IPv6 Interface Identifiers
A version of this page is also available for
4/8/2010
The last 64 bits of an IPv6 address are the interface identifier that is unique to the 64-bit prefix of the IPv6 address. The following table shows the ways in which an interface identifier can be determined.
Method of determination | Description |
---|---|
Derived from the Extended Unique Identifier (EUI)-64 address |
All unicast addresses that use format prefixes 001 through 111 must also use a 64-bit interface identifier that is derived from the EUI-64 address. This is stated in RFC 2373. For more information, see one of the sections shown in the following list:
|
Randomly generated and changed over time |
To provide a level of anonymity, the identifier can be randomly generated, and changed over time. This is described in RFC 3041. |
EUI-64 address-based interface identifiers
The 64-bit EUI-64 address is defined by the Institute of Electrical and Electronic Engineers (IEEE). EUI-64 addresses are either assigned to a network adapter or derived from IEEE 802 addresses.
IEEE 802 addresses
Traditional interface identifiers for network adapters use a 48-bit address called an IEEE 802 address. The following table shows the identifiers that make up the address.
Identifier | Description |
---|---|
Company ID |
24-bit ID uniquely assigned to each manufacturer of network adapters. This is also known as the manufacturer ID. |
Extension ID |
24-bit uniquely assigned to each network adapter at the time of assembly. This is also known as the board ID. |
The combination of the company ID and the board ID produces the IEEE 802 address, which is a globally unique 48-bit address called the physical, hardware, or media access control (MAC) address. The following illustration shows the identifiers in the IEEE 802 address.
The following table shows the defined bits in the IEEE 802 address.
Bit | Description |
---|---|
Universal/Local (U/L) |
The U/L bit is the seventh bit of the first byte and is used to determine whether the address is universally or locally administered.
|
Individual/Group (I/G) |
The I/G bit is the low order bit of the first byte and is used to determine whether the address is an individual address (unicast) or a group address (multicast).
|
For a typical 802.x network adapter address, both U/L and I/G bits are set to 0, corresponding to a universally administered, unicast MAC address.
IEEE EUI-64 addresses
The IEEE EUI-64 address represents a new standard for network interface addressing. The company ID is 24-bits in length, the same as the IEEE 802 address. However, the extension ID is 40 bits, creating a much larger address space for a network adapter manufacturer. The following illustration shows the identifiers in the EUI-64 address.
The EUI-64 address uses the U/L and I/G bits in the same way as the IEEE 802 address. For more information, see the table for the IEEE 802 address.
Mapping IEEE 802 addresses to EUI-64 addresses
To create an EUI-64 address from an IEEE 802 address, 16 bits of 11111111 11111110 (0xFFFE) are inserted into the IEEE 802 address between the company ID and the extension ID. The following illustration shows this change.
Mapping EUI-64 addresses to IPv6 interface identifiers
An IPv6 unicast address requires a 64-bit interface identifier. To obtain this identifier, the U/L bit in the EUI-64 address is complemented. If it is a 1, it is set to 0; and if it is a 0, it is set to 1. The I/G bit is not changed. The following illustration shows the conversion for a universally administered, unicast EUI-64 address.
Mapping IEEE 802 addresses to IPv6 interface identifiers
To obtain an IPv6 interface identifier from an IEEE 802 address, you must first map the IEEE 802 address to an EUI-64 address, and then complement the U/L bit as described in the previous sections. The following illustration shows the conversion process for a universally administered, unicast IEEE 802 address.
IEEE 802 address conversion example
In this example, Host A has an IEEE 802 address (Ethernet MAC) of 00-AA-00-3F-2A-1C. The following steps occur when converting this address to IPv6:
To convert the MAC address to EUI-64 format, FF-FE is inserted between the third and fourth bytes. This yields 00-AA-00-FF-FE-3F-2A-1C.
The U/L bit, which is the seventh bit in the first byte, is complemented. The first byte in binary form is 00000000. When the seventh bit is complemented, it becomes 00000010 (0x02).
Note
When complementing the U/L bit, perform the following steps:
- If the EUI-64 address is universally administered, add 0x2 to the first byte.
- If the EUI-64 address is locally administered, subtract 0x2 from the first byte.
The result, 02-AA-00-FF-FE-3F-2A-1C, is converted to colon-hexadecimal notation, yielding the interface identifier 2AA:FF:FE3F:2A1C.
Thus, in this example, the link-local address that corresponds to the network adapter with the MAC address of 00-AA-00-3F-2A-1C is FE80::2AA:FF:FE3F:2A1C.
Randomly generated interface identifiers
Because IPv6 address identifiers remain static, for security reasons, a method is required to provide temporary addresses. The IPv6 protocol for Windows Mobile Version 5.0 and later creates temporary addresses for global address prefixes by default.
In the IPv4-based Internet it is difficult to track a user's traffic on the basis of IP address. A typical user connects to an Internet service provider (ISP) and then obtains an IPv4 address by using the Point-to-Point Protocol (PPP) and the Internet Protocol Control Protocol (IPCP). Each time the user connects to the Internet, a different IPv4 address might be obtained, making it difficult to track their usage.
For IPv6-based dial-up connections, after the connection is made through router discovery and stateless address autoconfiguration, the user is assigned a 64-bit prefix. If the interface identifier is based on a EUI-64 address derived from the static IEEE 802 address, the traffic of a specific node can be identified regardless of the prefix. This makes it easy to track a specific user and their use of the Internet. To address this concern and provide a level of anonymity, an alternative IPv6 interface identifier can be randomly generated and changed over time. This method is described in RFC 3041.
The following list shows how the initial interface identifier is generated by using random numbers:
- For IPv6 systems that cannot store historical information for generating future interface identifier values, a new random interface identifier is generated each time the IPv6 protocol is initialized.
- For IPv6 systems that have storage capabilities, a history value is stored. When the IPv6 protocol is initialized, a new interface identifier is created through the following process:
- Retrieve the history value from storage and append the interface identifier based on the EUI-64 address of the adapter.
- Compute the Message Digest-5 (MD5) one-way encryption hash over the quantity in step a.
- Save the last 64 bits of the MD5 hash computed in step b as the history value for the next interface identifier computation.
- Take the first 64 bits of the MD5 hash computed in Step b and set the seventh bit to zero. The seventh bit corresponds to the U/L bit which, when set to 0, indicates a locally administered interface identifier. The result is the interface identifier.
The IPv6 address based on this random interface identifier is known as a temporary address. Temporary addresses are generated for public address prefixes that use stateless address autoconfiguration.
Temporary addresses are used for the lower of the valid and preferred lifetimes values shown in the following table.
Lifetime | Values |
---|---|
Valid |
Local default value = 1 week. Lifetime = Prefix Information option in the received Router Advertisement message. |
Preferred |
Local default value of and 1 day. Lifetime = Prefix Information option in the received Router Advertisement message. |
After the valid lifetime of temporary address expires, a new interface identifier and temporary address are generated. For information about valid and preferred lifetime, see IPv6 Address Autoconfiguration.