StatelessAdvertisements by routersRouters don’t keep track of what configuration parameters are picked up by clientsIP layer parameters may be auto-configured (address, net mask and gateway)DNS parameters may be configured (RFC 6106)ICMP is used to request and advertise parametersMay signal that the clients should use DHCP for other options (like DNS or SIP-gateway)StatefulProvides centralized management of network resourcesHigher layer protocol parameters can be configured as well as IP layer parametersDHCP (or possibly other higher layer protocol) is used to request and advertise parametersStateless and statefulcan be used concurrently
Page 4 Common arguments ”We have enough of “We do not want to be IPv4 addresses – we the early adopters – do not need IPv6!” let the others do the mistakes!”We do not have theTIME! “We do not want to touch existing infrastructure but wait to the next upgrade cycle.”
Page 5 Common arguments ”We have enough of “We do not want to be IPv4 addresses – we the early adopters – do not need IPv6!” let the others do the mistakes!” ”The world outside ”Being an early might want to reach adopter also means you over IPv6 - you more experience!” do not want to end up on a ”Wall of Shame”” ”You may set up a separate entry in your network for IPv6 and gradually introduce IPv6 intoWe do not have the your network!” ”An implementationTIME! may cost more time and resources if “We do not want to implemented in touch existing panic” infrastructure but wait to the next upgrade cycle.”
Page 6One example: http://go6.se/check Some journalist will ask you what your strategy for IPv6 is.
Page 7Not much really… Get a modern webserver. Get a modern DNS and enable the functionality Modern mail server (Exchange 2007 is enough) On the server side Windows 2008 is fine
Page 8Today IPv4 IPv6 Get experience Mail Web DNS while IPv6 traffic is sparse! Services
Page 9Tomorrow IPv4 IPv6 We need this up and running NOW! Mail Web DNS Services
Page 10 No time NOW will cost you later: ◦ Upgrade many things at once ◦ Trace errors? ◦ Concentrated costs ◦ No time to get acquainted with IPv6 We need this up and running NOW!
Page 11”We do not want to touch our current infrastructure!” IPv4 IPv6 Mail Web DNS Small firewall DMZ just for Enable IPv6 support on IPv6 servers but do not add IPv6 DNS records. When tested add IPv6 DNS records. Test network Clients
Page 13Short answer: a lot! Every customer will get a /48 per site: 2128-48 = 280 = 1,208925819614629174706176 * 1024 Is it possible to make mistakes with this many addresses? The answer is yes!
Page 14 Size of all subnet should be /64 – there are reasons for this we will come back to! 128 bits n bits 64 – n bits 64 bits Network prefix Subnet ID Host ID Address span for a site Subnet within a site Interface ID, 64 bits
Page 15To spread all subnets randomly over the whole assignment! Assignment (/48) = subnet Can render unnecessary problems in the future!
Page 16How should a customer divide its /48? 2001:db8:1234:[0000-FFFF]::/6416 * 4096 16 * 16 * 256 16 * 256 * 16 256 * 256L1 L2 L1 L2 L3 L1 L2 L3 L1 L20 000 0 0 00 0 00 0 00 00. … . . .. . .. . .. ..F FFF F F FF F FF F FF FFOne office with manysubnets or extremely Few offices with Many offices with Many offices withmany offices with many subnets within just a few subnets many subnets withinone subnet within each each office within each each• Every subnet should be /64 which gives 65536 subnets in a /48• Use a hierarchy with two or three levels and use only one L1-net at a time (to avoid cluttering of subnets all over the assignment)• Save the remaining L1-nets for future use• Identify where the majority of the subnets is needed: number of offices or number of subnets per office and let the hierarchy mirror this
Page 17 Avoid the 0-net in L1 since the shortening rules makes this network invisible Only fill in the networks you are using As an alternative the customer could use a IP planning tool. ◦ http://www.alcatel-lucent.com ◦ http://www.6connect.com ◦ http://www.infoblox.com Google IPAM to find more! L2 L1 L22001:db8:1234:100::/64 2001:db8:1234:1020::/642001:db8:1234:20::/64 2001:db8:1234:1100::/642001:db8:1234:200::/64 2001:db8:1234:1200::/64 Sorting? More evident! Readability?
Page 18To use the same size everywhere is done by several reasons: Simplification – easier for administrators, users and support personnel A number of techniques is built upon this assumption: ◦ Stateless Address Auto Configuration (SLAAC) ◦ Privacy Extensions (used to randomize the last 64 bits of an IP-address instead of using the MAC-address) ◦ Parts of Mobile IPv6 (roaming on IP-level) Smaller subnet on link nets -> manual configuration
Page 20 Manual Stateless Autoconfig (SLAAC) DHCPv6 THIS is your address! Internet R Internet R R R R R R R R R R Could I R have an address, please? Multicast Where am I? You’re with me! Use my address to tell others on the Internet where you are. DHCPv6 Yep, here is one I Server = haven’t given +Computer A unique ID for this away! Host generatedaddress subnet Holds a list of Could be a random number or possible addresses The network prefix of the router the MAC-address of the NIC to give away.
Page 21 SLAAC and DHCPv6 communicate over IP – we need an IP-address before we have an ”official address” It’s an automatic address which is generated on all interfaces with IPv6 support Can be used on the local link (subnet) and is never routed to another link Always start with FE80::/10 64-bitars host Host Address = FE80:: + generated suffix (random or MAC) R R Internet R R R Generated A Generated B Generated C Generated D Generated E Generated F
Page 22 Static ◦ Manual configuration just as in IPv4. Address Prefix length Default router DNS resolver Manuell THIS is your address!
Page 23 Stateless Address Auto Configuration - SLAAC ◦ Uses an algorithm to create the host-part of the address. ◦ This part is appended to the prefix the router is sending out with a Router Advertisement (RA) ◦ Assumes /64-bits net masks ◦ RA also gives information on default router and prefix length ◦ RA can give information on DNS resolver ◦ All OSes support RA ◦ Some support the option that configures the DNS resolver Where am I? Router Solicitation -> FF02::2 R FF02::1 or link-local <- Router Advertisement You’re with me! Use my address to tell others on the Internet where you are.
Page 24Cur Hop Limit Which Hop Count the client should use on this segmentM-flag Decides whether the client should use SLAAC or DHCPv6 to configure the addressO-flag Use DHCPv6 to configure other parameters(DNS, NTP- server,etc.)Prefix Prefix (and prefix length) the client should useOther information MTU, link local address for the router, different timeouts that should be used on this segment
Page 25 Stateful address - DHCPv6 ◦ Keeps track of which clients get which address Internet R ◦ Can also be used to configure other options R like SIP gateway R R ◦ Normally there exists one DHCPv6 server and R all routers and firewalls acts as relays R Can I have ◦ Some OSes has no support for DHCPv6, for an address, please? instance Mac OS X before version 10.7. ◦ Third party software exists which can help OSes with poor support for DHCPv6 (Dibbler, Kame) ◦ Dibbler, Kame and ISC DHCPD are also examples of DHCPv6-server implementations Sure, here is one I haven’t given away!
Page 26How will a host get its addresses? = address gets assigned Always starts with FE80::/10 Link localThe computer gets Static DHCPv6connected SLAAC ”Official ” Dynamic DHCPv6 In IPv6 every host gets more than one address: 1) Loopback (::1) 2) Link local (one FE80::/10 per interface) 3) ”Official” (global) address (per interface) 4) A number of multicast addresses
Page 28 Servers Static addresses on servers ◦ One prefix per server (simplifies firewall administration since every server has ONE prefix and there is no implicit communication over the link local addresses ◦ Turn off RA receptionPrefix: 2001:DB8:1234::/482001:DB8:1234:F100::/56: Web 2001:DB8:1234:F101::/64 2001:DB8:1234:F103::/642001:DB8:1234:F200::/56: Mail 2001:DB8:1234:F102::/64 16 * 16 * 256 L1 L2 L3 R Web: 2001:DB8:1234:F100::/56 R 0 0 00 Internet . . .. R Mail: 2001:DB8:1234:F200::/56 F F FF L1: future L2:types (servers, clients, infrastructure) 2001:DB8:1234:F202::/64 L3:subnets within types 2001:DB8:1234:F201::/64 2001:DB8:1234:F203::/64
Page 29Clients 2001:DB8:1234:FF00::/56: Clients Dynamic assignments on clients 16 * 16 * 256 Simpler networks can run SLAAC L1 L2 L3 In a more advanced network where better control 0 0 00 is needed one could use RA with the O(ther . . .. options)- and M(anaged)-flags set without a prefix in the RA F F FF DHCPv6 is used for address assignment L1: future Many clients share the same L2:types (servers, clients, infrastructure) VLAN/segment/subnet L3:subnets within types R 2001:DB8:1234:FF01::/64 R R Relay DHCPv6 Relay 2001:db8:1234:FF03::/64 2001:db8:1234:FF02::/64 Server
Page 30 Prefix: 2001:DB8:1234::/48 Split the /48 in 256 subnets each and 256 * 256 everyone consisting of 256 subnets with the L1 L2 subnet mask /56 00 00 Take the first for your infrastructure (link .. .. nets, loopback addresses) FF FF Assign one /56 per office L1 Save 252 subnets for future use 10 Infra 11: HQ 12: Office 1 13: Office 2Infra: 2001:DB8:1234:1000::/56HK: 2001:DB8:1234:1100::/56K1: 2001:DB8:1234:1200::/56K2: 2001:DB8:1234:1300::/56 Infra R R WAN-links
Page 31 How to enumerate static hosts? ◦ Give the router the address ::1 and the server ::2 ◦ Static addresses on clients ::1000 and go upward ◦ Do not give addresses per service (web server::80 and dns::53) – still open for debate! ◦ DHCPv6 scope range ::1000-FFFF
Page 32 Every customer will get many addresses (at least a /48) per site Use levels not to distribute all subnets over the whole assignments Address assignment ◦ Static - manual ◦ DHCPv6 NEW! ◦ Stateless Address Auto Configuration (SLAAC) Every host will have several IPv6 addresses 16 * 4096 L1 L20 1 2 3 4 5 6 7 8 9 A B C D E F Infra Serv Client Future use
Page 33 Gabriel Paues email@example.com