Your SlideShare is downloading. ×
0
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
I pv6 foundations
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

I pv6 foundations

191

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
191
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IPv6  Foundations   Mukom Akong T. (@perfexcellent)
  • 2. ①  Understand IPv4 exhaustion and its implications ②  Identify IPv6 addresses ③  Create an IPv6 addressing plan ④  Configure and verify IPv6 on a LAN FundamentalsofIPv6 What you should be able to do after finishing this module learn.afrinic.net | slide 2
  • 3. ①  Fundamental concepts of TCP/IPv4 ②  Building basic IPv4 networks. ③  Using the command line interface for common routing platforms §  Cisco IOS §  Juniper JUNOS §  Quagga FundamentalsofIPv6 Module Assumptions learn.afrinic.net | slide 3
  • 4. FundamentalsofIPv6 Module deliverables Describe differences between IPv4 and IPv6 Key protocols Basic configuration Create an IPv6 addressing plan Subnetting Estimate space Allocation Identify and work with IPv6 addresses Address structure and notation Types of IPv6 addresses Understand IPv4 exhaustion implications Global IPv6 address distribution Implications of exhaustion learn.afrinic.net | slide 4
  • 5. After this section, you should be able to: ①  Describe the world situation with respect to v4 addresses ②  Describe the implications of IPv4 exhaustion Understanding IPv4 Exhaustion Implications!
  • 6. Central IPv4 Pool as at 16.06.2010 UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 6
  • 7. Central IPv4 Pool as at 31.01.2011 UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 7
  • 8. Global IPv4 Address Distribution Source: www.ipv4depletion.com UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 8
  • 9. Projected RIR Depletion Dates Source: Geof Houston UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 9
  • 10. Exhaustion Consequence: IPv4 addresses are now more expensive UnderstandingIPv4ExhaustionImplications $7.5m for 666,624 v4 addresses learn.afrinic.net | slide 10
  • 11. Exhaustion Consequence: demand for IPv4 addresses may increase its price UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 11
  • 12. u  Black markets have well-known contrary consequences Exhaustion Consequence: An IPv4 address black market emerges UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 12
  • 13. u  Scenario #1: We remain complacent and the world leaves us behind in IPv4-land §  Cost of connecting to the rest of the world increases §  We miss any market opportunities v6 adoption presents u  Scenario #2: A ‘rush’ for Africa’s pool by other regions §  African networks deprived of critical v4 needed to facilitate transition to v6 §  We are forced to deploy greenfield IPv6 (good) §  Use of NAT increases (bad) Implications of Africa running out last UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 13
  • 14. Ultimately…being left behind means UnderstandingIPv4ExhaustionImplications IPv6 network IPv4 learn.afrinic.net | slide 14
  • 15. How shall we deal with exhaustion? UnderstandingIPv4ExhaustionImplications IPv4 ? IPv4 preservation with NAPT IPv6 Deployment learn.afrinic.net | slide 15
  • 16. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  • 17. After this section, you should be able to: ①  Work comfortably with IPv6’s hexadecimal notation ②  Identify, write and shorten IPv6 addresses IPv6 Addressing Basics!
  • 18. u Network-layer successor to IPv4 § 128 bits long (296 times the total IPv4 address space) § Runs on the same physical infrastructure § The same applications can also run on IPv6 § Incompatible with IPv4! u The only sustainable answer to IPv4 exhaustion § Enables continued growth of the Internet § Restores end-to-end model & related applications UnderstandingIPv6Addressing What is IPv6? learn.afrinic.net | slide 18
  • 19. u  The 8 groups of hexits are separated by colons u  Addresses are conventionally written in lower case UnderstandingIPv6Addressing IPv6 addresses are written in hexadecimal IPv6 address = 128 bits (1 or 0) IPv6 address = 32 hexits (0 - 9, a , b , c , d , e , f) IPv6 address = 8 groups of 4 hexits 2001 : db8 : c001 : face : b00c : dead : babe : 1cee learn.afrinic.net | slide 19
  • 20. How IPv6 addresses are written UnderstandingIPv6Addressing © Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011 learn.afrinic.net | slide 20
  • 21. ①  Zero-suppression: omit all leading zeroes in a group of hexits §  A leading zero is that which comes immediately after a colon §  Each group must still contain at least one hexit ②  Zero-compression: substitute two or more consecutive groups of zeroes with one double colon (::) §  This should only be done once to avoid ambiguity §  If more than substitution is possible, make that which replaces the most groups §  In case of two equal possible substitutions, make the leftmost one. UnderstandingIPv6Addressing Rules for shortening IPv6 addresses learn.afrinic.net | slide 21
  • 22. Shortening IPv6 addresses: Example UnderstandingIPv6Addressing © Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011 learn.afrinic.net | slide 22
  • 23. Shortening IPv6 addresses: Example UnderstandingIPv6Addressing © Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011 learn.afrinic.net | slide 23
  • 24. Incorrect IPv6 shortening example UnderstandingIPv6Addressing © Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011 learn.afrinic.net | slide 24
  • 25. u  IPv6 is all CIDR i.e. no subnet masks u  A prefix is written as: aaaa:bbbb:cccc:dddd:eeee:ffff/prefix length u  Prefix length is a decimal in the range [0 , 128] u  Examples of prefix notation: §  2001:db8::/32 --- a prefix assigned to an organisation §  2001:db8:1ce:c001::/64 --- a prefix assigned to a LAN §  2001:db8:1ce:c001::a/64 ---an address out of a /64 prefix UnderstandingIPv6Addressing IPv6 prefixes learn.afrinic.net | slide 25
  • 26. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  • 27. After this section, you should be able to: ①  Identify different types of IPv6 addresses ②  Describe the structure and scopes these addresses IPv6 Address Types!
  • 28. UnderstandingIPv6Addressing Types of IPv6 addresses Unicast addresses •  Identifies and interface of an IPv6 node •  Can be used as source and destination of a packet •  An interface can have multiple valid IPv6 addresses Multicast addresses •  Identifies a group of IPv6 addresses •  Can only be used as the destination of a transmission •  An interface can belong to multiple multicast addresses Anycast addresses •  Same address on multiple nodes •  Packet to anycast address is delivered only to nearest one •  Packets are never sourced from an anycast address learn.afrinic.net | slide 28
  • 29. Scope: An address’ extent of validity UnderstandingIPv6Addressing Link Layer Global Scope Link-local Scope These two scopes do not apply to multicast addresses and the unspecified address fe80::/10 learn.afrinic.net | slide 29
  • 30. u  Fixed high order bits of “001” => prefix of 2000::/3 u  Example: 2001:db8:dead:beef:c001:babe:0000:aaaf Global unicast addresses Global Routing Prefix SubnetID InterfaceID 45 bits 64 bits16 bits 3 bits 001 UnderstandingIPv6Addressing IANA>>LIR>>ISP learn.afrinic.net | slide 30
  • 31. u  First 10 bits are 1111 1110 10 thus prefix fe80::/10 u  Scope is link local thus not forwarded off-link by routers u  One per interface is always automatically configured when IPv6 is enabled u  Used for §  Automatic address configuration §  Default gateway on hosts and next-hops to routes §  Routing protocol updates §  Neighbor discovery Link local unicast addresses 0 InterfaceID 54 bits 64 bits10 bits 1111 1110 10 UnderstandingIPv6Addressing learn.afrinic.net | slide 31
  • 32. “If you ping fe80::212:6bff:fe54:f99a (N1), what egress interface will router R use?” – see solution next slide The Link local address reachability problem fe80::212:6bff:fe54:f99a R N1 Fe 0/0Fe 0/1 N2 M2 M1 fe80::212:6bff:fe3a:9e9a fe80::212:6bff:fe17:fc0f fe80::245:bcff:fe47:1530 UnderstandingIPv6Addressing learn.afrinic.net | slide 32
  • 33. u ZoneID (or scopeID) § Provides the extra routing information required § Automatically assigned by the operating system § Only locally significant u A full link-local address is written as : address%zoneID u Examples of some full link-local addresses with zoneIDs: § [Windows] ping fe80::245:bcff:fe47:1530%11 § [Linux] ping6 fe80::245:bcff:fe47:1530%eth0 ZoneIDs (scopeIDs) – resolving Link local address ambiguity UnderstandingIPv6Addressing learn.afrinic.net | slide 33
  • 34. u Windows Host X: fe80::1ce:c01d:dead:babe%7 u Windows Host Y: fe80::dead:beef:1ce:c01d%10 u Ping from X -> Y is accomplished thus § Use the link local address of Host Y § Append the ZoneID of Host X on the same broadcast domain § ping fe80::dead:beef:1ce:c01d%7 [correct] § ping : fe80::dead:beef:1ce:c01d%11 [wrong] UnderstandingIPv6Addressing Examples of using ZoneID learn.afrinic.net | slide 34
  • 35. u  Private address space anyone can use without going to an ISP or RIRs u  Prefix fc00::/7 and L flag indicates whether the prefix is locally assigned (1) or globally assigned (0) §  For L=1, we have fd00::/8 for ULAs that anyone can assign. §  For L=0, we have fc00::/8 for ULAs that are centrally assigned. u  Scope is global but they are usually filtered by e-BGP routers Unique local addresses Global ID SubnetID InterfaceID 40 bits 64 bits16 bits 8 bits 1111 110L UnderstandingIPv6Addressing learn.afrinic.net | slide 35
  • 36. 1.  Get the current time on the day in 64bit NTP format. 2.  Get the EUI-64 identifier from the MAC address or other unique identifier. 3.  Concatenate (1) and (2) 4.  Compute the SHA-1 digest of (3) 5.  Use the least significant 40 bits of (4) as your globalID UnderstandingIPv6Addressing Unique local addresses: globalID algorithm Global ID SubnetID InterfaceID 40 bits 64 bits16 bits 8 bits 1111 110L learn.afrinic.net | slide 36
  • 37. u  IPv4-derrived address used in the 6to4 transition mechanism u  WWXX:YYZZ is the hex form of public v4 address w.x.y.z u  Each public IPv4 address gives an entire /48 IPv6 prefix UnderstandingIPv6Addressing 6to4 transition addresses WWXX:YYZZ SubnetID2002 InterfaceID 48 bits 64 bits16 bits w.x.y.z learn.afrinic.net | slide 37
  • 38. u Manually – typed by an admin on an interface u Automatically § The EUI-64 algorithm. § A pseudo-random number. § A public key (e.g. in CGAs) u Some InterfaceIDs are reserved (RFC 5433) § Subnet router anycast: 0000:0000:0000:0000 § Reserved subnet anycast: fdff:ffff:ffff:ff80 - ff UnderstandingIPv6Addressing Generating the InterfaceID – Last 64 bits learn.afrinic.net | slide 38
  • 39. UnderstandingIPv6Addressing EUI-64 automatic interfaceID generation learn.afrinic.net | slide 39
  • 40. u For a given MAC address § The EUI-64 interfaceID is fixed § It is re-used with the prefix of any network encountered u It is possible to track a user from their interfaceID § The prefix says what network a user is on § The MAC address can be inferred from the interfaceID u Privacy addressing (RFC4941) deals with this issue UnderstandingIPv6Addressing Privacy concerns with EU-64 learn.afrinic.net | slide 40
  • 41. u  An IPv4 address represented in IPv6 format u  Form: ::ffff:w.x.y.z/96 where w.x.y.z is a normal IPv4 address. u  Internally represents a v4 node to a v6 node u  Never used as a source or destination v6 address UnderstandingIPv6Addressing IPv4-mapped transition addresses 0 ffff IPv4 Address 80 bits 16 bits 32 bits learn.afrinic.net | slide 41
  • 42. u  An IPv6 address formed from an private IPv4 address u  Automatically generated and assigned to ISATAP tunnels u  Form: 64bitPrefix:0:5efe:a.b.c.d §  Where a.b.c.d is an RFC1918 private IPv4 address UnderstandingIPv6Addressing ISATAP transition addresses Prefix 0000:5efe Private IPv4 Address 64 bits 32 bits 32 bits learn.afrinic.net | slide 42
  • 43. u  Used as the destination of multicast communication u  Start with bits 1111 1111 which is prefix: ff00::/8 u  Bits 8 – 16 specify further characteristics of the address UnderstandingIPv6Addressing Multicast addresses GroupID 112 bits 1111 1111 8bits 4bits 4bitsScope Flags learn.afrinic.net | slide 43
  • 44. The Flag Bits in multicast addresses UnderstandingIPv6Addressing Bit Description 3 Reserved (must be set to 0) 2 (R flag) Rendezvous Point address is embedded (1) or not (0) 1 (P flag) Address is based on a unicast prefix (1) or not (0) 0 (T flag) Address is well-known (0) or dynamically assigned (1) learn.afrinic.net | slide 44
  • 45. The Scope bits in multicast addresses UnderstandingIPv6Addressing Binary Hex Scope 0001 0x1 Interface 0010 0x2 Link 0100 0x4 Administrative 0101 0x5 Site 1000 0x8 Organisation 1110 0xe Global Others Unassigned or Reserved learn.afrinic.net | slide 45
  • 46. Some reserved multicast groups Some Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast Groups Address Scope Description FF01::1 1=Interface All nodes on the interface FF02::1 2=Link All nodes on the link FF01::2 1=Interface All routers on the interface FF02::2 2=Link All routers on the link FF05::2 5=site All routers in the site FF02::5 2=Link All OSPFv3 routers FF02::6 2=Link OSPFv3 designated routers FF02::A 2=Link All EIGRPv6 routers FF02::D 2=Link All PIM routers FF02::1:FFXX:XXXX 2=Link Solicited-node address UnderstandingIPv6Addressing learn.afrinic.net | slide 46
  • 47. u  Multicast address for all nodes with the same IPv6 address u  Constructed as follows: §  Prefix FF02:0:0:0:0:1:FF00::/104 §  Last 24 bits of the IPv6 unicast address §  See examples next slide The solicited node multicast address UnderstandingIPv6Addressing learn.afrinic.net | slide 47 Prefix InterfaceID FF02::1:FF00: Lower 24 bits 104 bits 24 bits
  • 48. #show ipv6 interface g0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::CA9C:1DFF:FE6B:B6A0 No Virtual link-local address(es): Description: [Link to R1] Global unicast address(es): 2001:43F8:90:C0::2, subnet is 2001:43F8:90:C0::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:2 FF02::1:FF6B:B6A0 MTU is 1500 bytes UnderstandingIPv6Addressing Solicited node multicast addresses in action learn.afrinic.net | slide 48
  • 49. u Problem: The colon in v6 addresses has another meeting in urls § It is a core part of the http:// § It is also used to specify the port u Solution: enclose the IPv6 address in square brackets http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/ http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:80/ UnderstandingIPv6Addressing IPv6 address literals in URLs learn.afrinic.net | slide 49
  • 50. u Problem: The colon a illegal character in Microsoft UNC pathnames u The solution: § Replace each colon in the address with a dash § Replace any “%” in the zoneID with an “s” § Append “.ipv6-literal.net” to the address u Example: 2001:db8:85a3:8d3:1319:8a2e:370:7348 2001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net u Example: fe80::1%4 fe80--1s4.ipv6-literal.net UnderstandingIPv6Addressing IPv6 literals in UNC path names learn.afrinic.net | slide 50
  • 51. Summary of IPv6 address types Summary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address Types Type Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries) Global Unicast GlobalIDGlobalID SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID Link-local fe80 00 InterfaceIDInterfaceIDInterfaceIDInterfaceID Unique-local fc00 0 SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID Unique-local fd00 0 SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID IPv4-mapped 0000 ffff <IPv4 Addr.><IPv4 Addr.> 6to4 2002 <IPv4 Addr.> SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID ISATAP <64bit v6 Prefix><64bit v6 Prefix><64bit v6 Prefix> 0 5efe <IPv4 Addr.><IPv4 Addr.> Unspecified 0000000 Loopback 000000 0001 Multicast ff<LS> Multicast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupID UnderstandingIPv6Addressing learn.afrinic.net | slide 51
  • 52. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  • 53. After this section, you should be able to: ①  Describe the IPv6 header, noting differences from the v4 header ②  Identify the IPv6 equivalents and functioning of key IPv4 protocols IPv6 from an IPv4 Perspective!
  • 54. The IPv6 packet structure IPv6fromanIPv4Perspective learn.afrinic.net | slide 54
  • 55. u Fixed header size of 40 bytes (320 bits) u Fragmentation not allowed by routers, only end hosts u Minimum supported MTU is 1280 bytes u Optional layer 3 information is put in extension headers just before the upper-layer header IPv6fromanIPv4Perspective Key characteristics of the IPv6 packet learn.afrinic.net | slide 55
  • 56. u Serve similar functionality to IPv4 “Options” headers u Processed only at packet's destination, except for Hop- by-Hop Options header u Only appear once in a packet, except for the Destination Options header which appears twice u A node discards the packet with a “Parameter Problem” message in the following circumstances u It sees an un-recognized extension header u A Next Header value 0 appears in a header other than the fixed header IPv6fromanIPv4Perspective IPv6 extension headers learn.afrinic.net | slide 56
  • 57. IPv6fromanIPv4Perspective IPv6 packet without extension header Courtesy:cisco.com learn.afrinic.net | slide 57
  • 58. IPv6fromanIPv4Perspective IPv6 packet with extension headers Courtesy:cisco.com learn.afrinic.net | slide 58
  • 59. IPv6fromanIPv4Perspective List and order of IPv6 extension headers Orde r Header Code Description 1 Basic IPv6 header 2 Hop-by-hop options 0 Examined by all hosts in path 3 Destination options 60 Examined only by destination node 4 Routing 43 Specify the route for a datagram (mobile v6) 5 Fragment 44 Fragmentation parameters 6 Authentication (AH) 51 Verify packet authenticity 7 ESP 50 Encrypted data 8 Destination options 60 Examined only by destination node 9 Mobility 135 Parameters for use with mobile IPv6 learn.afrinic.net | slide 59
  • 60. The IPv6 header compared to IPv4 header IPv6fromanIPv4Perspective Version Header Length TOS Total Length Identification Flags Fragment Offset TTL Protocol Header Checksum Source Address Destination Address Options Version Traffic Class Flow Label Payload Length Hop Limit Source Address Next Header Destination Address 0 4 8 12 16 20 24 28 32 learn.afrinic.net | slide 60
  • 61. IPv6 packet header on the wire IPv6fromanIPv4Perspective learn.afrinic.net | slide 61
  • 62. Packet header structure changes from IPv4 IPv6fromanIPv4Perspective IPv4 header fields removed from the base IPv6 header §  Fragmentation fields [Identification, flags, fragment offset] §  Options IPv4 header fields eliminated in IPv6 §  Header checksum §  Header length Revised fields §  TTL à Hop count §  Protocol à Next header §  Precedence and ToS fields à Traffic class New fields §  Flow label learn.afrinic.net | slide 62
  • 63. IPv4 vs IPv6 key functionality comparison IPv6fromanIPv4Perspective IPv4 IPv6 Network Access Layer §  Ethernet and variants §  PPP for serial links §  ATM §  Ethernet and variants §  PPP for serial links §  ATM Host auto-configuration §  DHCP §  DHCPv6 §  Stateless Address configuration Network to Link-layer Address Resolution §  ARP broadcasts §  NDP via ICMPv6 (NS, NA) learn.afrinic.net | slide 63
  • 64. IPv4 vs IPv6 key functionality comparison IPv6fromanIPv4Perspective IPv4 IPv6 FQDN to IP-address resolution §  DNS client-server §  A resource records §  In-addr-arpa. reverse zone §  DNS client-server §  AAAA resource records §  ip6.arpa reverse zone Host multicast group membership §  IGMPv1 §  IGMPv2 §  MLDv1 Automatic default gateway configuration §  DHCP, IRDP, passive RIP §  NDP via ICMPv6 (RA) learn.afrinic.net | slide 64
  • 65. IPv4 vs IPv6 key functionality comparison IPv6fromanIPv4Perspective IPv4 IPv6 Routing protocols §  Static routing §  RIPv1, RIPv2 §  OSPFv2 §  BGP4+ IPv4 AF §  Static routing §  RIPng §  OSPFv3 §  BGP4+ IPv6 AF Minimum MTU size §  576 bytes §  1280 bytes Sending packets to all hosts on subnet §  Broadcast to subnet broadcast Multicast to ALL_NODES (ff02::1) learn.afrinic.net | slide 65
  • 66. u Most modern DNS servers support IPv6 § AAAA records for IPv6 to FQDN mapping § PTR records under ip6.arpa. TLD for FQDN to IP mapping u DNS is transport-protocol agnostic i.e. § A query over IPv4 could yield AAAA records § A query over IPv6 could yield A records Resolving names to IPv6 addresses IPv6fromanIPv4Perspective learn.afrinic.net | slide 66
  • 67. Sample IPv6 resource records IPv4 IPv6 FQDN to IP Address [A record] voyager.starfleet.org A 197.1.0.77 [AAAA record] voyager.starfleet.org IN AAAA 2001:0470:0000:0064:0000:0000:0000 :0002 IP Address to FQDN [PTR record] 77.0.1.197.in-addr.arpa PTR voyager.starfleet.org [PTR record] 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.6.0.0.0 .0.0.0.0.7.4.0.1.0.0.2.ip6.arpa IN PTR voyager.starfleet.org IPv6fromanIPv4Perspective learn.afrinic.net | slide 67
  • 68. ①  Write the IPv6 address in full reverse ②  Separate each hexit by a period ③  Append the “ip6.arpa” domain u Example with sipcalc Generating IPv6 PTR records IPv6fromanIPv4Perspective learn.afrinic.net | slide 68
  • 69. The usual DNS test tools work as expected IPv6fromanIPv4Perspective learn.afrinic.net | slide 69
  • 70. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  • 71. After this section, you should be able to: ①  Describe the importance and functioning of IPv6 ND ②  Describe how ND is used in other key IPv6 functions The Key IPv6 Functionality Protocols!
  • 72. u Key protocol upon which most of IPv6’s functionality depends u Used by both hosts and routers u Consists of a set of ICMPv6 messages u Works at network layer, thus can use IPsec u Different message exchanges deliver various functionalities TheKeyIPv6FunctionalityProtocols IPv6 Neighbor Discovery Protocol (ND) learn.afrinic.net | slide 72
  • 73. Functions of IPv6 Neighbor Discovery (ND) TheKeyIPv6FunctionalityProtocols Addressresolution Address autoconfiguration Parameter discovery Prefix discovery Router discovery Host-Router Functions! Duplicate address detection Neighbour unreachability detection Next-hop determination Address resolution Host-Communication! Functions! Neighbour Discovery Protocol learn.afrinic.net | slide 73
  • 74. TheKeyIPv6FunctionalityProtocols 5 ICMPv6 messages used by ND ND! Neighbour Solicitation! Neighbour Advertisement! Router Solicitation! Router Advertisement! Redirect! learn.afrinic.net | slide 74
  • 75. TheKeyIPv6FunctionalityProtocols Router Solicitation & Advertisement learn.afrinic.net | slide 75
  • 76. TheKeyIPv6FunctionalityProtocols The Router Solicitation message Sent by IPv6 host Purpose Find out what routers are present on the link   Src address § IP of querying interface if one exist § Unspecified address (::) if there is no IP address yet Dst address FF02::2 (all-routers) Notes ICMP type 133, ICMP code 0 learn.afrinic.net | slide 76
  • 77. TheKeyIPv6FunctionalityProtocols Sample RS packet capture learn.afrinic.net | slide 77
  • 78. TheKeyIPv6FunctionalityProtocols The Router Advertisement message Sent by IPv6 router Purpose § Advertise its presence prefixes, MTU, hop limits § Sent periodically or in response to a RS Src address Router’s link local IPv6 address Dst address § FF02::1 (all-v6-nodes) for periodic broadcasts § v6 address of querying node if responding to a RS Notes ICMP type 134, ICMP code 0 learn.afrinic.net | slide 78
  • 79. TheKeyIPv6FunctionalityProtocols RA Message on the Wire learn.afrinic.net | slide 79
  • 80. TheKeyIPv6FunctionalityProtocols Sample RA packet capture learn.afrinic.net | slide 80
  • 81. TheKeyIPv6FunctionalityProtocols Neighbour Solicitations and Advertisements learn.afrinic.net | slide 81
  • 82. TheKeyIPv6FunctionalityProtocols The Neighbour Solicitation message Sent by IPv6 host Purpose § Find out link layer address of another host. § Duplicate address detection. § Verify that a neighbour is reachable. Src address § IP of querying interface if one exist § Unspecified address (::) if there is no IP address yet Dst address § Target neighbour’s address if known § Solicited node multicast address of target otherwise   Notes ICMP type 135, ICMP code 0 learn.afrinic.net | slide 82
  • 83. TheKeyIPv6FunctionalityProtocols The Neighbour Advertisement message Sent by IPv6 host Purpose § Response to a neighbour solicitation (NS) § Periodically to update neighbors. Src address § Manual or auto configured address of originating interface. Dst address § IP address of the node which sent the NA. § FF02::1 for periodic advertisements.   Notes ICMP type 136, ICMP code 0 learn.afrinic.net | slide 83
  • 84. TheKeyIPv6FunctionalityProtocols Capture of an NA from a router in response to a NS learn.afrinic.net | slide 84
  • 85. TheKeyIPv6FunctionalityProtocols Packet capture of NA message from a host learn.afrinic.net | slide 85
  • 86. TheKeyIPv6FunctionalityProtocols The Redirect message Sent by IPv6 router Purpose Informs a node of a better next-hop router. Src address Link local address of router. Dst address IP address of requesting node.   Notes ICMP type 137, ICMP code 0 learn.afrinic.net | slide 86
  • 87. Duplicate address detection TheKeyIPv6FunctionalityProtocols N2 N1 N3 Tentative IP: 2001:db8::2:260:8ff:fe53:f9d8 IP: 2001:db8::2:260:8ff:fe53:f9d8 NS 1 src: :: dst: FF02::1:FF53:F9D8 hop limit: 255 Target: 2001:DB8::2:260:8FF:FE53:F9D8 NA 2 src: 2001:DB8::2:260:8FF:FE53:F9D8 dst: FF02::1 hop limit: 255 Target: 2001:DB8::2:260:8FF:FE53:F9D8 learn.afrinic.net | slide 87
  • 88. u DAD is performed on ALL unicast addresses u DAD is NEVER performed for anycast addresses u If DAD fails § That address cannot be assigned to the interface. § All addresses using that InterfaceID are also not unique § A system management error must be logged u Unrelated packets sent to a tentative address are discarded TheKeyIPv6FunctionalityProtocols Duplicate address detection learn.afrinic.net | slide 88
  • 89. ①  Host N1 is going to assign address “A” on its interface “I” ②  Interface “I” joins multicast groups: §  ff02::1 -- “All IPv6 nodes” §  ff02::ff00:0:a – solicited node multicast address for “A” ③  N1 sends NS message to ff02::ff:0:a sourced from “::” ④  N1 listens for any NS messages to ff02::ff00:0:a from “::” ⑤  DAD fails under any of the following circumstances §  N1 receives an NS for a tentative address prior to sending one. §  More NSs are received than those expected based on loopback semantics How duplicate address detection works TheKeyIPv6FunctionalityProtocols learn.afrinic.net | slide 89
  • 90. TheKeyIPv6FunctionalityProtocols NS packet capture illustrating duplicate address detection (DAD) learn.afrinic.net | slide 90
  • 91. Link-layer address resolution using ND N2 N1 NS1 src: IPv6 address [N1] dst: Solicited node multicast [N2] data: Link layer address [N1] query: "what's your link layer address?" src: IPv6 address [N2] dst: IPv6 address [N1] data: Link layer address [N2] NA 2 TheKeyIPv6FunctionalityProtocols learn.afrinic.net | slide 91
  • 92. u Does not necessarily verify end-to-end reach-ability since a neighbour could be a router (not the final destination) u How it works: § Sending a probe to desired hosts’ solicited node multicast address and receiving a NA or RA in response § Receive a clue from higher level protocol that to say communication is happening e.g TCP ACK u Can be used for first hop router redundancy TheKeyIPv6FunctionalityProtocols Neighbour unreachability detection learn.afrinic.net | slide 92
  • 93. TheKeyIPv6FunctionalityProtocols NS packet capture for neighbour reachability verification learn.afrinic.net | slide 93
  • 94. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  • 95. After this section, you should be able to: ①  Configure and verify IPv6 on Windows operating systems ②  Configure and verify IPv6 on Linux operating systems ③  Configure and verify IPv6 on the MAC OS X operating system ④  Configure and verify IPv6 on Cisco IOS ⑤  Configure and verify IPv6 on Junos Basic IPv6 Configuration!
  • 96. Operating system IPv6 supported Windows Windows XP Service Pack 2 and up Mac OS X 10.4 (Tiger) and up GNU Linux Kernel 2.6 and up FreeBSD FreeBSD 4.0 and up Cisco IOS IOS 12.4; 12.3; 12.xT from 12.2T and up Junos Junos 5.1 and up Most Operating Systems have IPv6 enabled by default! BasicIPv6Configuration learn.afrinic.net | slide 96
  • 97. Host Configuration: Windows Vista/7 BasicIPv6Configuration learn.afrinic.net | slide 97
  • 98. BasicIPv6Configuration Host configuration: Mac OS X learn.afrinic.net | slide 98
  • 99. Host Configuration: Linux BasicIPv6Configuration Configure IPv6 on an interface [In /etc/network/interfaces] auto eth0 iface eth0 inet6 static address 2001:db8:fedc:abcd::1/64 force an interface to come up at boot-up and get address automatically. [In /etc/network/interfaces] auto eth0 iface eth0 inet manual up /sbin/ip -6 link set eth0 up Verify #ifconfig eth0    OR #ip -6 addr show eth0 learn.afrinic.net | slide 99
  • 100. u Offer host tracking when EUI-64 addresses are used u Privacy address status on various operating systems § Windows Vista/7 – Enabled by default § Mac OS X – Not enabled by default § Linux - not enabled by default u Generally, enabling privacy addresses is not recommended BasicIPv6Configuration Working with privacy addresses learn.afrinic.net | slide 100
  • 101. Disabling privacy addressing BasicIPv6Configuration Windows Vista/7 c:netsh interface ipv6 set privacy state=enabled|disabled c:netsh interface ipv6 set global randomizeidentifiers=enabled|disabled Mac OS X In /etc/sysctl.conf net.inet6.ip6.use_tempaddr=0|1 net.inet6.ip6.temppltime=XX //lifetime of temporary address Linux #echo "1" > /proc/sys/net/ipv6/conf/default/use_tempaddr learn.afrinic.net | slide 101
  • 102. Configuring basic IPv6 on Cisco IOS BasicIPv6Configuration Enable IPv6 on an Interface! (config)#ipv6 enable Assign an IPv6 address with automatic interfaceID! (config)#ipv6 address <prefix/prefix-length> eui-64 Assign a static IPv6 address! (config)#ipv6 address <ipv6address/prefix-length> Enable IPv6 routing and CEF! (config)#ipv6 unicast-routing (config)#ipv6 cef learn.afrinic.net | slide 102
  • 103. Configuring basic IPv6 on Junos BasicIPv6Configuration Enable IPv6 on an Interface #edit interfaces <interfacename> unit <unit_no> Assign an IPv6 address with automatic interfaceID #set family inet6 address <prefix/prefix-length> eui-64 Assign a static IPv6 address #set family inet6 address <ipv6address/prefix-length> learn.afrinic.net | slide 103
  • 104. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  • 105. After this section, you should be able to: ①  Describe IPv6 parameter provisioning in IPv6 ②  Describe, and verify how SLAAC works ③  Describe and verify how DHCPv6 works ④  Describe how DHCPv6-PD works Address Provisioning in IPv6!
  • 106. Device Hosts IPv6 address Default gateway DNS server CPEs IPv6 address Default gateway DNS server Prefix for LAN(s) IPv6AddressProvisioning Base address provisioning requirements learn.afrinic.net | slide 106
  • 107. IPv6AddressProvisioning Different ways of configuration IPv6 on hosts and CPEs learn.afrinic.net | slide 107 IPv6 address configuration! SLAAC! Plain SLAAC! SLAAC with RDNSS! DHCPv6! Stateful! Stateless! Manual!
  • 108. u  Recursive DNS Server (RDNSS) uses RA to advertise a list of DNS resolvers. IPv6AddressProvisioning Options for automatic address provisioning Address Default Gateway DNS server Delegate d Prefix SLAAC ✔ ✔ ✖ Stateful DHCPv6 ✔ ✖ ✔ ✔ Stateless DHCPv6 ✖ ✖ ✔ ✖ RDNSS ✖ ✖ ✔ ✖ learn.afrinic.net | slide 108
  • 109. u  SLAAC is used if none of the above flags is configured IPv6AddressProvisioning Determining whether to use SLAAC or DHCPv6 – M and O RA flags The RA Managed-Config-Flag (M) •  Tells host to use DHCPv6 for everything •  The host must be set to configure IPv6 “automatically” •  Configured on the router interface facing hosts The RA Other-Config-Flag (O) •  Tells host to use •  SLAAC for address and prefix length •  DHCPv6 for other options (e.g DNS) •  Configured on the router interface facing hosts learn.afrinic.net | slide 109
  • 110. u N2 will auto-configure an address for each of the advertised prefixes 2001:db8:a::/64 and 2001:db8:d::/64 u Hosts will also auto-configure 2 default routers u If RDNSS is active, N2 and M2 will also get a list of DNS resolvers IPv6AddressProvisioning Stateless Auto-Configuration – How it Works Network X R1 N2 M2 ff02::1 R2 Network X [RS] RA? 1 [RA] 2001:db8:a:: 2 [RA] 2001:db8:d:: 3 ff02::1 ff02::1 learn.afrinic.net | slide 110
  • 111. ①  Host generates an interfaceID and a link-local address ②  Perform Duplicate Address Detection [DAD] on selected address ③  Query all routers (via RS messages) for additional ④  Router responds with Router Advertisement [RA] which lists allocated prefixes for the subnet and indicates if it can provide routing services to connected hosts. ⑤  For each prefix received, the host adds its 64bit interfaceID configures an address and does DAD. ⑥  Host build a list of 'default routers' from RAs. There's no single default gateway like in IPv4. Stateless Auto-Configuration – How it Works IPv6AddressProvisioning learn.afrinic.net | slide 111
  • 112. u  The routers on the subnet are pre-configured with: §  Appropriate IPv6 addresses on their interfaces. §  Desired prefixes for use on the subnet. §  List of DNS servers to send to hosts [RFC6106] u  If the router advertise multiple prefixes, the host(s) will auto-configure an address for each of the prefixes. u  If multiple routers advertise themselves as default, host typically chooses and uses one till it fails, then it uses other. Stateless Auto-Configuration – How it works IPv6fromanIPv4Perspective learn.afrinic.net | slide 112
  • 113. Configuring a Cisco router for SLAAC Network X R1 N2 M2 ff02::1 R2 Network X [RS] RA? 1 [RA] 2001:db8:a:: 2 [RA] 2001:db8:d:: 3 ff02::1 ff02::1 R1(config)#Interface fastethernet 0/1 R1(config-if)#ipv6 nd prefix 2001:db8:a::/64 R1(config)#Interface fastethernet 0/1 R1(config-if)#ipv6 nd prefix 2001:db8:d::/64 IPv6AddressProvisioning learn.afrinic.net | slide 113
  • 114. u  Host or CPE gets all of its config parameters from central server u  Central server can keep state of who has what address u  A host may use DHCPv6 instead of SLAAC if it gets an RA message with the M flag = ON and A flag=OFF u  Multicast addresses used by DHCPv6 §  All_DHCP_Relay_Agents_and_Servers (FF02::1:2) §  All_DHCP_Servers (FF05::1:3) u  DHCP Messages: §  Clients listen on UDP port 546 §  Servers and relay agents listen on UDP port 547 u  DHCPv6 does not support a default gateway option!! Stateful configuration with DHCPv6 IPv6AddressProvisioning learn.afrinic.net | slide 114
  • 115. How stateful DHCPv6 works [ND] RS? 1 [DHCP] Solicit 3 [DHCP] Solicit 4 [ND] RA (M set) 2 [DHCP] Advertise (addr) 5 [DHCP] Advertise (addr) 6 [DHCP] Request (addr) 7 [DHCP] Request (addr) 8 [DHCP] Reply (addr) 9 [DHCP] Reply (addr) 10 [DHCP] Confirm (addr) 11 [DHCP] Confirm (addr) 12 Client Router/DHCP Relay DHCP Server IPv6AddressProvisioning learn.afrinic.net | slide 115
  • 116. Advantages: a)  Similar to DHCPv4, so will be familiar to most operators. b)  More options to control how addresses are allocated e.g. §  Restrict assignments to a small range of addresses §  Map IP addresses to specific clients. c)  Dynamic DNS (DDNS) updates from a central server is more secure than permitting individual host to update the DNS. d)  It has options to configure other services. e)  Can produce centralized accounting logs (troubleshooting and forensics). Disadvantages: a)  No DHCPv6 clients yet on some operating systems e.g, Android. b)  Configuration information for addresses and DNS resolvers must be maintained in separate locations. IPv6AddressProvisioning Stateful DHCPv6 learn.afrinic.net | slide 116
  • 117. IPv6AddressProvisioning How Stateless DHCPv6 works [ND] RS? 1 [DHCP] Solicit Options e.g DNS server 3 [DHCP] Advertise DNS server address 5 Client Router DHCP Server [ND] RA Prefix: Default router: "O" flag set 2 [DHCP-RELAY] Solicit Options 4 [DHCP-RELAY] Advertise DNS server address 6 learn.afrinic.net | slide 117
  • 118. Advantages: §  Support for SLAAC is ubiquitous. §  Non-DHCPv6 hosts will still be able to get basic connectivity. (the DNS resolvers can be manually configured ) §  Other options possible (e.g NTP, NIS, SIP etc) Disadvantages: §  Zero control over how addresses are allocated §  If using DDNS, permitting DDNS updates from all clients is insecure. §  Privacy concerns if EUI-64 method is used for interfaceID §  No centralized log for forensics IPv6AddressProvisioning Stateless DHCPv6 Pros and Cons learn.afrinic.net | slide 118
  • 119. IPv6AddressProvisioning Configure an IOS router for stateful DHCPv6 client router DHCPv6 server router(config)# interface FastEthernet0/0 router(config-if)# ipv6 nd managed-config-flag router(config-if)# ipv6 nd other-config-flag router(config-if)# ipv6 nd prefix default no-autoconfig router(config-if)# exit learn.afrinic.net | slide 119
  • 120. IPv6AddressProvisioning Configure DHCPv6 on Junos client router DHCPv6 server protocols { router-advertisement { interface ge-0/1/0.0 { managed-configuration; <--- sets the M bit in the RA other-stateful-configuration; <--- sets the O bit in the RA prefix 2001:0DB8:10:4::/64 { no-autonomous; <--- disable stateless auto-config } } } } learn.afrinic.net | slide 120
  • 121. u  SLAAC plus the Recursive DNS server option u  Advantages: §  Single protocol (IPv6 ND) thus simpler configuration §  Support for SLAAC is ubiquitous u  Disadvantages: §  RDNSS option not widely supported §  No other parameters besides DNS resolver are possible IPv6AddressProvisioning SLAAC + RDNSS learn.afrinic.net | slide 121
  • 122. u  Used to assign a delegated prefix to CPE to use on its LAN. u  The PE inserts a static route for the delegated prefix in its table IPv6AddressProvisioning Provisioning client prefixes automatically with DHCPv6 - PD [DHCP] Solicit Options: IAPD 2 [DHCP] Advertise Delegated Prefix 4 [DHCP-RELAY] Solicit Option: IAPD 3 [DHCP-RELAY] Advertise Delegated Prefix 5 Provision CPE WAN address 1 CPE PE DHCP Server learn.afrinic.net | slide 122
  • 123. Key differences between DHCPv4 & DHCPv6 IPv6AddressProvisioning Feature DHCPv4 DHCPv6 Benefit Managed configuration flag N/A Used by router to control host use of DHCP Node config can be managed by network policy Destination address of initial request Broadcast ff02::1:2 Efficient link utilisation More specific link signaling Source address of initial request 0.0.0.0 Link local address of client More specific link signaling Reconfiguration message N/A Servers can ask clients to update their configurations Easier to trigger site-wide reconfiguration Identify association N/A Clients can deal with multiple servers Scalability and redundancy learn.afrinic.net | slide 123
  • 124. DHCPv6 server software capabilities IPv6AddressProvisioning Software Platform Roles Options ISC DHCPv6 Linux BSD Solaris Server Relay Client DNS, NTP, NIS, SIP, BCMCS, Lifetime, Prefix Delegation, Relay IDs, FQDN WIDE DHCPv6 Linux BSD Server Relay Client DNS, NTP, NIS, SIP, BCMCS, Lifetime, Prefix delegation Dibbler DHCPv6 Linux Windows Server Relay Client DNS, NTP, NIS, SIP, AAKey, Lifetime, FQDN, Prefix delegation, Leasequery, Timezone learn.afrinic.net | slide 124
  • 125. DHCPv6 server software capabilities IPv6AddressProvisioning Software Platform Roles Options Windows Server 2008 Windows Server Relay DNS, NIS, SIP, NTP, Lifetime User class IOS DHCPv6 Cisco IOS Server Relay Client DNS, NTP, NIS, SIP Prefix Delegation Relay IDs, Lifetime learn.afrinic.net | slide 125
  • 126. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  • 127. After this section, you should be able to:①  Subnet an IPv6 prefix ②  Describe how IPv6 addresses are globally managed ③  Estimate the IPv6 addressing needs of your network ④  Carve out your allocated addresses and assign IPv6 Address Planning!
  • 128. For a given IPv6 prefix ‘P’ and prefix length L a)  List all the sub-prefixes of length L’ therein b)  Break ‘P’ into N subnets Repeat for each sub-prefix as required The generic IPv6 subnetting problem IPv6subnetting Parent prefix Sub-prefix #1 Sub-prefix #2 Sub-prefix #3 Sub-prefix #n learn.afrinic.net | slide 128
  • 129. ①  Why do we do subnetting? §  IPv4: conserve address space §  IPv6: planning and optimization for routing or security ②  VLSM vs SLSM – there’s no point to do VLSM in IPv6 ③  Subnets vs hosts – number of hosts is irrelevant in v6 ④  There’ll rarely be a need to expand a /64 subnet! IPv6subnetting IPv4 subnetting concepts to FORGET! learn.afrinic.net | slide 129
  • 130. IPv6subnetting Generic IPv6 subnetting procedure Find subnet bits (s) Find Subnet hexits Find SubnetID increment (B) Enumerate subnetIDs learn.afrinic.net | slide 130 Derived from total number of desired subnets Range of hexits that define each individual subnet The difference between each subnetID The individual subnets
  • 131. IPv6subnetting Step #1: Finding the subnet bits (s) u The prefix lengths of the mother and sub-prefixes - (L) and L’ are known. s = L – L’ Ex: breaking a /32 to /56s requires 56 – 32 = 24 bits u Only the number of desired subnets is known Ex: breaking a /36 into 700 networks needs 2s ≥N thus s = logN log2 2s ≥ 700 thus s = log700 log2 = 9.45 ≈ 10bits learn.afrinic.net | slide 131
  • 132. IPv6subnetting Step #2: Finding the number of subnet hexits u These are the distinguishing hexits of each subnet § Knowing number of subnet bits ‘s’ § Knowing that 1 hexit = 4 bits, then § Number of subnet hexits = s/4 (round up) u Ex: Breaking 2001:db8:c000::/36 to 700 subnets § s = log 700 ÷ log 2 = 9.81 ≈ 10 § # subnet hexits = 10/4 = 2.5 ≈ 3 § Each of the subnets will be like: 2001:db8:cHHH::/ 46 learn.afrinic.net | slide 132
  • 133. IPv6subnetting Step #3: Finding the Increment or Block (B) u This is difference between consecutive subnetIDs u Ex: Breaking 2001:db8:c000::/36 in to 700 subnets § s = 3 (calculated in previous slides) § L’ = 46 (/36 original length + 10 bits of subnetting) § Format 2001:db8:cHHH::/46 (calculated previously) §  B = 216−(L'%16) B = 216−(46%16) = 216−14 = 22 = 4 (0x4) learn.afrinic.net | slide 133
  • 134. IPv6subnetting Step #4: Enumerating the subnetIDs u At this point you know the general subnet format u Taking the subnetIDs only, these form an arithmetic progression with following characteristics § Common difference d = block (B) § Initial term = 000 u Any term of the progression is u Substituting for d = B and initial term = 000 u The nth term is: an =a0 + (n−1)d an = (n−1)B learn.afrinic.net | slide 134
  • 135. IPv6subnetting Step #4: Enumerating the subnetID example u  Ex: Breaking 2001:db8:c000::/36 to 900 subnets §  s = 3 (calculated in previous slides) §  L’ = L + s = 36 + 10 = 46 §  Format 2001:db8:cHHH::/46 (calculated previously) §  B = 4 (0x4) - as previously calculated u  First subnetID §  [Decimal]: a1= 4(1-1) = 0 (0x0) §  First subnet: 2001:db8:c000::/46 u  Last subnetID §  [Decimal]: a1024 = 4(1024-1) = 4(1023) = 4092 (0xFFC) §  [Hex]: a400= 4(400-1) = 4(3ff) = FFC §  Last subnet: 2001:db8:cffc::/46 learn.afrinic.net | slide 135
  • 136. An ISP with operations in 10 cities just got a 2001:db8:: /32 allocation from AfriNIC, subnet this prefix equally between the 10 cities. Subnetting example : problem IPv6subnetting learn.afrinic.net | slide 136
  • 137. u  Number of subnets: N = 10 u  Subnet bits required (s): 2s ≥ 10 , s = 4 (to the nearest integer) u  Thus, to subnet 2001:db8::/32 to cover 10 subnets, §  We’ll need to use 4 bits §  Those 4 bits give us 24 = 16 subnets (we’ve 6 spare subnets) §  Prefix length of each subnet is /36 (i.e 32 + 4 = 36) u  We calculate §  Number of interesting hexits = s/4 = 1 §  Block: Subnetting example : analysis IPv6AddressPlanning s = log 10 log 2 = 1 0.301 = 3.32 [4 approx] learn.afrinic.net | slide 137 B = 216−(36%16) = 216−4 = 212 = 4096=0x1000
  • 138. u First subnetID § [Decimal]: a1= 4096(1-1) = 0 (0x0) | from an=(n-1)d § First subnet: 2001:db8:000::/36 u Last subnetID § [Decimal]: a16 = 4096(16-1) = 61440 (0xf000) § [Hex]: a10= 1000(10-1) = 1000(f) = 0xf000 § Last subnet: 2001:db8:f000::/36 u  Verify your answer using subnet tools §  e.g. sipcalc 2001:db8::/32 –v6split=36 Subnetting example : analysis IPv6AddressPlanning learn.afrinic.net | slide 138
  • 139. sipcalc 2001:db8::/32 –v6split=36 | grep Network Network - 2001:0db8:0000:0000:0000:0000:0000:0000 - Network - 2001:0db8:1000:0000:0000:0000:0000:0000 - Network - 2001:0db8:2000:0000:0000:0000:0000:0000 - Network - 2001:0db8:3000:0000:0000:0000:0000:0000 - Network - 2001:0db8:4000:0000:0000:0000:0000:0000 - Network - 2001:0db8:5000:0000:0000:0000:0000:0000 - Network - 2001:0db8:6000:0000:0000:0000:0000:0000 - Network - 2001:0db8:7000:0000:0000:0000:0000:0000 - Network - 2001:0db8:8000:0000:0000:0000:0000:0000 - Network - 2001:0db8:9000:0000:0000:0000:0000:0000 - Network - 2001:0db8:a000:0000:0000:0000:0000:0000 - Network - 2001:0db8:b000:0000:0000:0000:0000:0000 - Network - 2001:0db8:c000:0000:0000:0000:0000:0000 - Network - 2001:0db8:d000:0000:0000:0000:0000:0000 - Network - 2001:0db8:e000:0000:0000:0000:0000:0000 - Network - 2001:0db8:f000:0000:0000:0000:0000:0000 - Subnetting – Enumerate subnets with sipcalc IPv6AddressPlanning learn.afrinic.net | slide 139
  • 140. IPv6AddressPlanning Global IPv6 address management hierarchy 2000::/3 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24 End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z Host:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceID learn.afrinic.net | slide 140
  • 141. u  /32 for LIRs is just minimum size according to most RIR policies u  If you can show that you need more, you usually can get more! §  Do NOT start with /32 [or /48] and try to fit in. §  INSTEAD analyse your needs and apply based on them. u  RFCs recommend /64 for all subnets (even p2p and loopbacks) §  DO allocate a /64 for all links …but, §  DO configure what makes operational sense (e.g /127 for p2p and /128 for loopbacks) §  Do understand what will break if you use longer prefix lengths IPv6AddressPlanning IPv6 address planning – a few clarifications learn.afrinic.net | slide 141
  • 142. ①  Ensure that all prefixes fall on nibble boundaries ②  Plan a hierarchical scheme to allow for aggregation §  Site: any logical L3 aggregation point (POP, building, floor) §  Region: a collection of sites §  Autonomous System ③  Use same prefix lengths for all prefixes of the same level (SLSM) IPv6AddressPlanning Some recommendations for planning learn.afrinic.net | slide 142
  • 143. IPv6AddressPlanning Conceptual view of an ISP network ASN Region #1 Site #1 Site #2 Site #n Region #2 Site #1 Site #2 Site #n Region #n Site #1 Site #2 Site #n learn.afrinic.net | slide 143
  • 144. ①  Select your largest SITE ②  Proceed as follows §  Estimate the number of end-networks in it now §  Adjust for growth in 5 years §  Round to nearest nibble boundary (maxSITEsize) EstimatingthesizeofyourinitialIPv6request Estimating the needs of SITEs learn.afrinic.net | slide 144
  • 145. Try to align allocation units to nibble boundaries §  Round up your estimates to 2n where n is a multiple of 4 [16, 256, 4096, 65536 etc] §  Ensure your prefixes fall on the following nibbles: /12, /16, /20, /24, /28, /32, /36, /40, /44, /48, /52, /56, / 60, /64 u  Working with nibble boundaries §  Greatly simplifies address planning §  Provides room for expansion at each level of the network hierarchy EstimatingthesizeofyourinitialIPv6request About nibble boundaries learn.afrinic.net | slide 145
  • 146. u Consider the range of addresses for 2001:db8:3c00::/40 [first] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3cff:ffff:ffff:ffff:ffff:ffff § Easy to see that differentiating hexits range from 0-f u Consider the range of addresses for 2001:df8:3c00::/42 [first] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3c3f:ffff:ffff:ffff:ffff:ffff § You’ll have to calculate the differentiating hexits EstimatingthesizeofyourinitialIPv6request Nibble boundary alignment example learn.afrinic.net | slide 146
  • 147. u “End-prefix” is the prefix given to a network that connects to each site e.g customer network ①  Estimate the number of #SITEs in your largest region (round to nibble boundary) ②  Calculate the number of end-site prefixes: N = #regions x #SITEs x maxSITEsize EstimatingthesizeofyourinitialIPv6request Finding the total number of end prefixes required learn.afrinic.net | slide 147
  • 148. ①  Calculate number of subnet bits required to give us N prefixes: ②  Allocation size (what you request from AfriNIC) is §  48 – s [if assigning /48s per end-site] §  52 – s [if assigning /52s per end-site] EstimatingthesizeofyourinitialIPv6request Calculating your allocation size s = log10 N log10 2 learn.afrinic.net | slide 148
  • 149. ①  For your largest SITE §  Estimate the number of end-networks in it now §  Adjust for growth in 5 years §  Round to nearest nibble boundary. (maxSITEsize) ②  Estimate the number of #SITEs in your largest region (round to nibble boundary) ③  #of end-site prefixes: N = #regions x #SITEs x maxSITEsize ④  Subnet bits required to give us N prefixes: ⑤  Allocation size is §  48 – s [if assigning /48s per end-site] §  52 – s [if assigning /52s per end-site] IPv6AddressPlanning Overview: estimating the size of your initial IPv6 request s = log10 N log10 2 learn.afrinic.net | slide 149
  • 150. An ISP has operations in 10 provinces. The largest province has 50 POPs, the largest of which has about 2700 clients. Estimate the IPv6 addressing needs of this ISP IPv6AddressPlanning IPv6 address planning | example learn.afrinic.net | slide 150
  • 151. ①  We know §  Number of regions: #regions = 10 [round to 16] §  Number of sites: #SITEs = 50 [round up to 256] §  maxSITEsize = 2700 [round up to 4096] ②  We calculate §  Total number of end-network prefixes required is N §  N=16 x 256 x 4096 = 16,777,216 §  Number of subnet bits required: s=log16,777,216/log2 = 24. u  Allocation size: §  48 – 24 = 24 [Assuming /48s to end-sites] §  52 – 24 = 28 [Assuming /52s to end-sites] u  Thus the ISP needs to request a /24 or /28 from AfriNIC. IPv6AddressPlanning Address planning example – analysis and solution learn.afrinic.net | slide 151
  • 152. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?

×