Loading learning content...
IPv6 was designed with a fundamental challenge: how do you create a protocol that can accommodate features not yet imagined while maintaining the simplicity needed for wire-speed processing? The answer lies in a single, elegant 8-bit field: the Next Header.
The Next Header field serves a dual purpose that makes IPv6 remarkably flexible. It identifies the type of header immediately following the current one—whether that's another IPv6 extension header or the upper-layer protocol payload. This simple chaining mechanism replaces IPv4's rigid, embedded options with a modular, extensible architecture where new functionality can be added without modifying the base protocol.
By the end of this page, you will understand the Next Header field's role and position in IPv6 headers, how extension headers chain together using Next Header values, the standardized values for common protocols and extension headers, processing rules that routers and hosts follow, the 'No Next Header' value and its special semantics, and how Next Header enables IPv6's future-proof design.
The Next Header field occupies byte 6 of the IPv6 base header (bits 48-55). It immediately follows the Payload Length field and precedes the Hop Limit field:
Dual Functionality
The Next Header field serves two distinct purposes:
1. Protocol Identification (when pointing to transport layer)
When the Next Header value indicates TCP (6), UDP (17), or another transport protocol, it functions identically to IPv4's Protocol field—it tells the receiving host which protocol handler should process the payload.
2. Extension Header Chaining (when pointing to extension headers)
When the Next Header value indicates an extension header type (e.g., Routing = 43, Fragment = 44), it signals that additional IPv6-layer header processing is required before reaching the transport payload.
Comparison with IPv4
| Aspect | IPv4 Protocol Field | IPv6 Next Header Field |
|---|---|---|
| Size | 8 bits | 8 bits |
| Position | Byte 9 (after TTL) | Byte 6 (after Payload Length) |
| Primary Role | Identify transport protocol | Identify next header type |
| Extension Support | Embedded options only | Full extension header chaining |
| Values | Protocol numbers | Same protocol numbers + extension headers |
| Future Extensibility | Limited | Unlimited via new extension types |
IPv6 Next Header values use the same IANA-assigned numbers as IPv4 Protocol values. TCP is 6 in both; UDP is 17 in both. This consistency simplifies dual-stack implementations and protocol handling.
IANA maintains the registry of assigned Next Header values. Key values fall into three categories: extension headers, transport protocols, and special values:
| Value | Name | RFC | Description |
|---|---|---|---|
| 0 | Hop-by-Hop Options | RFC 8200 | Options processed by every hop |
| 43 | Routing | RFC 8200 | Source routing and segment routing |
| 44 | Fragment | RFC 8200 | Fragmentation information |
| 50 | ESP | RFC 4303 | Encapsulating Security Payload (IPsec) |
| 51 | AH | RFC 4302 | Authentication Header (IPsec) |
| 60 | Destination Options | RFC 8200 | Options for destination only |
| 135 | Mobility | RFC 6275 | Mobile IPv6 binding updates |
| 139 | HIP | RFC 7401 | Host Identity Protocol |
| 140 | Shim6 | RFC 5533 | Multihoming support |
| Value | Protocol | Description |
|---|---|---|
| 6 | TCP | Transmission Control Protocol |
| 17 | UDP | User Datagram Protocol |
| 58 | ICMPv6 | Internet Control Message Protocol for IPv6 |
| 132 | SCTP | Stream Control Transmission Protocol |
| 136 | UDPLite | Lightweight User Datagram Protocol |
| Value | Name | Meaning |
|---|---|---|
| 59 | No Next Header | Nothing follows—payload is raw data or padding |
| 253 | Testing/Experimental | Reserved for experimentation (RFC 3692) |
| 254 | Testing/Experimental | Reserved for experimentation (RFC 3692) |
Key values to memorize: 0 (Hop-by-Hop), 6 (TCP), 17 (UDP), 43 (Routing), 44 (Fragment), 50 (ESP), 51 (AH), 58 (ICMPv6), 59 (No Next Header). These cover 90% of real-world traffic.
The power of the Next Header field lies in its ability to chain multiple extension headers together. Each extension header contains its own Next Header field, pointing to the next header in the chain:
Chain Structure
IPv6 Base Header (NH = 0)
↓
Hop-by-Hop Options Header (NH = 43)
↓
Routing Header (NH = 44)
↓
Fragment Header (NH = 6)
↓
TCP Header
↓
Application Data
Each header's Next Header field points forward. The final extension header points to the transport protocol (TCP=6, UDP=17, etc.) or to 59 (No Next Header) for raw payloads.
Required Processing Order
RFC 8200 specifies the order in which extension headers should appear (and be processed):
This order ensures predictable processing—each entity knows what to expect next.
Why Order Matters
Packets with extension headers in non-standard order may be dropped by some implementations. RFC 8200 recommends following the prescribed order, but some legacy or non-compliant implementations are permissive. For maximum compatibility, always use standard ordering.
Different network entities process extension headers differently based on their roles:
Router Processing
For transit traffic (not destined to the router itself):
Critical Insight: Routers typically only examine the base header and Hop-by-Hop options. All other extension headers are processed by the destination. This enables fast-path forwarding.
Destination Processing Algorithm
function processIPv6Packet(packet):
current_header = packet.ipv6_header
next_header_value = current_header.next_header
offset = 40 // Base header is 40 bytes
while True:
if next_header_value in TRANSPORT_PROTOCOLS:
// Reached upper layer
deliverToTransport(packet, offset, next_header_value)
return
elif next_header_value == 59: // No Next Header
// Payload is raw or jumbogram padding
handleNoNextHeader(packet, offset)
return
elif next_header_value in EXTENSION_HEADERS:
// Process this extension header
ext_header = parseExtensionHeader(packet, offset, next_header_value)
processExtensionHeader(ext_header)
// Move to next header
offset += ext_header.length
next_header_value = ext_header.next_header
else:
// Unknown header type
sendICMPv6ParameterProblem(packet, offset)
return
Unknown Next Header Handling
If a node encounters an unrecognized Next Header value, it MUST send an ICMPv6 Parameter Problem message (Type 4, Code 1 = unrecognized Next Header type) pointing to the offending field, then discard the packet.
All extension headers (except Fragment) include a 'Header Extension Length' field specifying header size. This enables parsers to skip unknown extension headers without understanding their content—crucial for forward compatibility when new extension types are defined.
The special value 59 indicates "No Next Header"—nothing meaningful follows. This might seem unusual, but it serves important purposes:
Use Cases for No Next Header
1. Jumbogram Padding
IPv6 Jumbograms (packets > 65,535 bytes, using Hop-by-Hop Jumbo Payload option) may have padding bytes at the end. The final extension header can point to 59, indicating the remaining bytes are padding, not a protocol payload.
2. IPsec ESP Without Upper Layer
Some IPsec configurations encrypt the entire original packet, including its IPv6 header. The outer (tunnel mode) IPv6 header's ESP may point to 59 when the encrypted content is a complete packet rather than a transport payload.
3. Raw Data Tunneling
Tunneling protocols might carry non-IP payloads. The Next Header value 59 signals that what follows is raw data without further protocol structure.
Processing No Next Header
if (next_header == 59):
remaining_bytes = payload_length - current_offset + 40
if (remaining_bytes > 0):
// Remaining bytes exist but no protocol to process them
// Could be padding, raw data, or encrypted content
handleRawPayload(remaining_bytes)
else:
// No payload at all (unusual but valid)
return
Security Implications
Packets with NH=59 may bypass certain firewall rules that expect transport-layer headers for filtering. Security policies should explicitly handle this case—either allowing or blocking based on context.
Stateful firewalls expecting TCP/UDP connections may not know how to handle NH=59 packets. Some discard them by default (safe but might break legitimate uses), while others allow them (permissive but potentially dangerous). Explicit policy configuration is recommended.
While we'll cover extension headers in depth in a later module, understanding their basic structure helps clarify Next Header usage:
Common Extension Header Format
Most extension headers (except Fragment) share a common format:
| Offset | Field | Size | Description |
|---|---|---|---|
| 0 | Next Header | 8 bits | Type of header following this one |
| 1 | Header Extension Length | 8 bits | Length in 8-byte units, minus 1 |
| 2+ | Header-specific data | Variable | Depends on extension type |
Length Calculation
The Header Extension Length field counts 8-byte units minus one:
total_bytes = (HdrExtLen + 1) * 8This encoding ensures minimum granularity of 8 bytes, aligning with 64-bit architecture requirements.
Fragment Header Exception
The Fragment Header is always exactly 8 bytes and has a different format:
| Offset | Field | Size | Description |
|---|---|---|---|
| 0 | Next Header | 8 bits | Upper-layer protocol |
| 1 | Reserved | 8 bits | Always 0 |
| 2 | Fragment Offset | 13 bits | Data offset in 8-byte units |
| 2.5 | Res | 2 bits | Reserved |
| 2.7 | M | 1 bit | More Fragments flag |
| 4 | Identification | 32 bits | Fragment group identifier |
Note there's no length field—Fragment headers are always 8 bytes.
To parse an extension header chain: read Next Header to identify type, read Header Extension Length to know size (except Fragment = 8), skip that many bytes to find the next header, repeat until reaching a transport protocol or NH=59.
The Next Header mechanism and extension header chains introduce both opportunities and challenges:
Performance Concerns
RFC 7045 Recommendations
RFC 7045 provides guidance on extension header handling:
Practical Filtering Approaches
| Policy | Extension Headers Allowed | Use Case |
|---|---|---|
| Strict | None except Fragment | Maximum security, may break some apps |
| Standard | Fragment, Destination | Balanced security and compatibility |
| Permissive | All known types | Maximum compatibility, higher risk |
| Custom | Hop-by-Hop, Routing, Fragment | Tailored to specific requirements |
Many ISPs and enterprise networks filter packets with uncommon extension headers at their borders. While this violates pure end-to-end principles, it's a pragmatic response to extension header abuse. If your application needs extension headers, verify path support.
Let's examine real-world packet structures and their Next Header chains:
Example 1: Simple TCP Packet
Packet Analysis:
IPv6 Header (40 bytes)
Next Header: 6 (TCP)
TCP Header (20+ bytes)
Source Port: 443
Destination Port: 52847
TCP Payload
HTTPS encrypted data
Simplest case—base header points directly to TCP.
Example 2: Fragmented UDP Packet
Fragment 1 of 3:
IPv6 Header (40 bytes)
Next Header: 44 (Fragment)
Fragment Header (8 bytes)
Next Header: 17 (UDP)
Fragment Offset: 0
More Fragments: 1
Identification: 0x12345678
UDP Header (partial) + Data
First 1232 bytes of original UDP datagram
| Scenario | Header Chain | Purpose |
|---|---|---|
| Normal TCP | IPv6 (NH=6) → TCP | Standard web traffic |
| Normal UDP | IPv6 (NH=17) → UDP | DNS, video streaming |
| ICMPv6 Ping | IPv6 (NH=58) → ICMPv6 | Network diagnostics |
| Fragmented Packet | IPv6 (NH=44) → Fragment (NH=6) → TCP | Large packet transmission |
| IPsec Transport | IPv6 (NH=50) → ESP → TCP (encrypted) | Secure communication |
| IPsec Tunnel | IPv6 (NH=50) → ESP → IPv6 → TCP | VPN tunnel |
| Mobile IPv6 | IPv6 (NH=0) → Hop-by-Hop → (NH=135) → Mobility → TCP | Mobile binding update |
| Segment Routing | IPv6 (NH=43) → Routing → (NH=6) → TCP | Traffic engineering |
Example 3: IPsec ESP Tunnel Mode
Outer IPv6 Header (40 bytes)
Source: VPN Gateway A
Destination: VPN Gateway B
Next Header: 50 (ESP)
ESP Header (8 bytes)
SPI: 0xABCDEF01
Sequence: 1234
Encrypted Payload (contains):
Inner IPv6 Header
Source: Original Sender
Destination: Original Receiver
Next Header: 6 (TCP)
TCP Header + Data (encrypted)
ESP Trailer (padding + auth)
The outer Next Header = 50 indicates ESP. After decryption, the inner packet has its own complete header chain.
Example 4: Complex Chain
IPv6 Header (NH=0)
↓
Hop-by-Hop (NH=60) - Router Alert option
↓
Destination Options (NH=43) - Padding
↓
Routing (NH=44) - Segment Routing
↓
Fragment (NH=51) - If fragmented
↓
AH (NH=6) - Authentication
↓
TCP - Application data
Maximum chain—unusual but valid for specialized applications.
Network analyzers like Wireshark display extension header chains clearly. When troubleshooting, examine the Next Header value at each level to trace the chain. Unexpected values often indicate configuration errors or malicious packets.
The Next Header field is the linchpin of IPv6's extensible architecture—a simple 8-bit field enabling unlimited protocol evolution.
Module 3: IPv6 Header Complete
You've now mastered all five core IPv6 base header fields beyond addresses:
| Field | Purpose | Key Insight |
|---|---|---|
| Header Simplification | Architectural design | Fixed 40 bytes enables hardware optimization |
| Flow Label | Flow identification | Enables ECMP without DPI |
| Traffic Class | QoS classification | DSCP + ECN for differentiated services |
| Hop Limit | Packet lifetime | Prevents loops, enables traceroute |
| Next Header | Protocol ID / Chaining | Enables unlimited extensibility |
This foundation prepares you for the next module on Extension Headers, where we'll explore each extension type in detail—Hop-by-Hop Options, Routing, Fragment, and more.
Congratulations! You've completed Module 3: IPv6 Header. You now understand both the simplified base header design and the mechanisms enabling IPv6's flexibility. This knowledge forms the foundation for understanding IPv6 packet handling, network design, and security implementation.