Why is 2002:: an invalid IPv6 addresss?

windows ipv6

I'm currently learning IPv6 and during a test I tried to configure an interface with the global IPv6 address 2002:: and failed, stating that is an incorrect address. And I have noticed that if I try to configure an interface with an IPv6 address that starts with 2002 it must be higher than 2002:0099:: otherwise it says that's invalid.

So, 2000:: is valid, 2001:: is valid, 2002:100:: is valid, but nothing in between 2002:: and 2002:99::. Why is that?


Solution 1:

https://www.google.de/?q=ipv6+address+2002::

or check the IPv6 Global Unicast Address Assignments to see that 2002:0000::/16 is the 6to4 address range.

Solution 2:

The 2002::/16 prefix is used for 6to4, which requires the next 32 bits (after the 16 bit prefix) to be a global unicast IPv4 address.

You say it must be higher than 2002:0099:: which is probably because you haven't fully understood the hexadecimal part of the IPv6 address notation.

2002:0099:: would correspond to IPv4 address 0.153.0.0, but 0.255.255.255 is not a global unicast address either. So 2002:00ff:: would not work either.

Hosts on a LAN behind a 6to4 gateway don't need to know about 6to4. They can treat the 6to4 address assigned to them as if it was any other global unicast IPv6 address. As such, there are no requirement to reject 2002:0099:: as an invalid address, however since it never could be a valid address, it does make sense for an OS to reject it.

Using random 6to4 addresses for testing is definitely not recommended practice. If you want to experiment with IPv6, there are other ways to get addresses to experiment with:

  • Construct a real 6to4 prefix by appending the IP assigned to you by your ISP to the 6to4 prefix. If your ISP had assigned 203.0.113.1 to you, you would convert each of the four octets to hexadecimal values cb 00 71 01 and your IPv6 prefix would be 2002:cb00:7101::/48.
  • Get a tunnel through a tunnel provider.
  • Get native IPv6 from your ISP.
  • Use RFC 4193 addresses. With those the first octet must be fd and the next five octets must be random. Your prefix could then be fd2a:4b89:4d7d::/48. These can only be used locally, so if you configure such an address and no other IPv6 address there is a risk of software trying to communicate externally using this local IPv6 address instead of using IPv4.

The above options are not exclusive. It is perfectly valid to configure one (or more) of each kind of addresses. For testing and development it can be a good idea to assign multiple addresses in order to test interesting corner cases. For production environments you should be aware that many systems don't take source address into account when deciding which gateway to use, which can cause breakage if multiple addresses are used in a setting where routers are configured to drop packets with unexpected source IP.

Related

How to find what Authoritative Name Server provided the answer using dig?
Anyone using VTL for backups?
Where does Credential Manager store credentials on the file system?
PHP 5.6 undefined function xml_parser_create
Docker: Run Cronjob for different Container
Why is an authentication file accepted in the config file and not on the command line?
cron and crontab are missing in docker image of ubuntu 16.04
Storage Spaces Direct HDD MediaType is unspecified
How many TXT data before DNS queries don't fit in a UDP packet?
Test port communication from azure website
Port Forwarding puzzle
Why do we need live migration support in hypervisors or cloud providers?