INTRODUCTION TO INTERNET PROTOCOL 6

painveilΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 3 χρόνια και 10 μήνες)

92 εμφανίσεις

INTRODUCTION TO

INTERNET PROTOCOL 6


ESTIMATED TIME OF INSTRUCTION: 2 HOURS

Tony Kellar

Daymar Institute

Why the OSI Model


Multi
-
vendor support and standardization


Enhances simplicity and design and
troubleshooting


Changes made at one layer do not affect other
layers


TCP doesn’t care


UDP doesn’t care


Data
-
link doesn’t

care


Only layer 3 cares

IPv4 IPv6

WHY Internet Protocol 6


IPv4 address exhaustion has been a concern over time.















Roughly 2/3
rd

of actual addresses are publically usable

Source: http://en.wikipedia.org/wiki/IPv4

Current IPv4 status

Source: http://slideshow.techworld.com/3363475/ipv6
--
why
-
we
-
need
-
new
-
internet
-
protocol/2/

Additional reasons for IPv6


IPv4 was created in late 1960’s.


Many lack of optimizations in design


Broadcast and Multicast concerns


Fragmentation became necessary


Hack, Hack, Hack to get certain things to work


Lack of global focus


Internet Routing Table became HUGE!


Impossible to optimize


Security was not a concern in protocol creation


IPv4 subnetting is….clunky and inefficient


Poor management of IP space as we were

“NEVER GONNA RUN OUT!”



WE ARE NOT YET READY FOR THIS

http://slideshow.techworld.com/3363475/ipv6
--
why
-
we
-
need
-
new
-
internet
-
protocol/2/

WHAT IS AN IPv4 ADDRESS?


32 bits in succession indicating the address


Networks are sub
-
divided by the subnet mask


The Internet started out CLASSFULLY (A,B,C,D,E)


Now we can subnet networks to create optimizations of
space (known as CLASSLESS)

Source:http://www.cisco.com/web/about/ac123/ac147/archive
d_issues/ipj_9
-
1/ip_addresses.html

Whiteboard Review: How IPv4 talks


Concept#1: ARP


Concept#2: Intra
-
Network Routing


Concept#3: Inter
-
Network Routing

192.168.1.0/24

.1

.2 .3 .4 .2 .3 .4

192.168.3.0/24

.1 192.168.2.0/24 .2

.1

How much bigger is IPv6 than IPv4


We can assign an IPv6 address to every atom on the surface of
the Earth


There are 2^52 more IPv6 addresses than known stars in our
universe.


If the entire IPv4 space was the size of a basketball, IPv6 is the
size of the sun.


My house is 4,294,967,296 times the space as the entire
Internet on my primary network


My secondary network (at my house), is 281,474,976,710,656
times larger than the entire Internet


17 times larger than the National Debt


Comparison:


IPv4 = 4,294,967,296 total address space


IPv6 =


APPROXIMATELY

3,402,823,669,209,384,634,633,746,074,317,700,000,000,000,000,000,000,000,000,00
0,000,000,000


MY CALCULATOR WILL NOT DISPLAY THE EXACT NUMBER

LET’S FACE IT


BIG NUMBER

IPv6 Address Format


128 bits in length (versus IPv4 32 bit length)


Each section is 16 bits represented by 4 characters between 0


F


If you understand MAC addresses…easy stuff then


Expressed in hexadecimal format (Base 16)


0(0)=0000


4(4)=0100

8(8)=1000

12(C)=1100


1(1)=0001


5(5)=0101

9(9)=1001

13(D)=1101


2(2)=0010


6(6)=0110

10(A)=1010

14(E)=1110


3(3)=0011


7(7)=0111

11(B)=1011

15(F)=1111


Each section of 16 bits is separated by a “:”


Leading zeros in a section can be dropped


Successive zeros in multiple sections can be expressed with “::”


NOTE: Can be used only once


Whiteboard examples:


3f01:abcd:1234:5678:2780:1537:1100:1234


2001:0db8:00ca:1300:0000:0000:1350:aaaa


2001:0db8:0000:0bde:0000:0000:1306:0001


0000:0000:0000:0000:0000:0000:0000:0000

IPv6 Address Format


Different View

Exercise


Shortest Length These


ABCD:0807:0000:123D:5908:ABCD:8797:0001


2001:0DB8:0001:3092:0001:00DE:1230:0203


2001:0DB8:0000:3092:0000:0000:0020:1023


2001:1000:0000:3821:0000:0000:0000:E736


2610:1200:0010:0000:0000:0000:0000:000A


3001:3342:0101:0000:0001:0000:0001:0001


C000:0000:0000:0000:0000:0000:0000:0001


Exercise


Shortest Length These

Answer


ABCD:807::123D:5908:ABCD:8797:1


2001:DB8:1:3092:1:DE:1230:203


2001:DB8:0:3092::20:1023


2001:1000:0:3821::E736


2610:1200:10::A


3001:3342:101::1:0:1:1

OR


3001:3342:101:0:1::1:1


C000::1


Quick Note


IPv6 address within URL


URL’s explicitly use the : to designate a port
number


http://www.network
-
chef.com:8080


IPv6’s uses of colons creates problems


http://2001:470:1f11:113b::2:8080 does
not work


If pointing directly to an IPv6 address in a
URL, encapsulate in brackets


http://[2001:470:1f11:113b::2]:8080


IPv6


Expressing Network vs. Host


In IPv4, we use subnet masks to support this


I.E.
192.168.0
.1
255.255.255
.0


In IPv6, if we used a subnet mask for the same
number of hosts, we would have to type:


255.255.255.255.255.255.255.255.255.255.255.255.255.255.255.0


IPv4: 255.255.255.0 = /24 (how many 1s)


IPv6: /##
-

same deal, therefore:


2610:0018:02c1:0041:2342:ffe2:1234:0001/64


2610:0018:02c1:0041
:2342:ffe2:1234:0001
/64

RED = NETWORK

WHITE = HOST


Examples

ABCD:0807:0000:123D:5908:ABCD:8797:0001/8

2001:0DB8:0001:3092:0001:00DE:1230:0203/16

2001:0DB8:0000:3092:0000:0000:0020:1023/32

2001:1000:0000:3821:0000:0000:0000:E736/48

2610:1200:0010:0000:0000:0000:0000:000A/64

3001:3342:0101:0000:0001:0000:0001:0001/96

C000:0000:0000:0000:0000:0000:0000:0001/128

Examples SOLVED


16 32 48 64 80 96 102 12
8

AB
CD:0807:0000:123D:5908:ABCD:8797:0001/8

2001
:0DB8:0001:3092:0001:00DE:1230:0203/16

2001:0DB8
:0000:3092:0000:0000:0020:1023/32

2001:1000:0000
:3821:0000:0000:0000:E736/48

2610:1200:0010:0000
:0000:0000:0000:000A/64

3001:3342:0101:0000:0001:0000
:0001:0001/96

C000:0000:0000:0000:0000:0000:0000:0001
/128

Addressing Hosts


Statically


typing it in exactly (YUCK! for hosts)

Addressing Hosts


Dynamically


Method 1: Auto
-
configuration (privacy mechanism!!!)


Host picks random and validates it is not already on the
network


2610:18:2c1:41:cca8:57fd:6a7c:cdbf


Uses a mechanism known as RS/RA


Router
Solicitation and Router Advertisement for default
-
gateway establishment


Method 2: IPv6 DHCP (Stateful)


Can use either RD/RA or statically defined default
-
gateway


Method 3: Cryptographically generated addresses


I
BELIEVE

BUTTON

Addressing Hosts


Dynamically


Method 4: EUI
-
64 addressing


Host uses MAC address on Ethernet NIC as NIC is
48 bits and globally unique


Flips 7th bit from

0

1 or 1

0


Why? Not a clue! I didn’t write it.


Inserts FFFE between first 24 bits and last 24 bits of
MAC and makes IP address


See next slide for an example


Also uses RS/RA for default
-
gateway establishment


Addressing Hosts: EUI
-
64 example

Source: www.tcpipguide.com

IPv6 Address Apportionment

IPv6 addressing standard networks


Businesses will go to RIR/NIR for IPv6
addresses if needing multipath routing


Single path routing for businesses/large
customers will be provided a /48 from the ISP


Extremely small business and private
customers (us)….will traditionally get a /64



NOTE: Even though obscene number of
IPs…IETF specifies smallest network really
should be /64….even in point
-
to
-
point networks


Certain tunneling technologies…i.e.
ISATAP…REQUIRES the network to be a /64

(I lost hair over this and I can’t afford that!)

Types of Traffic


IPv4


Unicast


host to host only communications


Multicast


host to many (listening hosts) comms


Broadcast


host to everybody on segment


IPv6


Unicast


host to host only communications


Multicast


host to many (listening hosts)


Anycast


host to closest address (Ugh!)


Wait


Where did broadcasts go? What about ARP???

We’ll get there…hold on that!

Types of Address (there are more)


Aggregatable Global Unicast: 2000::/3 (2000
-
3FFF)


No such thing as a private IP in IPv6


Multicast: FF00::/8


This requirement will never go away


Routing protocols


Special services


Video


Link
-
Local Unicast: FE80::/10


Ah
-
ha…


IP address used by host to talk to other hosts within the

network (Time To Live of 1)


Finds hosts and routers on link only


Solicited Node Multicast: FF02::1::/104


Ah
-
ha!!!


IP address used by host to query the MAC of a host


Also used for Duplicate Address Detection (DAD)


Link Local


FE80::/10


Link local breakdown:


FE80 for first 10 bits


Next 54 bits are all “0”s


Last 64 bits are the last 64 bits of IP address


Given IP address:
2610:18:2c1:41:cca8:57fd:6a7c:cdbf


Link Local address:


FE80::cca8:57fd:6a7c:cdbf


Link local does not talk outside of “link”


Used by the host to talk WITHIN the link

Special IPv6 Addresses


:: = I don’t have an address


source = 0’s


::1 = Equal to IPv4’s 127.0.0.1


Ping it. It will respond (we hope)


IPv4 to IPv6 tunneling address


IPv4 compatible IPv6 address


0:0:0:0:0:0:IPv4 address


0:0:0:0:0:0:192.168.1.1 or ::192.168.1.1


IPv4
-
mapped IPv6 address


0:0:0:0:FFFF:192.168.1.1



I BELIEVE

BUTTON

I BELIEVE

BUTTON

Solicited
-
Node Multicast Addresses


Provides ability for host to contact an IP address when it
only knows it’s IP (sounds like ARP)


Address format = FF02::1:FF00:0000/104


Last 24 bits are the IP address that is bound to that
host


Link Local Only


Used for Neighbor Discovery (ARP) and DAD

Solicited
-
Node Multicast Addresses


I know what you are thinking


If the host size is 64 bits…but Solicited Node Multicast = last 24
bits, isn’t it possible to have two nodes with the same address?


I.E. 2610:18:2c1:abcd:abcd:1234:1234:1001


2610:18:2c1:abcd:abcd:1234:1334:1001

Yup! But given size of a /64…risk is small.

2^24=1,677,216 addresses. What…too small for you?


And if it happened, impact is small. Neighbors will be found.



DAD will recognize if a real duplicate exists.

Whiteboard Review: How IPv6 talks

Concept#1: Neighbor /Router Solicitation/Advertisement



Solicited vs. Unsolicited

Concept#2: Intra
-
Network Routing

Concept#3: Inter
-
Network Routing

192.168.1.0/24

.1

.2 .3 .4 .2

.
3 .4

192.168.3.0/24

.1 192.168.2.0/24 .2

.1

Multicast


Starts with FF00::/8


So easily done in IPv6. Overcomes major
problems with IPv4


IETF did a wonderful job mapping old to new


Protocol

IPv4 Multicast

IPv6 Multicast

All hosts

224.0.0.1

FF02::1

All routers

224.0.0.2

FF02::2

All OSPF
routers/OSPFv3

224.0.0.5

FF02::5

All OSPF
DR|BDR/OSPFv3
DR|BDR

224.0.0.6

FF02::6

RIP/RIPng

224.0.0.9

FF02::9

EIGRP/EIGRPv6

224.0.0.10

FF02::A

IPv6 Transition Mechanisms


IPv6 only


sounds weird? Go to China.


IPv4 and IPv6 dual stack


interface supports both
IPv4 and IPv6. Best implementation in my humble
opinion.


IPv6 over IPv4 tunnels/IPv4 tunnels over IPv6


Complex


Readily available as IPv4 is readily available


Active proxy


NAT64


translating IPv6 addresses to IPv4…vice
versa


DNS64


translating AAAA to A…requiring a server

Why Aren’t We All At IPv6 Yet?


You:“I want to implement IPv6 across the enterprise. For our
own /48, we will have to pay $2,000 per year, upgrade
equipment software, setup the PCs, and will cost us about
1,000 man hours. Plus, we will have to train your staff.”

Manager: “Will we make money off of this project?”

You: “Not yet. But someday we
might

need it.”

Manager: “Who is doing IPv6?”

You: “About 1% of the planet”

Manager’s response: <FILL IN THE BLANK>


Now adjust. You are an ISP. What is the justification for you to
have IPv6 for all your customers when only 1% of the

planet even knows what it is?


Infancy….Engineering….Cost….vs. Gain

Useful PC diagnostic commands


ipconfig or ipconfig /all


ping
-
4 IP
or

ping
-
6 IPv6 address


Note, if running both…IPv6 wins by default


tracert
-
4 IP
or

tracert
-
6


netstat


r
or

route print : shows PC routing table (
-
4 or
-
6 will specify only that table)


netstat

ps IPv6: Shows IPv6 traffic stats


netstat

ps ICMPv6: Shows IPv6 ICMP stats


netstat

ps TCPv6: Shows TCP stats


netsh interface ipv6 show neighbor: shows what
IPv6 neighbors have been learned on local link



Important Cisco commands
-

not in CCNA


Things to Remember


Part 1


IPv4 uses DNS A records.


IPv6 uses DNS AAAA records or A6 (experimental) records.


You do not need explicitly an IPv6 server. An IPv4 DNS server will
pass AAAA.


IPv4 has a primary address on the interface. It does all the talking.


IPv6 can have hundreds of addresses on the interface…with each
capable of talking….even in the same subnet.


Windows XP is first Windows that started will down IPv6. However, go
Windows 7 if you can. MUCH MORE CAPABLE.


Mobile devices


already ready and in many cases, can’t turn it off


IPv6 is really simpler than IPv4. The problem is concepts , availability
of connections, and learning to understand it.


IPv6 does NOT allow for fragmentation. The router sends out the MTU
in its advertisements. It is left to the host to perform any fragmentation
prior to shipping.


There is way more to this thing….as one could expect

Things to Remember


Part 2

SECURITY


If you are not using IPv6, TURN IT OFF:


Disable TCP/IP IPv6


Disable Tunnel Adapters


Teredo


Automatic 6
-
4


ISATAP


There is no such thing as private IPv6 addresses


Firewall all machines


Stateful packet inspection at hardware router/firewall is best


IPv6 is really simpler and more productive


1 drawback. 64
-
bit processor can process both IPv4 source and
destination in one pass. IPv6


4 passes.


Security (IPSEC) built in


Network apportionment is easy


It is like going for a 2 mile run. It hurts BADLY at first … but hurts
less the next time….and always hurts a little.


Test Network Topology

IPv6

ipv6.google.com

HE ISP

Tony’s

House

IPv6 over IPv4 GRE tunnel

IPv4

Your PC

Daymar Network

IPv4

Encrypted

IPv6 traffic over

IPv4 tunnel

IPv4

IPv6

Daymar


Switch

SAME

Daymar


Switch

PLAYTIME


Hopefully, you are now on the “IPv6 NET”


Go to IPv6.google.com.


Ping ipv6.google.com


Ping each other’s address. Fun entering
that…huh? DNS will be HUGE in the future.


Search for IPv6 enabled websites


Do the PC associated commands


NO IPv6 PORN…AKA PORN6? HAHA


Remember, you are on my network!



Thank you for your time!

Useful PC diagnostic commands


ipconfig or ipconfig /all


ping
-
4 IP
or

ping
-
6 IPv6 address


Note, if running both…IPv6 wins by default


tracert
-
4 IP
or

tracert
-
6


netstat


r
or

route print : shows PC routing
table (
-
4 or
-
6 will specify only that table)


netstat

ps IPv6: Shows IPv6 traffic stats


netstat

ps ICMPv6: Shows IPv6 ICMP stats


netstat

ps TCPv6: Shows TCP stats


netsh interface ipv6 show neighbor: shows
what IPv6 neighbors have been learned on local
link