Home > IPv6 Questions 2

IPv6 Questions 2

July 20th, 2017 in ROUTE 300-101 Go to comments

Question 1

Question 2

Question 3


Address Family Translation (AFT) using NAT64 technology can be achieved by either stateless or stateful means:
+ Stateless NAT64 is a translation mechanism for algorithmically mapping IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it does not maintain any bindings or session state while performing translation, and it supports both IPv6-initiated and IPv4-initiated communications.
+ Stateful NAT64 is a stateful translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation. It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html

Question 4

Question 5


When a change is made to one of the IP header fields in the IPv6 pseudo-header checksum (such as one of the IP addresses), the checksum field in the transport layer header may become invalid. Fortunately, an incremental change in the area covered by the Internet standard checksum [RFC1071] will result in a well-defined change to the checksum value [RFC1624]. So, a checksum change caused by modifying part of the area covered by the checksum can be corrected by making a complementary change to a different 16-bit field covered by the same checksum.

Reference: https://tools.ietf.org/html/rfc6296

Question 6

Question 7


Link-local addresses are always configured with the FE80::/64 prefix. Most routing protocols use the link-local address for a next-hop.

Question 8


A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Link-local addresses are not necessarily bound to the MAC address (configured in a EUI-64 format). Link-local addresses can also be manually configured in the FE80::/10 format using the ipv6 address link-local command.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/113328-ipv6-lla.html

Question 9


Stateless Address Auto Configuration (SLAAC) is a method in which the host or router interface is assigned a 64-bit prefix, and then the last 64 bits of its address are derived by the host or router with help of EUI-64 process.

Question 10

Question 11


The components of IPv6 header is shown below:


The Traffic Class field (8 bits) is where quality of service (QoS) marking for Layer 3 can be identified. In a nutshell, the higher the value of this field, the more important the packet. Your Cisco routers (and some switches) can be configured to read this value and send a high-priority packet sooner than other lower ones during times of congestion. This is very important for some applications, especially VoIP.

The Flow Label field (20 bits) is originally created for giving real-time applications special service. The flow label when set to a non-zero value now serves as a hint to routers and switches with multiple outbound paths that these packets should stay on the same path so that they will not be reordered. It has further been suggested that the flow label be used to help detect spoofed packets.

The Hop Limit field (8 bits) is similar to the Time to Live field in the IPv4 packet header. The value of the Hop Limit field specifies the maximum number of routers that an IPv6 packet can pass through before the packet is considered invalid. Each router decrements the value by one. Because no checksum is in the IPv6 header, the router can decrease the value without needing to recalculate the checksum, which saves processing resources.

  1. Fumiko80
    June 18th, 2017

    Hello, Question 11. What’s the correct answer?
    BCE or ACD.

    @DigitalTut, I need to resolv this.

  2. hafiz jalal
    July 25th, 2017

    question no 11 is correct answer is A,C,D

  3. Dassh
    August 5th, 2017


  4. cl
    September 28th, 2017

    Q11 correct is BCE. To filter packets in a ACL you won’t use hop limit or traffic class but flow label and IPv6 source and destination addresses.

  5. Breaker of Chains
    November 3rd, 2017

    I struggled to grasp #9 for a bit. Yes, SLAAC/EUI-64 is an answer, but why isn’t DHCPv6, I wondered. In the end, I think it’s because of the wording of “with default settings on all interfaces”. Therefore, even though the DHCPv6 pool(named dhcp-pool) is shown as being configured, it is not applied to any interface with the “ipv6 dhcp server dhcp-pool” command. Leaving only SLAAC/EUI-64 as a way to configure the client.

    The explanation on this page does not elaborate on why SLAAC/EUI-64 is the answer in this case, it only explains a little about how SLAAC/EUI-64 work. Am I mistaken?

  6. Breaker of Chains
    November 3rd, 2017

    “Q11 correct is BCE. To filter packets in a ACL you won’t use hop limit or traffic class but flow label and IPv6 source and destination addresses.” — cl

    I agree with this(BCE). if you try creating an ipv6 ACL, of course source and destination are always able to be specified. beyond that, I found that flow-label is supported and there is no option for hop limit or traffic class.

    R1(config-ipv6-acl)#deny ipv6 host 1111::1 host 2222::2 ?
    auth Match on authentication header
    dest-option Destination Option header (all types)
    dscp Match packets with given dscp value
    flow-label Flow label
    fragments Check non-initial fragments
    hbh Match on hop-by-hop option
    log Log matches against this entry
    log-input Log matches against this entry, including input
    mobility Mobility header (all types)
    mobility-type Mobility header with type
    routing Routing header (all types)
    routing-type Routing header with type
    sequence Sequence number for this entry
    time-range Specify a time-range
    undetermined-transport Transport cannot be determined or is missing

  7. durshen
    November 11th, 2017

    Hi friends, I have the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  8. William
    November 14th, 2017

    Confirming the 539q dumps are valid.

  9. Ashley
    November 14th, 2017

    Passed, if you go the exam study the 21q dumps.

  10. Fred
    November 21st, 2017

    You can find the it-libraries dumps here https://drive.google.com/open?id=0B5mAFqgydmCzNno3dnFocF9HckU

  11. Tyron
    December 4th, 2017

    Confirming the 21q dumps are valid.

  12. Vox
    December 7th, 2017

    @BreakerOfChains Had the same question. I think you are correct.

  13. ww
    December 9th, 2017

    please I need questions (digitaltut) . I do not see question

  14. Anonymous
    February 17th, 2018

    I do believe the correct answers are really A C D. Let’s think about it:
    Destination address – what for? Destination add. is the add. of enterprise’s WAN link which is under attack.
    Source address – We can’t just block a source ip address in a DDoS attack since the packets do not come from only one source.

  1. No trackbacks yet.