EUI-64 Process and Randomly Generated IPv6- Easy to understand Guide

/ /

EUI-64 Process and Randomly Generated IPv6- Easy to understand Guide

After a client receives a Stateless Address Autoconfiguration (SLAAC) message, often via a stateless Router Advertisement (RA), it must generate its Interface ID. Unlike stateful DHCPv6, SLAAC provides the prefix portion (typically /64) from the RA, while the client autonomously creates the 64-bit Interface ID. This ID can be derived from the MAC address using the EUI-64 process or generated randomly, aligning with IPv6’s addressing architecture.

Table of Contents

EUI-64 Process

EUI, also known as the EUI-64 process defined by IEEE, EUI is the abbreviation of Extended Unique Identifier. The method uses a client’s 48-bit Ethernet MAC address and inserts an extra 16 bits in the middle of the 48-bit MAC address to create a 64-bit Interface ID. Ethernet MAC addresses are represented in hexadecimal, containing two parts:

  • Organizationally Unique Identifier (OUI)– This is the first part of the MAC address called OUI. An OUI is a 24-bit number uniquely identifying a device vendor or manufacturer. The organizations purchased an OUI from the IEEE. The first three octets of a MAC address are an Organizationally Unique Identifier (OUI).
  • Device Identifier– The last three octets of the MAC address uniquely identify the device. It is also a 24-bit (6 hexadecimal digits) value within a common OUI. The device identifier bits are assigned by the organization to its device.

An EUI-64 Interface ID has three parts represented in binary:

  • 24-bit Organizationally Unique Identifier (OUI) from the client MAC address with a reversed 7th bit. For example, if the 7th bit of the OUI is 1, it becomes a 0, and vice versa in the EUI interface ID.
  • 24-bit Device Identifier from the client’s MAC address
  • Hexadecimal value FFFE (16 bits) between Organizationally Unique Identifier (OUI) and Device Identifier.

EUI-64 process using the MAC address of BC:78:ba:b1:f8:55.

  • Get the MAC address of the host or device, for example, in this case, BC:78:ba:b1:f8:55
  • Insert ff:fe in the middle: bc:78:ba:ff:fe:b1:f8:55
  • Reorder the above hexadecimal digits in IP version 6 notation. bc78:baff:feb1:f855
  • You can see that now it’s 4 hextet; convert the first octet from hexadecimal to binary: BC-> 10111100
  • Flip the 7th bit: 10111100 ->10111110 – The 7th bit (universal/local bit) is flipped (0 to 1 or 1 to 0) to indicate local significance in EUI-64, ensuring uniqueness across networks.
  • Convert changed octet back to hexadecimal:01000111 ->BE
  • Now change the first octet with the new value one: bc78:baff:feb1:f855
  • Insert the link-local prefix at the beginning : fe80:: bc78:baff:feb1:f855

Following is the table for better understanding the EUI process

StepValueAction
Original MACBC:78:BA:B1:F8:55
Insert FFFEBC:78:BA:FF:FE:B1:F8:55Split and insert 16 bits
Convert to IPv6BC78:BAFF:FEB1:F855Group into 4 hextets
Flip 7th Bit (BC->BE)BE78:BAFF:FEB1:F855Binary 10111100 -> 10111110
Add Link-Local PrefixFE80::BE78:BAFF:FEB1:F855Prepend FE80::/10

Advantages and Disadvantages of the EUI-64 Process

EUI-64 aids network management by linking MAC addresses to IPv6 addresses, useful for device inventory in enterprise networks. The process is an easy way to find out that the address was likely created from the MAC address. We can also use the MAC address to find out the interface ID. The main disadvantage of deriving an IP version 6 address from the MAC address is privacy among users because packets can be traced to the actual physical computer. Privacy risks can be mitigated using RFC 4941, which introduces temporary, randomized Interface IDs to obscure MAC traceability.

Randomly Generated Interface IDs

Modern operating systems like Windows 11, Linux, and macOS can be configured to use randomly generated Interface IDs, replacing the EUI-64 process for enhanced privacy. On Windows, use “netsh interface ipv6 set privacy state=enabled” to enable random IDs. This affects Neighbor Discovery, requiring DAD to prevent duplicates, critical for CCNP-level network planning. The command will be used in the Windows Command Prompt to enable the use of randomly generated Interface IDs for IPv6 addresses, enhancing privacy by avoiding the EUI-64 process based on the MAC address. You need to run Command Prompt as an administrator to execute this command successfully.

When Interface ID is established through the EUI-64 process or random generation, it can be combined with an IP version 6 prefix in the RA message to create a global unicast address. To prevent duplicate addressing, the client uses Duplicate Address Detection (DAD) via Neighbor Solicitation messages, similar to ARP in IPv4, with up to three retries if conflicts arise. If DAD detects a conflict and no alternative ID is generated, manual intervention or a random ID switch may be required, a key troubleshooting skill for CCNP certification.

FAQs

  • What is the EUI-64 Process in IPv6?

    The EUI-64 Process is a method to generate a 64-bit Interface ID for IPv6 addresses using a device’s 48-bit MAC address. It involves inserting “FF:FE” in the middle and flipping the 7th bit of the OUI, ensuring unique addressing for CCNA/CCNP network configurations.

Asad Ijaz

NetworkUstad's lead networking architect with CCIE certification. Specializes in CCNA exam preparation and enterprise network design. Authored 2,800+ technical guides on Cisco systems, BGP routing, and network security protocols since 2018. Picture this: I'm not just someone who writes about tech; I'm a certified expert in the field. I proudly hold the titles of Cisco Certified Network Professional (CCNP) and Cisco Certified Network Associate (CCNA). So, when I talk about networking, I'm not just whistling in the dark; I know my stuff! My website is like a treasure trove of knowledge. You'll find a plethora of articles and tutorials covering a wide range of topics related to networking and cybersecurity. It's not just a website; it's a learning hub for anyone who's eager to dive into the world of bits, bytes, and secure connections. And here's a fun fact: I'm not a lone wolf in this journey. I'm a proud member and Editor of Team NetworkUstad. Together, we're on a mission to empower people with the knowledge they need to navigate the digital landscape safely and effectively. So, if you're ready to embark on a tech-savvy adventure, stick around with me, Asad Ijaz Khattak. We're going to unravel the mysteries of technology, one article at a time!"

→ Asad Ijaz

1 Comment

  1. bob
    December 4, 2020 @ 8:55 am

    couldn’t a mac spoofer for ipv6 accomplish the same kind of thing?