IPv6  Foundations  
Mukom Akong T. (@perfexcellent)
①  Understand IPv4 exhaustion and its implications
②  Identify IPv6 addresses
③  Create an IPv6 addressing plan
④  Configu...
①  Fundamental concepts of TCP/IPv4
②  Building basic IPv4 networks.
③  Using the command line interface for common
routin...
FundamentalsofIPv6	
Module deliverables	
Describe differences between IPv4 and IPv6
Key protocols Basic configuration
Crea...
After this section, you should be able to:
①  Describe the world situation with respect to v4
addresses
②  Describe the im...
Central IPv4 Pool as at 16.06.2010	
UnderstandingIPv4ExhaustionImplications	
learn.afrinic.net | slide 6
Central IPv4 Pool as at 31.01.2011	
UnderstandingIPv4ExhaustionImplications	
learn.afrinic.net | slide 7
Global IPv4 Address Distribution	
Source: www.ipv4depletion.com
UnderstandingIPv4ExhaustionImplications	
learn.afrinic.net...
Projected RIR Depletion Dates	
Source: Geof Houston
UnderstandingIPv4ExhaustionImplications	
learn.afrinic.net | slide 9
Exhaustion Consequence: IPv4
addresses are now more expensive	
UnderstandingIPv4ExhaustionImplications	
$7.5m for 666,624 ...
Exhaustion Consequence: demand for
IPv4 addresses may increase its price	
UnderstandingIPv4ExhaustionImplications	
learn.a...
u  Black markets have well-known contrary consequences
Exhaustion Consequence: An IPv4 address
black market emerges	
Unde...
u  Scenario #1: We remain complacent and the world
leaves us behind in IPv4-land
§  Cost of connecting to the rest of th...
Ultimately…being left behind means	
UnderstandingIPv4ExhaustionImplications	
IPv6 network
IPv4
learn.afrinic.net | slide 1...
How shall we deal with exhaustion?	
UnderstandingIPv4ExhaustionImplications	
IPv4 ?
IPv4 preservation with NAPT
IPv6 Deplo...
Pantone Process Black U
C:0 M:0 Y:0 K:100
R:35 G:31 B: 32
Pantone 159 U
C:0 M:66 Y:100 K:7
R:227 G:111 B: 30
Pa
C:
R:3
Pa
...
After this section, you should be able to:
①  Work comfortably with IPv6’s hexadecimal notation
②  Identify, write and sho...
u Network-layer successor to IPv4
§ 128 bits long (296 times the total IPv4 address
space)
§ Runs on the same physical ...
u  The 8 groups of hexits are separated by colons
u  Addresses are conventionally written in lower case
UnderstandingIPv...
How IPv6 addresses are written	
UnderstandingIPv6Addressing	
© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts abo...
①  Zero-suppression: omit all leading zeroes in a group of
hexits
§  A leading zero is that which comes immediately after...
Shortening IPv6 addresses: Example	
UnderstandingIPv6Addressing	
© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts...
Shortening IPv6 addresses: Example	
UnderstandingIPv6Addressing	
© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts...
Incorrect IPv6 shortening example	
UnderstandingIPv6Addressing	
© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts ...
u  IPv6 is all CIDR i.e. no subnet masks
u  A prefix is written as:
aaaa:bbbb:cccc:dddd:eeee:ffff/prefix length
u  Pref...
Pantone Process Black U
C:0 M:0 Y:0 K:100
R:35 G:31 B: 32
Pantone 159 U
C:0 M:66 Y:100 K:7
R:227 G:111 B: 30
Pa
C:
R:3
Pa
...
After this section, you should be able to:
①  Identify different types of IPv6 addresses
②  Describe the structure and sco...
UnderstandingIPv6Addressing	
Types of IPv6 addresses	
Unicast addresses
•  Identifies and interface of an IPv6 node
•  Can...
Scope: An address’ extent of validity	
UnderstandingIPv6Addressing	
Link
Layer	
Global Scope Link-local Scope
These two sc...
u  Fixed high order bits of “001” => prefix of 2000::/3
u  Example: 2001:db8:dead:beef:c001:babe:0000:aaaf
Global unicas...
u  First 10 bits are 1111 1110 10 thus prefix fe80::/10
u  Scope is link local thus not forwarded off-link by routers
u...
“If you ping fe80::212:6bff:fe54:f99a (N1), what egress interface
will router R use?” – see solution next slide
The Link l...
u ZoneID (or scopeID)
§ Provides the extra routing information required
§ Automatically assigned by the operating syste...
u Windows Host X: fe80::1ce:c01d:dead:babe%7
u Windows Host Y: fe80::dead:beef:1ce:c01d%10
u Ping from X -> Y is accomp...
u  Private address space anyone can use without going to an ISP or
RIRs
u  Prefix fc00::/7 and L flag indicates whether ...
1.  Get the current time on the day in 64bit NTP format.
2.  Get the EUI-64 identifier from the MAC address or other
uniqu...
u  IPv4-derrived address used in the 6to4 transition
mechanism
u  WWXX:YYZZ is the hex form of public v4 address w.x.y.z...
u Manually – typed by an admin on an interface
u Automatically
§ The EUI-64 algorithm.
§ A pseudo-random number.
§ A ...
UnderstandingIPv6Addressing	
EUI-64 automatic interfaceID generation	
learn.afrinic.net | slide 39
u For a given MAC address
§ The EUI-64 interfaceID is fixed
§ It is re-used with the prefix of any network
encountered
...
u  An IPv4 address represented in IPv6 format
u  Form: ::ffff:w.x.y.z/96 where w.x.y.z is a normal IPv4 address.
u  Int...
u  An IPv6 address formed from an private IPv4 address
u  Automatically generated and assigned to ISATAP tunnels
u  For...
u  Used as the destination of multicast communication
u  Start with bits 1111 1111 which is prefix: ff00::/8
u  Bits 8 ...
The Flag Bits in multicast addresses	
UnderstandingIPv6Addressing	
Bit Description
3 Reserved (must be set to 0)
2 (R flag...
The Scope bits in multicast addresses	
UnderstandingIPv6Addressing	
Binary Hex Scope
0001 0x1 Interface
0010 0x2 Link
0100...
Some reserved multicast groups	
Some Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast GroupsSome Wel...
u  Multicast address for all nodes with the same IPv6 address
u  Constructed as follows:
§  Prefix FF02:0:0:0:0:1:FF00:...
#show ipv6 interface g0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::CA9C:...
u Problem: The colon in v6 addresses has another
meeting in urls
§ It is a core part of the http://
§ It is also used t...
u Problem: The colon a illegal character in Microsoft UNC
pathnames
u The solution:
§ Replace each colon in the address...
Summary of IPv6 address types	
Summary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSumm...
Pantone Process Black U
C:0 M:0 Y:0 K:100
R:35 G:31 B: 32
Pantone 159 U
C:0 M:66 Y:100 K:7
R:227 G:111 B: 30
Pa
C:
R:3
Pa
...
After this section, you should be able to:
①  Describe the IPv6 header, noting differences from
the v4 header
②  Identify ...
The IPv6 packet structure	
IPv6fromanIPv4Perspective	
learn.afrinic.net | slide 54
u Fixed header size of 40 bytes (320 bits)
u Fragmentation not allowed by routers, only end hosts
u Minimum supported M...
u Serve similar functionality to IPv4 “Options” headers
u Processed only at packet's destination, except for Hop-
by-Hop...
IPv6fromanIPv4Perspective	
IPv6 packet without extension header	
Courtesy:cisco.com
learn.afrinic.net | slide 57
IPv6fromanIPv4Perspective	
IPv6 packet with extension headers	
Courtesy:cisco.com
learn.afrinic.net | slide 58
IPv6fromanIPv4Perspective	
List and order of IPv6 extension headers	
Orde
r
Header Code Description
1 Basic IPv6 header
2 ...
The IPv6 header compared to IPv4 header	
IPv6fromanIPv4Perspective	
Version Header Length TOS Total Length
Identification F...
IPv6 packet header on the wire	
IPv6fromanIPv4Perspective	
learn.afrinic.net | slide 61
Packet header structure changes from IPv4	
IPv6fromanIPv4Perspective	
IPv4 header fields removed from the base IPv6 header...
IPv4 vs IPv6 key functionality comparison	
IPv6fromanIPv4Perspective	
IPv4 IPv6
Network Access Layer
§  Ethernet and vari...
IPv4 vs IPv6 key functionality comparison	
IPv6fromanIPv4Perspective	
IPv4 IPv6
FQDN to IP-address resolution
§  DNS clie...
IPv4 vs IPv6 key functionality comparison	
IPv6fromanIPv4Perspective	
IPv4 IPv6
Routing protocols
§  Static routing
§  R...
u Most modern DNS servers support IPv6
§ AAAA records for IPv6 to FQDN mapping
§ PTR records under ip6.arpa. TLD for FQ...
Sample IPv6 resource records	
IPv4 IPv6
FQDN to
IP Address
[A record]
voyager.starfleet.org A
197.1.0.77
[AAAA record]
voya...
①  Write the IPv6 address in full reverse
②  Separate each hexit by a period
③  Append the “ip6.arpa” domain
u Example wi...
The usual DNS test tools work as expected	
IPv6fromanIPv4Perspective	
learn.afrinic.net | slide 69
Pantone Process Black U
C:0 M:0 Y:0 K:100
R:35 G:31 B: 32
Pantone 159 U
C:0 M:66 Y:100 K:7
R:227 G:111 B: 30
Pa
C:
R:3
Pa
...
After this section, you should be able to:
①  Describe the importance and functioning of IPv6
ND
②  Describe how ND is use...
u Key protocol upon which most of IPv6’s functionality
depends
u Used by both hosts and routers
u Consists of a set of ...
Functions of IPv6 Neighbor Discovery (ND)	
TheKeyIPv6FunctionalityProtocols	
Addressresolution	
Address
autoconfiguration	
...
TheKeyIPv6FunctionalityProtocols	
5 ICMPv6 messages used by ND	
ND!
Neighbour
Solicitation!
Neighbour
Advertisement!
Route...
TheKeyIPv6FunctionalityProtocols	
Router Solicitation & Advertisement	
learn.afrinic.net | slide 75
TheKeyIPv6FunctionalityProtocols	
The Router Solicitation message	
Sent by IPv6 host
Purpose Find out what routers are pre...
TheKeyIPv6FunctionalityProtocols	
Sample RS packet capture	
learn.afrinic.net | slide 77
TheKeyIPv6FunctionalityProtocols	
The Router Advertisement message	
Sent by IPv6 router
Purpose
§ Advertise its presence ...
TheKeyIPv6FunctionalityProtocols	
RA Message on the Wire	
learn.afrinic.net | slide 79
TheKeyIPv6FunctionalityProtocols	
 Sample RA packet
capture	
learn.afrinic.net | slide 80
TheKeyIPv6FunctionalityProtocols	
Neighbour Solicitations and Advertisements	
learn.afrinic.net | slide 81
TheKeyIPv6FunctionalityProtocols	
The Neighbour Solicitation message	
Sent by IPv6 host
Purpose
§ Find out link layer add...
TheKeyIPv6FunctionalityProtocols	
The Neighbour Advertisement message	
Sent by IPv6 host
Purpose
§ Response to a neighbou...
TheKeyIPv6FunctionalityProtocols	
 Capture of an NA from a router in response
to a NS	
learn.afrinic.net | slide 84
TheKeyIPv6FunctionalityProtocols	
Packet capture of NA message from a host	
learn.afrinic.net | slide 85
TheKeyIPv6FunctionalityProtocols	
The Redirect message	
Sent by IPv6 router
Purpose Informs a node of a better next-hop ro...
Duplicate address detection	
TheKeyIPv6FunctionalityProtocols	
N2
N1
N3
Tentative IP: 2001:db8::2:260:8ff:fe53:f9d8
IP: 20...
u DAD is performed on ALL unicast addresses
u DAD is NEVER performed for anycast addresses
u If DAD fails
§ That addre...
①  Host N1 is going to assign address “A” on its interface “I”
②  Interface “I” joins multicast groups:
§  ff02::1 -- “Al...
TheKeyIPv6FunctionalityProtocols	
 NS packet capture illustrating duplicate
address detection (DAD)	
learn.afrinic.net | s...
Link-layer address resolution using ND	
N2
N1
NS1
src: IPv6 address [N1]
dst: Solicited node multicast [N2]
data: Link lay...
u Does not necessarily verify end-to-end reach-ability
since a neighbour could be a router (not the final
destination)
u...
TheKeyIPv6FunctionalityProtocols	
 NS packet capture for neighbour reachability
verification	
learn.afrinic.net | slide 93
Pantone Process Black U
C:0 M:0 Y:0 K:100
R:35 G:31 B: 32
Pantone 159 U
C:0 M:66 Y:100 K:7
R:227 G:111 B: 30
Pa
C:
R:3
Pa
...
After this section, you should be able to:
①  Configure and verify IPv6 on Windows operating systems
②  Configure and veri...
Operating system IPv6 supported
Windows Windows XP Service Pack 2 and up
Mac OS X 10.4 (Tiger) and up
GNU Linux Kernel 2.6...
Host Configuration: Windows Vista/7	
BasicIPv6Configuration	
learn.afrinic.net | slide 97
BasicIPv6Configuration	
Host configuration: Mac OS X	
learn.afrinic.net | slide 98
Host Configuration: Linux	
BasicIPv6Configuration	
Configure IPv6 on an interface
[In /etc/network/interfaces]
auto eth0
ifa...
u Offer host tracking when EUI-64 addresses are used
u Privacy address status on various operating systems
§ Windows Vi...
Disabling privacy addressing	
BasicIPv6Configuration	
Windows Vista/7
c:netsh interface ipv6 set privacy state=enabled|disa...
Configuring basic IPv6 on Cisco IOS	
BasicIPv6Configuration	
Enable IPv6 on an Interface!
(config)#ipv6 enable
Assign an IPv6...
Configuring basic IPv6 on Junos	
BasicIPv6Configuration	
Enable IPv6 on an Interface
#edit interfaces <interfacename> unit <...
Pantone Process Black U
C:0 M:0 Y:0 K:100
R:35 G:31 B: 32
Pantone 159 U
C:0 M:66 Y:100 K:7
R:227 G:111 B: 30
Pa
C:
R:3
Pa
...
After this section, you should be able to:
①  Describe IPv6 parameter provisioning in IPv6
②  Describe, and verify how SLA...
Device	
Hosts	
IPv6 address	
Default gateway	
DNS server	
CPEs	
IPv6 address	
Default gateway	
DNS server	
Prefix for LAN(s...
IPv6AddressProvisioning	
 Different ways of configuration IPv6 on hosts
and CPEs	
learn.afrinic.net | slide 107	
IPv6 addres...
u  Recursive DNS Server (RDNSS) uses RA to advertise a list
of DNS resolvers.
IPv6AddressProvisioning	
Options for automa...
u  SLAAC is used if none of the above flags is configured
IPv6AddressProvisioning	
 Determining whether to use SLAAC or
D...
u N2 will auto-configure an
address for each of the
advertised prefixes
2001:db8:a::/64 and
2001:db8:d::/64
u Hosts will...
①  Host generates an interfaceID and a link-local address
②  Perform Duplicate Address Detection [DAD] on selected
address...
u  The routers on the subnet are pre-configured with:
§  Appropriate IPv6 addresses on their interfaces.
§  Desired pre...
Configuring a Cisco router for SLAAC	
Network X
R1
N2
M2
ff02::1
R2
Network X
[RS] RA?
1
[RA] 2001:db8:a::
2
[RA] 2001:db8:...
u  Host or CPE gets all of its config parameters from
central server
u  Central server can keep state of who has what ad...
How stateful DHCPv6 works	
[ND] RS?
1
[DHCP] Solicit
3
[DHCP] Solicit
4
[ND] RA (M set)
2
[DHCP] Advertise (addr)
5
[DHCP]...
Advantages:
a)  Similar to DHCPv4, so will be familiar to most operators.
b)  More options to control how addresses are al...
IPv6AddressProvisioning	
How Stateless DHCPv6 works	
[ND] RS?
1
[DHCP] Solicit
Options e.g DNS
server
3
[DHCP] Advertise
D...
Advantages:
§  Support for SLAAC is ubiquitous.
§  Non-DHCPv6 hosts will still be able to get basic
connectivity. (the D...
IPv6AddressProvisioning	
Configure an IOS router for stateful DHCPv6	
client
router
DHCPv6 server
router(config)# interface...
IPv6AddressProvisioning	
Configure DHCPv6 on Junos	
client router DHCPv6 server
protocols {
router-advertisement {
interfac...
u  SLAAC plus the Recursive DNS server option
u  Advantages:
§  Single protocol (IPv6 ND) thus simpler configuration
§...
u  Used to assign a delegated prefix to CPE to use on its LAN.
u  The PE inserts a static route for the delegated prefix...
Key differences between DHCPv4 & DHCPv6	
IPv6AddressProvisioning	
Feature DHCPv4 DHCPv6 Benefit
Managed
configuration flag
...
DHCPv6 server software capabilities	
IPv6AddressProvisioning	
Software Platform Roles Options
ISC DHCPv6
Linux
BSD
Solaris...
DHCPv6 server software capabilities	
IPv6AddressProvisioning	
Software Platform Roles Options
Windows
Server 2008 Windows
...
Pantone Process Black U
C:0 M:0 Y:0 K:100
R:35 G:31 B: 32
Pantone 159 U
C:0 M:66 Y:100 K:7
R:227 G:111 B: 30
Pa
C:
R:3
Pa
...
After this section, you should be able to:①  Subnet an IPv6 prefix
②  Describe how IPv6 addresses are globally
managed
③  ...
For a given IPv6 prefix ‘P’ and prefix length L
a)  List all the sub-prefixes of length L’ therein
b)  Break ‘P’ into N su...
①  Why do we do subnetting?
§  IPv4: conserve address space
§  IPv6: planning and optimization for routing or
security
②...
IPv6subnetting	
Generic IPv6 subnetting procedure	
Find subnet bits (s)	
Find Subnet
hexits	
Find
SubnetID
increment
(B)	
...
IPv6subnetting	
Step #1: Finding the subnet bits (s)	
u The prefix lengths of the mother and sub-prefixes -
(L) and L’ ar...
IPv6subnetting	
Step #2: Finding the number of subnet hexits	
u These are the distinguishing hexits of each subnet
§ Kno...
IPv6subnetting	
Step #3: Finding the Increment or Block (B)	
u This is difference between consecutive subnetIDs
u Ex: Br...
IPv6subnetting	
Step #4: Enumerating the subnetIDs	
u At this point you know the general subnet format
u Taking the subn...
IPv6subnetting	
Step #4: Enumerating the subnetID example	
u  Ex: Breaking 2001:db8:c000::/36 to 900 subnets
§  s = 3 (c...
An ISP with operations in 10 cities just got a
2001:db8:: /32 allocation from AfriNIC, subnet this
prefix equally between ...
u  Number of subnets: N = 10
u  Subnet bits required (s): 2s ≥	
 10 , s = 4 (to the nearest
integer)
u  Thus, to subnet...
u First subnetID
§ [Decimal]: a1= 4096(1-1) = 0 (0x0) | from
an=(n-1)d
§ First subnet: 2001:db8:000::/36
u Last subnet...
sipcalc 2001:db8::/32 –v6split=36 | grep Network
Network - 2001:0db8:0000:0000:0000:0000:0000:0000 -
Network - 2001:0db8:1...
IPv6AddressPlanning	
Global IPv6 address management hierarchy	
2000::/3
LIRprefix::/x y ⩽ x ⩽ 32
LIRprefix::/x y ⩽ x ⩽ 32
LI...
u  /32 for LIRs is just minimum size according to most RIR
policies
u  If you can show that you need more, you usually c...
①  Ensure that all prefixes fall on nibble boundaries
②  Plan a hierarchical scheme to allow for aggregation
§  Site: any...
IPv6AddressPlanning	
Conceptual view of an ISP network	
ASN
Region #1
Site #1
Site #2
Site #n
Region #2
Site #1
Site #2
Si...
①  Select your largest SITE
②  Proceed as follows
§  Estimate the number of end-networks in it now
§  Adjust for growth ...
Try to align allocation units to nibble boundaries
§  Round up your estimates to 2n where n is a multiple of
4
[16, 256, ...
u Consider the range of addresses for
2001:db8:3c00::/40
[first] 2001:db8:3c00:0000:0000:0000:0000:0000
[last] 2001:db8:3...
u “End-prefix” is the prefix given to a network that
connects to each site e.g customer network
①  Estimate the number of...
①  Calculate number of subnet bits required to give us
N prefixes:
②  Allocation size (what you request from AfriNIC) is
§...
①  For your largest SITE
§  Estimate the number of end-networks in it now
§  Adjust for growth in 5 years
§  Round to n...
An ISP has operations in 10 provinces. The largest
province has 50 POPs, the largest of which
has about 2700 clients. Esti...
①  We know
§  Number of regions: #regions = 10 [round to 16]
§  Number of sites: #SITEs = 50 [round up to 256]
§  maxSI...
Pantone Process Black U
C:0 M:0 Y:0 K:100
R:35 G:31 B: 32
Pantone 159 U
C:0 M:66 Y:100 K:7
R:227 G:111 B: 30
Pa
C:
R:3
Pa
...
Upcoming SlideShare
Loading in …5
×

I pv6 foundations

648 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
648
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

I pv6 foundations

  1. 1. IPv6  Foundations   Mukom Akong T. (@perfexcellent)
  2. 2. ①  Understand IPv4 exhaustion and its implications ②  Identify IPv6 addresses ③  Create an IPv6 addressing plan ④  Configure and verify IPv6 on a LAN FundamentalsofIPv6 What you should be able to do after finishing this module learn.afrinic.net | slide 2
  3. 3. ①  Fundamental concepts of TCP/IPv4 ②  Building basic IPv4 networks. ③  Using the command line interface for common routing platforms §  Cisco IOS §  Juniper JUNOS §  Quagga FundamentalsofIPv6 Module Assumptions learn.afrinic.net | slide 3
  4. 4. FundamentalsofIPv6 Module deliverables Describe differences between IPv4 and IPv6 Key protocols Basic configuration Create an IPv6 addressing plan Subnetting Estimate space Allocation Identify and work with IPv6 addresses Address structure and notation Types of IPv6 addresses Understand IPv4 exhaustion implications Global IPv6 address distribution Implications of exhaustion learn.afrinic.net | slide 4
  5. 5. After this section, you should be able to: ①  Describe the world situation with respect to v4 addresses ②  Describe the implications of IPv4 exhaustion Understanding IPv4 Exhaustion Implications!
  6. 6. Central IPv4 Pool as at 16.06.2010 UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 6
  7. 7. Central IPv4 Pool as at 31.01.2011 UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 7
  8. 8. Global IPv4 Address Distribution Source: www.ipv4depletion.com UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 8
  9. 9. Projected RIR Depletion Dates Source: Geof Houston UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 9
  10. 10. Exhaustion Consequence: IPv4 addresses are now more expensive UnderstandingIPv4ExhaustionImplications $7.5m for 666,624 v4 addresses learn.afrinic.net | slide 10
  11. 11. Exhaustion Consequence: demand for IPv4 addresses may increase its price UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 11
  12. 12. u  Black markets have well-known contrary consequences Exhaustion Consequence: An IPv4 address black market emerges UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 12
  13. 13. u  Scenario #1: We remain complacent and the world leaves us behind in IPv4-land §  Cost of connecting to the rest of the world increases §  We miss any market opportunities v6 adoption presents u  Scenario #2: A ‘rush’ for Africa’s pool by other regions §  African networks deprived of critical v4 needed to facilitate transition to v6 §  We are forced to deploy greenfield IPv6 (good) §  Use of NAT increases (bad) Implications of Africa running out last UnderstandingIPv4ExhaustionImplications learn.afrinic.net | slide 13
  14. 14. Ultimately…being left behind means UnderstandingIPv4ExhaustionImplications IPv6 network IPv4 learn.afrinic.net | slide 14
  15. 15. How shall we deal with exhaustion? UnderstandingIPv4ExhaustionImplications IPv4 ? IPv4 preservation with NAPT IPv6 Deployment learn.afrinic.net | slide 15
  16. 16. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  17. 17. After this section, you should be able to: ①  Work comfortably with IPv6’s hexadecimal notation ②  Identify, write and shorten IPv6 addresses IPv6 Addressing Basics!
  18. 18. u Network-layer successor to IPv4 § 128 bits long (296 times the total IPv4 address space) § Runs on the same physical infrastructure § The same applications can also run on IPv6 § Incompatible with IPv4! u The only sustainable answer to IPv4 exhaustion § Enables continued growth of the Internet § Restores end-to-end model & related applications UnderstandingIPv6Addressing What is IPv6? learn.afrinic.net | slide 18
  19. 19. u  The 8 groups of hexits are separated by colons u  Addresses are conventionally written in lower case UnderstandingIPv6Addressing IPv6 addresses are written in hexadecimal IPv6 address = 128 bits (1 or 0) IPv6 address = 32 hexits (0 - 9, a , b , c , d , e , f) IPv6 address = 8 groups of 4 hexits 2001 : db8 : c001 : face : b00c : dead : babe : 1cee learn.afrinic.net | slide 19
  20. 20. How IPv6 addresses are written UnderstandingIPv6Addressing © Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011 learn.afrinic.net | slide 20
  21. 21. ①  Zero-suppression: omit all leading zeroes in a group of hexits §  A leading zero is that which comes immediately after a colon §  Each group must still contain at least one hexit ②  Zero-compression: substitute two or more consecutive groups of zeroes with one double colon (::) §  This should only be done once to avoid ambiguity §  If more than substitution is possible, make that which replaces the most groups §  In case of two equal possible substitutions, make the leftmost one. UnderstandingIPv6Addressing Rules for shortening IPv6 addresses learn.afrinic.net | slide 21
  22. 22. Shortening IPv6 addresses: Example UnderstandingIPv6Addressing © Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011 learn.afrinic.net | slide 22
  23. 23. Shortening IPv6 addresses: Example UnderstandingIPv6Addressing © Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011 learn.afrinic.net | slide 23
  24. 24. Incorrect IPv6 shortening example UnderstandingIPv6Addressing © Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011 learn.afrinic.net | slide 24
  25. 25. u  IPv6 is all CIDR i.e. no subnet masks u  A prefix is written as: aaaa:bbbb:cccc:dddd:eeee:ffff/prefix length u  Prefix length is a decimal in the range [0 , 128] u  Examples of prefix notation: §  2001:db8::/32 --- a prefix assigned to an organisation §  2001:db8:1ce:c001::/64 --- a prefix assigned to a LAN §  2001:db8:1ce:c001::a/64 ---an address out of a /64 prefix UnderstandingIPv6Addressing IPv6 prefixes learn.afrinic.net | slide 25
  26. 26. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  27. 27. After this section, you should be able to: ①  Identify different types of IPv6 addresses ②  Describe the structure and scopes these addresses IPv6 Address Types!
  28. 28. UnderstandingIPv6Addressing Types of IPv6 addresses Unicast addresses •  Identifies and interface of an IPv6 node •  Can be used as source and destination of a packet •  An interface can have multiple valid IPv6 addresses Multicast addresses •  Identifies a group of IPv6 addresses •  Can only be used as the destination of a transmission •  An interface can belong to multiple multicast addresses Anycast addresses •  Same address on multiple nodes •  Packet to anycast address is delivered only to nearest one •  Packets are never sourced from an anycast address learn.afrinic.net | slide 28
  29. 29. Scope: An address’ extent of validity UnderstandingIPv6Addressing Link Layer Global Scope Link-local Scope These two scopes do not apply to multicast addresses and the unspecified address fe80::/10 learn.afrinic.net | slide 29
  30. 30. u  Fixed high order bits of “001” => prefix of 2000::/3 u  Example: 2001:db8:dead:beef:c001:babe:0000:aaaf Global unicast addresses Global Routing Prefix SubnetID InterfaceID 45 bits 64 bits16 bits 3 bits 001 UnderstandingIPv6Addressing IANA>>LIR>>ISP learn.afrinic.net | slide 30
  31. 31. u  First 10 bits are 1111 1110 10 thus prefix fe80::/10 u  Scope is link local thus not forwarded off-link by routers u  One per interface is always automatically configured when IPv6 is enabled u  Used for §  Automatic address configuration §  Default gateway on hosts and next-hops to routes §  Routing protocol updates §  Neighbor discovery Link local unicast addresses 0 InterfaceID 54 bits 64 bits10 bits 1111 1110 10 UnderstandingIPv6Addressing learn.afrinic.net | slide 31
  32. 32. “If you ping fe80::212:6bff:fe54:f99a (N1), what egress interface will router R use?” – see solution next slide The Link local address reachability problem fe80::212:6bff:fe54:f99a R N1 Fe 0/0Fe 0/1 N2 M2 M1 fe80::212:6bff:fe3a:9e9a fe80::212:6bff:fe17:fc0f fe80::245:bcff:fe47:1530 UnderstandingIPv6Addressing learn.afrinic.net | slide 32
  33. 33. u ZoneID (or scopeID) § Provides the extra routing information required § Automatically assigned by the operating system § Only locally significant u A full link-local address is written as : address%zoneID u Examples of some full link-local addresses with zoneIDs: § [Windows] ping fe80::245:bcff:fe47:1530%11 § [Linux] ping6 fe80::245:bcff:fe47:1530%eth0 ZoneIDs (scopeIDs) – resolving Link local address ambiguity UnderstandingIPv6Addressing learn.afrinic.net | slide 33
  34. 34. u Windows Host X: fe80::1ce:c01d:dead:babe%7 u Windows Host Y: fe80::dead:beef:1ce:c01d%10 u Ping from X -> Y is accomplished thus § Use the link local address of Host Y § Append the ZoneID of Host X on the same broadcast domain § ping fe80::dead:beef:1ce:c01d%7 [correct] § ping : fe80::dead:beef:1ce:c01d%11 [wrong] UnderstandingIPv6Addressing Examples of using ZoneID learn.afrinic.net | slide 34
  35. 35. u  Private address space anyone can use without going to an ISP or RIRs u  Prefix fc00::/7 and L flag indicates whether the prefix is locally assigned (1) or globally assigned (0) §  For L=1, we have fd00::/8 for ULAs that anyone can assign. §  For L=0, we have fc00::/8 for ULAs that are centrally assigned. u  Scope is global but they are usually filtered by e-BGP routers Unique local addresses Global ID SubnetID InterfaceID 40 bits 64 bits16 bits 8 bits 1111 110L UnderstandingIPv6Addressing learn.afrinic.net | slide 35
  36. 36. 1.  Get the current time on the day in 64bit NTP format. 2.  Get the EUI-64 identifier from the MAC address or other unique identifier. 3.  Concatenate (1) and (2) 4.  Compute the SHA-1 digest of (3) 5.  Use the least significant 40 bits of (4) as your globalID UnderstandingIPv6Addressing Unique local addresses: globalID algorithm Global ID SubnetID InterfaceID 40 bits 64 bits16 bits 8 bits 1111 110L learn.afrinic.net | slide 36
  37. 37. u  IPv4-derrived address used in the 6to4 transition mechanism u  WWXX:YYZZ is the hex form of public v4 address w.x.y.z u  Each public IPv4 address gives an entire /48 IPv6 prefix UnderstandingIPv6Addressing 6to4 transition addresses WWXX:YYZZ SubnetID2002 InterfaceID 48 bits 64 bits16 bits w.x.y.z learn.afrinic.net | slide 37
  38. 38. u Manually – typed by an admin on an interface u Automatically § The EUI-64 algorithm. § A pseudo-random number. § A public key (e.g. in CGAs) u Some InterfaceIDs are reserved (RFC 5433) § Subnet router anycast: 0000:0000:0000:0000 § Reserved subnet anycast: fdff:ffff:ffff:ff80 - ff UnderstandingIPv6Addressing Generating the InterfaceID – Last 64 bits learn.afrinic.net | slide 38
  39. 39. UnderstandingIPv6Addressing EUI-64 automatic interfaceID generation learn.afrinic.net | slide 39
  40. 40. u For a given MAC address § The EUI-64 interfaceID is fixed § It is re-used with the prefix of any network encountered u It is possible to track a user from their interfaceID § The prefix says what network a user is on § The MAC address can be inferred from the interfaceID u Privacy addressing (RFC4941) deals with this issue UnderstandingIPv6Addressing Privacy concerns with EU-64 learn.afrinic.net | slide 40
  41. 41. u  An IPv4 address represented in IPv6 format u  Form: ::ffff:w.x.y.z/96 where w.x.y.z is a normal IPv4 address. u  Internally represents a v4 node to a v6 node u  Never used as a source or destination v6 address UnderstandingIPv6Addressing IPv4-mapped transition addresses 0 ffff IPv4 Address 80 bits 16 bits 32 bits learn.afrinic.net | slide 41
  42. 42. u  An IPv6 address formed from an private IPv4 address u  Automatically generated and assigned to ISATAP tunnels u  Form: 64bitPrefix:0:5efe:a.b.c.d §  Where a.b.c.d is an RFC1918 private IPv4 address UnderstandingIPv6Addressing ISATAP transition addresses Prefix 0000:5efe Private IPv4 Address 64 bits 32 bits 32 bits learn.afrinic.net | slide 42
  43. 43. u  Used as the destination of multicast communication u  Start with bits 1111 1111 which is prefix: ff00::/8 u  Bits 8 – 16 specify further characteristics of the address UnderstandingIPv6Addressing Multicast addresses GroupID 112 bits 1111 1111 8bits 4bits 4bitsScope Flags learn.afrinic.net | slide 43
  44. 44. The Flag Bits in multicast addresses UnderstandingIPv6Addressing Bit Description 3 Reserved (must be set to 0) 2 (R flag) Rendezvous Point address is embedded (1) or not (0) 1 (P flag) Address is based on a unicast prefix (1) or not (0) 0 (T flag) Address is well-known (0) or dynamically assigned (1) learn.afrinic.net | slide 44
  45. 45. The Scope bits in multicast addresses UnderstandingIPv6Addressing Binary Hex Scope 0001 0x1 Interface 0010 0x2 Link 0100 0x4 Administrative 0101 0x5 Site 1000 0x8 Organisation 1110 0xe Global Others Unassigned or Reserved learn.afrinic.net | slide 45
  46. 46. Some reserved multicast groups Some Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast Groups Address Scope Description FF01::1 1=Interface All nodes on the interface FF02::1 2=Link All nodes on the link FF01::2 1=Interface All routers on the interface FF02::2 2=Link All routers on the link FF05::2 5=site All routers in the site FF02::5 2=Link All OSPFv3 routers FF02::6 2=Link OSPFv3 designated routers FF02::A 2=Link All EIGRPv6 routers FF02::D 2=Link All PIM routers FF02::1:FFXX:XXXX 2=Link Solicited-node address UnderstandingIPv6Addressing learn.afrinic.net | slide 46
  47. 47. u  Multicast address for all nodes with the same IPv6 address u  Constructed as follows: §  Prefix FF02:0:0:0:0:1:FF00::/104 §  Last 24 bits of the IPv6 unicast address §  See examples next slide The solicited node multicast address UnderstandingIPv6Addressing learn.afrinic.net | slide 47 Prefix InterfaceID FF02::1:FF00: Lower 24 bits 104 bits 24 bits
  48. 48. #show ipv6 interface g0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::CA9C:1DFF:FE6B:B6A0 No Virtual link-local address(es): Description: [Link to R1] Global unicast address(es): 2001:43F8:90:C0::2, subnet is 2001:43F8:90:C0::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:2 FF02::1:FF6B:B6A0 MTU is 1500 bytes UnderstandingIPv6Addressing Solicited node multicast addresses in action learn.afrinic.net | slide 48
  49. 49. u Problem: The colon in v6 addresses has another meeting in urls § It is a core part of the http:// § It is also used to specify the port u Solution: enclose the IPv6 address in square brackets http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/ http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:80/ UnderstandingIPv6Addressing IPv6 address literals in URLs learn.afrinic.net | slide 49
  50. 50. u Problem: The colon a illegal character in Microsoft UNC pathnames u The solution: § Replace each colon in the address with a dash § Replace any “%” in the zoneID with an “s” § Append “.ipv6-literal.net” to the address u Example: 2001:db8:85a3:8d3:1319:8a2e:370:7348 2001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net u Example: fe80::1%4 fe80--1s4.ipv6-literal.net UnderstandingIPv6Addressing IPv6 literals in UNC path names learn.afrinic.net | slide 50
  51. 51. Summary of IPv6 address types Summary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address Types Type Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries) Global Unicast GlobalIDGlobalID SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID Link-local fe80 00 InterfaceIDInterfaceIDInterfaceIDInterfaceID Unique-local fc00 0 SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID Unique-local fd00 0 SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID IPv4-mapped 0000 ffff <IPv4 Addr.><IPv4 Addr.> 6to4 2002 <IPv4 Addr.> SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID ISATAP <64bit v6 Prefix><64bit v6 Prefix><64bit v6 Prefix> 0 5efe <IPv4 Addr.><IPv4 Addr.> Unspecified 0000000 Loopback 000000 0001 Multicast ff<LS> Multicast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupID UnderstandingIPv6Addressing learn.afrinic.net | slide 51
  52. 52. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  53. 53. After this section, you should be able to: ①  Describe the IPv6 header, noting differences from the v4 header ②  Identify the IPv6 equivalents and functioning of key IPv4 protocols IPv6 from an IPv4 Perspective!
  54. 54. The IPv6 packet structure IPv6fromanIPv4Perspective learn.afrinic.net | slide 54
  55. 55. u Fixed header size of 40 bytes (320 bits) u Fragmentation not allowed by routers, only end hosts u Minimum supported MTU is 1280 bytes u Optional layer 3 information is put in extension headers just before the upper-layer header IPv6fromanIPv4Perspective Key characteristics of the IPv6 packet learn.afrinic.net | slide 55
  56. 56. u Serve similar functionality to IPv4 “Options” headers u Processed only at packet's destination, except for Hop- by-Hop Options header u Only appear once in a packet, except for the Destination Options header which appears twice u A node discards the packet with a “Parameter Problem” message in the following circumstances u It sees an un-recognized extension header u A Next Header value 0 appears in a header other than the fixed header IPv6fromanIPv4Perspective IPv6 extension headers learn.afrinic.net | slide 56
  57. 57. IPv6fromanIPv4Perspective IPv6 packet without extension header Courtesy:cisco.com learn.afrinic.net | slide 57
  58. 58. IPv6fromanIPv4Perspective IPv6 packet with extension headers Courtesy:cisco.com learn.afrinic.net | slide 58
  59. 59. IPv6fromanIPv4Perspective List and order of IPv6 extension headers Orde r Header Code Description 1 Basic IPv6 header 2 Hop-by-hop options 0 Examined by all hosts in path 3 Destination options 60 Examined only by destination node 4 Routing 43 Specify the route for a datagram (mobile v6) 5 Fragment 44 Fragmentation parameters 6 Authentication (AH) 51 Verify packet authenticity 7 ESP 50 Encrypted data 8 Destination options 60 Examined only by destination node 9 Mobility 135 Parameters for use with mobile IPv6 learn.afrinic.net | slide 59
  60. 60. The IPv6 header compared to IPv4 header IPv6fromanIPv4Perspective Version Header Length TOS Total Length Identification Flags Fragment Offset TTL Protocol Header Checksum Source Address Destination Address Options Version Traffic Class Flow Label Payload Length Hop Limit Source Address Next Header Destination Address 0 4 8 12 16 20 24 28 32 learn.afrinic.net | slide 60
  61. 61. IPv6 packet header on the wire IPv6fromanIPv4Perspective learn.afrinic.net | slide 61
  62. 62. Packet header structure changes from IPv4 IPv6fromanIPv4Perspective IPv4 header fields removed from the base IPv6 header §  Fragmentation fields [Identification, flags, fragment offset] §  Options IPv4 header fields eliminated in IPv6 §  Header checksum §  Header length Revised fields §  TTL à Hop count §  Protocol à Next header §  Precedence and ToS fields à Traffic class New fields §  Flow label learn.afrinic.net | slide 62
  63. 63. IPv4 vs IPv6 key functionality comparison IPv6fromanIPv4Perspective IPv4 IPv6 Network Access Layer §  Ethernet and variants §  PPP for serial links §  ATM §  Ethernet and variants §  PPP for serial links §  ATM Host auto-configuration §  DHCP §  DHCPv6 §  Stateless Address configuration Network to Link-layer Address Resolution §  ARP broadcasts §  NDP via ICMPv6 (NS, NA) learn.afrinic.net | slide 63
  64. 64. IPv4 vs IPv6 key functionality comparison IPv6fromanIPv4Perspective IPv4 IPv6 FQDN to IP-address resolution §  DNS client-server §  A resource records §  In-addr-arpa. reverse zone §  DNS client-server §  AAAA resource records §  ip6.arpa reverse zone Host multicast group membership §  IGMPv1 §  IGMPv2 §  MLDv1 Automatic default gateway configuration §  DHCP, IRDP, passive RIP §  NDP via ICMPv6 (RA) learn.afrinic.net | slide 64
  65. 65. IPv4 vs IPv6 key functionality comparison IPv6fromanIPv4Perspective IPv4 IPv6 Routing protocols §  Static routing §  RIPv1, RIPv2 §  OSPFv2 §  BGP4+ IPv4 AF §  Static routing §  RIPng §  OSPFv3 §  BGP4+ IPv6 AF Minimum MTU size §  576 bytes §  1280 bytes Sending packets to all hosts on subnet §  Broadcast to subnet broadcast Multicast to ALL_NODES (ff02::1) learn.afrinic.net | slide 65
  66. 66. u Most modern DNS servers support IPv6 § AAAA records for IPv6 to FQDN mapping § PTR records under ip6.arpa. TLD for FQDN to IP mapping u DNS is transport-protocol agnostic i.e. § A query over IPv4 could yield AAAA records § A query over IPv6 could yield A records Resolving names to IPv6 addresses IPv6fromanIPv4Perspective learn.afrinic.net | slide 66
  67. 67. Sample IPv6 resource records IPv4 IPv6 FQDN to IP Address [A record] voyager.starfleet.org A 197.1.0.77 [AAAA record] voyager.starfleet.org IN AAAA 2001:0470:0000:0064:0000:0000:0000 :0002 IP Address to FQDN [PTR record] 77.0.1.197.in-addr.arpa PTR voyager.starfleet.org [PTR record] 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.6.0.0.0 .0.0.0.0.7.4.0.1.0.0.2.ip6.arpa IN PTR voyager.starfleet.org IPv6fromanIPv4Perspective learn.afrinic.net | slide 67
  68. 68. ①  Write the IPv6 address in full reverse ②  Separate each hexit by a period ③  Append the “ip6.arpa” domain u Example with sipcalc Generating IPv6 PTR records IPv6fromanIPv4Perspective learn.afrinic.net | slide 68
  69. 69. The usual DNS test tools work as expected IPv6fromanIPv4Perspective learn.afrinic.net | slide 69
  70. 70. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  71. 71. After this section, you should be able to: ①  Describe the importance and functioning of IPv6 ND ②  Describe how ND is used in other key IPv6 functions The Key IPv6 Functionality Protocols!
  72. 72. u Key protocol upon which most of IPv6’s functionality depends u Used by both hosts and routers u Consists of a set of ICMPv6 messages u Works at network layer, thus can use IPsec u Different message exchanges deliver various functionalities TheKeyIPv6FunctionalityProtocols IPv6 Neighbor Discovery Protocol (ND) learn.afrinic.net | slide 72
  73. 73. Functions of IPv6 Neighbor Discovery (ND) TheKeyIPv6FunctionalityProtocols Addressresolution Address autoconfiguration Parameter discovery Prefix discovery Router discovery Host-Router Functions! Duplicate address detection Neighbour unreachability detection Next-hop determination Address resolution Host-Communication! Functions! Neighbour Discovery Protocol learn.afrinic.net | slide 73
  74. 74. TheKeyIPv6FunctionalityProtocols 5 ICMPv6 messages used by ND ND! Neighbour Solicitation! Neighbour Advertisement! Router Solicitation! Router Advertisement! Redirect! learn.afrinic.net | slide 74
  75. 75. TheKeyIPv6FunctionalityProtocols Router Solicitation & Advertisement learn.afrinic.net | slide 75
  76. 76. TheKeyIPv6FunctionalityProtocols The Router Solicitation message Sent by IPv6 host Purpose Find out what routers are present on the link   Src address § IP of querying interface if one exist § Unspecified address (::) if there is no IP address yet Dst address FF02::2 (all-routers) Notes ICMP type 133, ICMP code 0 learn.afrinic.net | slide 76
  77. 77. TheKeyIPv6FunctionalityProtocols Sample RS packet capture learn.afrinic.net | slide 77
  78. 78. TheKeyIPv6FunctionalityProtocols The Router Advertisement message Sent by IPv6 router Purpose § Advertise its presence prefixes, MTU, hop limits § Sent periodically or in response to a RS Src address Router’s link local IPv6 address Dst address § FF02::1 (all-v6-nodes) for periodic broadcasts § v6 address of querying node if responding to a RS Notes ICMP type 134, ICMP code 0 learn.afrinic.net | slide 78
  79. 79. TheKeyIPv6FunctionalityProtocols RA Message on the Wire learn.afrinic.net | slide 79
  80. 80. TheKeyIPv6FunctionalityProtocols Sample RA packet capture learn.afrinic.net | slide 80
  81. 81. TheKeyIPv6FunctionalityProtocols Neighbour Solicitations and Advertisements learn.afrinic.net | slide 81
  82. 82. TheKeyIPv6FunctionalityProtocols The Neighbour Solicitation message Sent by IPv6 host Purpose § Find out link layer address of another host. § Duplicate address detection. § Verify that a neighbour is reachable. Src address § IP of querying interface if one exist § Unspecified address (::) if there is no IP address yet Dst address § Target neighbour’s address if known § Solicited node multicast address of target otherwise   Notes ICMP type 135, ICMP code 0 learn.afrinic.net | slide 82
  83. 83. TheKeyIPv6FunctionalityProtocols The Neighbour Advertisement message Sent by IPv6 host Purpose § Response to a neighbour solicitation (NS) § Periodically to update neighbors. Src address § Manual or auto configured address of originating interface. Dst address § IP address of the node which sent the NA. § FF02::1 for periodic advertisements.   Notes ICMP type 136, ICMP code 0 learn.afrinic.net | slide 83
  84. 84. TheKeyIPv6FunctionalityProtocols Capture of an NA from a router in response to a NS learn.afrinic.net | slide 84
  85. 85. TheKeyIPv6FunctionalityProtocols Packet capture of NA message from a host learn.afrinic.net | slide 85
  86. 86. TheKeyIPv6FunctionalityProtocols The Redirect message Sent by IPv6 router Purpose Informs a node of a better next-hop router. Src address Link local address of router. Dst address IP address of requesting node.   Notes ICMP type 137, ICMP code 0 learn.afrinic.net | slide 86
  87. 87. Duplicate address detection TheKeyIPv6FunctionalityProtocols N2 N1 N3 Tentative IP: 2001:db8::2:260:8ff:fe53:f9d8 IP: 2001:db8::2:260:8ff:fe53:f9d8 NS 1 src: :: dst: FF02::1:FF53:F9D8 hop limit: 255 Target: 2001:DB8::2:260:8FF:FE53:F9D8 NA 2 src: 2001:DB8::2:260:8FF:FE53:F9D8 dst: FF02::1 hop limit: 255 Target: 2001:DB8::2:260:8FF:FE53:F9D8 learn.afrinic.net | slide 87
  88. 88. u DAD is performed on ALL unicast addresses u DAD is NEVER performed for anycast addresses u If DAD fails § That address cannot be assigned to the interface. § All addresses using that InterfaceID are also not unique § A system management error must be logged u Unrelated packets sent to a tentative address are discarded TheKeyIPv6FunctionalityProtocols Duplicate address detection learn.afrinic.net | slide 88
  89. 89. ①  Host N1 is going to assign address “A” on its interface “I” ②  Interface “I” joins multicast groups: §  ff02::1 -- “All IPv6 nodes” §  ff02::ff00:0:a – solicited node multicast address for “A” ③  N1 sends NS message to ff02::ff:0:a sourced from “::” ④  N1 listens for any NS messages to ff02::ff00:0:a from “::” ⑤  DAD fails under any of the following circumstances §  N1 receives an NS for a tentative address prior to sending one. §  More NSs are received than those expected based on loopback semantics How duplicate address detection works TheKeyIPv6FunctionalityProtocols learn.afrinic.net | slide 89
  90. 90. TheKeyIPv6FunctionalityProtocols NS packet capture illustrating duplicate address detection (DAD) learn.afrinic.net | slide 90
  91. 91. Link-layer address resolution using ND N2 N1 NS1 src: IPv6 address [N1] dst: Solicited node multicast [N2] data: Link layer address [N1] query: "what's your link layer address?" src: IPv6 address [N2] dst: IPv6 address [N1] data: Link layer address [N2] NA 2 TheKeyIPv6FunctionalityProtocols learn.afrinic.net | slide 91
  92. 92. u Does not necessarily verify end-to-end reach-ability since a neighbour could be a router (not the final destination) u How it works: § Sending a probe to desired hosts’ solicited node multicast address and receiving a NA or RA in response § Receive a clue from higher level protocol that to say communication is happening e.g TCP ACK u Can be used for first hop router redundancy TheKeyIPv6FunctionalityProtocols Neighbour unreachability detection learn.afrinic.net | slide 92
  93. 93. TheKeyIPv6FunctionalityProtocols NS packet capture for neighbour reachability verification learn.afrinic.net | slide 93
  94. 94. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  95. 95. After this section, you should be able to: ①  Configure and verify IPv6 on Windows operating systems ②  Configure and verify IPv6 on Linux operating systems ③  Configure and verify IPv6 on the MAC OS X operating system ④  Configure and verify IPv6 on Cisco IOS ⑤  Configure and verify IPv6 on Junos Basic IPv6 Configuration!
  96. 96. Operating system IPv6 supported Windows Windows XP Service Pack 2 and up Mac OS X 10.4 (Tiger) and up GNU Linux Kernel 2.6 and up FreeBSD FreeBSD 4.0 and up Cisco IOS IOS 12.4; 12.3; 12.xT from 12.2T and up Junos Junos 5.1 and up Most Operating Systems have IPv6 enabled by default! BasicIPv6Configuration learn.afrinic.net | slide 96
  97. 97. Host Configuration: Windows Vista/7 BasicIPv6Configuration learn.afrinic.net | slide 97
  98. 98. BasicIPv6Configuration Host configuration: Mac OS X learn.afrinic.net | slide 98
  99. 99. Host Configuration: Linux BasicIPv6Configuration Configure IPv6 on an interface [In /etc/network/interfaces] auto eth0 iface eth0 inet6 static address 2001:db8:fedc:abcd::1/64 force an interface to come up at boot-up and get address automatically. [In /etc/network/interfaces] auto eth0 iface eth0 inet manual up /sbin/ip -6 link set eth0 up Verify #ifconfig eth0    OR #ip -6 addr show eth0 learn.afrinic.net | slide 99
  100. 100. u Offer host tracking when EUI-64 addresses are used u Privacy address status on various operating systems § Windows Vista/7 – Enabled by default § Mac OS X – Not enabled by default § Linux - not enabled by default u Generally, enabling privacy addresses is not recommended BasicIPv6Configuration Working with privacy addresses learn.afrinic.net | slide 100
  101. 101. Disabling privacy addressing BasicIPv6Configuration Windows Vista/7 c:netsh interface ipv6 set privacy state=enabled|disabled c:netsh interface ipv6 set global randomizeidentifiers=enabled|disabled Mac OS X In /etc/sysctl.conf net.inet6.ip6.use_tempaddr=0|1 net.inet6.ip6.temppltime=XX //lifetime of temporary address Linux #echo "1" > /proc/sys/net/ipv6/conf/default/use_tempaddr learn.afrinic.net | slide 101
  102. 102. Configuring basic IPv6 on Cisco IOS BasicIPv6Configuration Enable IPv6 on an Interface! (config)#ipv6 enable Assign an IPv6 address with automatic interfaceID! (config)#ipv6 address <prefix/prefix-length> eui-64 Assign a static IPv6 address! (config)#ipv6 address <ipv6address/prefix-length> Enable IPv6 routing and CEF! (config)#ipv6 unicast-routing (config)#ipv6 cef learn.afrinic.net | slide 102
  103. 103. Configuring basic IPv6 on Junos BasicIPv6Configuration Enable IPv6 on an Interface #edit interfaces <interfacename> unit <unit_no> Assign an IPv6 address with automatic interfaceID #set family inet6 address <prefix/prefix-length> eui-64 Assign a static IPv6 address #set family inet6 address <ipv6address/prefix-length> learn.afrinic.net | slide 103
  104. 104. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  105. 105. After this section, you should be able to: ①  Describe IPv6 parameter provisioning in IPv6 ②  Describe, and verify how SLAAC works ③  Describe and verify how DHCPv6 works ④  Describe how DHCPv6-PD works Address Provisioning in IPv6!
  106. 106. Device Hosts IPv6 address Default gateway DNS server CPEs IPv6 address Default gateway DNS server Prefix for LAN(s) IPv6AddressProvisioning Base address provisioning requirements learn.afrinic.net | slide 106
  107. 107. IPv6AddressProvisioning Different ways of configuration IPv6 on hosts and CPEs learn.afrinic.net | slide 107 IPv6 address configuration! SLAAC! Plain SLAAC! SLAAC with RDNSS! DHCPv6! Stateful! Stateless! Manual!
  108. 108. u  Recursive DNS Server (RDNSS) uses RA to advertise a list of DNS resolvers. IPv6AddressProvisioning Options for automatic address provisioning Address Default Gateway DNS server Delegate d Prefix SLAAC ✔ ✔ ✖ Stateful DHCPv6 ✔ ✖ ✔ ✔ Stateless DHCPv6 ✖ ✖ ✔ ✖ RDNSS ✖ ✖ ✔ ✖ learn.afrinic.net | slide 108
  109. 109. u  SLAAC is used if none of the above flags is configured IPv6AddressProvisioning Determining whether to use SLAAC or DHCPv6 – M and O RA flags The RA Managed-Config-Flag (M) •  Tells host to use DHCPv6 for everything •  The host must be set to configure IPv6 “automatically” •  Configured on the router interface facing hosts The RA Other-Config-Flag (O) •  Tells host to use •  SLAAC for address and prefix length •  DHCPv6 for other options (e.g DNS) •  Configured on the router interface facing hosts learn.afrinic.net | slide 109
  110. 110. u N2 will auto-configure an address for each of the advertised prefixes 2001:db8:a::/64 and 2001:db8:d::/64 u Hosts will also auto-configure 2 default routers u If RDNSS is active, N2 and M2 will also get a list of DNS resolvers IPv6AddressProvisioning Stateless Auto-Configuration – How it Works Network X R1 N2 M2 ff02::1 R2 Network X [RS] RA? 1 [RA] 2001:db8:a:: 2 [RA] 2001:db8:d:: 3 ff02::1 ff02::1 learn.afrinic.net | slide 110
  111. 111. ①  Host generates an interfaceID and a link-local address ②  Perform Duplicate Address Detection [DAD] on selected address ③  Query all routers (via RS messages) for additional ④  Router responds with Router Advertisement [RA] which lists allocated prefixes for the subnet and indicates if it can provide routing services to connected hosts. ⑤  For each prefix received, the host adds its 64bit interfaceID configures an address and does DAD. ⑥  Host build a list of 'default routers' from RAs. There's no single default gateway like in IPv4. Stateless Auto-Configuration – How it Works IPv6AddressProvisioning learn.afrinic.net | slide 111
  112. 112. u  The routers on the subnet are pre-configured with: §  Appropriate IPv6 addresses on their interfaces. §  Desired prefixes for use on the subnet. §  List of DNS servers to send to hosts [RFC6106] u  If the router advertise multiple prefixes, the host(s) will auto-configure an address for each of the prefixes. u  If multiple routers advertise themselves as default, host typically chooses and uses one till it fails, then it uses other. Stateless Auto-Configuration – How it works IPv6fromanIPv4Perspective learn.afrinic.net | slide 112
  113. 113. Configuring a Cisco router for SLAAC Network X R1 N2 M2 ff02::1 R2 Network X [RS] RA? 1 [RA] 2001:db8:a:: 2 [RA] 2001:db8:d:: 3 ff02::1 ff02::1 R1(config)#Interface fastethernet 0/1 R1(config-if)#ipv6 nd prefix 2001:db8:a::/64 R1(config)#Interface fastethernet 0/1 R1(config-if)#ipv6 nd prefix 2001:db8:d::/64 IPv6AddressProvisioning learn.afrinic.net | slide 113
  114. 114. u  Host or CPE gets all of its config parameters from central server u  Central server can keep state of who has what address u  A host may use DHCPv6 instead of SLAAC if it gets an RA message with the M flag = ON and A flag=OFF u  Multicast addresses used by DHCPv6 §  All_DHCP_Relay_Agents_and_Servers (FF02::1:2) §  All_DHCP_Servers (FF05::1:3) u  DHCP Messages: §  Clients listen on UDP port 546 §  Servers and relay agents listen on UDP port 547 u  DHCPv6 does not support a default gateway option!! Stateful configuration with DHCPv6 IPv6AddressProvisioning learn.afrinic.net | slide 114
  115. 115. How stateful DHCPv6 works [ND] RS? 1 [DHCP] Solicit 3 [DHCP] Solicit 4 [ND] RA (M set) 2 [DHCP] Advertise (addr) 5 [DHCP] Advertise (addr) 6 [DHCP] Request (addr) 7 [DHCP] Request (addr) 8 [DHCP] Reply (addr) 9 [DHCP] Reply (addr) 10 [DHCP] Confirm (addr) 11 [DHCP] Confirm (addr) 12 Client Router/DHCP Relay DHCP Server IPv6AddressProvisioning learn.afrinic.net | slide 115
  116. 116. Advantages: a)  Similar to DHCPv4, so will be familiar to most operators. b)  More options to control how addresses are allocated e.g. §  Restrict assignments to a small range of addresses §  Map IP addresses to specific clients. c)  Dynamic DNS (DDNS) updates from a central server is more secure than permitting individual host to update the DNS. d)  It has options to configure other services. e)  Can produce centralized accounting logs (troubleshooting and forensics). Disadvantages: a)  No DHCPv6 clients yet on some operating systems e.g, Android. b)  Configuration information for addresses and DNS resolvers must be maintained in separate locations. IPv6AddressProvisioning Stateful DHCPv6 learn.afrinic.net | slide 116
  117. 117. IPv6AddressProvisioning How Stateless DHCPv6 works [ND] RS? 1 [DHCP] Solicit Options e.g DNS server 3 [DHCP] Advertise DNS server address 5 Client Router DHCP Server [ND] RA Prefix: Default router: "O" flag set 2 [DHCP-RELAY] Solicit Options 4 [DHCP-RELAY] Advertise DNS server address 6 learn.afrinic.net | slide 117
  118. 118. Advantages: §  Support for SLAAC is ubiquitous. §  Non-DHCPv6 hosts will still be able to get basic connectivity. (the DNS resolvers can be manually configured ) §  Other options possible (e.g NTP, NIS, SIP etc) Disadvantages: §  Zero control over how addresses are allocated §  If using DDNS, permitting DDNS updates from all clients is insecure. §  Privacy concerns if EUI-64 method is used for interfaceID §  No centralized log for forensics IPv6AddressProvisioning Stateless DHCPv6 Pros and Cons learn.afrinic.net | slide 118
  119. 119. IPv6AddressProvisioning Configure an IOS router for stateful DHCPv6 client router DHCPv6 server router(config)# interface FastEthernet0/0 router(config-if)# ipv6 nd managed-config-flag router(config-if)# ipv6 nd other-config-flag router(config-if)# ipv6 nd prefix default no-autoconfig router(config-if)# exit learn.afrinic.net | slide 119
  120. 120. IPv6AddressProvisioning Configure DHCPv6 on Junos client router DHCPv6 server protocols { router-advertisement { interface ge-0/1/0.0 { managed-configuration; <--- sets the M bit in the RA other-stateful-configuration; <--- sets the O bit in the RA prefix 2001:0DB8:10:4::/64 { no-autonomous; <--- disable stateless auto-config } } } } learn.afrinic.net | slide 120
  121. 121. u  SLAAC plus the Recursive DNS server option u  Advantages: §  Single protocol (IPv6 ND) thus simpler configuration §  Support for SLAAC is ubiquitous u  Disadvantages: §  RDNSS option not widely supported §  No other parameters besides DNS resolver are possible IPv6AddressProvisioning SLAAC + RDNSS learn.afrinic.net | slide 121
  122. 122. u  Used to assign a delegated prefix to CPE to use on its LAN. u  The PE inserts a static route for the delegated prefix in its table IPv6AddressProvisioning Provisioning client prefixes automatically with DHCPv6 - PD [DHCP] Solicit Options: IAPD 2 [DHCP] Advertise Delegated Prefix 4 [DHCP-RELAY] Solicit Option: IAPD 3 [DHCP-RELAY] Advertise Delegated Prefix 5 Provision CPE WAN address 1 CPE PE DHCP Server learn.afrinic.net | slide 122
  123. 123. Key differences between DHCPv4 & DHCPv6 IPv6AddressProvisioning Feature DHCPv4 DHCPv6 Benefit Managed configuration flag N/A Used by router to control host use of DHCP Node config can be managed by network policy Destination address of initial request Broadcast ff02::1:2 Efficient link utilisation More specific link signaling Source address of initial request 0.0.0.0 Link local address of client More specific link signaling Reconfiguration message N/A Servers can ask clients to update their configurations Easier to trigger site-wide reconfiguration Identify association N/A Clients can deal with multiple servers Scalability and redundancy learn.afrinic.net | slide 123
  124. 124. DHCPv6 server software capabilities IPv6AddressProvisioning Software Platform Roles Options ISC DHCPv6 Linux BSD Solaris Server Relay Client DNS, NTP, NIS, SIP, BCMCS, Lifetime, Prefix Delegation, Relay IDs, FQDN WIDE DHCPv6 Linux BSD Server Relay Client DNS, NTP, NIS, SIP, BCMCS, Lifetime, Prefix delegation Dibbler DHCPv6 Linux Windows Server Relay Client DNS, NTP, NIS, SIP, AAKey, Lifetime, FQDN, Prefix delegation, Leasequery, Timezone learn.afrinic.net | slide 124
  125. 125. DHCPv6 server software capabilities IPv6AddressProvisioning Software Platform Roles Options Windows Server 2008 Windows Server Relay DNS, NIS, SIP, NTP, Lifetime User class IOS DHCPv6 Cisco IOS Server Relay Client DNS, NTP, NIS, SIP Prefix Delegation Relay IDs, Lifetime learn.afrinic.net | slide 125
  126. 126. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?
  127. 127. After this section, you should be able to:①  Subnet an IPv6 prefix ②  Describe how IPv6 addresses are globally managed ③  Estimate the IPv6 addressing needs of your network ④  Carve out your allocated addresses and assign IPv6 Address Planning!
  128. 128. For a given IPv6 prefix ‘P’ and prefix length L a)  List all the sub-prefixes of length L’ therein b)  Break ‘P’ into N subnets Repeat for each sub-prefix as required The generic IPv6 subnetting problem IPv6subnetting Parent prefix Sub-prefix #1 Sub-prefix #2 Sub-prefix #3 Sub-prefix #n learn.afrinic.net | slide 128
  129. 129. ①  Why do we do subnetting? §  IPv4: conserve address space §  IPv6: planning and optimization for routing or security ②  VLSM vs SLSM – there’s no point to do VLSM in IPv6 ③  Subnets vs hosts – number of hosts is irrelevant in v6 ④  There’ll rarely be a need to expand a /64 subnet! IPv6subnetting IPv4 subnetting concepts to FORGET! learn.afrinic.net | slide 129
  130. 130. IPv6subnetting Generic IPv6 subnetting procedure Find subnet bits (s) Find Subnet hexits Find SubnetID increment (B) Enumerate subnetIDs learn.afrinic.net | slide 130 Derived from total number of desired subnets Range of hexits that define each individual subnet The difference between each subnetID The individual subnets
  131. 131. IPv6subnetting Step #1: Finding the subnet bits (s) u The prefix lengths of the mother and sub-prefixes - (L) and L’ are known. s = L – L’ Ex: breaking a /32 to /56s requires 56 – 32 = 24 bits u Only the number of desired subnets is known Ex: breaking a /36 into 700 networks needs 2s ≥N thus s = logN log2 2s ≥ 700 thus s = log700 log2 = 9.45 ≈ 10bits learn.afrinic.net | slide 131
  132. 132. IPv6subnetting Step #2: Finding the number of subnet hexits u These are the distinguishing hexits of each subnet § Knowing number of subnet bits ‘s’ § Knowing that 1 hexit = 4 bits, then § Number of subnet hexits = s/4 (round up) u Ex: Breaking 2001:db8:c000::/36 to 700 subnets § s = log 700 ÷ log 2 = 9.81 ≈ 10 § # subnet hexits = 10/4 = 2.5 ≈ 3 § Each of the subnets will be like: 2001:db8:cHHH::/ 46 learn.afrinic.net | slide 132
  133. 133. IPv6subnetting Step #3: Finding the Increment or Block (B) u This is difference between consecutive subnetIDs u Ex: Breaking 2001:db8:c000::/36 in to 700 subnets § s = 3 (calculated in previous slides) § L’ = 46 (/36 original length + 10 bits of subnetting) § Format 2001:db8:cHHH::/46 (calculated previously) §  B = 216−(L'%16) B = 216−(46%16) = 216−14 = 22 = 4 (0x4) learn.afrinic.net | slide 133
  134. 134. IPv6subnetting Step #4: Enumerating the subnetIDs u At this point you know the general subnet format u Taking the subnetIDs only, these form an arithmetic progression with following characteristics § Common difference d = block (B) § Initial term = 000 u Any term of the progression is u Substituting for d = B and initial term = 000 u The nth term is: an =a0 + (n−1)d an = (n−1)B learn.afrinic.net | slide 134
  135. 135. IPv6subnetting Step #4: Enumerating the subnetID example u  Ex: Breaking 2001:db8:c000::/36 to 900 subnets §  s = 3 (calculated in previous slides) §  L’ = L + s = 36 + 10 = 46 §  Format 2001:db8:cHHH::/46 (calculated previously) §  B = 4 (0x4) - as previously calculated u  First subnetID §  [Decimal]: a1= 4(1-1) = 0 (0x0) §  First subnet: 2001:db8:c000::/46 u  Last subnetID §  [Decimal]: a1024 = 4(1024-1) = 4(1023) = 4092 (0xFFC) §  [Hex]: a400= 4(400-1) = 4(3ff) = FFC §  Last subnet: 2001:db8:cffc::/46 learn.afrinic.net | slide 135
  136. 136. An ISP with operations in 10 cities just got a 2001:db8:: /32 allocation from AfriNIC, subnet this prefix equally between the 10 cities. Subnetting example : problem IPv6subnetting learn.afrinic.net | slide 136
  137. 137. u  Number of subnets: N = 10 u  Subnet bits required (s): 2s ≥ 10 , s = 4 (to the nearest integer) u  Thus, to subnet 2001:db8::/32 to cover 10 subnets, §  We’ll need to use 4 bits §  Those 4 bits give us 24 = 16 subnets (we’ve 6 spare subnets) §  Prefix length of each subnet is /36 (i.e 32 + 4 = 36) u  We calculate §  Number of interesting hexits = s/4 = 1 §  Block: Subnetting example : analysis IPv6AddressPlanning s = log 10 log 2 = 1 0.301 = 3.32 [4 approx] learn.afrinic.net | slide 137 B = 216−(36%16) = 216−4 = 212 = 4096=0x1000
  138. 138. u First subnetID § [Decimal]: a1= 4096(1-1) = 0 (0x0) | from an=(n-1)d § First subnet: 2001:db8:000::/36 u Last subnetID § [Decimal]: a16 = 4096(16-1) = 61440 (0xf000) § [Hex]: a10= 1000(10-1) = 1000(f) = 0xf000 § Last subnet: 2001:db8:f000::/36 u  Verify your answer using subnet tools §  e.g. sipcalc 2001:db8::/32 –v6split=36 Subnetting example : analysis IPv6AddressPlanning learn.afrinic.net | slide 138
  139. 139. sipcalc 2001:db8::/32 –v6split=36 | grep Network Network - 2001:0db8:0000:0000:0000:0000:0000:0000 - Network - 2001:0db8:1000:0000:0000:0000:0000:0000 - Network - 2001:0db8:2000:0000:0000:0000:0000:0000 - Network - 2001:0db8:3000:0000:0000:0000:0000:0000 - Network - 2001:0db8:4000:0000:0000:0000:0000:0000 - Network - 2001:0db8:5000:0000:0000:0000:0000:0000 - Network - 2001:0db8:6000:0000:0000:0000:0000:0000 - Network - 2001:0db8:7000:0000:0000:0000:0000:0000 - Network - 2001:0db8:8000:0000:0000:0000:0000:0000 - Network - 2001:0db8:9000:0000:0000:0000:0000:0000 - Network - 2001:0db8:a000:0000:0000:0000:0000:0000 - Network - 2001:0db8:b000:0000:0000:0000:0000:0000 - Network - 2001:0db8:c000:0000:0000:0000:0000:0000 - Network - 2001:0db8:d000:0000:0000:0000:0000:0000 - Network - 2001:0db8:e000:0000:0000:0000:0000:0000 - Network - 2001:0db8:f000:0000:0000:0000:0000:0000 - Subnetting – Enumerate subnets with sipcalc IPv6AddressPlanning learn.afrinic.net | slide 139
  140. 140. IPv6AddressPlanning Global IPv6 address management hierarchy 2000::/3 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 LIRprefix::/x y ⩽ x ⩽ 32 RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24 End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60] [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z Host:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceID learn.afrinic.net | slide 140
  141. 141. u  /32 for LIRs is just minimum size according to most RIR policies u  If you can show that you need more, you usually can get more! §  Do NOT start with /32 [or /48] and try to fit in. §  INSTEAD analyse your needs and apply based on them. u  RFCs recommend /64 for all subnets (even p2p and loopbacks) §  DO allocate a /64 for all links …but, §  DO configure what makes operational sense (e.g /127 for p2p and /128 for loopbacks) §  Do understand what will break if you use longer prefix lengths IPv6AddressPlanning IPv6 address planning – a few clarifications learn.afrinic.net | slide 141
  142. 142. ①  Ensure that all prefixes fall on nibble boundaries ②  Plan a hierarchical scheme to allow for aggregation §  Site: any logical L3 aggregation point (POP, building, floor) §  Region: a collection of sites §  Autonomous System ③  Use same prefix lengths for all prefixes of the same level (SLSM) IPv6AddressPlanning Some recommendations for planning learn.afrinic.net | slide 142
  143. 143. IPv6AddressPlanning Conceptual view of an ISP network ASN Region #1 Site #1 Site #2 Site #n Region #2 Site #1 Site #2 Site #n Region #n Site #1 Site #2 Site #n learn.afrinic.net | slide 143
  144. 144. ①  Select your largest SITE ②  Proceed as follows §  Estimate the number of end-networks in it now §  Adjust for growth in 5 years §  Round to nearest nibble boundary (maxSITEsize) EstimatingthesizeofyourinitialIPv6request Estimating the needs of SITEs learn.afrinic.net | slide 144
  145. 145. Try to align allocation units to nibble boundaries §  Round up your estimates to 2n where n is a multiple of 4 [16, 256, 4096, 65536 etc] §  Ensure your prefixes fall on the following nibbles: /12, /16, /20, /24, /28, /32, /36, /40, /44, /48, /52, /56, / 60, /64 u  Working with nibble boundaries §  Greatly simplifies address planning §  Provides room for expansion at each level of the network hierarchy EstimatingthesizeofyourinitialIPv6request About nibble boundaries learn.afrinic.net | slide 145
  146. 146. u Consider the range of addresses for 2001:db8:3c00::/40 [first] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3cff:ffff:ffff:ffff:ffff:ffff § Easy to see that differentiating hexits range from 0-f u Consider the range of addresses for 2001:df8:3c00::/42 [first] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3c3f:ffff:ffff:ffff:ffff:ffff § You’ll have to calculate the differentiating hexits EstimatingthesizeofyourinitialIPv6request Nibble boundary alignment example learn.afrinic.net | slide 146
  147. 147. u “End-prefix” is the prefix given to a network that connects to each site e.g customer network ①  Estimate the number of #SITEs in your largest region (round to nibble boundary) ②  Calculate the number of end-site prefixes: N = #regions x #SITEs x maxSITEsize EstimatingthesizeofyourinitialIPv6request Finding the total number of end prefixes required learn.afrinic.net | slide 147
  148. 148. ①  Calculate number of subnet bits required to give us N prefixes: ②  Allocation size (what you request from AfriNIC) is §  48 – s [if assigning /48s per end-site] §  52 – s [if assigning /52s per end-site] EstimatingthesizeofyourinitialIPv6request Calculating your allocation size s = log10 N log10 2 learn.afrinic.net | slide 148
  149. 149. ①  For your largest SITE §  Estimate the number of end-networks in it now §  Adjust for growth in 5 years §  Round to nearest nibble boundary. (maxSITEsize) ②  Estimate the number of #SITEs in your largest region (round to nibble boundary) ③  #of end-site prefixes: N = #regions x #SITEs x maxSITEsize ④  Subnet bits required to give us N prefixes: ⑤  Allocation size is §  48 – s [if assigning /48s per end-site] §  52 – s [if assigning /52s per end-site] IPv6AddressPlanning Overview: estimating the size of your initial IPv6 request s = log10 N log10 2 learn.afrinic.net | slide 149
  150. 150. An ISP has operations in 10 provinces. The largest province has 50 POPs, the largest of which has about 2700 clients. Estimate the IPv6 addressing needs of this ISP IPv6AddressPlanning IPv6 address planning | example learn.afrinic.net | slide 150
  151. 151. ①  We know §  Number of regions: #regions = 10 [round to 16] §  Number of sites: #SITEs = 50 [round up to 256] §  maxSITEsize = 2700 [round up to 4096] ②  We calculate §  Total number of end-network prefixes required is N §  N=16 x 256 x 4096 = 16,777,216 §  Number of subnet bits required: s=log16,777,216/log2 = 24. u  Allocation size: §  48 – 24 = 24 [Assuming /48s to end-sites] §  52 – 24 = 28 [Assuming /52s to end-sites] u  Thus the ISP needs to request a /24 or /28 from AfriNIC. IPv6AddressPlanning Address planning example – analysis and solution learn.afrinic.net | slide 151
  152. 152. Pantone Process Black U C:0 M:0 Y:0 K:100 R:35 G:31 B: 32 Pantone 159 U C:0 M:66 Y:100 K:7 R:227 G:111 B: 30 Pa C: R:3 Pa C: R:1 Questions? Comments?

×