When an IPv4/IPv6 host wants to send a packet to another host, it has to answer the following simple questions:
- Can I reach the destination IP address directly (is the destination on the same LAN/subnet)?
- If not, who will help me forward the packet (who is the first-hop router)?
This post is a follow-up to the IPv6 Router Advertisement Deep Dive post.
The Magic of the Subnet Mask
In the IPv4 world, the host gets the answer to the first question with a simple logical AND operation. To figure out if the destination address is in the same subnet, the IPv4 host ANDs its own and the destination IP address with the subnet mask. If (SourceAddr & SubnetMask == DestinationAddr & SubnetMask), the host can send the packet directly to the destination address (assuming it has the destination’s MAC address in its ARP cache).
We’ll ignore all the complexities introduced by having multiple interfaces and multiple IP addresses per interface; it’s important you get the generic idea.
If the destination IPv4 address is not in the same subnet, the IPv4 host sends the packet to the first-hop router (sometimes called default gateway for historical reasons).
An IPv4 host thus needs two parameters: subnet mask and first-hop router’s IPv4 address. Both can be configured manually or passed to the host through DHCP.
Situation is a bit different when an IPv4 host uses PPP. PPP connection assumes subnet mask of 255.255.255.255 (no other host is on the same subnet); the default gateway is replaced with an interface default route (a static route without an IPv4 next hop pointing to an interface).
The many wonders of the IPv6 world
In the IPv6 world, IPv6 hosts have to listen to router advertisement (RA) messages sent by the adjacent routers to get the required parameters:
- Source IPv6 address of an RA message is assumed to be a router. If the lifetime advertised in the RA message is not zero, that router can be used as the first-hop router, and the IPv6 host installs a default route to that IPv6 address.
Source IPv6 address of an RA message is always a link-local address; the next hop of a default route is thus always a link-local address.
- Subnet mask (more precisely, the prefix length) of IPv6 prefixes is advertised by the routers in prefix information option of RA messages.
An IPv6 host MUST listen to RA messages even if it got its IPv6 address through DHCPv6. At the moment DHCPv6 cannot be used to send the prefix length or first-hop router information to IPv6 hosts.
Every router might advertise numerous prefixes in RA messages (IPv6 works perfectly well with numerous IPv6 prefixes on the same LAN/L2 subnet), but only those that have the L bit set can be used to figure out the prefix length.
In the end, an IPv6 host could have information about numerous on-link IPv6 prefixes (prefixes that are present on the same LAN/link as the IPv6 host). When a host wants to figure out whether it can send an IPv6 packet directly to the destination address, it has to go through the list of all IPv6 prefixes known to be on the outgoing interface and check whether the destination IPv6 address belongs to one of them. If it does, the packet can be sent directly, otherwise the packet is sent toward the link-local address of one of the routers.
The host behavior in environments with multiple first-hop routers is “somewhat” undefined and depends on the host’s TCP stack.
If you want to know more, you MUST read RFC 5942 (IPv6 Subnet Model: The Relationship between Links and Subnet Prefixes) and you SHOULD read RFC 4943. You might also be interested in how things work in mobile world, in which case read RFC 6459 (IPv6 in 3GPP EPS) and the RFC 3316bis draft (IPv6 for 3GPP Cellular Hosts).