Inside IPv6: How Modern Interface IDs Are Created
As organizations move toward IPv6 adoption, understanding how IPv6 addresses are constructed becomes essential. An IPv6 address is composed of two main parts: the network prefix and the interface identifier (IID). The IID uniquely identifies a device on a network and plays a major role in routing, privacy, and device configuration. Because IPv6 offers different methods for generating these identifiers, administrators should understand how each one works and what it means for security and performance.
This article explains the most common methods for generating IPv6 interface identifiers and offers guidance on choosing the right approach for your network.
What Is an IPv6 Interface Identifier?
An IPv6 address is 128 bits long, divided into:
- Network Prefix (first 64 bits)
- Interface Identifier (IID) (last 64 bits)
The interface identifier serves as a unique device identifier within the local network. IPv6 uses 64-bit IIDs because they allow efficient Stateless Address Autoconfiguration (SLAAC), simplified routing, and scalable addressing.
IIDs can be generated using hardware properties, random values, or privacy-enhanced algorithms, depending on the configuration method.
Method 1: EUI-64 (Based on MAC Address)
The original method for generating IIDs was EUI-64, which derives the IID from the device’s MAC address. The process includes:
- Taking the 48-bit MAC address
- Splitting it into two 24-bit halves
- Inserting FF: FE in the middle
- Flipping the seventh bit (Universal/Local bit)
For example:
MAC Address: 00-1A-2B-3C-4D-5E
EUI-64 IID: 021A:2BFF:FE3C:4D5E
Advantages of EUI-64
- Automatic and predictable
- Works seamlessly with SLAAC
- Guaranteed uniqueness on local networks
Main Drawback
It exposes the device’s MAC address, creating privacy concerns. Attackers can track devices across networks or identify the hardware manufacturer.
Method 2: Randomized Interface Identifiers
To address privacy issues, IPv6 later introduced randomized IIDs. Instead of relying on hardware identifiers, the system generates pseudo-random 64-bit values.
Randomized addresses:
- Reduce device tracking
- Improve privacy for mobile and roaming devices.
- Change over time, depending on system settings.
Operating systems like Windows, macOS, Linux, iOS, and Android often enable randomization by default.
Method 3: Privacy Extensions (Temporary Addresses)
Privacy Extensions, defined in RFC 4941, generate temporary IPv6 addresses with randomized IIDs. These addresses rotate periodically and are used for outbound connections such as:
- Browsing websites
- Accessing external resources
- Cloud or mobile app communication
Why They Matter
Privacy extensions prevent external servers from linking browsing history or online activity to a single, persistent IP address.
Method 4: Stable but Randomized IIDs (RFC 7217)
RFC 7217 introduced a method for generating stable yet private interface identifiers. These IIDs do not depend on MAC addresses but remain consistent for the same network prefix.
The algorithm uses:
- Network prefix
- Secret key
- Network interface information
- Hash functions
Benefits of RFC 7217 IIDs
- Stable across reboots
- No exposure of the MAC address
- Resistant to tracking and scanning
- More secure than traditional EUI-64
This method is widely used in enterprise deployments where consistency and privacy are equally important.
Method 5: DHCPv6-Assigned IIDs
In some networks, administrators prefer controlling IPv6 assignments through DHCPv6. In this case, the DHCP server generates the interface identifier. This approach is useful for:
- Centralized address management
- Logging and auditing
- Consistent device tracking
While DHCPv6 is not required in IPv6 networks, it remains valuable for complex enterprise environments.
Choosing the Right IID Generation Method
Different environments require different approaches:
EUI-64
Best for simple networks, but not recommended for modern deployments due to privacy risks.
Randomized Temporary Addresses
Ideal for consumer devices, laptops, and mobile users.
RFC 7217 Stable IIDs
Recommended for enterprise networks needing predictable yet private addressing.
DHCPv6
Useful for organizations that require centralized control and auditing.
When deploying IPv6, always consider the security and privacy implications of your chosen IID method.
About IPv4Hub.net
As networks transition to IPv6, many organizations still require a stable, reliable IPv4 space to support legacy systems, global routing, and customer-facing platforms. IPv4Hub.net provides clean, reputation-verified IPv4 blocks for lease, including /24, /23, /22, and /21 ranges. Each block undergoes detailed blacklist checks, routing history analysis, and registry accuracy verification. IPv4Hub.net offers human-powered onboarding, BGP assistance, and transparent pricing to help businesses deploy IPv4 resources quickly and securely. Their services give companies the flexibility to operate efficiently during the global shift toward IPv6.