This chapter covers IPv6 basics as required for the CompTIA A+ 220-1101 exam, specifically under Networking Objective 2.1 (explain common networking concepts). IPv6 is essential because the world has run out of IPv4 addresses, and modern operating systems, routers, and cloud services all support IPv6. Expect 2-4 questions on the exam related to IPv6 addressing, configuration, and comparison with IPv4.
Jump to a section
Imagine the internet as a global postal system. IPv4 is like an old system where each address is a 32-digit postal code, giving only about 4.3 billion unique addresses—but we have billions of devices, so we run out. To cope, we use NAT (Network Address Translation), which is like a single office building with one public mailing address but hundreds of internal offices with internal extensions. When an employee sends a letter, the receptionist replaces the internal extension with the building's address and logs which extension sent it. Replies come to the building, and the receptionist looks up the log to deliver the letter to the correct extension. This works but is inefficient, breaks end-to-end connectivity, and requires complex logging. IPv6 is like switching to a new system where every office in the world gets a unique 128-bit postal code—so many that we never run out. Now, each device has its own globally unique address, no NAT needed. Letters go directly from sender to receiver without a receptionist rewriting addresses. The new addresses are written in hexadecimal (like '2001:db8::1') instead of decimal dots, and the format uses colons to group digits. It's like writing a postal code as a long string of letters and numbers but with shortcuts: leading zeros can be omitted, and one sequence of zero groups can be replaced with '::'. This makes addresses shorter and easier to type. The system also includes built-in security (IPsec) and autoconfiguration (SLAAC), so devices can assign themselves addresses without a DHCP server—like letting each office choose its own unique extension from a pool of available numbers. Overall, IPv6 restores the original internet vision of every device having a unique, reachable address, simplifying routing and enabling new services.
What is IPv6 and Why Does It Exist?
IPv6 (Internet Protocol version 6) is the successor to IPv4, defined in RFC 2460. The primary driver for IPv6 is the exhaustion of IPv4 address space. IPv4 uses 32-bit addresses, providing approximately 4.3 billion unique addresses. The internet has far more than 4.3 billion devices, so we have been using NAT (Network Address Translation) to share a single public IPv4 address among many private addresses. NAT breaks the end-to-end principle of the internet, complicates applications (e.g., peer-to-peer, VoIP), and adds overhead. IPv6 uses 128-bit addresses, yielding 340 undecillion (3.4×10^38) addresses—enough for every grain of sand on Earth to have its own IP address. IPv6 restores end-to-end connectivity, simplifies header processing, and includes mandatory IPsec support.
IPv6 Address Structure
An IPv6 address is 128 bits long, typically written as eight groups of four hexadecimal digits (16 bits each), separated by colons. Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
Rules for shortening:
Leading zeros within a group can be omitted. So 0db8 becomes db8, 0000 becomes 0.
One contiguous sequence of zero groups can be replaced with :: (double colon). This can only be used once in an address to avoid ambiguity. For example, 2001:0db8:0000:0000:0000:0000:0000:0001 can be shortened to 2001:db8::1.
IPv6 Address Types
- Unicast: Identifies a single interface. Packets sent to a unicast address go to that specific interface.
- Global Unicast Address (GUA): Routable on the internet. Starts with 2000::/3 (first three bits 001). Typically assigned by an ISP or through DHCPv6. Example: 2001:db8:1234::/48.
- Link-Local Address: Required on every IPv6-enabled interface. Starts with fe80::/10. Used for communication within a single network segment (link). Not routable. Automatically generated using EUI-64 or privacy extensions. Example: fe80::1.
- Unique Local Address (ULA): Equivalent to IPv4 private addresses (RFC 1918). Starts with fc00::/7 (but typically fd00::/8). Used for internal networks, not routable on the internet.
- Loopback: ::1 (equivalent to IPv4 127.0.0.1).
- Unspecified: :: (used during startup when an address hasn't been assigned).
Multicast: Identifies a group of interfaces. Packets sent to a multicast address are delivered to all interfaces in the group. Starts with ff00::/8. Example: ff02::1 (all nodes on the local link), ff02::2 (all routers on the local link).
Anycast: Identifies a group of interfaces, but packets are delivered to only the nearest one (in terms of routing distance). Uses unicast address space; any unicast address can be assigned as anycast.
IPv6 Autoconfiguration
IPv6 supports two main methods for hosts to obtain addresses automatically:
Stateless Address Autoconfiguration (SLAAC): Defined in RFC 4862. A host generates its own address by combining a prefix (advertised by a router via Router Advertisements) with its own interface identifier (usually based on its MAC address using EUI-64 format). No DHCP server required. Steps:
Host sends a Router Solicitation (RS) to ff02::2 (all routers).
Router responds with a Router Advertisement (RA) containing the prefix and other configuration (e.g., default gateway, DNS servers via RDNSS option).
Host forms its address: prefix + interface ID (EUI-64).
Host performs Duplicate Address Detection (DAD) by sending a Neighbor Solicitation (NS) for its new address to ensure no other device uses it.
Stateful DHCPv6: Similar to DHCP for IPv4. A DHCPv6 server assigns addresses and other parameters (DNS, domain) to hosts. Hosts use DHCPv6 messages (Solicit, Advertise, Request, Reply) to obtain addresses. DHCPv6 can work with or without SLAAC.
IPv6 Header vs IPv4 Header
IPv6 header is simpler and fixed at 40 bytes (vs. IPv4's 20-60 bytes with options). Fields:
Version (4 bits): 6.
Traffic Class (8 bits): Similar to IPv4 ToS/DSCP for QoS.
Flow Label (20 bits): Used for flow identification, no IPv4 equivalent.
Payload Length (16 bits): Length of the payload after the header.
Next Header (8 bits): Identifies the type of the next header (e.g., TCP = 6, UDP = 17, ICMPv6 = 58, or an extension header).
Hop Limit (8 bits): Equivalent to IPv4 TTL; decremented by each router; packet discarded when reaches 0.
Source Address (128 bits).
Destination Address (128 bits).
IPv6 has no checksum (higher layers handle it) and no fragmentation by routers (hosts must perform Path MTU Discovery).
Neighbor Discovery Protocol (NDP)
NDP (RFC 4861) replaces IPv4 ARP and provides additional functionality. Key messages: - Router Solicitation (RS): Hosts ask routers to send RAs. - Router Advertisement (RA): Routers announce prefixes and other settings. - Neighbor Solicitation (NS): Used for DAD and address resolution (like ARP request). - Neighbor Advertisement (NA): Response to NS (like ARP reply). - Redirect: Router tells host a better next-hop for a destination.
IPv6 Addressing in Windows, macOS, Linux
Windows: Use ipconfig to see IPv6 addresses. netsh interface ipv6 show addresses for details. Default: SLAAC with privacy extensions (random interface IDs).
macOS/Linux: Use ifconfig or ip addr show. SLAAC typically uses EUI-64. Temporary addresses (privacy extensions) are enabled by default on many systems.
Configuration Examples
Linux: Static IPv6 address:
ip -6 addr add 2001:db8:1::100/64 dev eth0
ip -6 route add default via 2001:db8:1::1Windows: Static IPv6 address via GUI or PowerShell:
New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress 2001:db8:1::100 -PrefixLength 64 -DefaultGateway 2001:db8:1::1Interaction with DNS
IPv6 uses AAAA (quad-A) records in DNS, as opposed to A records for IPv4. A hostname may have both A and AAAA records. The operating system's resolver typically attempts IPv6 first (if the host has an IPv6 address) and falls back to IPv4. This is called Happy Eyeballs (RFC 8305) to minimize connection delay.
Transition Mechanisms
Dual Stack: Devices run both IPv4 and IPv6 simultaneously. Preferred method.
Tunneling: Encapsulate IPv6 packets inside IPv4 (e.g., 6to4, Teredo, ISATAP). Used during transition but discouraged now.
NAT64/DNS64: Allows IPv6-only clients to reach IPv4 servers by translating addresses.
Exam Relevance (220-1101)
For A+, you need to know:
IPv6 address format and shortening rules.
The three types of addresses: unicast, multicast, anycast.
Common addresses: ::1 (loopback), :: (unspecified), fe80::/10 (link-local), ff00::/8 (multicast), 2000::/3 (global unicast).
SLAAC vs DHCPv6.
IPv6 vs IPv4 header differences (no checksum, no fragmentation by routers, flow label).
NDP replaces ARP.
AAAA records in DNS.
Dual stack is the primary transition method.
Be prepared to identify valid IPv6 addresses, shorten them, and recognize invalid representations (e.g., more than one ::, letters beyond F).
Host sends Router Solicitation
When an IPv6-enabled host boots up or connects to a network, it may send a Router Solicitation (RS) message to the all-routers multicast address ff02::2. This message asks any routers on the local link to respond with a Router Advertisement (RA) immediately, rather than waiting for the periodic RA (which can be up to 600 seconds). The RS is sent from the host's link-local address (fe80::/10) and uses ICMPv6 type 133. The host does this to learn the network prefix, default gateway, and other configuration parameters (like DNS servers) without needing a DHCP server.
Router sends Router Advertisement
A router configured to advertise IPv6 prefixes on an interface sends Router Advertisements (RA) either periodically (default interval 200-600 seconds) or in response to an RS. The RA is sent to the all-nodes multicast address ff02::1 and contains the network prefix (e.g., 2001:db8:1::/64), prefix length, default gateway (the router's link-local address), and optionally DNS server addresses (RDNSS option) and other settings. The RA also includes flags: M flag (Managed) indicates that hosts should use DHCPv6 for addresses; O flag (Other) indicates that hosts should use DHCPv6 for other configuration (like DNS) but not addresses. The host uses this information to autoconfigure its global unicast address.
Host generates interface identifier
Using the prefix from the RA, the host creates an interface identifier. The traditional method is EUI-64: the host takes its 48-bit MAC address, splits it in half, inserts FFFE in the middle, and flips the 7th bit (the Universal/Local bit). For example, MAC 00:1A:2B:3C:4D:5E becomes 021A:2BFF:FE3C:4D5E (note the 00 becomes 02 after flipping the 7th bit). However, modern operating systems use privacy extensions (RFC 4941) to generate temporary random interface identifiers to prevent tracking. The host may also use DHCPv6 to obtain an address instead.
Host performs Duplicate Address Detection
Before assigning the new address to the interface, the host sends a Neighbor Solicitation (NS) message to the solicited-node multicast address corresponding to the tentative address. The solicited-node multicast address is ff02::1:ffXX:XXXX, where the last 24 bits are the last 24 bits of the address. If any other host responds with a Neighbor Advertisement (NA), the address is duplicate, and the host must generate a different interface identifier (or use DHCPv6). If no response after a few retries (default 1 second, up to 3 retries), the address is considered unique and assigned. This process prevents address conflicts.
Host uses address for communication
Once the global unicast address is assigned and DAD passes, the host can use it for communication. The host also installs a default route pointing to the router's link-local address (from the RA). When sending packets to destinations outside the local link, the host uses the default gateway. For on-link destinations, the host uses Neighbor Discovery to resolve the destination's link-layer address (MAC) by sending an NS to the solicited-node multicast address of the destination. The destination responds with an NA containing its MAC. The host then sends packets directly. This process replaces ARP in IPv4.
Enterprise Deployment of IPv6
Scenario 1: Dual-Stack Migration A large enterprise with thousands of users and servers decides to deploy IPv6 alongside existing IPv4. The network team enables IPv6 on all routers and switches, configuring OSPFv3 (or EIGRP for IPv6) for routing. Each VLAN gets a /64 prefix from the global unicast address space (e.g., 2001:db8:1::/64 for VLAN 10, 2001:db8:2::/64 for VLAN 20). DNS servers are updated with AAAA records for all servers. Clients (Windows, macOS, Linux) are configured to use SLAAC with privacy extensions. The company also deploys a DHCPv6 server for DNS and domain search options (since SLAAC alone doesn't provide DNS in older implementations). The transition is gradual: new devices get IPv6, and critical services are tested. Common issues: firewall rules need to allow ICMPv6 (necessary for NDP); some legacy applications hardcode IPv4 addresses; network monitoring tools must be updated to understand IPv6. The dual-stack approach ensures backward compatibility while future-proofing the network.
Scenario 2: IPv6-Only with NAT64/DNS64 A mobile carrier or cloud provider aims to reduce IPv4 usage. They deploy an IPv6-only network for subscribers. To allow access to IPv4-only internet services, they use NAT64 (RFC 6146) and DNS64 (RFC 6147). The DNS64 server synthesizes AAAA records from A records by mapping the IPv4 address into a special prefix (e.g., 64:ff9b::/96). When an IPv6-only client queries a hostname that has only an A record, the DNS64 returns a synthetic AAAA record (e.g., 64:ff9b::c000:0201 for 192.0.2.1). The client sends the packet to the NAT64 gateway, which translates the IPv6 header to IPv4, performs address translation, and forwards to the IPv4 destination. Return traffic is translated back. This works well for client-initiated connections but complicates peer-to-peer and inbound services. Performance is acceptable, but the gateway can become a bottleneck. Misconfiguration of the NAT64 prefix or DNS64 can cause unreachability.
Scenario 3: Cloud Provider IPv6 Major cloud providers (AWS, Azure, GCP) support IPv6 for VPCs. An organization deploys a web application that must be reachable via both IPv4 and IPv6. They create a dual-stack VPC, assign a /56 IPv6 CIDR block, and create subnets with /64 prefixes. Application load balancers (ALBs) have both A and AAAA records. The web servers are dual-stacked. The organization must ensure security groups and network ACLs allow ICMPv6 (for NDP) and appropriate ports. Common pitfalls: forgetting to enable IPv6 on the load balancer; using IPv4-only monitoring tools; not updating DNS TTLs appropriately. The benefit is global reachability without NAT, reducing latency and simplifying architecture.
What the 220-1101 Exam Tests on IPv6
Objective 2.1 (Networking): Explain common networking concepts, including IPv6 addressing. The exam expects you to:
Identify valid IPv6 addresses and shorten them correctly.
Distinguish between address types (unicast, multicast, anycast).
Know the loopback address (::1) and link-local prefix (fe80::/10).
Understand SLAAC vs DHCPv6.
Recognize that NDP replaces ARP.
Know that IPv6 headers have no checksum and no fragmentation by routers.
Understand that dual-stack is the primary transition method.
Common Wrong Answers: 1. "IPv6 uses ARP" – Wrong; IPv6 uses NDP (Neighbor Discovery Protocol). ARP is IPv4 only. 2. "IPv6 addresses are written in decimal with dots" – Wrong; they are hexadecimal with colons. 3. "IPv6 has a broadcast address" – Wrong; IPv6 uses multicast instead of broadcast. There is no broadcast address in IPv6. 4. "IPv6 addresses are 64 bits" – Wrong; they are 128 bits. 5. "You can use two :: in an address" – Wrong; only one :: is allowed to avoid ambiguity. 6. "DHCPv6 is required for IPv6 autoconfiguration" – Wrong; SLAAC can provide addresses without DHCPv6.
Specific Numbers and Terms: - Prefix lengths: /64 is typical for a subnet; /48 for a site; /56 for a larger site. - Loopback: ::1 (not 127.0.0.1). - Unspecified: :: (all zeros). - Link-local: fe80::/10 (commonly fe80::/64). - Multicast: ff00::/8. - Global unicast: 2000::/3. - Unique local: fc00::/7 (but fd00::/8 is typical). - EUI-64: inserts FFFE and flips the 7th bit. - Router Advertisement interval: 200-600 seconds (default 200). - Hop limit: 255 for NDP messages.
Edge Cases:
- An address like 2001:db8::1::2 is invalid because it uses two ::.
- An address like 2001:db8:0:0:0:0:0:1 can be shortened to 2001:db8::1.
- fe80::1 is a valid link-local address (often used as router's link-local).
- ff02::1 is all nodes, ff02::2 is all routers.
- The solicited-node multicast address is ff02::1:ffXX:XXXX, used for DAD and address resolution.
How to Eliminate Wrong Answers: - If the question mentions "broadcast" in the context of IPv6, eliminate that answer. - If the question mentions "ARP" for IPv6, eliminate that answer. - If an address has more than one :: or contains letters beyond F (like G), it's invalid. - If a question asks about address length, always answer 128 bits. - If a question asks about autoconfiguration without a server, think SLAAC. - If a question asks about transition, dual-stack is the most common answer.
IPv6 addresses are 128 bits, written as eight groups of four hex digits separated by colons.
Shortening rules: omit leading zeros in each group; use :: once to replace one contiguous block of zeros.
Common address types: global unicast (2000::/3), link-local (fe80::/10), unique local (fc00::/7), multicast (ff00::/8).
Loopback: ::1; Unspecified: ::.
SLAAC allows hosts to autoconfigure addresses without DHCPv6 using Router Advertisements.
NDP replaces ARP and uses ICMPv6 messages (NS, NA, RS, RA).
IPv6 headers are simpler: no checksum, no fragmentation by routers, includes flow label.
Dual-stack is the primary transition method; other methods include tunneling and NAT64.
DNS uses AAAA records for IPv6 addresses.
The exam expects you to identify valid IPv6 addresses and distinguish between address types.
These come up on the exam all the time. Here's how to tell them apart.
IPv4
32-bit address length (4.3 billion addresses)
Uses dotted decimal notation (e.g., 192.168.1.1)
Uses ARP for MAC address resolution
Header includes checksum and allows router fragmentation
Uses broadcast addresses (e.g., 255.255.255.255)
IPv6
128-bit address length (340 undecillion addresses)
Uses colon-separated hexadecimal notation (e.g., 2001:db8::1)
Uses NDP (Neighbor Discovery Protocol) with ICMPv6
Header has no checksum; routers do not fragment (Path MTU Discovery by hosts)
No broadcast; uses multicast (e.g., ff02::1)
Mistake
IPv6 addresses are 64 bits long.
Correct
IPv6 addresses are 128 bits long. The 64-bit part refers to the network prefix (first 64 bits) and the interface identifier (last 64 bits) in a /64 subnet, but the total address is 128 bits.
Mistake
IPv6 uses ARP to resolve MAC addresses.
Correct
IPv6 uses Neighbor Discovery Protocol (NDP) with ICMPv6 messages (Neighbor Solicitation and Neighbor Advertisement) to resolve MAC addresses. ARP is only used in IPv4.
Mistake
IPv6 has a broadcast address like IPv4.
Correct
IPv6 does not have broadcast addresses. Instead, it uses multicast addresses (e.g., ff02::1 for all nodes) for one-to-many communication. Broadcast is not defined in IPv6.
Mistake
You can omit leading zeros and use :: multiple times in an IPv6 address.
Correct
You can omit leading zeros in any group, but you can only use :: once to replace one contiguous block of zero groups. Using :: twice makes the address ambiguous and invalid.
Mistake
IPv6 requires DHCPv6 for address assignment.
Correct
IPv6 can use Stateless Address Autoconfiguration (SLAAC) to assign addresses without a DHCP server. SLAAC uses Router Advertisements to provide the prefix, and the host generates its own interface identifier. DHCPv6 is optional and used for stateful configuration or additional parameters.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The loopback address in IPv6 is ::1 (equivalent to 127.0.0.1 in IPv4). It is used to test network software on the local host without sending packets to the network. Packets addressed to ::1 are never sent beyond the local device.
To shorten an IPv6 address: 1) Omit leading zeros in each group (e.g., 0db8 becomes db8). 2) Replace one contiguous sequence of zero groups with :: (double colon). For example, 2001:0db8:0000:0000:0000:0000:0000:0001 becomes 2001:db8::1. You can only use :: once; otherwise the address is ambiguous.
SLAAC (Stateless Address Autoconfiguration) allows a host to generate its own IPv6 address using a prefix from a Router Advertisement and its own interface identifier (e.g., EUI-64). No server is needed. DHCPv6 (Stateful) assigns addresses and other parameters from a DHCPv6 server, similar to DHCP for IPv4. SLAAC is stateless; DHCPv6 is stateful. Some networks use both: SLAAC for addresses and DHCPv6 for DNS and other options.
The solicited-node multicast address is used by IPv6 Neighbor Discovery Protocol for address resolution and Duplicate Address Detection (DAD). It is formed by appending the last 24 bits of the target IPv6 address to the prefix ff02::1:ff00:0/104. For example, for address 2001:db8::1, the solicited-node multicast address is ff02::1:ff00:1. This allows hosts to listen for messages specific to their address without processing all multicast traffic.
Yes, through dual-stack. Dual-stack means running both IPv4 and IPv6 simultaneously on the same network interface. Devices have both an IPv4 and an IPv6 address, and applications can use either protocol. This is the most common transition method. Other methods include tunneling (e.g., 6to4) and translation (e.g., NAT64).
In IPv6, the default gateway is typically the link-local address of the router (fe80::/10). Router Advertisements include the router's link-local address as the source, and hosts automatically set that as the default route. You can also manually configure a global unicast address as a gateway, but link-local is the standard.
IPv6 does not have broadcast addresses. Instead, it uses multicast for one-to-many communication. For example, the all-nodes multicast address ff02::1 replaces IPv4's broadcast address 255.255.255.255. For specific functions like address resolution, IPv6 uses solicited-node multicast instead of broadcast.
You've just covered IPv6 Basics for A+ — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?