4. Page 4
Common arguments
”We have enough of “We do not want to be
IPv4 addresses – we the early adopters –
do not need IPv6!” let the others do the
mistakes!”
We do not have the
TIME!
“We do not want to
touch existing
infrastructure but wait
to the next upgrade
cycle.”
5. Page 5
Common arguments
”We have enough of “We do not want to be
IPv4 addresses – we the early adopters –
do not need IPv6!” let the others do the
mistakes!”
”The world outside ”Being an early
might want to reach adopter also means
you over IPv6 - you more experience!”
do not want to end
up on a ”Wall of
Shame””
”You may set up a
separate entry in
your network for IPv6
and gradually
introduce IPv6 into
We do not have the your network!”
”An implementation
TIME! may cost more time
and resources if “We do not want to
implemented in touch existing
panic” infrastructure but wait
to the next upgrade
cycle.”
6. Page 6
One example: http://go6.se/check
Some journalist will ask you
what your strategy for IPv6
is.
7. Page 7
Not much really…
Get a modern
webserver.
Get a modern DNS and
enable the
functionality
Modern mail server
(Exchange 2007 is
enough)
On the server side Windows 2008 is fine
8. Page 8
Today
IPv4 IPv6
Get experience
Mail
Web DNS while IPv6
traffic is sparse!
Services
9. Page 9
Tomorrow
IPv4 IPv6
We need this
up and
running NOW!
Mail
Web DNS
Services
10. Page 10
No time NOW will cost you later:
◦ Upgrade many things at once
◦ Trace errors?
◦ Concentrated costs
◦ No time to get acquainted with IPv6 We need this
up and
running NOW!
11. Page 11
”We do not want to touch our current infrastructure!”
IPv4 IPv6
Mail
Web DNS
Small
firewall
DMZ just for
Enable IPv6 support on IPv6
servers but do not add IPv6
DNS records.
When tested add IPv6 DNS records.
Test network
Clients
13. Page 13
Short answer: a lot!
Every customer will get a /48 per site:
2128-48 = 280 = 1,208925819614629174706176 * 1024
Is it possible to make mistakes with this many
addresses?
The answer is yes!
14. Page 14
Size of all subnet should be /64 – there are reasons for this
we will come back to!
128 bits
n bits
64 – n bits
64 bits
Network prefix Subnet ID Host ID
Address span for a site Subnet within a site
Interface ID, 64 bits
15. Page 15
To spread all subnets randomly over the whole assignment!
Assignment (/48)
= subnet
Can render unnecessary problems in
the future!
16. Page 16
How should a customer divide its /48?
2001:db8:1234:[0000-FFFF]::/64
16 * 4096 16 * 16 * 256 16 * 256 * 16 256 * 256
L1 L2 L1 L2 L3 L1 L2 L3 L1 L2
0 000 0 0 00 0 00 0 00 00
. … . . .. . .. . .. ..
F FFF F F FF F FF F FF FF
One office with many
subnets or extremely Few offices with Many offices with Many offices with
many offices with many subnets within just a few subnets many subnets within
one subnet within each each office within each each
• Every subnet should be /64 which gives 65536 subnets
in a /48
• Use a hierarchy with two or three levels and use only one L1-net at a time (to avoid
cluttering of subnets all over the assignment)
• Save the remaining L1-nets for future use
• Identify where the majority of the subnets is needed: number of offices or number of
subnets per office and let the hierarchy mirror this
17. Page 17
Avoid the 0-net in L1 since the shortening rules makes this
network invisible
Only fill in the networks you are using
As an alternative the customer could use a IP planning tool.
◦ http://www.alcatel-lucent.com
◦ http://www.6connect.com
◦ http://www.infoblox.com
Google IPAM to find more!
L2 L1 L2
2001:db8:1234:100::/64 2001:db8:1234:1020::/64
2001:db8:1234:20::/64 2001:db8:1234:1100::/64
2001:db8:1234:200::/64 2001:db8:1234:1200::/64
Sorting? More evident!
Readability?
18. Page 18
To use the same size everywhere is done by several reasons:
Simplification – easier for administrators, users and support
personnel
A number of techniques is built upon this assumption:
◦ Stateless Address Auto Configuration (SLAAC)
◦ Privacy Extensions (used to randomize the last 64 bits of
an IP-address instead of using the MAC-address)
◦ Parts of Mobile IPv6 (roaming on IP-level)
Smaller subnet on link nets -> manual configuration
20. Page 20
Manual Stateless Autoconfig (SLAAC) DHCPv6
THIS is your
address! Internet R Internet R
R R
R R R R
R R
R Could I
R
have
an address,
please? Multicast
Where am I?
You’re with me! Use my
address to tell others on the
Internet where you are.
DHCPv6
Yep, here is one I Server
=
haven’t given
+
Computer A unique ID for this away!
Host generated
address subnet
Holds a list of
Could be a random number or possible addresses
The network prefix of the router the MAC-address of the NIC to give away.
21. Page 21
SLAAC and DHCPv6 communicate over IP – we need an IP-address
before we have an ”official address”
It’s an automatic address which is generated on all interfaces with
IPv6 support
Can be used on the local link (subnet) and is never routed to another
link
Always start with FE80::/10
64-bitars host
Host
Address = FE80:: + generated
suffix (random
or MAC)
R
R
Internet
R R
R
Generated A Generated B Generated C Generated D Generated E Generated F
22. Page 22
Static
◦ Manual configuration just as in IPv4.
Address
Prefix length
Default router
DNS resolver
Manuell
THIS is your
address!
23. Page 23
Stateless Address Auto Configuration - SLAAC
◦ Uses an algorithm to create the host-part of the address.
◦ This part is appended to the prefix the router is sending out with a Router
Advertisement (RA)
◦ Assumes /64-bits net masks
◦ RA also gives information on default router and prefix length
◦ RA can give information on DNS resolver
◦ All OSes support RA
◦ Some support the option that configures the DNS resolver
Where am I?
Router Solicitation ->
FF02::2
R
FF02::1 or link-local <- Router Advertisement
You’re with me! Use my
address to tell others on the
Internet where you are.
24. Page 24
Cur Hop Limit Which Hop Count the client should use on this segment
M-flag Decides whether the client should use SLAAC or DHCPv6 to
configure the address
O-flag Use DHCPv6 to configure other parameters(DNS, NTP- server,
etc.)
Prefix Prefix (and prefix length) the client should use
Other information MTU, link local address for the router, different timeouts that should
be used on this segment
25. Page 25
Stateful address - DHCPv6
◦ Keeps track of which clients get which
address Internet R
◦ Can also be used to configure other options
R
like SIP gateway R R
◦ Normally there exists one DHCPv6 server and R
all routers and firewalls acts as relays R
Can I have
◦ Some OSes has no support for DHCPv6, for an address,
please?
instance Mac OS X before version 10.7.
◦ Third party software exists which can help
OSes with poor support for DHCPv6
(Dibbler, Kame)
◦ Dibbler, Kame and ISC DHCPD are also
examples of DHCPv6-server implementations
Sure, here is one I
haven’t given
away!
26. Page 26
How will a host get its addresses?
= address gets assigned
Always starts with FE80::/10
Link local
The computer gets Static DHCPv6
connected SLAAC
”Official ”
Dynamic
DHCPv6
In IPv6 every host gets more than one address:
1) Loopback (::1)
2) Link local (one FE80::/10 per interface)
3) ”Official” (global) address (per interface)
4) A number of multicast addresses
28. Page 28
Servers
Static addresses on servers
◦ One prefix per server (simplifies firewall administration since every
server has ONE prefix and there is no implicit communication over the
link local addresses
◦ Turn off RA reception
Prefix: 2001:DB8:1234::/48
2001:DB8:1234:F100::/56: Web
2001:DB8:1234:F101::/64 2001:DB8:1234:F103::/64
2001:DB8:1234:F200::/56: Mail 2001:DB8:1234:F102::/64
16 * 16 * 256
L1 L2 L3 R Web: 2001:DB8:1234:F100::/56
R
0 0 00 Internet
. . .. R Mail: 2001:DB8:1234:F200::/56
F F FF
L1: future
L2:types (servers,
clients, infrastructure) 2001:DB8:1234:F202::/64
L3:subnets within types 2001:DB8:1234:F201::/64 2001:DB8:1234:F203::/64
29. Page 29
Clients
2001:DB8:1234:FF00::/56: Clients
Dynamic assignments on clients 16 * 16 * 256
Simpler networks can run SLAAC L1 L2 L3
In a more advanced network where better control
0 0 00
is needed one could use RA with the O(ther
. . ..
options)- and M(anaged)-flags set without a
prefix in the RA F F FF
DHCPv6 is used for address assignment L1: future
Many clients share the same L2:types (servers,
clients, infrastructure)
VLAN/segment/subnet L3:subnets within types
R
2001:DB8:1234:FF01::/64
R R
Relay DHCPv6 Relay 2001:db8:1234:FF03::/64
2001:db8:1234:FF02::/64
Server
30. Page 30
Prefix: 2001:DB8:1234::/48
Split the /48 in 256 subnets each and 256 * 256
everyone consisting of 256 subnets with the L1 L2
subnet mask /56
00 00
Take the first for your infrastructure (link
.. ..
nets, loopback addresses)
FF FF
Assign one /56 per office
L1
Save 252 subnets for future use 10 Infra
11: HQ
12: Office 1
13: Office 2
Infra: 2001:DB8:1234:1000::/56
HK: 2001:DB8:1234:1100::/56
K1: 2001:DB8:1234:1200::/56
K2: 2001:DB8:1234:1300::/56
Infra
R R
WAN-links
31. Page 31
How to enumerate static hosts?
◦ Give the router the address ::1 and the server ::2
◦ Static addresses on clients ::1000 and go upward
◦ Do not give addresses per service (web server::80 and
dns::53) – still open for debate!
◦ DHCPv6 scope range ::1000-FFFF
32. Page 32
Every customer will get many addresses (at least a /48) per site
Use levels not to distribute all subnets over the whole assignments
Address assignment
◦ Static - manual
◦ DHCPv6 NEW!
◦ Stateless Address Auto Configuration (SLAAC)
Every host will have several IPv6 addresses
16 * 4096
L1 L2
0 1 2 3 4 5 6 7 8 9 A B C D E F
Infra Serv Client
Future use
33. Page 33
Gabriel Paues
gabriel.paues@ip-solutions.se
Editor's Notes
StatelessAdvertisements by routersRouters don’t keep track of what configuration parameters are picked up by clientsIP layer parameters may be auto-configured (address, net mask and gateway)DNS parameters may be configured (RFC 6106)ICMP is used to request and advertise parametersMay signal that the clients should use DHCP for other options (like DNS or SIP-gateway)StatefulProvides centralized management of network resourcesHigher layer protocol parameters can be configured as well as IP layer parametersDHCP (or possibly other higher layer protocol) is used to request and advertise parametersStateless and statefulcan be used concurrently