Understanding the distinction between global unicast and link-local IPv6 addresses is fundamental to working with IPv6 networks. While both address types serve critical roles in IPv6 networking, they have vastly different purposes, scopes, and behaviors. This article explores these differences in depth, providing practical examples and clarifying common misconceptions.
In IPv6, every network interface requires multiple addresses to function properly. Unlike IPv4, where a single IP address per interface is typical, IPv6 mandates that each interface have at least two addresses: a link-local address and usually one or more global unicast addresses. This dual-address approach enables both local network operations and internet-wide communication. These are the two main IPv6 address types, complemented by optional Unique Local Addresses for organization-internal use.
Link-local addresses are IPv6 addresses that are valid only within a single network segment (layer 2 domain). They are automatically configured on every IPv6-enabled interface without requiring any router, DHCP server, or manual configuration. These addresses use the reserved prefix fe80::/10, though in practice, implementations use fe80::/64 with the remaining 54 bits set to zero.
The binary prefix for link-local addresses is 1111111010, which translates to the hexadecimal range starting with FE80. A typical link-local address looks like fe80::1 or fe80::a1b2:c3d4:e5f6:7890.
The defining characteristic of link-local addresses is their non-routable nature. Routers will never forward packets with link-local source or destination addresses beyond the local network segment. This intentional limitation makes link-local addresses perfect for:
Neighbor Discovery Protocol (NDP): IPv6's equivalent to ARP uses link-local addresses to discover other devices on the same network segment and perform duplicate address detection (DAD).
Router Advertisements: Routers use their link-local addresses to send router advertisement messages to hosts on the local segment.
Default Gateway Configuration: Hosts typically use the router's link-local address (such as fe80::1) as their default gateway, rather than a global unicast address.
Local Communication: Two devices on the same network segment can communicate using only link-local addresses without needing any globally routable addressing.
Link-local addresses are generated automatically using one of two methods:
This autoconfiguration happens immediately when IPv6 is enabled on an interface, before any router contact or configuration exchange occurs. The link-local address is a prerequisite for all other IPv6 operations.
Because the same link-local address can exist on multiple network interfaces, IPv6 uses zone identifiers (also called scope IDs) to disambiguate them. When specifying a link-local address for communication, you must include the interface name: fe80::1%eth0 or fe80::1%wlan0. Without the zone identifier, the operating system cannot determine which interface to use for sending packets.
Global unicast addresses are IPv6's equivalent to public IPv4 addresses. They are globally unique, routable across the internet, and allow devices to communicate with any other IPv6-enabled host worldwide. The Internet Assigned Numbers Authority (IANA) currently allocates global unicast addresses from the 2000::/3 prefix.
The binary prefix for global unicast addresses is 001, which means addresses begin with hexadecimal 2 or 3 (ranging from 2000:: to 3FFF::). A typical global unicast address might look like 2001:db8:85a3::8a2e:370:7334 or 2607:f8b0:4004:c07::8a.
Global unicast addresses follow a hierarchical structure:
This structure enables efficient routing aggregation and hierarchical address assignment, similar to how IPv4 CIDR works but with vastly more address space.
Unlike link-local addresses, global unicast addresses are fully routable across the internet. Routers examine the global routing prefix to determine the best path toward the destination network. This enables:
Global unicast addresses can be configured through several methods:
SLAAC (Stateless Address Autoconfiguration): The host combines a network prefix received from router advertisements with its interface identifier to form a complete address. This is the most common method in IPv6 networks.
DHCPv6 (Stateful): Similar to DHCP in IPv4, a DHCPv6 server assigns complete addresses to hosts.
Static Configuration: Manually configured by administrators, typically for servers and network infrastructure.
The SLAAC process works as follows:
| Aspect | Link-Local (fe80::/10) | Global Unicast (2000::/3) |
|---|---|---|
| Prefix | fe80::/64 (in practice) | 2000::/3 (currently allocated) |
| Scope | Single network segment | Internet-wide |
| Routable | No, never forwarded by routers | Yes, fully routable |
| Configuration | Automatic on interface enable | Via SLAAC, DHCPv6, or manual |
| Uniqueness | Unique per network segment | Globally unique |
| Zone ID | Required for communication | Not required |
| Primary Use | NDP, local protocols, default gateway | Internet communication |
| Dual-Stack Behavior | Both types present on same interface | Both types present on same interface |
When you enable IPv6 on your home computer:
fe80::1a2b:3c4d:5e6f:78902001:db8:cafe:1::1a2b:3c4d:5e6f:7890fe80::1You can now:
ping6 fe80::1%eth0 (link-local)Many modern data centers use link-local addressing for router-to-router communication:
Router A (interface to Router B): fe80::a
Router B (interface to Router A): fe80::b
Benefits:
When testing IPv6 connectivity (similar to what test-ipv6.run does):
If link-local works but global unicast fails, the problem is likely:
Reality: Link-local addresses are more restrictive than RFC 1918 private IPv4 addresses. Private IPv4 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) can be routed within an organization. Link-local addresses cannot be routed at all, not even within a private network.
IPv6 has Unique Local Addresses (ULA, fc00::/7) that are more analogous to IPv4 private addresses—they're routable within an organization but not on the global internet.
Reality: Link-local addresses are mandatory for IPv6 operation. They're required for:
Disabling or removing link-local addresses will break IPv6 functionality.
Reality: While the specification reserves fe80::/10 (54 bits after the 10-bit prefix), implementations universally use fe80::/64 with the 54 middle bits set to zero. This simplification doesn't affect functionality and aligns with the standard 64-bit interface identifier length used throughout IPv6.
Reality: Link-local addresses are actually security-neutral. Because they're not routable, they cannot be used for remote attacks. The security model relies on the fact that an attacker must already have layer 2 access to the local network to use link-local addresses—at which point they could perform many other attacks. Using link-local addresses for infrastructure (like router interconnects) can actually improve security by reducing the attack surface.
In a properly configured IPv6 environment, every interface should have:
These addresses coexist without conflict, and the IPv6 stack automatically selects the appropriate source address based on the destination.
When an application initiates communication, IPv6 follows RFC 6724 address selection rules:
This automatic selection means applications rarely need to be aware of which address type is being used.
To verify both address types are working correctly:
# Check your addresses
ip -6 addr show
# Test link-local connectivity (replace eth0 with your interface)
ping6 -c 4 fe80::1%eth0
# Test global unicast connectivity
ping6 -c 4 2001:4860:4860::8888 # Google DNS
For more detailed instructions on checking device IPv6 connectivity, or for comprehensive IPv6 connectivity testing including dual-stack scenarios, tools like test-ipv6.run can verify that both your IPv4 and IPv6 connectivity are working properly and help identify issues with protocol preference or broken IPv6 configurations.
Global unicast and link-local addresses serve complementary but distinct roles in IPv6 networking. Link-local addresses (fe80::/10) provide the essential foundation for local network operations, enabling neighbor discovery, router communication, and network bootstrapping without any configuration. Global unicast addresses (2000::/3) enable internet-wide communication and are what most users think of as "their IPv6 address."
Understanding the difference is crucial for:
Both address types are mandatory for modern IPv6 operation, and rather than viewing them as alternatives, it's more accurate to see them as a team working together to enable local operations and global connectivity. As IPv6 adoption continues to grow, familiarity with these fundamental concepts becomes increasingly important for anyone working with internet technologies.