Short Introduction to IPv6

Martin Schütte
Martin SchütteSystems Engineer at Hamburg
Short Introduction to IPv6 Martin Schütte
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Network Working Group S. Deering Request for Comments: 2460 Cisco Obsoletes: 1883 R. Hinden Category: Standards Track Nokia December 1998 Internet Protocol, Version 6 (IPv6) Specification Status of this Memo ... Abstract This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng. Martin Schütte Short Introduction to IPv6 2013-09-28 2 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps The Hourglass Internet Architecture IP TCP UDP HTTPIMAP SkypeP2P RTP FirefoxKMailThunderbird Skype Kazaa MPlayer EthernetPPP DOCSIS CoaxialFiberTwistedPair CDMA TDMA byConstantineDovrolis Martin Schütte Short Introduction to IPv6 2013-09-28 3 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Addresses IPv4: 32 bits 11001011000000000111000100010111 11001011 00000000 01110001 00010111 0xcb 0x00 0x71 0x17 203 0 113 23 203.0.113.23 Martin Schütte Short Introduction to IPv6 2013-09-28 4 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Addresses IPv6: 128 bits 0010000000000001000001100011100000001000000001110000000000111010 0000001000000101010111011111111111111110111110110011100000010010 0010000000000001 0000011000111000 0000100000000111 0000000000111010 0000001000000101 0101110111111111 1111111011111011 0011100000010010 0x2001 0x0638 0x0807 0x003a 0x0205 0x5dff 0xfefb 0x3812 2001:0638:0807:003a:0205:5dff:fefb:3812 Martin Schütte Short Introduction to IPv6 2013-09-28 5 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Notation 2a01:0198:0200:01e4:0000:0000:0000:0002 = 2a01:198:200:1e4:0:0:0:2 = 2a01:198:200:1e4::2 2001:0db8:0000:0000:0001:0000:0000:0001 = 2001:db8:0:0:1:0:0:1 = 2001:db8::1:0:0:1 Ports: [2001:db8::1:0:0:1]:443 http://[2001:db8::1:0:0:1]:443/index.html Martin Schütte Short Introduction to IPv6 2013-09-28 6 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Address Structure 1 8 16 24 32 IPv4 Address 1 32 64 96 128 IPv6 Address 1 40 64 128 Global Routing Prefix Subnet ID Interface ID Martin Schütte Short Introduction to IPv6 2013-09-28 7 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Address Allocation 1 23 32 48 64 128 IANA RIPE LIR Site Interface ID Example: University Server 2001:638:807:3a:205:5dff:fefb:3812 1 23 32 48 64 128 IANA 2001:06 RIPE 38: DFN 0807: Uni 003a: Interface ID 0205:5dff:fefb:3812 Martin Schütte Short Introduction to IPv6 2013-09-28 8 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Address Usage Example: Comcast (USA) • 20 M customers • avg. 2.5 set-top boxes (STB) per customer • 2 IPs per STB ⇒ 20M × 2.5 × 2 = 100 M IPs Comparison: 10.0.0.0/8 has 224 ≈ 16.5 M IPs Martin Schütte Short Introduction to IPv6 2013-09-28 9 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Address Usage Hypothetical example: China Mobile • 740 M customers • avg. 2 devices per customer • 2 IPs per device ⇒ 740M × 2 × 2 ≈ 3000 M IPs Comparison: 0/1 has 231 ≈ 2150 M IPs IPv4 has 232 ≈ 4300 M IPs Martin Schütte Short Introduction to IPv6 2013-09-28 10 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Some Special Address Ranges :: unspecified ::1 localhost ::ffff:192.0.2.1 IPv4-mapped 2000::/3 unicast fe80::/10 link-local fd00::/8 site-local ff00::/8 multicast ff02::1 multicast, all hosts ff02::2 multicast, all routers ff02::101 multicast, all NTP servers ff05::1:3 multicast, all DHCP servers Martin Schütte Short Introduction to IPv6 2013-09-28 11 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Scope Multicast addresses have scope: • ff01::101 means all NTP servers on the same interface (i.e., the same node) as the sender. • ff02::101 means all NTP servers on the same link as the sender. • ff05::101 means all NTP servers in the same site as the sender. • ff0e::101 means all NTP servers in the Internet. Example: mschuett@zula:~$ ssh root@fe80::6670:2ff:fe4c:3a61 ssh: connect to host fe80::6670:2ff:fe4c:3a61 port 22: Invalid argument mschuett@zula:~$ ssh root@fe80::6670:2ff:fe4c:3a61%eth0 BusyBox v1.19.4 (2013-04-07 13:28:47 CEST) built-in shell (ash) Enter ’help’ for a list of built-in commands. ... Martin Schütte Short Introduction to IPv6 2013-09-28 12 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps IPv4 Header Format 0 3 4 7 8 15 16 18 19 31 Version IH Len ToS/ECN Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options Padding    IP header (20–60 octets) Martin Schütte Short Introduction to IPv6 2013-09-28 13 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps IPv6 Header Format 0 3 4 7 8 11 12 15 16 23 24 31 Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address    basic header (40 octets) Martin Schütte Short Introduction to IPv6 2013-09-28 14 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps IPv6 Extension Header Martin Schütte Short Introduction to IPv6 2013-09-28 15 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Destination/Hop-by-Hop Option Header 0 7 8 15 16 23 24 31 Next Header Hdr Ext Len Opt Type Opt Len Opt Value . . . 0 7 8 15 16 23 24 31 Next Header: 0x3a ICMPv6 Hdr Ext Len: 0x00 8 octets Opt Type: 0x05 Rtr alert Opt Data Len: 0x02 2 octets Opt Data: 0x00 0x00 MLD Opt Type: 0x01 PadN Opt Data Len: 0x00 0 octets Martin Schütte Short Introduction to IPv6 2013-09-28 16 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps ICMPv6 ICMPv6 includes: • control messages (like ICMPv4) • Link-Layer address resolution (like ARP) • multicast group membership (like IGMP) • Path MTU Discovery • Neighbor Discovery/Autoconfiguration Martin Schütte Short Introduction to IPv6 2013-09-28 17 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Stateless Address Autoconfiguration 1. select tentative address 2. send Router Solicitation to ff02::2 3. join multicast groups for all nodes and Solicited-Node address 4. Duplicate Address Detection ⇒ acquired link-local IP receive Router Advertisement(s) with network info: • routers with lifetime and preference • local network MTU • global address prefix • DHCP management flag ⇒ acquire global address Martin Schütte Short Introduction to IPv6 2013-09-28 18 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Link-Layer Address Resolution Solicited-Node Address: FF02:0:0:0:0:1:FFXX:XXXX Mapping: Unicast fe80::218:f3ff:fe3a:3f55 ⇒ Multicast ff02::1:ff3a:3f55 ⇒ MAC 33:33:ff3a:3f:55 send Neighbor Solicitation to multicast ⇒ receive Neighbor Advertisement with IP and MAC address Note: no broadcast required(!) Martin Schütte Short Introduction to IPv6 2013-09-28 19 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Duplicate Address Detection Solicited-Node Address: FF02:0:0:0:0:1:FFXX:XXXX Mapping: Unicast fe80::218:f3ff:fe3a:3f55 ⇒ Multicast ff02::1:ff3a:3f55 ⇒ MAC 33:33:ff3a:3f:55 send Neighbor Solicitation to multicast • receive Neighbor Advertisement with IP and MAC address • no answer, address is free Martin Schütte Short Introduction to IPv6 2013-09-28 20 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Autoconfiguration and Neighbor Discovery Design assumption: secure and trustworthy LAN Simple Denial of Service: 1. Host Alice starts Duplicate Address Detection: "Anyone using IP X?" 2. Host Eve answers "I have IP X." 3. goto 1 Routing/Man in the Middle: 1. Host Eve sends ICMPv6 Redirect: "This is router Bob, for google.com please use router Eve." Martin Schütte Short Introduction to IPv6 2013-09-28 21 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps DNS IPv4: A Record — IPv6: AAAA Record [mschuett@cayce] ~> dig +short quux.de a 88.198.11.141 [mschuett@cayce] ~> dig +short quux.de aaaa 2001:6f8:1138::1 [mschuett@cayce] ~> dig +short -x 2001:6f8:1138::1 mail.quux.de. [mschuett@cayce] ~> dig -x 2001:6f8:1138::1 ... ;; QUESTION SECTION: ;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 8.3.1.1.8.f.6.0.1.0.0.2.ip6.arpa. IN PTR ... Martin Schütte Short Introduction to IPv6 2013-09-28 22 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Happy Eyeballs byDanWingandAndrewYourtchenko Martin Schütte Short Introduction to IPv6 2013-09-28 23 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Known for Some Time Frank Solensky’s Report on Address Depletion, Proceedings of IETF 18, p. 61, Vancouver, August 1990 Martin Schütte Short Introduction to IPv6 2013-09-28 24 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps The Plan byGeoffHuston Martin Schütte Short Introduction to IPv6 2013-09-28 25 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Plan B byGeoffHuston Martin Schütte Short Introduction to IPv6 2013-09-28 26 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Status Quo byGeoffHuston Martin Schütte Short Introduction to IPv6 2013-09-28 27 / 34
Short Introduction to IPv6
JasonFesler
JasonFesler
Intro Addresses Headers Autoconfiguration DNS Transition First Steps IPv6 @ Home A few ISPs finally offer native IPv6 to consumers. If not available: use a tunnel brokers, e. g.: • SixXS • Hurricane Electric Martin Schütte Short Introduction to IPv6 2013-09-28 31 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Security Consideration • IPv6 restores end-to-end connectivity • no NAT ⇒ no implicit packet filter • problem: insecure L2 net and First Hop Security (just like with IPv4) • (still) missing support in common tools (firewalls, IDS, config UIs, etc) • little experience Martin Schütte Short Introduction to IPv6 2013-09-28 32 / 34
Intro Addresses Headers Autoconfiguration DNS Transition First Steps Tips for transition • external connectivity matters • your printer does not need IPv6 • neither does your DB backend (probably) • start with an additional load balancer or reverse proxy Martin Schütte Short Introduction to IPv6 2013-09-28 33 / 34
Short Introduction to IPv6
1 of 34

Short Introduction to IPv6

Download to read offline
Technology

Slides for my short IPv6 introduction at the Freifunk Geekend

Martin Schütte
Martin SchütteSystems Engineer at Hamburg

Recommended

NetBSD syslogd with IETF Syslog Protocols by
NetBSD syslogd with IETF Syslog ProtocolsNetBSD syslogd with IETF Syslog Protocols
NetBSD syslogd with IETF Syslog ProtocolsMartin Schütte
2K views69 slides
The IPv6 Snort Plugin (at DeepSec 2014) by
The IPv6 Snort Plugin (at DeepSec 2014)The IPv6 Snort Plugin (at DeepSec 2014)
The IPv6 Snort Plugin (at DeepSec 2014)Martin Schütte
1.7K views43 slides
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit) by
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)
The IPv6 Snort Plugin (at Troopers 14 IPv6 Security Summit)Martin Schütte
1.7K views45 slides
05 06 ike by
05 06 ike05 06 ike
05 06 ikeBabaa Naya
113 views56 slides
100197 by
100197100197
100197Abhishek Malik
206 views7 slides
Network Traffic Search using Apache HBase by
Network Traffic Search using Apache HBaseNetwork Traffic Search using Apache HBase
Network Traffic Search using Apache HBaseEvans Ye
3.7K views36 slides

More Related Content

What's hot

Access over Ethernet: Insecurites in AoE by
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEamiable_indian
1.3K views46 slides
DPDK IPSec Security Gateway Application by
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
2.3K views18 slides
Iptables presentation by
Iptables presentationIptables presentation
Iptables presentationEmin Abdul Azeez
6.7K views22 slides
Ip tables by
Ip tablesIp tables
Ip tablesnavid ashrafi
1.1K views21 slides
Tech f42 by
Tech f42Tech f42
Tech f42SelectedPresentations
424 views47 slides
IPsec Basics: AH and ESP Explained by
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedAndriy Berestovskyy
1.9K views25 slides

What's hot(20)

Access over Ethernet: Insecurites in AoE by amiable_indian
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoE
amiable_indian1.3K views
DPDK IPSec Security Gateway Application by Michelle Holley
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
Michelle Holley2.3K views
Iptables presentation by Emin Abdul Azeez
Iptables presentationIptables presentation
Iptables presentation
Emin Abdul Azeez6.7K views
Ip tables by navid ashrafi
Ip tablesIp tables
Ip tables
navid ashrafi1.1K views
Tech f42 by SelectedPresentations
Tech f42Tech f42
Tech f42
SelectedPresentations424 views
IPsec Basics: AH and ESP Explained by Andriy Berestovskyy
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
Andriy Berestovskyy1.9K views
Silverlight Wireshark Analysis by Yoss Cohen
Silverlight Wireshark AnalysisSilverlight Wireshark Analysis
Silverlight Wireshark Analysis
Yoss Cohen5.1K views
DPDK & Layer 4 Packet Processing by Michelle Holley
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
Michelle Holley2.5K views
introduction of iptables in linux by Nouman Baloch
introduction of iptables in linuxintroduction of iptables in linux
introduction of iptables in linux
Nouman Baloch224 views
Wireshark by ashiesh0007
WiresharkWireshark
Wireshark
ashiesh00075.4K views
DPDK Summit 2015 - Intel - Keith Wiles by Jim St. Leger
DPDK Summit 2015 - Intel - Keith WilesDPDK Summit 2015 - Intel - Keith Wiles
DPDK Summit 2015 - Intel - Keith Wiles
Jim St. Leger4.6K views
Swiss IPv6 Council: Konfusion um die Router Flags by Digicomp Academy AG
Swiss IPv6 Council: Konfusion um die Router FlagsSwiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router Flags
Digicomp Academy AG1.7K views
Introduction to Snort Rule Writing by Cisco DevNet
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule Writing
Cisco DevNet6.1K views
AF-23- IPv6 Security_Final by Musa Stephen HONLUE
AF-23- IPv6 Security_FinalAF-23- IPv6 Security_Final
AF-23- IPv6 Security_Final
Musa Stephen HONLUE478 views
DPDK Summit 2015 - NTT - Yoshihiro Nakajima by Jim St. Leger
DPDK Summit 2015 - NTT - Yoshihiro NakajimaDPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
Jim St. Leger1.3K views
Tunnel & vpn1 by ariesubagyo
Tunnel & vpn1Tunnel & vpn1
Tunnel & vpn1
ariesubagyo3.2K views
Creating a firewall in UBUNTU by Mumbai University
Creating a firewall in UBUNTUCreating a firewall in UBUNTU
Creating a firewall in UBUNTU
Mumbai University466 views
DPDK: Multi Architecture High Performance Packet Processing by Michelle Holley
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet Processing
Michelle Holley9.1K views
IPSec and VPN by Abdullaziz Tagawy
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy8.5K views
Wireshark, Tcpdump and Network Performance tools by Sachidananda Sahu
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
Sachidananda Sahu1.3K views

Viewers also liked

SA’EY by
SA’EYSA’EY
SA’EYHafiz Amir Aslam
781 views3 slides
Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection... by
Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection...Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection...
Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection...Martin Schütte
901 views38 slides
Software Testing on the Web by
Software Testing on the WebSoftware Testing on the Web
Software Testing on the WebMartin Schütte
1.1K views51 slides
Syslog Protocols by
Syslog ProtocolsSyslog Protocols
Syslog ProtocolsMartin Schütte
4K views65 slides
Terraform: Configuration Management for Cloud Services by
Terraform: Configuration Management for Cloud ServicesTerraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud ServicesMartin Schütte
1.8K views34 slides
Terraform: Cloud Configuration Management (WTC/IPC'16) by
Terraform: Cloud Configuration Management (WTC/IPC'16)Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)Martin Schütte
779 views44 slides

Viewers also liked(6)

SA’EY by Hafiz Amir Aslam
SA’EYSA’EY
SA’EY
Hafiz Amir Aslam781 views
Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection... by Martin Schütte
Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection...Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection...
Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection...
Martin Schütte901 views
Software Testing on the Web by Martin Schütte
Software Testing on the WebSoftware Testing on the Web
Software Testing on the Web
Martin Schütte1.1K views
Syslog Protocols by Martin Schütte
Syslog ProtocolsSyslog Protocols
Syslog Protocols
Martin Schütte4K views
Terraform: Configuration Management for Cloud Services by Martin Schütte
Terraform: Configuration Management for Cloud ServicesTerraform: Configuration Management for Cloud Services
Terraform: Configuration Management for Cloud Services
Martin Schütte1.8K views
Terraform: Cloud Configuration Management (WTC/IPC'16) by Martin Schütte
Terraform: Cloud Configuration Management (WTC/IPC'16)Terraform: Cloud Configuration Management (WTC/IPC'16)
Terraform: Cloud Configuration Management (WTC/IPC'16)
Martin Schütte779 views

Similar to Short Introduction to IPv6

Nad710 Network Address Translation by
Nad710 Network Address TranslationNad710 Network Address Translation
Nad710 Network Address Translationtmavroidis
1K views20 slides
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te... by
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...Louis Göhl
2.7K views56 slides
Getting started with IPv6 by
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
4.2K views35 slides
The End of IPv4: What It Means for Incident Responders by
The End of IPv4: What It Means for Incident RespondersThe End of IPv4: What It Means for Incident Responders
The End of IPv4: What It Means for Incident RespondersCarlos Martinez Cagnazzo
122 views27 slides
Deploying IPv6 in OpenStack Environments by
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
2K views51 slides
Plug and Play Using Prefix Delegation Mechanism by
Plug and Play Using Prefix Delegation MechanismPlug and Play Using Prefix Delegation Mechanism
Plug and Play Using Prefix Delegation MechanismShinsuke SUZUKI
15 views18 slides

Similar to Short Introduction to IPv6(20)

Nad710 Network Address Translation by tmavroidis
Nad710 Network Address TranslationNad710 Network Address Translation
Nad710 Network Address Translation
tmavroidis1K views
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te... by Louis Göhl
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
Louis Göhl2.7K views
Getting started with IPv6 by Private
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
Private4.2K views
The End of IPv4: What It Means for Incident Responders by Carlos Martinez Cagnazzo
The End of IPv4: What It Means for Incident RespondersThe End of IPv4: What It Means for Incident Responders
The End of IPv4: What It Means for Incident Responders
Carlos Martinez Cagnazzo122 views
Deploying IPv6 in OpenStack Environments by Shannon McFarland
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
Shannon McFarland2K views
Plug and Play Using Prefix Delegation Mechanism by Shinsuke SUZUKI
Plug and Play Using Prefix Delegation MechanismPlug and Play Using Prefix Delegation Mechanism
Plug and Play Using Prefix Delegation Mechanism
Shinsuke SUZUKI15 views
Sharing your-internet-connection-on-linux by jasembo
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
jasembo2.3K views
TCP/IP Basics by SMC Networks Europe
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
SMC Networks Europe4.9K views
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction by CodiLime
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime209 views
NAT Traversal by Davide Carboni
NAT TraversalNAT Traversal
NAT Traversal
Davide Carboni7.1K views
NAT and firewall presentation - how setup a nice firewall by Cassiano Campes
NAT and firewall presentation - how setup a nice firewallNAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewall
Cassiano Campes134 views
NZNOG 2020 - The Trouble With NAT by Mark Smith
NZNOG 2020 - The Trouble With NATNZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NAT
Mark Smith40 views
Fedv6tf-IPv6-new-friends by Tim Martin
Fedv6tf-IPv6-new-friendsFedv6tf-IPv6-new-friends
Fedv6tf-IPv6-new-friends
Tim Martin727 views
IETF 100: Surviving IPv6 fragmentation by APNIC
IETF 100: Surviving IPv6 fragmentationIETF 100: Surviving IPv6 fragmentation
IETF 100: Surviving IPv6 fragmentation
APNIC613 views
Upcoming internet challenges by Ivan Pepelnjak
Upcoming internet challengesUpcoming internet challenges
Upcoming internet challenges
Ivan Pepelnjak5.8K views
Apnic V6 Tutorial Distribution by Ali_Ahmad
Apnic V6 Tutorial DistributionApnic V6 Tutorial Distribution
Apnic V6 Tutorial Distribution
Ali_Ahmad496 views
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom... by PROIDEA
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PROIDEA378 views
IPv6_Quick_Start_Guide by Parthiban Nallathambi
IPv6_Quick_Start_GuideIPv6_Quick_Start_Guide
IPv6_Quick_Start_Guide
Parthiban Nallathambi473 views
Apnic-Training-IPv6_workshop by Nguyen Minh Thu
Apnic-Training-IPv6_workshopApnic-Training-IPv6_workshop
Apnic-Training-IPv6_workshop
Nguyen Minh Thu530 views
Ipv6 by Yan Drugalya
Ipv6Ipv6
Ipv6
Yan Drugalya553 views

Recently uploaded

Uni Systems for Power Platform.pptx by
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptxUni Systems S.M.S.A.
56 views21 slides
20231123_Camunda Meetup Vienna.pdf by
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdfPhactum Softwareentwicklung GmbH
41 views73 slides
Serverless computing with Google Cloud (2023-24) by
Serverless computing with Google Cloud (2023-24)Serverless computing with Google Cloud (2023-24)
Serverless computing with Google Cloud (2023-24)wesley chun
11 views33 slides
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ... by
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...Jasper Oosterveld
18 views49 slides
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...James Anderson
85 views32 slides
Zero to Automated in Under a Year by
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a YearNetwork Automation Forum
15 views23 slides

Recently uploaded(20)

Uni Systems for Power Platform.pptx by Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.56 views
20231123_Camunda Meetup Vienna.pdf by Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH41 views
Serverless computing with Google Cloud (2023-24) by wesley chun
Serverless computing with Google Cloud (2023-24)Serverless computing with Google Cloud (2023-24)
Serverless computing with Google Cloud (2023-24)
wesley chun11 views
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ... by Jasper Oosterveld
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
Jasper Oosterveld18 views
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson85 views
Zero to Automated in Under a Year by Network Automation Forum
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a Year
Network Automation Forum15 views
Democratising digital commerce in India-Report by Kapil Khandelwal (KK)
Democratising digital commerce in India-ReportDemocratising digital commerce in India-Report
Democratising digital commerce in India-Report
Kapil Khandelwal (KK)15 views
Evolving the Network Automation Journey from Python to Platforms by Network Automation Forum
Evolving the Network Automation Journey from Python to PlatformsEvolving the Network Automation Journey from Python to Platforms
Evolving the Network Automation Journey from Python to Platforms
Network Automation Forum13 views
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院 by IttrainingIttraining
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
IttrainingIttraining52 views
Design Driven Network Assurance by Network Automation Forum
Design Driven Network AssuranceDesign Driven Network Assurance
Design Driven Network Assurance
Network Automation Forum15 views
Unit 1_Lecture 2_Physical Design of IoT.pdf by StephenTec
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdf
StephenTec12 views
SAP Automation Using Bar Code and FIORI.pdf by Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Virendra Rai, PMP23 views
Five Things You SHOULD Know About Postman by Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman33 views
Piloting & Scaling Successfully With Microsoft Viva by Richard Harbridge
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft Viva
Richard Harbridge12 views
The Research Portal of Catalonia: Growing more (information) & more (services) by CSUC - Consorci de Serveis Universitaris de Catalunya
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya80 views
NET Conf 2023 Recap by Lee Richardson
NET Conf 2023 RecapNET Conf 2023 Recap
NET Conf 2023 Recap
Lee Richardson10 views
PRODUCT LISTING.pptx by angelicacueva6
PRODUCT LISTING.pptxPRODUCT LISTING.pptx
PRODUCT LISTING.pptx
angelicacueva614 views
Info Session November 2023.pdf by AleksandraKoprivica4
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdf
AleksandraKoprivica412 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil368 views
"Running students' code in isolation. The hard way", Yurii Holiuk by Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays11 views

Short Introduction to IPv6

  • 1. Short Introduction to IPv6 Martin Schütte
  • 2. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Network Working Group S. Deering Request for Comments: 2460 Cisco Obsoletes: 1883 R. Hinden Category: Standards Track Nokia December 1998 Internet Protocol, Version 6 (IPv6) Specification Status of this Memo ... Abstract This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng. Martin Schütte Short Introduction to IPv6 2013-09-28 2 / 34
  • 3. Intro Addresses Headers Autoconfiguration DNS Transition First Steps The Hourglass Internet Architecture IP TCP UDP HTTPIMAP SkypeP2P RTP FirefoxKMailThunderbird Skype Kazaa MPlayer EthernetPPP DOCSIS CoaxialFiberTwistedPair CDMA TDMA byConstantineDovrolis Martin Schütte Short Introduction to IPv6 2013-09-28 3 / 34
  • 4. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Addresses IPv4: 32 bits 11001011000000000111000100010111 11001011 00000000 01110001 00010111 0xcb 0x00 0x71 0x17 203 0 113 23 203.0.113.23 Martin Schütte Short Introduction to IPv6 2013-09-28 4 / 34
  • 5. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Addresses IPv6: 128 bits 0010000000000001000001100011100000001000000001110000000000111010 0000001000000101010111011111111111111110111110110011100000010010 0010000000000001 0000011000111000 0000100000000111 0000000000111010 0000001000000101 0101110111111111 1111111011111011 0011100000010010 0x2001 0x0638 0x0807 0x003a 0x0205 0x5dff 0xfefb 0x3812 2001:0638:0807:003a:0205:5dff:fefb:3812 Martin Schütte Short Introduction to IPv6 2013-09-28 5 / 34
  • 6. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Notation 2a01:0198:0200:01e4:0000:0000:0000:0002 = 2a01:198:200:1e4:0:0:0:2 = 2a01:198:200:1e4::2 2001:0db8:0000:0000:0001:0000:0000:0001 = 2001:db8:0:0:1:0:0:1 = 2001:db8::1:0:0:1 Ports: [2001:db8::1:0:0:1]:443 http://[2001:db8::1:0:0:1]:443/index.html Martin Schütte Short Introduction to IPv6 2013-09-28 6 / 34
  • 7. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Address Structure 1 8 16 24 32 IPv4 Address 1 32 64 96 128 IPv6 Address 1 40 64 128 Global Routing Prefix Subnet ID Interface ID Martin Schütte Short Introduction to IPv6 2013-09-28 7 / 34
  • 8. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Address Allocation 1 23 32 48 64 128 IANA RIPE LIR Site Interface ID Example: University Server 2001:638:807:3a:205:5dff:fefb:3812 1 23 32 48 64 128 IANA 2001:06 RIPE 38: DFN 0807: Uni 003a: Interface ID 0205:5dff:fefb:3812 Martin Schütte Short Introduction to IPv6 2013-09-28 8 / 34
  • 9. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Address Usage Example: Comcast (USA) • 20 M customers • avg. 2.5 set-top boxes (STB) per customer • 2 IPs per STB ⇒ 20M × 2.5 × 2 = 100 M IPs Comparison: 10.0.0.0/8 has 224 ≈ 16.5 M IPs Martin Schütte Short Introduction to IPv6 2013-09-28 9 / 34
  • 10. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Address Usage Hypothetical example: China Mobile • 740 M customers • avg. 2 devices per customer • 2 IPs per device ⇒ 740M × 2 × 2 ≈ 3000 M IPs Comparison: 0/1 has 231 ≈ 2150 M IPs IPv4 has 232 ≈ 4300 M IPs Martin Schütte Short Introduction to IPv6 2013-09-28 10 / 34
  • 11. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Some Special Address Ranges :: unspecified ::1 localhost ::ffff:192.0.2.1 IPv4-mapped 2000::/3 unicast fe80::/10 link-local fd00::/8 site-local ff00::/8 multicast ff02::1 multicast, all hosts ff02::2 multicast, all routers ff02::101 multicast, all NTP servers ff05::1:3 multicast, all DHCP servers Martin Schütte Short Introduction to IPv6 2013-09-28 11 / 34
  • 12. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Scope Multicast addresses have scope: • ff01::101 means all NTP servers on the same interface (i.e., the same node) as the sender. • ff02::101 means all NTP servers on the same link as the sender. • ff05::101 means all NTP servers in the same site as the sender. • ff0e::101 means all NTP servers in the Internet. Example: mschuett@zula:~$ ssh root@fe80::6670:2ff:fe4c:3a61 ssh: connect to host fe80::6670:2ff:fe4c:3a61 port 22: Invalid argument mschuett@zula:~$ ssh root@fe80::6670:2ff:fe4c:3a61%eth0 BusyBox v1.19.4 (2013-04-07 13:28:47 CEST) built-in shell (ash) Enter ’help’ for a list of built-in commands. ... Martin Schütte Short Introduction to IPv6 2013-09-28 12 / 34
  • 13. Intro Addresses Headers Autoconfiguration DNS Transition First Steps IPv4 Header Format 0 3 4 7 8 15 16 18 19 31 Version IH Len ToS/ECN Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options Padding    IP header (20–60 octets) Martin Schütte Short Introduction to IPv6 2013-09-28 13 / 34
  • 14. Intro Addresses Headers Autoconfiguration DNS Transition First Steps IPv6 Header Format 0 3 4 7 8 11 12 15 16 23 24 31 Version Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address    basic header (40 octets) Martin Schütte Short Introduction to IPv6 2013-09-28 14 / 34
  • 15. Intro Addresses Headers Autoconfiguration DNS Transition First Steps IPv6 Extension Header Martin Schütte Short Introduction to IPv6 2013-09-28 15 / 34
  • 16. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Destination/Hop-by-Hop Option Header 0 7 8 15 16 23 24 31 Next Header Hdr Ext Len Opt Type Opt Len Opt Value . . . 0 7 8 15 16 23 24 31 Next Header: 0x3a ICMPv6 Hdr Ext Len: 0x00 8 octets Opt Type: 0x05 Rtr alert Opt Data Len: 0x02 2 octets Opt Data: 0x00 0x00 MLD Opt Type: 0x01 PadN Opt Data Len: 0x00 0 octets Martin Schütte Short Introduction to IPv6 2013-09-28 16 / 34
  • 17. Intro Addresses Headers Autoconfiguration DNS Transition First Steps ICMPv6 ICMPv6 includes: • control messages (like ICMPv4) • Link-Layer address resolution (like ARP) • multicast group membership (like IGMP) • Path MTU Discovery • Neighbor Discovery/Autoconfiguration Martin Schütte Short Introduction to IPv6 2013-09-28 17 / 34
  • 18. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Stateless Address Autoconfiguration 1. select tentative address 2. send Router Solicitation to ff02::2 3. join multicast groups for all nodes and Solicited-Node address 4. Duplicate Address Detection ⇒ acquired link-local IP receive Router Advertisement(s) with network info: • routers with lifetime and preference • local network MTU • global address prefix • DHCP management flag ⇒ acquire global address Martin Schütte Short Introduction to IPv6 2013-09-28 18 / 34
  • 19. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Link-Layer Address Resolution Solicited-Node Address: FF02:0:0:0:0:1:FFXX:XXXX Mapping: Unicast fe80::218:f3ff:fe3a:3f55 ⇒ Multicast ff02::1:ff3a:3f55 ⇒ MAC 33:33:ff3a:3f:55 send Neighbor Solicitation to multicast ⇒ receive Neighbor Advertisement with IP and MAC address Note: no broadcast required(!) Martin Schütte Short Introduction to IPv6 2013-09-28 19 / 34
  • 20. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Duplicate Address Detection Solicited-Node Address: FF02:0:0:0:0:1:FFXX:XXXX Mapping: Unicast fe80::218:f3ff:fe3a:3f55 ⇒ Multicast ff02::1:ff3a:3f55 ⇒ MAC 33:33:ff3a:3f:55 send Neighbor Solicitation to multicast • receive Neighbor Advertisement with IP and MAC address • no answer, address is free Martin Schütte Short Introduction to IPv6 2013-09-28 20 / 34
  • 21. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Autoconfiguration and Neighbor Discovery Design assumption: secure and trustworthy LAN Simple Denial of Service: 1. Host Alice starts Duplicate Address Detection: "Anyone using IP X?" 2. Host Eve answers "I have IP X." 3. goto 1 Routing/Man in the Middle: 1. Host Eve sends ICMPv6 Redirect: "This is router Bob, for google.com please use router Eve." Martin Schütte Short Introduction to IPv6 2013-09-28 21 / 34
  • 22. Intro Addresses Headers Autoconfiguration DNS Transition First Steps DNS IPv4: A Record — IPv6: AAAA Record [mschuett@cayce] ~> dig +short quux.de a 88.198.11.141 [mschuett@cayce] ~> dig +short quux.de aaaa 2001:6f8:1138::1 [mschuett@cayce] ~> dig +short -x 2001:6f8:1138::1 mail.quux.de. [mschuett@cayce] ~> dig -x 2001:6f8:1138::1 ... ;; QUESTION SECTION: ;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 8.3.1.1.8.f.6.0.1.0.0.2.ip6.arpa. IN PTR ... Martin Schütte Short Introduction to IPv6 2013-09-28 22 / 34
  • 23. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Happy Eyeballs byDanWingandAndrewYourtchenko Martin Schütte Short Introduction to IPv6 2013-09-28 23 / 34
  • 24. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Known for Some Time Frank Solensky’s Report on Address Depletion, Proceedings of IETF 18, p. 61, Vancouver, August 1990 Martin Schütte Short Introduction to IPv6 2013-09-28 24 / 34
  • 25. Intro Addresses Headers Autoconfiguration DNS Transition First Steps The Plan byGeoffHuston Martin Schütte Short Introduction to IPv6 2013-09-28 25 / 34
  • 26. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Plan B byGeoffHuston Martin Schütte Short Introduction to IPv6 2013-09-28 26 / 34
  • 27. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Status Quo byGeoffHuston Martin Schütte Short Introduction to IPv6 2013-09-28 27 / 34
  • 31. Intro Addresses Headers Autoconfiguration DNS Transition First Steps IPv6 @ Home A few ISPs finally offer native IPv6 to consumers. If not available: use a tunnel brokers, e. g.: • SixXS • Hurricane Electric Martin Schütte Short Introduction to IPv6 2013-09-28 31 / 34
  • 32. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Security Consideration • IPv6 restores end-to-end connectivity • no NAT ⇒ no implicit packet filter • problem: insecure L2 net and First Hop Security (just like with IPv4) • (still) missing support in common tools (firewalls, IDS, config UIs, etc) • little experience Martin Schütte Short Introduction to IPv6 2013-09-28 32 / 34
  • 33. Intro Addresses Headers Autoconfiguration DNS Transition First Steps Tips for transition • external connectivity matters • your printer does not need IPv6 • neither does your DB backend (probably) • start with an additional load balancer or reverse proxy Martin Schütte Short Introduction to IPv6 2013-09-28 33 / 34