Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IPv6 im Jahre 2018

44 views

Published on

Nach 20 Jahren IPv6 (RFC2460 erschien im Dezember 1998) und knapp 40% Verbreitung an Deutschlands Internetzugängen stellt sich IPv6 für die meisten Admins immer noch als Mysterium dar. Teilweise wird sogar von führenden Experten empfohlen IPv6 abzuschalten "weil das nur Probleme macht". Warum das nicht so ist, und warum man sich doch auf die "neue" Welt einlassen sollte erklärt dieser praxisorientierte Vortrag.

Der Vortag führt ein in Adresskonzepte, Adressvergabe und -auflösung (SLAAC, DHCPv6, DHCPv6-PD, ND, RDNSS, etc.) und zeigt einen typischen Adressierunsplan auf. Brückentechnologien wie NAT64, DS-lite und Teredo werden vorgestellt und eingeordnet. Die Konfiguration von IPv6 unter Linux wird am Beispiel von iproute2 bzw. Debian Netzwerkkonfiguration sowie sysctls aufgezeigt.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

IPv6 im Jahre 2018

  1. 1. IPv6 in 2018 FrOSCon 13 Network Track Falk Stern, Maximilian Wilhelm 1 / 26
  2. 2. Agenda 1. Who's who 2. History 3. IPv6 1. Addressing 2. Packet Format 3. ICMP, Neighbour Discovery, Autoconfig 4. Transition Technologies 2 / 26
  3. 3. Who's who Falk Stern Full Stack Infrastructure Engineer IPv6 fanboy Runs his own Kubernetes cluster in his basement Consultant @ Profi Engineering Systems AG Contact @wrf42 falk@fourecks.de 3 / 26
  4. 4. Who's who Maximilian Wilhelm Networker OpenSource Hacker Fanboy of (Debian) Linux ifupdown2 Occupation: By day: Senior Infrastructure Architect, Uni Paderborn By night: Infrastructure Archmage, Freifunk Hochstift In between: Freelance Solution Architect for hire Contact @BarbarossaTM max@sdn.clinic 4 / 26
  5. 5. Who's who History IPv4 allocations have been made NAT is everywhere, even in your Fritz!Box CGN/LSN breaks your applications Some devices still don't support IPv6 State of the InterNAT 5 / 26
  6. 6. Who's who History IPv6 history Introduced in RFC2460, December 1998 Adressing Diminishing IPv4 address space Use of NAT/PAT Growing routing tables First deployment was with 6bone, stopped on 6.6.2006 Hurricane Electric, SixXs pushed IPv6 tunnels Germany has >35% IPv6 adoption per https://google.com/ipv6 Global IPv6 Adoption is at 22% 6 / 26
  7. 7. Who's who History IPv6 What's "new" Different address format Different header Stateless autoconfiguration no need for DHCP Broadcast replaced by multicast Global address hierarchy 7 / 26
  8. 8. Who's who History IPv6 Address format Standard form 8 x 16bit hexadecimal 2001:0db8:affe:c0d4:0000:0000:00c0:fffe Short form Sequence of 0 replaced by ::, leading 0 can be omitted 2001:db8:affe:c0d4::c0:fffe 8 / 26
  9. 9. Who's who History IPv6 Address format IPv4 compatible addresses 0000:0000:0000:0000:0000:ffff:192.0.2.4 or ::ffff:192.0.2.4 CIDR notation for pre xes 2001:db8:affe:c0d4::/64 9 / 26
  10. 10. Who's who History IPv6 Address types Unicast Global (everything not specified elsewhere) unique local (ULA) - FC00::/7 link-local (LLA) - FE80::/10 IPv4 mapped - ::ffff:192.0.2.4 Loopback - ::1/128 unspecified - ::/128 Multicast FF00::/8 No broadcast 10 / 26
  11. 11. Who's who History IPv6 Header format 11 / 26
  12. 12. Who's who History IPv6 ICMPv6 Defined in RFC4443 Informational (Type > 127) Echo Request (128) Echo Reply (129) ... Error (Type < 128) Destination Unreachable (1) Packet Too Big (2) Time Exceeded (3) Parameter Problem (4) If you really want to filter ICMPv6, please read RFC4890 12 / 26
  13. 13. Who's who History IPv6 IPv6 Neighbour Discovery Protocol over ICMPv6 Router Solicitation / Advertisement Neighbour Solicitation / Advertisement Redirect Replaces ARP and certain ICMPv4 messages Implemented through Multicast 13 / 26
  14. 14. Who's who History IPv6 64-Bit Extended Unique Identifier First 24, 28 or 36 bit identify the vendor Modified EUI-64 is used by IPv6 to generate an interface identifier MAC address is split into 24 bit parts, FFFE inserted in-between seventh bit from the left is inverted 1st octet 2nd octet 3rd octet 4th octet 5th octet 6th octet 6 octets or Organisationally Unique Identifier (OUI) Network Interface Controller (NIC) Specific 3 octets 3 octets b7 b6 b5 b4 b3 b2 b1 b0 8 bits 0: 1: unicast multicast 0: 1: globally unique (OUI enforced) locally administered EUI-64 14 / 26
  15. 15. Who's who History IPv6 Stateless Autocon guration (SLAAC) 1. Interface assigns a link-local address w/ interface identifier 2. Interface sends router solicitation 3. Router sends router advertisement, including prefix, default gateway, etc. 4. Interface creates global address from prefix and interface identifier 5. Interface sends a neighbour solicitation for Duplicate Address Detection Router advertisement can contain: Prefix Lifetime DNS Server Default Gateway MTU 15 / 26
  16. 16. Who's who History IPv6 Stateful Autocon guration (DHCPv6) IPv6 can use DHCP to configure all parameters Required for UEFI netbooting Only way to configure a nameserver if the router does not support RDNSS (RFC8106) Required for Prefix Delegation (DHCPv6-PD) 16 / 26
  17. 17. Who's who History IPv6 Stateless Autocon guration with DHCPv6 Address is configured through SLAAC DNS Server is configured through DHCPv6 Android doesn't support this 17 / 26
  18. 18. Who's who History IPv6 Privacy extensions (RFC4941) As a global IPv6 address can be used to identify a single computer, there is a privacy issue. Hosts can generate additional random interface identifiers for outgoing connections. These addresses expire after a certain amount of time. A host can have a number of addresses configured at the same time. 18 / 26
  19. 19. Who's who History IPv6 Subnetting Your LAN should have a /64 That's more than 18 quintillion addresses Deutsche Telekom delegates you a /56 That's 256 times 18 quintillion addresses A site should use a /48 That's 65536 times 18 quintillion addresses RIPE delegates a /29 That's 524288 sites with 65536 subnets with 18 quintillion addresses You can use a /127* on a link, if you want to. The legacy internet fits in a /96 18 quintillion = 18.446.744.073.709.551.616 * That's 2 addresses 19 / 26
  20. 20. Who's who History IPv6 Transition Getting from 4 to 6 There are a lot of transition technologies to get to IPv6 Tunnelbrokers Dual Stack DS-Lite NAT64/DNS64 464XLAT 20 / 26
  21. 21. Who's who History IPv6 Transition Tunnel Brokers Tunnelbrokers provide a IPv6 enabled tunnel over IPv4 and route several subnets. Dual Stack Nodes have 2 IP stacks and several IP addresses 21 / 26
  22. 22. Who's who History IPv6 Transition DS-Lite ISP Network IPv6(IPv4)IPv4 IPv6 IPv6 Internet IPv4 Internet IPv6 DS-Lite CGN Source: Wikipedia 22 / 26
  23. 23. Who's who History IPv6 Transition NAT64/DNS64 The IPv4 internet is mapped to a well-known prefix 64:FF9B::/96 DNS64 translates A records to AAAA records NAT64 translates requests to 64:FF9B::/96 to IPv4 23 / 26
  24. 24. Who's who History IPv6 Transition "Happy Eyeballs" Selection mechanism which protocol to prefer (RFC8305) Tries both address families in parallel, prefers faster TCP answer "Happy Eyeballs Version 2: Better Connectivity Through Concurrency" Implemented in Chrome, Opera, Firefox macOS cURL 24 / 26
  25. 25. Who's who History IPv6 Transition Who is using IPv6? Heise, Google, Youtube, Facebook, Microsoft NAT64 support is mandatory for Apple iOS Apps Microsoft is migrating to IPv6 only internally https://labs.ripe.net/Members/mirjam/ipv6-only-at-microsoft 25 / 26
  26. 26. Who's who History IPv6 Transition Questions Questions? 26 / 26

×