On Link in IPv6

As an avid reader of RFCs and RFC drafts, I’m always running across little bits of knowledge I either already knew and forgot (I forget a lot of things), or things I didn’t know and wouldn’t have expected. RFC5942, published way back in 2010 (a long time in network engineering terms), discusses a topic I hadn’t much thought about, but is worth understanding (or reviewing).

Assume I’m an IPv4 host. If I have an address of, and I’m trying to send a packet to, do I send the packet to my default gateway (the first hop router), or do I try to build a MAC header and send it directly to the host itself? If I think the destination is “off link,” then I’ll send it to the default gateway, and if I think it’s “on link,” I’ll send it directly to the destination. How do I know the difference?

If you don’t know the answer, you shouldn’t be calling yourself a network engineer — but for review… I use either the subnet mask or the length to decide. Let’s assume I want to use the prefix length (since I’m not an old fashioned person who uses the subnet mask!). I count off the number of bits indicated in the prefix length of the interface on which I intend to send the packet, and change the rest of the bits in both addresses to 0′s. I compare the two modified addresses (really the two network addresses at this point). If they are the same, the destination is on link. If they are different, the destination is off link.

As you might have guessed by now, IPv6 doesn’t do this. Instead, IPv6 has an actual list (database) of hosts which are considered “on link.” All other hosts are considered off link; traffic to hosts not in the “on link” database is automatically sent to the default gateway for forwarding. The practical implication here is that the address given to a pair of hosts doesn’t have anything to do with the way traffic is forwarded between them. You can have two hosts, 2001:DB8::1:1/112 and 2001:DB8::2:1/112, that are on the same local network, and you could have two others, 2001:DB8::1:1/112 and 2001:DB8::1:2/112, that are not.

How is this magical database of on link addresses built? There are three methods outlined in RFC5942:

  • An address is included in the router advertisement with the L bit set
  • Manual (or other) configuration
  • A redirect from the default gateway

This last is probably the most common mechanism. A host will send any packet to a destination for which there is no “on link” database entry to the default gateway. If the destination is actually “on link,” the default gateway will forward the packet and then send a redirect to tell the sender that packets to this destination should be sent directly to the destination.

RFC5942 provides a good deal of text around the issues involved in the on link/off link determination, including some security pointers and other considerations. It’s well worth reading if you’re not familiar with this piece of IPv6′s operation.

Russ White

Russ White

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking on Network Complexity at RIPE in May, and has recently published a new book, The Art of Network Architecture.
Russ White

Latest posts by Russ White (see all)

  • me

    That’s not what the RFC says. From 3.1

    > The Prefix List is populated via the following means:

    > Receipt of a valid Router Advertisement (RA) that specifies a prefix with the L-bit set. Such a prefix is considered on-link for a period specified in the Valid Lifetime and is added to the Prefix List. (The link-local prefix is effectively considered a permanent entry on the Prefix List.)

    Slightly above:

    > Any node attached to the link can send a datagram directly to an on-link address without forwarding the datagram through router.

    If a host receives an RA for a prefix (as in, a network address with a prefix length) it will consider that entire prefix to be on link, and will directly send traffic to any node also attached to the link. Unlike in IPv4, just having an address on a link isn’t enough – you also need to receive an RA. But once an RA is received for the entire prefix on the link, all hosts on the link will be talked to directly. You do not need to receive a router redirect for every host that then turns out to be on link as this article implies.

    • Russ White

      Ah, yes — the RA can contain a notification for an entire prefix, rather than just a single host. However, when you’re working with an IPv6 network you shouldn’t assume that just because two hosts are in the same subnet, based on the prefix and prefix length, that they will be considered “on link,” by all the other hosts or routers. You need to actually check to see what the RA says, and the local tables say.