An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). Packets consist of control information for addressing and routing and a payload of user data. The control information in IPv6 packets is subdivided into a mandatory fixed header and optional extension headers. The payload of an IPv6 packet is typically a datagram or segment of the higher-level transport layer protocol, but may be data for an internet layer (e.g., ICMPv6) or link layer (e.g., OSPF) instead.
IPv6 packets are typically transmitted over the link layer (i.e., over Ethernet or Wi-Fi), which encapsulates each packet in a frame. Packets may also be transported over a higher-layer tunneling protocol, such as IPv4 when using 6to4 or Teredo transition technologies.
In contrast to IPv4, routers do not fragment IPv6 packets larger than the maximum transmission unit (MTU), it is the sole responsibility of the originating node. A minimum MTU of 1,280 octets is mandated by IPv6, but hosts are "strongly recommended" to use Path MTU Discovery to take advantage of MTUs greater than the minimum.
Since July 2017, the Internet Assigned Numbers Authority (IANA) has been responsible for registering all IPv6 parameters that are used in IPv6 packet headers.
The fixed header starts an IPv6 packet and has a size of 40 octets (320 bits). The bytes of the multi-byte fields are in the network byte order.
Extension headers carry optional internet layer information and are placed between the fixed header and the upper-layer protocol header. Extension headers form a chain, using the Next Header fields. The Next Header field in the fixed header indicates the type of the first extension header; the Next Header field of the last extension header indicates the type of the upper-layer protocol header in the payload of the packet. All extension headers are a multiple of 8 octets in size; some extension headers require internal padding to meet this requirement.
There are several extension headers defined, and new extension headers may be defined in the future. Most extension headers are examined and processed at the packet's destination. Hop-by-Hop Options can be processed and modified by intermediate nodes and, if present, must be the first extension. All extension headers are optional and should appear at most once, except for the Destination Options header extension, which may appear twice.
If a node does not recognize a specific extension header, it should discard the packet and send a Parameter Problem message (ICMPv6 type 4, code 1).
The defined extension headers below are listed in the preferred order for the case where there is more than one extension header following the fixed header.
-- Listed in order as recommended by RFC8200 --> | |||
---|---|---|---|
Extension header | Next Header field value | Description | |
Hop-by-Hop Options | 0 | Options that need to be examined by all devices on the path | |
Routing | 43 | Methods to specify the route for a datagram (used with Mobile IPv6) | |
Fragment | 44 | Contains parameters for fragmentation of datagrams | |
Authentication Header (AH) | 51 | Contains information used to verify the authenticity of most parts of the packet | |
Encapsulating Security Payload (ESP) | 50 | Carries encrypted data for secure communication | |
Destination Options (before upper-layer header) | 60 | Options that need to be examined only by the destination of the packet | |
Mobility (currently without upper-layer header) | 135 | Parameters used with Mobile IPv6 | |
Host Identity Protocol | 139 | Used for Host Identity Protocol version 2 (HIPv2) | |
Shim6 Protocol | 140 | Used for Shim6 | |
Reserved | 253 | Used for experimentation and testing | |
Reserved | 254 | Used for experimentation and testing |
Value 59 (No Next Header) in the Next Header field indicates that there is no next header whatsoever following this one, not even a header of an upper-layer protocol. It means that, from the header's point of view, the IPv6 packet ends right after it: the payload should be empty. There could, however, still be data in the payload if the payload length in the first header of the packet is greater than the length of all extension headers in the packet. This data should be ignored by hosts, but passed unaltered by routers.
The Hop-by-Hop Options extension header may be examined and altered by all nodes on the packet's path, including sending and receiving nodes. (For authentication, option values that may change along the path are ignored.) The Destination Options extension header needs to be examined by the destination node(s) only. The extension headers are both at least 8 octets in size; if more options are present than will fit in that space, blocks of 8 octets, containing options and padding, are added to the header repeatedly until all options are represented.
The Routing extension header is used to direct a packet to one or more intermediate nodes before being sent to its destination. The header is at least 8 octets in size; if more Type-specific Data is needed than will fit in 4 octets, blocks of 8 octets are added to the header repeatedly, until all Type-specific Data is placed.
Type | Status | style='width=500px' | Comment |
---|---|---|---|
0 | Deprecated | Due to the fact that with Routing Header type 0 a simple but effective denial-of-service attack could be launched,[1] this header was deprecated in 2007 and host and routers are required to ignore these headers. | |
1 | Deprecated | Used for the Nimrod project funded by DARPA. It was deprecated in 2009. | |
2 | Allowed | A limited version of type 0 and is used for Mobile IPv6, where it can hold the home address of the mobile node. | |
3 | Allowed | RPL Source Route Header for low-power and lossy networks. | |
4 | Allowed | Segment Routing Header (SRH). | |
253 | Private use | May be used for testing, not for actual implementations. RFC3692-style Experiment 1. | |
254 | Private use | May be used for testing, not for actual implementations. RFC3692-style Experiment 2. |
In order to send a packet that is larger than the path MTU, the sending node splits the packet into fragments. The Fragment extension header carries the information necessary to reassemble the original (unfragmented) packet.
The Authentication Header and the Encapsulating Security Payload are part of IPsec and are used identically in IPv6 and in IPv4.
The fixed and optional IPv6 headers are followed by the upper-layer payload, the data provided by the transport layer, for example a TCP segment or a UDP datagram. The Next Header field of the last IPv6 header indicates what type of payload is contained in this packet.
The payload length field of IPv6 (and IPv4) has a size of 16 bits, capable of specifying a maximum length of octets for the payload. In practice, hosts determine the maximum usable payload length using Path MTU Discovery (yielding the minimum MTU along the path from sender to receiver), to avoid having to fragment packets. Most link-layer protocols have MTUs considerably smaller than octets.
An optional feature of IPv6, the jumbo payload option in a Hop-By-Hop Options extension header, allows the exchange of packets with payloads of up to one octet less than 4GB (232−1= octets), by making use of a 32-bit length field. Packets with such payloads are called jumbograms.
Since both TCP and UDP include fields limited to 16 bits (length, urgent data pointer), support for IPv6 jumbograms requires modifications to the transport layer protocol implementation. Jumbograms are only relevant for links that have a MTU larger than octets (more than octets for the payload, plus 40 octets for the fixed header, plus 8 octets for the Hop-by-Hop extension header). Only a few link-layer protocols can process packets larger than octets.
Unlike in IPv4, IPv6 routers never fragment IPv6 packets. Packets exceeding the size of the maximum transmission unit (MTU) of the destination link are dropped and this condition is signaled by a Packet too big ICMPv6 message to the originating node, similarly to the IPv4 method when the Don't Fragment bit is set. End nodes in IPv6 are expected to perform Path MTU Discovery to determine the maximum size of packets to send, and the upper-layer protocol is expected to limit the payload size. If the upper-layer protocol is unable to do so, the sending host may use the Fragment extension header instead.
Any data link layer conveying IPv6 data must be capable of transmitting an IP packet containing up to 1,280 bytes, thus the sending endpoint may limit its packets to 1,280 bytes and avoid any need for fragmentation or Path MTU Discovery.
A packet containing the first fragment of an original (larger) packet consists of five parts: the per-fragment headers (the crucial original headers that are repeatedly used in each fragment), followed by the Fragment extension header containing a zero Offset, then all the remaining original extension headers, then the original upper-layer header (alternatively the ESP header), and a piece of the original payload. Each subsequent packet consists of three parts: the per-fragment headers, followed by the Fragment extension header, and by a part of the original payload as identified by a Fragment Offset.
The per-fragment headers are determined based on whether the original contains Routing or Hop-by-Hop extension header. If neither exists, the per-fragment part is just the fixed header. If the Routing extension header exists, the per-fragment headers include the fixed header and all the extension headers up to and including the Routing one. If the Hop-by-Hop extension header exists, the per-fragment headers consist of only the fixed header and the Hop-by-Hop extension header.
In any case, the last header of the per-fragment part has its Next Header value set to to indicate that a Fragment extension header follows. Each Fragment extension header has its M flag set to (indicating more fragments follow), except the last, whose flag is set to . Each fragment's length is a multiple of 8 octets, except, potentially, the last fragment.
The per-fragment headers were historically called the "unfragmentable part", referring to pre-2014 possibility of fragmenting the rest of the header. Now no headers are actually fragmentable.
The original packet is reassembled by the receiving node by collecting all fragments and placing each fragment at its indicated offset and discarding the Fragment extension headers of the packets that carried them. Packets containing fragments need not arrive in sequence; they will be rearranged by the receiving node.
If not all fragments are received within 60 seconds after receiving the first packet with a fragment, reassembly of the original packet is abandoned and all fragments are discarded. If the first fragment was received (which contains the fixed header) and one or more others are missing, a Time Exceeded message (ICMPv6 type 3, code 1) is returned to the node originating the fragmented packet.
When reassembling node detects a fragment that overlaps with another fragment, the reassembly of the original packet is aborted and all fragments are dropped. A node may optionally ignore the exact duplicates of a fragment instead of treating exact duplicates as overlapping each other.
Receiving hosts must make a best-effort attempt to reassemble fragmented IP datagrams that, after reassembly, contain up to 1500 bytes. Hosts are permitted to make an attempt to reassemble fragmented datagrams larger than 1,500 bytes, but they are also permitted to silently discard any datagram after it becomes apparent that the reassembled packet would be larger than 1,500 bytes. Therefore, senders should avoid sending fragmented IP datagrams with a total reassembled size larger than 1,500 bytes, unless they have knowledge that the receiver is capable of reassembling such large datagrams.
Research has shown that the use of fragmentation can be leveraged to evade network security controls. As a result, in 2014 the earlier allowance for overflowing the IPv6 header chain beyond the first fragment became forbidden in order to avoid some very pathological fragmentation cases. Additionally, as a result of research on the evasion of Router Advertisement Guard, the use of fragmentation with Neighbor Discovery is deprecated, and the use of fragmentation with Secure Neighbor Discovery (SEND) is discouraged.