
What logic can be written for ipv6? I can write a function to receive an ip and subnet prefix. Can i get local subnet prefix?
I order to determine if two hosts are on the same subnet take both their addresses and prefix lengths (subnet masks).
If the prefix lengths are different then they are not on the same network.
If the prefix lengths are the same then take the length ( very probably 64, so let's assume that) and compare the first 64 bits of both addresses with each other. If they are the same then they are both on the same network.
It is basically the same as you do for IPv4 with making the bits that don't being to the prefix. With 128 addresses it might be easier though to implement it as a loop comparing 4 bits at a time (comparing the hexadecimal notation) or 8 bits at a time (comparing the parsed bytes).
Supposing two IPv6 addresses ip1 (abc::1/64), ip2 (abc::2/64) are given, what's the algorithm to determine if they're part of the same subnet or not?
For IPv4, each octet in one address is masked with the subnet octet and the result compared with the result of a similar exercise for the second address. Could we do a similar thing for the each hextet in the IPv6 address?
Also, in IPv6, is a prefix length /64 equivalent to 'ffff:ffff:ffff:ffff::'? How is the netmask represented in IPv6 address format?
Thanks!
Supposing two IPv6 addresses ip1 (abc::1/64), ip2 (abc::2/64) are
given, what's the algorithm to determine if they're part of the same
subnet or not?
They are on the same subnet if the first 64 bits are equal. These are the first four 'blocks' in the address. If you write the full addresses they become 0abc:0000:0000:0000:0000:0000:0000:0001 and 0abc:0000:0000:0000:0000:0000:0000:0002. The first 64 bits (the 0abc:0000:0000:0000: part) is equal, so they are on the same subnet.
For IPv4, each octet in one address is masked with the subnet octet
and the result compared with the result of a similar exercise for the
second address. Could we do a similar thing for the each hextet in the
IPv6 address?
Actually, you mask the bits, not the octet. But you can still use the same technique. Convert the address to bits and mask it with a bit sequence corresponding to the prefix length. So a /64 would be 64 bits with value 1 followed by 64 bits with value 0. For a /48 it would be 48 bits with value 1 followed by 80 bits with value 0.
Also, in IPv6, is a prefix length /64 equivalent to
'ffff:ffff:ffff:ffff::'? How is the netmask represented in IPv6
address format?
Usually you don't, but 'ffff:ffff:ffff:ffff::' corresponds to a /64 netmask.
IPv4 netmasks are a bit bogus because it allows people to specify masks like 255.0.0.255. IPv6 clarifies this by defining the term "prefix length" as the length of contiguous bits in the netmask.
255.0.0.0 ≡ ff00:: ≡ 8-bit prefix
255.255.0.0 ≡ ffff:: ≡ 16-bit prefix
255.255.192.0 ≡ ffff:C000:: ≡ 18-bit prefix
If you have two addresses, IP#1 and IP#2 and a netmask NETMASK then to test if the two addresses in the same network then the following must be true:
IP#1 & NETMASK == IP#2 & NETMASK
This extends true for both IPv4 and IPv6, so all that is necessary is to convert IPv6 prefix lengths into a netmask that is easier to use in the test.
the standard Radix Tree (Trie) (Patricia ) implementation of the Route look up is available for IPv6 .
Netmask is represented as follows :
when we describe an IPv4 IP and network, we use a netmask to define the network. IPv6 has decided, rather than use the old 255.255.255.0 notation, that it's better just to use /# notation. So our netmask would be 128 to describe something similar to /32 (255.255.255.255) or one host. Note that expr 16 \* 8 gives us 128." [1]
[1] http://www.linux-sxs.org/networking/ipv6_for_beginners.html
[2] http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/
Just as we have rules governing the validity of an IPv4 netmask, does IPv6 have its own set of rules to qualify a netmask?
Thanks!
What is your use case? Normally in IPv6 your addresses will be auto-generated from a /64 prefix your router provides.
You don't usually see a netmask written out in IPv6. Usually you will see a prefix length. For example:
2001:db8:0:160::/64
would have a netmask of
ffff:ffff:ffff:ffff::
But you would only ever see the former.
Technically the better answer may be that with IPv6 you no longer have a netmask. With IPv6 you have a "prefix length" which you can interpret as the number of 1 bits in an equivalent netmask.
Taking the concept of "prefix length" you no longer have to have "netmask rules", although there pretty much is only one: the netmask should consist of only left aligned contiguous 1 bits.
Conventional IPv4 dotted quad notation separates the address from the port with a colon, as in this example of a webserver on the loopback interface:
127.0.0.1:80
but with IPv6 notation the address itself can contain colons. For example, this is the short form of the loopback address:
::1
How are ports (or their functional equivalent) expressed in a textual representation of an IPv6 address/port endpoint?
They work almost the same as today. However, be sure you include [] around your IP.
For example : http://[1fff:0:a88:85a3::ac1f]:8001/index.html
Wikipedia has a pretty good article about IPv6: http://en.wikipedia.org/wiki/IPv6#Addressing
The protocols used in IPv6 are the same as the protocols in IPv4. The only thing that changed between the two versions is the addressing scheme, DHCP [DHCPv6] and ICMP [ICMPv6]. So basically, anything TCP/UDP related, including the port range (0-65535) remains unchanged.
Edit: Port 0 is a reserved port in TCP but it does exist. See RFC793
Wikipedia points out that the syntax of an IPv6 address includes colons and has a short form preventing fixed-length parsing, and therefore you have to delimit the address portion with []. This completely avoids the odd parsing errors.
(Taken from an edit Peter Wone made to the original question.)
They're the same, aren't they? Now I'm losing confidence in myself but I really thought IPv6 was just an addressing change. TCP and UDP are still addressed as they are under IPv4.
I'm pretty certain that ports only have a part in tcp and udp. So it's exactly the same even if you use a new IP protocol
I would say the best reference is Format for Literal IPv6 Addresses in URL's where usage of [] is defined.
Also, if it is for programming and code, specifically Java, I would suggest this readsClass for Inet6Address java/net/URL definition where usage of Inet4 address in Inet6 connotation and other cases are presented in details. For my case, IPv4-mapped address Of the form::ffff:w.x.y.z, for IPv6 address is used to represent an IPv4 address also solved my problem. It allows the native program to use the same address data structure and also the same socket when communicating with both IPv4 and IPv6 nodes. This is the case on Amazon cloud Linux boxes default setup.