Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DNS, DHCP & IPAM with IPv6

447 views

Published on

Let's see, what's in Store for you in Terms of DNS/DHCP/IPAM at the BGNW Autumn Conference.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

DNS, DHCP & IPAM with IPv6

  1. 1. CORE NETWORK SERVICES 3 DNS DHCP
  2. 2. ADDRESSES OF AN IPV6 HOST 4 §  Link-Local §  Unicast §  Loopback §  All-Nodes Multicast §  Solicited-Node Multicast FE80::61CC:B8CA:FCB2:36BE 2001:db8:1C6E::6D2B:1C6E ::1 FF01::1 FF02::1:FF2B:1C6E (at least one)  
  3. 3. IPV6 FORWARD DNS 5 ipv6-host IN AAAA 2001:DB8::1:2:34:56 host4711 IN A 192.249.249.111 IN AAAA 2001:db8:cafe:f9::d3
  4. 4. IPV6 REVERSE DNS 6 9.8.7.6.5.4.3.0.2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. IN PTR ipv6-host.bluecatnetworks.com. 2001:db8:cafe:f9::/64 >> 9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa.
  5. 5. §  “listen” Statement §  “query-source” Statement ISC BIND & IPV6 7 options { listen-on-v6 { 2001:db8:cafe:1::53; }; }; options { query-source-v6 address 2001:db8:cafe:1::53; };
  6. 6. §  “transfer-source” Statement §  “notify-source” Statement ISC BIND & IPV6 8 options { transfer-source-v6 2001:db8:cafe:1::53; }; options { notify-source-v6 2001:db8:cafe:1::53; };
  7. 7. DNS QUERIES 9 DNS Server Resources IPv4 = 192.168.191.3 IPv6 = 2001:DB8::1:2:345:6789 DNS Query A/AAAA Query via IPv6 Query via IPv4
  8. 8. DNS QUERIES 10 §  Filtering §  Protocol-specific Search List options { filter-aaaa-on-v4 yes; }; IPv6 IPv6 IPv6 IPv4 = bcnlab.corp IPv6 = v6.bcnlab.corp Zone bcnlab.corp Zone v6.bcnlab.corp DNS Server
  9. 9. ROUTER ADVERTISEMENT (RA) 11 Router Prefix!? Prefix, TTL, Flags Src = link-local address (FE80::) Dst = all-routers multicast address (FF02::2) Src = link-local address (FE80::) Dst = all-nodes multicast address (FF02::1)
  10. 10. ROUTER ADVERTISEMENT (RA) 12 Router You‘re at 2001:db8:ca fe:1::/64 A, M, O Address  Alloca+on   Op+ons   A  Flag   SLAAC   RFC  6106   M  Flag   DHCPv6   DHCP   O  Flag   SLAAC   DHCP  
  11. 11. RFC 6106 13 §  Recursive DNS Server §  DNS Search List switch# configure terminal switch(config)# interface ethernet 3/3 switch(config-if)# ipv6 nd ra dns server 2001:db8:1:2::53 sequence 0 switch(config-if)# ipv6 nd ra dns search-list bcn.corp sequence 1 Source: http://cisco.com (Nexus 7000 Series Routing Guide)  
  12. 12. DHCPV6 14 §  Motivation: Central Management & Auditing subnet6 2001:db8:1:2::/64 { range6 2001:db8:1:2::1:0 2001:db8:1:2::1:ffff; option dhcp6.name-servers 2001:db8:1:2::53; option dhcp6.domain-search "bcn.corp"; }
  13. 13. DHCPV6 15 §  RA defines Usage of DHCPv6 §  Clients on UDP 546 §  Servers & Relays on UDP 547 §  Special Multicast Addresses §  FF02::1:2 (All-DHCP-Agents) used by Clients §  FF05::1:3 (All-DHCP-Servers) used by Relays
  14. 14. DHCPV6 16 Client   Server   SOLICIT  –  FF02::1:2   ADVERTISE  (Unicast)   REQUEST  (Unicast)   REPLY  (Unicast)   Neighbour  SolicitaLon  Message   (MulLcast)   No  Answer   Duplicate   Address   DetecLon  
  15. 15. PROTOCOL-SPECIFIC SEARCH LIST 17 IPv6 IPv6 IPv6 DHCP (v4/v6) IPv4 (119) = bcnlab.corp IPv6 (24) = v6.bcnlab.corp DNS ServerRouter DNSSL Resources Zone bcnlab.corp Zone v6.bcnlab.corp srv.v6.bcnlab.corp Query via IPv4 Query via IPv6 srv.bcnlab.corp
  16. 16. THEORETICALLY ... ;) 18Source: https://www.insinuator.net/2015/03/ipv6-router-advertisement-flags-rdnss-and-dhcpv6-conflicting-configurations/  
  17. 17. ADDRESS MANAGEMENT FOR IPV6 19Source: https://www.insinuator.net/2013/10/ipam-requirements-in-ipv6-networks/   §  Track dynamic Addresses (SLAAC + DHCP) §  Connected L2/L3 Ports of Devices §  Sorting Addresses by Categories §  RFC 5952 §  Integration with DNS & DHCP §  Metadata (Import, Reporting, etc.)
  18. 18. Thank you for your Time.

×