Die monatlichen Anlässe in Zusammenarbeit mit dem Swiss IPv6 Council behandeln verschiedene technische Themenbereiche von IPv6.
Das Referat vom 29. April 2015 widmete sich dem wiedersprüchlichen Verhalten von Betriebssystemen im SLAAC/DHCPv6-Umfeld. In einer IPv6-Umgebung können Knoten ihre IP-Konfiguration entweder stateless (SLAAC) oder stateful (DHPCv6) erhalten. Dafür gibt es in Router Advertisements (RA) drei Flags: das A-, M- und O-Flag. Die Spezifikation definiert jedoch kein klares Verhalten bei widersprüchlicher Konfiguration. Ein kürzliches IETF-Draft zeigt, dass verschiedene Betriebssysteme unterschiedlich auf diese Flags reagieren. Referent Enno Rey zeigte Resultate eines weiterführenden Tests dazu.
IPv6 Basics cheat sheet provides concise summaries of IPv6 fundamentals in 3 sentences or less:
IPv6 addresses are 128-bit and provide up to 3.4×1038 unique addresses. IPv6 headers are simplified to a fixed 40 bytes and extension headers allow additional options. Neighbor discovery uses neighbor solicitation and advertisement messages to determine link-layer addresses and manage address autoconfiguration via stateless address autoconfiguration (SLAAC) or DHCPv6.
This document discusses various techniques for allowing peer-to-peer communication between hosts located behind Network Address Translation (NAT) devices, including NAT traversal using UDP hole punching, TCP hole punching, relaying, connection reversal, and the TURN protocol. It also covers proxy protocols like SOCKS that can be used to traverse NATs, as well as the UPnP standard for automatic port forwarding configuration.
- IPv4 addresses will be exhausted within 1000 days, so IPv6 adoption is urgently needed
- Getting IPv6 addresses from your LIR and setting up basic routing is straightforward using existing IPv4 knowledge and tools
- A sample IPv6 network deployment plan is outlined, including addressing schemes, interface configuration, routing protocols, and DNS/reverse DNS setup
The document discusses the need for organizations to deploy IPv6 in order to avoid business continuity risks as IPv4 addresses run out. It provides guidance on requesting IPv6 address space and deploying IPv6 routing within an organization's network. It also addresses common excuses for not deploying IPv6 and notes that initial IPv6 deployment takes less than one day of work. The document aims to convince readers that IPv6 deployment is straightforward and urgently needed.
How to configure static nat on cisco routersIT Tech
This document provides instructions for configuring static network address translation (NAT) on a Cisco router to map a private IP address to a public IP address. It explains that NAT allows private IP addresses on an internal network to be represented by public IP addresses on the external network. It then outlines the steps to configure static NAT on a Cisco router by defining the inside and outside interfaces, and using commands like "ip nat inside" and "ip nat outside" to identify the interfaces and "ip nat inside source static" to define the address mapping. It verifies the NAT configuration is working properly using show commands.
This document provides a cheat sheet on IPv6 addressing and protocols. It lists the fields of the IPv6 header such as version, traffic class, flow label, payload length, next header, and hop limit. It describes various types of IPv6 addresses including global unicast, multicast, anycast, IPv4-compatible, and link-local addresses. It also outlines IPv6 extension headers, ICMPv6 message types, commonly used next header values, multicast addresses, and Ethernet protocol types.
IPv6 is the successor to IPv4 and provides a vastly larger 128-bit address space. It features stateless address autoconfiguration, no need for NAT, and built-in IPsec support. The document provides details on IPv6 addressing and headers, neighbor discovery, autoconfiguration, extensions, tools, and RFCs.
You may have hoped to retire before IPv6 became a reality, but unfortunately the IPv4 address exhaustion came too fast. For the rest of us, we’re going to bite off a small piece of the 15-year old IPv6 pie and talk about how to get started!
• Address format refresher
• IPv4 and IPv6 protocol comparison
• IPv6 neighbor discovery and auto-configuration
• Current migration and coexistence strategies
• ICMPv6, DHCPv6, and DNSv6
• How to get started at home
IPv6 Basics cheat sheet provides concise summaries of IPv6 fundamentals in 3 sentences or less:
IPv6 addresses are 128-bit and provide up to 3.4×1038 unique addresses. IPv6 headers are simplified to a fixed 40 bytes and extension headers allow additional options. Neighbor discovery uses neighbor solicitation and advertisement messages to determine link-layer addresses and manage address autoconfiguration via stateless address autoconfiguration (SLAAC) or DHCPv6.
This document discusses various techniques for allowing peer-to-peer communication between hosts located behind Network Address Translation (NAT) devices, including NAT traversal using UDP hole punching, TCP hole punching, relaying, connection reversal, and the TURN protocol. It also covers proxy protocols like SOCKS that can be used to traverse NATs, as well as the UPnP standard for automatic port forwarding configuration.
- IPv4 addresses will be exhausted within 1000 days, so IPv6 adoption is urgently needed
- Getting IPv6 addresses from your LIR and setting up basic routing is straightforward using existing IPv4 knowledge and tools
- A sample IPv6 network deployment plan is outlined, including addressing schemes, interface configuration, routing protocols, and DNS/reverse DNS setup
The document discusses the need for organizations to deploy IPv6 in order to avoid business continuity risks as IPv4 addresses run out. It provides guidance on requesting IPv6 address space and deploying IPv6 routing within an organization's network. It also addresses common excuses for not deploying IPv6 and notes that initial IPv6 deployment takes less than one day of work. The document aims to convince readers that IPv6 deployment is straightforward and urgently needed.
How to configure static nat on cisco routersIT Tech
This document provides instructions for configuring static network address translation (NAT) on a Cisco router to map a private IP address to a public IP address. It explains that NAT allows private IP addresses on an internal network to be represented by public IP addresses on the external network. It then outlines the steps to configure static NAT on a Cisco router by defining the inside and outside interfaces, and using commands like "ip nat inside" and "ip nat outside" to identify the interfaces and "ip nat inside source static" to define the address mapping. It verifies the NAT configuration is working properly using show commands.
This document provides a cheat sheet on IPv6 addressing and protocols. It lists the fields of the IPv6 header such as version, traffic class, flow label, payload length, next header, and hop limit. It describes various types of IPv6 addresses including global unicast, multicast, anycast, IPv4-compatible, and link-local addresses. It also outlines IPv6 extension headers, ICMPv6 message types, commonly used next header values, multicast addresses, and Ethernet protocol types.
IPv6 is the successor to IPv4 and provides a vastly larger 128-bit address space. It features stateless address autoconfiguration, no need for NAT, and built-in IPsec support. The document provides details on IPv6 addressing and headers, neighbor discovery, autoconfiguration, extensions, tools, and RFCs.
You may have hoped to retire before IPv6 became a reality, but unfortunately the IPv4 address exhaustion came too fast. For the rest of us, we’re going to bite off a small piece of the 15-year old IPv6 pie and talk about how to get started!
• Address format refresher
• IPv4 and IPv6 protocol comparison
• IPv6 neighbor discovery and auto-configuration
• Current migration and coexistence strategies
• ICMPv6, DHCPv6, and DNSv6
• How to get started at home
This document discusses network address translation (NAT) and NAT traversal techniques. It begins with an overview of NAT and why NAT traversal is needed to access network resources behind NAT. It then covers various NAT traversal solutions including port forwarding, NAT traversal protocols like STUN and TURN, and implementations like ICE and WebRTC that use these protocols. The document provides examples and diagrams to illustrate key NAT concepts and how different traversal techniques work.
This document discusses the development of an IPv6 plugin for the Snort intrusion detection system. It provides context on IPv6 security issues and attacks. It then describes how the plugin was implemented to add IPv6-specific rule options and decode/process IPv6 traffic. A neighbor discovery preprocessor was also created to monitor network changes using ICMPv6 messages. The plugin allows Snort to better detect IPv6 attacks and anomalies.
This document provides an overview of Network Address Translation (NAT) including:
- Why NAT is used to connect networks with private IP addresses to the Internet and during network mergers.
- NAT implementation considerations such as advantages of address conservation and flexibility but disadvantages of delays and incompatible applications.
- Common NAT configurations like dynamic NAT, dynamic NAT with overloading, and static NAT.
Things I wish I had known about IPv6 before I startedFaelix Ltd
The document discusses things the author wishes they had known about IPv6 before starting to implement it for their small provider network. It covers IPv6 justification in terms of IPv4 address scarcity and rising costs, advice on IPv6 addressing plans and transition technologies, and gotchas like IPv6 neighbor discovery exhaustion issues. The author advocates for embracing IPv6 to avoid expensive IPv4 solutions and make the most of the large IPv6 allocations provided.
IPv6 - Jozi Linux User Group PresentationJumping Bean
The document provides an overview of IPv6 including its address notation, allocation, classes, scopes, and network configuration. It discusses IPv6 goals of expanding the IP address space and simplifying network administration. It also covers IPv6 implementations for home and small office networks, including stateless address autoconfiguration (SLAAC) and DHCPv6.
The document discusses IPv6 and its advantages over IPv4. Some key points:
- IPv6 addresses are 128 bits, compared to 32 bits for IPv4, allowing for virtually unlimited unique addresses. IPv6 uses unicast, multicast, and anycast but not broadcast.
- IPv6 simplifies the header format and allows for extension headers to add new features. It also eliminates checksums and performs fragmentation only at the source.
- IPv6 was designed for autoconfiguration, allowing nodes to automatically obtain addresses and other information via protocols like SLAAC and DHCPv6.
This document provides an overview and agenda for a course on Introduction to IPv6 for Service Providers. The course covers IPv6 essentials such as addressing, operations, applications/services, routing protocols, and transition strategies. It discusses the rationale for adopting IPv6 including the depletion of IPv4 addresses and the need to support the growing number of internet-connected devices. The document outlines some of the key limitations of IPv4 like fragmentation and the issues with long-term reliance on Network Address Translation (NAT) to overcome the address space depletion.
The document discusses IPv6 addressing and summarizes:
- IPv6 addresses are 128-bit hexadecimal addresses consisting of 8 sections separated by colons, with the first 3 sections making up the prefix or network portion and the last 4 sections being the interface ID.
- Addressing hierarchies are defined, with the first bits identifying the registry and subsequent bits identifying the ISP and site.
- Methods for compressing zeros, representing loopback addresses, and defining link-local and multicast addresses are covered.
- IPv6 enhances IPv4 by allowing larger addresses and more efficient routing while introducing features like built-in encryption.
PLNOG 13: M. Czerwonka, T. Kossut: IPv6 in mobile networkPROIDEA
Orange Polska presented their two-stage implementation of IPv6 in mobile networks. Their solution uses CLAT, PLAT, and DNS64 to provide a single path for IPv4 and IPv6 traffic. They discussed the IPv6 architecture, transition technologies, and statistics on IPv6 usage. Orange Polska also presented ongoing research on improving DNS64, PLAT, and developing combo NAT boxes. The presentation concluded with a demonstration of IPv6 tethering capabilities.
This document provides the questions and answers for CCNA 2 Chapter 11 2014 v5.0 exam. It discusses network address translation (NAT) and port address translation (PAT). Some key points covered include:
- Dynamic NAT automatically maps inside local addresses to inside global addresses
- Port forwarding allows an external user to reach a service on a private IPv4 address inside a LAN
- Overload NAT is used when there are more private IP addresses than available public IP addresses
- Two required steps to configure PAT are to identify the inside interface and define a pool of global addresses for overload translation
The document discusses IPv6 and provides an overview of key IPv6 concepts such as address formats, neighbor discovery protocol, extension headers, and migration strategies. Specifically, it covers IPv6 address types including link-local, unique-local, and global addresses. It also explains neighbor discovery processes like router solicitation, router advertisement, neighbor solicitation, and neighbor advertisement.
The document discusses DHCPv6 and how it can be implemented in stateful and stateless modes. In stateful mode, clients obtain IPv6 addresses and configuration from a DHCPv6 server. This can be done using rapid commit with a two message exchange or normal commit using four messages by default. The DHCPv6 server assigns addresses from a pool and bindings are created. In stateless mode, clients autoconfigure their own addresses using SLAAC from router advertisements while still obtaining other configuration from a DHCPv6 server like DNS servers.
The document provides an overview of IPv6 security and recommendations for strengthening IPv6 network security. It highlights IPv6 threats and attack tools, discusses concepts like IPv6 addressing and protocols. It also provides guidance on creating an IPv6 security policy, including network perimeter policies, LAN policies, host hardening, transition mechanisms policy, and using IPSec to secure communications. The overall aim is to create awareness of IPv6 security implications and best practices for mitigating risks.
The document discusses Network Address Translation (NAT) and how it causes issues for SIP calls by hiding private IP addresses. It introduces Interactive Connectivity Establishment (ICE) as the IETF's solution to this problem. ICE uses STUN and TURN to dynamically discover potential transport addresses between endpoints and then verifies connectivity through these addresses to find the optimal path for media.
PCTA e-Tech Show 2021: Securing Internet RoutingAPNIC
APNIC Training Delivery Manager Tashi Phuntsho gives a presentation on the importance of routing security at the PCTA e-Tech Show 2021, held online from 15 to 16 April 2021.
This document provides an overview of routing protocols and network security concepts. It discusses distance vector protocols like RIP, path vector protocols like BGP, and link state protocols like OSPF. It covers routing attacks such as source routing, spoofing, and man-in-the-middle attacks. It also discusses secure routing requirements and authentication methods used in protocols.
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
The number of embedded devices that are connected to the internet is growing each day. Nowadays, they are installed majorly using a wireless connection. They need mobile network coverage to be connected to the internet. Read our next blog which tells you about the various configurations to connect a device such as Colibri iMX6S with the Colibri Evaluation Board running Linux to the internet through the PPP (Point-to-Point Protocol) link. Read More: https://www.toradex.com/blog/how-to-use-gsm-3g-4g-in-embedded-linux-systems
The document discusses DHCPv6 stateful and stateless addressing configurations. It describes how routers use flags in router advertisement messages to indicate whether clients should use stateless autoconfiguration, DHCPv6 for additional configuration options, or DHCPv6 for full stateful addressing. The key difference is that stateful DHCPv6 assigns addresses from a server, while stateless modes use addresses derived from router prefixes. The document also provides configuration examples and packet captures demonstrating DHCPv6 address assignment.
2012 11-09 facex - i pv6 transition planning-Eduardo Coelho
IPv6 is an introduction to transition planning from IPv4 to IPv6. It discusses the need to plan the transition, presents a framework of getting to know, planning, testing and implementing changes. Key challenges with IPv4 like lack of addresses and NAT issues are reviewed. A dual stack deployment strategy is recommended to run IPv4 and IPv6 in parallel. Choosing network equipment, addressing, DNS settings, legacy device support, transition protocols and security are important considerations in the planning process. Careful planning is needed to define addressing, choose ISPs, support dual-stack devices and prefer native IPv6 when possible.
This document discusses network address translation (NAT) and NAT traversal techniques. It begins with an overview of NAT and why NAT traversal is needed to access network resources behind NAT. It then covers various NAT traversal solutions including port forwarding, NAT traversal protocols like STUN and TURN, and implementations like ICE and WebRTC that use these protocols. The document provides examples and diagrams to illustrate key NAT concepts and how different traversal techniques work.
This document discusses the development of an IPv6 plugin for the Snort intrusion detection system. It provides context on IPv6 security issues and attacks. It then describes how the plugin was implemented to add IPv6-specific rule options and decode/process IPv6 traffic. A neighbor discovery preprocessor was also created to monitor network changes using ICMPv6 messages. The plugin allows Snort to better detect IPv6 attacks and anomalies.
This document provides an overview of Network Address Translation (NAT) including:
- Why NAT is used to connect networks with private IP addresses to the Internet and during network mergers.
- NAT implementation considerations such as advantages of address conservation and flexibility but disadvantages of delays and incompatible applications.
- Common NAT configurations like dynamic NAT, dynamic NAT with overloading, and static NAT.
Things I wish I had known about IPv6 before I startedFaelix Ltd
The document discusses things the author wishes they had known about IPv6 before starting to implement it for their small provider network. It covers IPv6 justification in terms of IPv4 address scarcity and rising costs, advice on IPv6 addressing plans and transition technologies, and gotchas like IPv6 neighbor discovery exhaustion issues. The author advocates for embracing IPv6 to avoid expensive IPv4 solutions and make the most of the large IPv6 allocations provided.
IPv6 - Jozi Linux User Group PresentationJumping Bean
The document provides an overview of IPv6 including its address notation, allocation, classes, scopes, and network configuration. It discusses IPv6 goals of expanding the IP address space and simplifying network administration. It also covers IPv6 implementations for home and small office networks, including stateless address autoconfiguration (SLAAC) and DHCPv6.
The document discusses IPv6 and its advantages over IPv4. Some key points:
- IPv6 addresses are 128 bits, compared to 32 bits for IPv4, allowing for virtually unlimited unique addresses. IPv6 uses unicast, multicast, and anycast but not broadcast.
- IPv6 simplifies the header format and allows for extension headers to add new features. It also eliminates checksums and performs fragmentation only at the source.
- IPv6 was designed for autoconfiguration, allowing nodes to automatically obtain addresses and other information via protocols like SLAAC and DHCPv6.
This document provides an overview and agenda for a course on Introduction to IPv6 for Service Providers. The course covers IPv6 essentials such as addressing, operations, applications/services, routing protocols, and transition strategies. It discusses the rationale for adopting IPv6 including the depletion of IPv4 addresses and the need to support the growing number of internet-connected devices. The document outlines some of the key limitations of IPv4 like fragmentation and the issues with long-term reliance on Network Address Translation (NAT) to overcome the address space depletion.
The document discusses IPv6 addressing and summarizes:
- IPv6 addresses are 128-bit hexadecimal addresses consisting of 8 sections separated by colons, with the first 3 sections making up the prefix or network portion and the last 4 sections being the interface ID.
- Addressing hierarchies are defined, with the first bits identifying the registry and subsequent bits identifying the ISP and site.
- Methods for compressing zeros, representing loopback addresses, and defining link-local and multicast addresses are covered.
- IPv6 enhances IPv4 by allowing larger addresses and more efficient routing while introducing features like built-in encryption.
PLNOG 13: M. Czerwonka, T. Kossut: IPv6 in mobile networkPROIDEA
Orange Polska presented their two-stage implementation of IPv6 in mobile networks. Their solution uses CLAT, PLAT, and DNS64 to provide a single path for IPv4 and IPv6 traffic. They discussed the IPv6 architecture, transition technologies, and statistics on IPv6 usage. Orange Polska also presented ongoing research on improving DNS64, PLAT, and developing combo NAT boxes. The presentation concluded with a demonstration of IPv6 tethering capabilities.
This document provides the questions and answers for CCNA 2 Chapter 11 2014 v5.0 exam. It discusses network address translation (NAT) and port address translation (PAT). Some key points covered include:
- Dynamic NAT automatically maps inside local addresses to inside global addresses
- Port forwarding allows an external user to reach a service on a private IPv4 address inside a LAN
- Overload NAT is used when there are more private IP addresses than available public IP addresses
- Two required steps to configure PAT are to identify the inside interface and define a pool of global addresses for overload translation
The document discusses IPv6 and provides an overview of key IPv6 concepts such as address formats, neighbor discovery protocol, extension headers, and migration strategies. Specifically, it covers IPv6 address types including link-local, unique-local, and global addresses. It also explains neighbor discovery processes like router solicitation, router advertisement, neighbor solicitation, and neighbor advertisement.
The document discusses DHCPv6 and how it can be implemented in stateful and stateless modes. In stateful mode, clients obtain IPv6 addresses and configuration from a DHCPv6 server. This can be done using rapid commit with a two message exchange or normal commit using four messages by default. The DHCPv6 server assigns addresses from a pool and bindings are created. In stateless mode, clients autoconfigure their own addresses using SLAAC from router advertisements while still obtaining other configuration from a DHCPv6 server like DNS servers.
The document provides an overview of IPv6 security and recommendations for strengthening IPv6 network security. It highlights IPv6 threats and attack tools, discusses concepts like IPv6 addressing and protocols. It also provides guidance on creating an IPv6 security policy, including network perimeter policies, LAN policies, host hardening, transition mechanisms policy, and using IPSec to secure communications. The overall aim is to create awareness of IPv6 security implications and best practices for mitigating risks.
The document discusses Network Address Translation (NAT) and how it causes issues for SIP calls by hiding private IP addresses. It introduces Interactive Connectivity Establishment (ICE) as the IETF's solution to this problem. ICE uses STUN and TURN to dynamically discover potential transport addresses between endpoints and then verifies connectivity through these addresses to find the optimal path for media.
PCTA e-Tech Show 2021: Securing Internet RoutingAPNIC
APNIC Training Delivery Manager Tashi Phuntsho gives a presentation on the importance of routing security at the PCTA e-Tech Show 2021, held online from 15 to 16 April 2021.
This document provides an overview of routing protocols and network security concepts. It discusses distance vector protocols like RIP, path vector protocols like BGP, and link state protocols like OSPF. It covers routing attacks such as source routing, spoofing, and man-in-the-middle attacks. It also discusses secure routing requirements and authentication methods used in protocols.
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
The number of embedded devices that are connected to the internet is growing each day. Nowadays, they are installed majorly using a wireless connection. They need mobile network coverage to be connected to the internet. Read our next blog which tells you about the various configurations to connect a device such as Colibri iMX6S with the Colibri Evaluation Board running Linux to the internet through the PPP (Point-to-Point Protocol) link. Read More: https://www.toradex.com/blog/how-to-use-gsm-3g-4g-in-embedded-linux-systems
The document discusses DHCPv6 stateful and stateless addressing configurations. It describes how routers use flags in router advertisement messages to indicate whether clients should use stateless autoconfiguration, DHCPv6 for additional configuration options, or DHCPv6 for full stateful addressing. The key difference is that stateful DHCPv6 assigns addresses from a server, while stateless modes use addresses derived from router prefixes. The document also provides configuration examples and packet captures demonstrating DHCPv6 address assignment.
2012 11-09 facex - i pv6 transition planning-Eduardo Coelho
IPv6 is an introduction to transition planning from IPv4 to IPv6. It discusses the need to plan the transition, presents a framework of getting to know, planning, testing and implementing changes. Key challenges with IPv4 like lack of addresses and NAT issues are reviewed. A dual stack deployment strategy is recommended to run IPv4 and IPv6 in parallel. Choosing network equipment, addressing, DNS settings, legacy device support, transition protocols and security are important considerations in the planning process. Careful planning is needed to define addressing, choose ISPs, support dual-stack devices and prefer native IPv6 when possible.
The document provides an overview of IPv6, including its key features and advantages over IPv4. It discusses IPv6 addressing formats and transition mechanisms from IPv4 to IPv6. IPv6 has a 128-bit address space compared to IPv4's 32-bit, allowing for many more addresses. It also supports features like autoconfiguration, mobility, and security that are improvements over IPv4. Transition techniques like dual stacking, tunneling, and translation allow IPv6 and IPv4 networks to interconnect during the transition period.
This document discusses IPv6, including its benefits over IPv4 such as larger address space. It describes IPv6 addressing formats and types of addresses. Global unicast addresses allow hosts to communicate over the Internet. The document outlines DHCP server modes and stateless autoconfiguration using router advertisements. It also summarizes IPv6 transition methods like dual stack and tunneling to migrate from IPv4 to IPv6.
This document provides an overview of IPv6, the latest revision of the Internet Protocol. IPv6 was developed by IETF to address the problem of IPv4 address exhaustion, as IPv4 addresses were being depleted. IPv6 features a much larger 128-bit address space compared to 32-bits in IPv4, providing vastly more unique IP addresses. It also includes improvements in routing, network autoconfiguration, security, quality of service, and mobility support. The document discusses the history and development of IPv6, its addressing modes and types, headers, communication methods, transitioning from IPv4, routing, and the future of IPv6.
This document provides an overview of IPv6, the latest revision of the Internet Protocol. IPv6 was developed by IETF to address the problem of IPv4 address exhaustion, as IPv4 addresses were being depleted. IPv6 features a much larger 128-bit address space compared to 32-bits in IPv4, providing vastly more unique IP addresses. It also includes improvements in routing, network autoconfiguration, security, quality of service, and mobility support. The document discusses the history and development of IPv6, as well as its addressing modes, address types, headers, communication methods, and transition technologies from IPv4 to IPv6 networks.
The document discusses various topics related to IPv6 addressing and configuration. It includes questions about:
- How IPv6 global unicast addresses are assigned (RIRs assign blocks to ISPs)
- Valid abbreviation of an IPv6 address using double colons
- Identifying multicast vs unicast IPv6 addresses
- Methods for hosts to dynamically learn IPv6 addresses (stateless autoconfiguration, NDP)
- IPv6 routing protocols (RIPng, OSPFv3)
- Forming the link-local address based on MAC address
- Configuring RIPng on an interface
- IPv4-IPv6 transition methods (NAT-PT)
The questions cover a wide
The document discusses the transition from IPv4 to IPv6. It notes that IPv4 only provides 4 billion addresses, which is inadequate for today's internet-connected devices, and that IPv6 was developed to address this shortage by providing vastly more addresses. Specifically, IPv6 uses a 128-bit address scheme to allow up to 340 undecillion unique addresses. The document outlines some key advantages of IPv6, such as easier address management and autoconfiguration, as well as built-in security and support for an increasingly mobile internet.
The document discusses the transition from IPv4 to IPv6. It notes that IPv4 only provides 4 billion addresses, which is inadequate for today's internet-connected devices, and that IPv6 was developed to address this shortage by providing vastly more addresses. Specifically, IPv6 uses a 128-bit address scheme to allow up to 3.4×10^38 total addresses. The document then provides details on IPv6 addressing notation, configuration, security features, and mobility support, and notes that a full transition to IPv6 will take many years.
OpenStack Neutron has expanded its support for IPv6 addressing in tenant networks. It now supports stateless address autoconfiguration (SLAAC), DHCPv6-stateless, and DHCPv6-stateful addressing schemes. Neutron also allows dual-stack configuration of IPv4 and IPv6 addresses on ports and routers. Additional changes were made to security groups and port behavior to support IPv6. Future development is focused on IPv6 prefix delegation to simplify assignment of global unique IPv6 addresses for tenant networks.
This document provides information about IPv6 addressing and describes a lab exercise to help identify different types of IPv6 addresses. The lab has three parts: 1) Identify types of IPv6 addresses based on address prefixes, 2) Examine a host's IPv6 network settings to find its link-local address, 3) Practice abbreviating IPv6 addresses using defined rules. Key points covered include the structure of IPv6 addresses, common address types like link-local and global unicast, and how to compress addresses using techniques like omitting leading zeros and replacing runs of zeros with "::".
This document provides an overview of IPv6 provisioning and interface startup. It discusses stateless address autoconfiguration, router advertisements, DHCPv6, and the steps an interface takes at startup to acquire a link-local address and check for router advertisements. These include generating an interface identifier to build a link-local address, performing duplicate address detection, soliciting router advertisements, checking for address prefixes, and determining if DHCPv6 needs to be called. Diagrams illustrate concepts like DHCPv6 client-server communication, identity associations, and address states.
The panel discussed IPv6 support in customer edge (CE) routers from various vendors. Each vendor gave a brief introduction of their IPv6 program and products. Key topics discussed included supported IPv6 architectures (native, dual stack, tunneling), reasons for supporting transition mechanisms, thoroughness of native IPv6 support, customer and product types, plans to support new transition technologies and Home Networking, challenges with firmware upgrades, market demand, and areas the IETF could still address. The panel concluded by taking questions from the audience.
The document outlines an agenda for a 3HOWs event discussing IPv6 and MPLS technology. The morning sessions will cover how to deal with IPv6, including why it is important now due to limited IPv4 addresses, IPv6 addressing details, and how to connect to IPv6. The afternoon will discuss how to connect with MPLS technology, the benefits it provides for interconnecting offices, and actual customer case studies. Questions from attendees will conclude the event.
This document provides an overview of IPv4 and IPv6. It discusses that IPv4 uses 32-bit addresses and is running out of available addresses, while IPv6 uses 128-bit addresses providing vastly more address space. IPv6 was developed to replace IPv4 and improves on areas like security, quality of service, and mobility. The document compares features of IPv4 and IPv6 such as address syntax, header fields, and configuration methods.
The document discusses Stateless Address Autoconfiguration (SLAAC) which allows IPv6 devices to automatically configure themselves with an IPv6 address without the need for a DHCPv6 server. SLAAC utilizes ICMPv6 Router Advertisement messages from routers to provide IPv6 address prefixes and other configuration parameters to hosts, allowing them to generate their own addresses using the EUI-64 method or a random interface identifier. The document provides details on the SLAAC address generation process and configuration examples for routers and clients.
This document discusses IPv6 security. It begins with an overview of IPv6 address types and headers. It then notes that some initial assumptions about IPv6 security being more robust have been disproven in reality. Specifically, IPv6 is now the target of around 20% of malicious attacks. The document outlines several IPv6 security threats such as address spoofing, extension header attacks, neighbor discovery spoofing, and rogue router advertisements. It recommends approaches like ingress filtering, RA guard, and SEND to help detect and mitigate these threats. Tools like NDPMon can monitor for anomalies in neighbor discovery behavior. Overall, network operators must apply similar security practices to IPv6 as with IPv4, including access controls, host hardening, and
Similar to Swiss IPv6 Council: Konfusion um die Router Flags (20)
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Digicomp Academy AG
Agil ist ein Buzzword, viele wissen aber nicht, was wirklich dahintersteckt. In diesem Vortrag erfahren Sie, warum es weder hilft, mal schnell Scrum einzuführen, die Inneneinrichtung eines Büros zu verändern oder einen Tischkicker aufzustellen. Sehen Sie, warum wir uns in der VUCA-Welt anders bewegen müssen und warum Themen wie Kreativität, Haltung und ein geänderter Mindset die Grundvoraussetzung für agiles Arbeiten sind.
Christian Botta war 15 Jahre als Projektmanager und Führungskraft in der IT beschäftigt. 2015 gründete er gemeinsam mit Daniel Reinold die Firma Visual Braindump, mit dem Ziel, die Themen Visualisierung und Management näher zusammenzubringen. Mit Visual Braindump verheiratete er seine beiden Leidenschaften: Zeichnen und Projektmanagement. Heute ist er als Trainer, Coach und Speaker für Projektmanagement, Design Thinking und visuelles Denken unterwegs – sowohl in Präsenztrainings für Digicomp als auch in Videotrainings bei LinkedIn. Ein weiteres Standbein ist die visuelle Begleitung von Veranstaltungen mit Hilfe von Graphic Facilitation bzw. Graphic Recording. Botta schreibt darüber hinaus regelmässig auf dem Visual Braindump Blog und für das Projektmagazin und Capterra.
Sein Buch: Business Visualisierung - ein Reiseführer für Neugierige und Visionäre
https://digicomp.ch/landingpages/personalswiss
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Digicomp Academy AG
Die Implementierung mit IPv6 in Container Plattformen wie Docker, Kubernets oder OpenShift bietet einige Möglichkeiten, aber auch Herausforderungen. In seinem Vortrag erklärt Aarno Aukia den aktuellen Stand der IPv6-Implementierung dieser Technologien.
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutDigicomp Academy AG
Die 7 Phasen des Digital Business Modelling
Wie schaffe ich den digitalen Wandel im Business-Modell? Im Referat zeigt Roger Basler anhand von 7 Phasen, wie der Wandel erfolgreich vollzogen werden kann.
Roger basler meetup_21082018_work-smarter-not-harder_handoutDigicomp Academy AG
Work Smarter Not Harder
Meetup: Work Smart – Digital Collaboration im Unternehmen
Lernen Sie das Potenzial mit der Verwendung von möglichen Smart-Work-Tools innerhalb Ihres Unternehmens kennen und seien Sie für die wichtigsten Anwendungsfälle gerüstet, um den Kulturwandel innerhalb Ihrer Organisation voranzutreiben.
Professor Richard H. Thaler hat Ende 2017 den Wirtschaftsnobelpreis für seine Forschung unter dem Begriff «Nudge - die psychologischen Faktoren, die hinter wirtschaftlichen Entscheidungen stehen» erhalten.
Der Kommunikations- und Marketingexperte Maurice Codourey der Neurokommunikationsagentur UNIT X zeigt eigene Experimente im Spitalwesen und internationale Best Practices.
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Digicomp Academy AG
Experte Artur Tomczak zeigte anhand von Praxisbeispielen der verschiedenen responsiven Frameworks auf, wie die nächsten Schritte Richtung Holacracy konkret aussehen könnten.
IPv6-Experte Joe Klein gab uns einen Überblick über den aktuellen Status der IPv6-Sicherheit, typische IPv6-Angriffspunkte, Auswirkungen von Technologien wie Cloud und Blockchain sowie Herausforderungen für effektive IoT-Sicherheitsmassnahmen (Internet of Things). Vor allem im Internet der Dinge, wenn es um Gesundheitsversorgung, selbstfahrende Autos, Flugzeugcockpits, Dämme, Kernkraftwerke und ähnliche kritische Infrastrukturen geht, ist es von entscheidender Bedeutung, dass Sicherheit gewährleistet werden kann.
Ralph Jocham is an agile coach and trainer who has been involved in agile since 2000. He discovered early in his career as a programmer that process was often a problem. He helped develop the Unified Process and has been training people in effective agile practices like Scrum since 2001. Some key points he discusses include:
- The principles of agile management including energizing people, empowering teams, aligning constraints, and growing structure.
- Sociocratic practices like World Cafe and Lean Coffee that can be used for agile management.
- The Core Protocols which are a set of behaviors and commitments for rational decision making and moving groups forward effectively. Protocols include check-
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattDigicomp Academy AG
Sachliche Argumente funktionieren im Alltag oft nicht. Erst wer einmal erkannt hat, dass und wie er auf der irrationalen Ebene punkten muss, dem eröffnen sich neue Möglichkeiten bei seinen Mitmenschen
Querdenken mit Kreativitätsmethoden – XING ExpertendialogDigicomp Academy AG
Kreatives Chaos ist Quatsch. Kreativität kann hoch systematisch sein und dabei maximal originell. Querdenken macht gute Laune und holt selbst die Neue-Ideen-Belächler, Kreativitätsbekämpfer und Ideen-Kopierer bei ihrer produktiven Laune ab.
Am vergangenen XING Expertendialog zeigte Referent Jiri Scherer von Denkmotor, wie das Ausbrechen aus Denkmustern funktioniert und warum jede Kreativitätsmethode einen roten Punkt hat.
Die digitale Transformation wirkt sich nicht nur auf Prozesse, sondern insbesondere auch auf ganze Geschäftsmodelle von Unternehmen aus.
Roger Basler zeigt in seinem Referat auf, was ein digitales Geschäftsmodell ist und welche Schritte ein Unternehmen tätigen muss, um sich dorthin zu entwickeln. Zentral dabei ist, dass nicht einfach ein bestehendes Geschäftsmodell digitalisiert wird, sondern Unternehmen anfangen im neuen Kundennutzen und Kundenverhalten zu denken.
Gerne stellen wir Ihnen die Slides von Roger Basler zur Verfügung:
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingDigicomp Academy AG
Die monatlichen Anlässe in Zusammenarbeit mit dem Swiss IPv6 Council behandeln verschiedene technische Themenbereiche von IPv6.
Ist Dual-Stack ein guter Weg? Was sind Erfahrungen mit reinen IPv6-Netzwerken? Viele Unternehmen kämpfen mit diesen Fragen. Genau aus diesem Grund hat Cisco in San Jose einen reinen IPv6-Campus eingerichtet und sucht Antworten auf solche Fragen.
In seinem Referat präsentierte Khalid Jawaid die Bemühungen zur Einführung von IPv6 in einem einzelnen Campusgebäude und die Hürden, die dies mit sich bringt. Im Weiteren sprach er über die Herausforderungen, die sich aus der Erstellung des Business Case im Jahr 2010 und der Bereitstellung von mehr als 400 Remote-Standorten und den daraus gezogenen Lehren ergaben.
Die Inputs von Khalid Jawaid haben bei vielen Teilnehmern neue Perspektiven und Ideen für die Einführung von IPv6 geweckt.
Gerne stellen wir Ihnen die Slides von Manuel Schweizer zur Verfügung:
Vielleicht haben Sie schon einmal ein Zugbillett mit der SBB-App gekauft, per Smartphone eine Doodle-Umfrage verschickt oder in Google Docs eine Textdatei erstellt. Haben Sie sich dabei jemals gefragt, was diese Apps so erfolgreich macht?
Simon Raess, Gründer & Design Strategist bei Ginetta, weiss es. Er war massgeblich an der Kreation genau dieser Produkte beteiligt. Mit seiner Digitalagentur hat er zahlreichen Firmen – darunter Swisscom, Twint und Helsana – zum Erfolg in der digitalen Geschäftswelt verholfen.
In seiner Präsentation am Xing LearningZ vom 4. Juli 2017 zeigte Simon Raess, wie gutes UX Design nicht nur dafür sorgt, dass Webistes und Apps schön aussehen, sondern wie es digitale Produkte auch nachhaltig erfolgreich macht. Sehr spannend war auch der Einblick in die systematische Arbeitsweise, welche zu benutzerfreundlichem Design führt.
Design Thinking ist in aller Munde. Aber was ist Design Thinking denn nun genau? Lernen Sie in dieser Session die agile Innovationsmethode der Stanford University anhand eines kleinen Praxisbeispiels kennen. Tauchen Sie ein in die Welt der Kunden, generieren Sie Lösungsansätze und Prototypen. Ein interaktiver Kurzworkshop mit vielen Erkenntnissen.
Dieser Event des Swiss IPv6 Council befasste sich mit dem spannenden Case der ETH Zürich. Dort sind die IPV4-Adressen schon seit Jahren knapp.
Derk Valenkamp, Gruppenleiter der ID-Datennetze der ETH Zürich, zeigte auf, was er und sein Team seit 2007 unternommen haben. So mussten und müssen daher immer mehr NAT/PAT-Lösungen implementiert werden, die aus betrieblicher und Sicherheitssicht grosse Anforderungen an das Logging stellen. Damit die Netzwerkanforderungen auch langfristig das Wachstum der ETH Zürich und deren IT erfüllen können, wird schon seit Jahren auf IPv6 gesetzt. Besonders spannend für die engagierten Teilnehmer waren auch die Stolpersteine und Hürden, welche Derk Valenkamp aufgezeigt hat.
Gerne stellen wir Ihnen die Slides von Derk Valenkamp zur Verfügung.
Berät Sie bald ein Bot über die neusten Winterschuhe, weil Ihr Handy festgestellt hat, dass Sie zu kalte Zehen haben, wonach eine Drohne das Schuhwerk an Ihren über GPS georteten Standort fliegt?
Roger Basler ging in seinem Referat vom 2. Mai 2017 auf Trends und einige bereits existierende Pilot-Versuche ein. Seine Einschätzung der Wahrscheinlichkeit des Impacts dieser Trends auf unser Online-Shopping-Verhalten soll nicht in erster Linie die Wahrheit widerspiegeln, sondern die Basis für eine gute Diskussion und den Erfahrungsaustausch untereinander legen.
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudDigicomp Academy AG
Zahlen & Fakten zur Entwicklung des Werbemarkts Schweiz: Michael Göldi (Digital Focus) & Michel Bächtiger (Media Focus) kreuzen die Klinge und klären die Frage aller Fragen: klassische Werbung oder Online-Werbung? Mögen die besseren Daten-Fakten gewinnen!
Zeit für ein Privacy-Programm. Datenschutz-Entwicklung in Europa (GDPR) und das neue Datenschutzgesetz in der Schweiz: Was bedeutet das für mein Unternehmen?
In diesem Referat zeigten wir Ihnen auf, was die Entwicklung des Datenschutzes in Europa für uns bedeutet und was auf die Schweiz zukommt.
Im Mai 2018 tritt die EU Datenschutz-Grundverordnung (GDPR – general data protection regulation) in Kraft. Über die enthaltenen Neuerungen wurden bereits in verschiedenen Veranstaltungen berichtet. An diesem Referat gaben wir Ihnen als Erstes eine kurze Zusammenfassung der Geschehnisse zur Orientierung.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
2. www.ernw.de
Who I Am
¬ Founder and managing director of vendor
independent network consulting &
security assessment company ERNW.
¬ Old-school network guy with some
background in large scale operations.
¬ Involved with IPv6 since 1999 and
regularly blogging at www.insinuator.net.
4/30/2015 #2
3. www.ernw.de
Agenda
¬ Fundamentals
Quick Refresher of Basics & Specifications
¬ Results from the Lab
Some Surprises (?)
¬ Conclusions
What All this Means from
an Operations Perspective
4/30/2015 #3
5. www.ernw.de
Address Autoconfig
Overview
¬ IPv6 interfaces are meant to configure
themselves automatically, in terms of "basic IP
parameters".
Even without DHCPv6.
In particular without DHCPv6!
Remember: IPv6 = consumer technology.
¬ Link-local addresses are always configured, for
each interface.
¬ Using the router discovery process, other
addresses, router addresses and other
configuration parameters are selected.
4/30/2015 #5
6. www.ernw.de
Types of Autoconfiguration
¬ Stateless
Via Router Advertisement Messages (with one or more prefix)
Can (in theory) also distribute "other parameters", see RFC 6106.
SLAAC: “stateless address autoconfiguration“
¬ Stateful
Usage of a Stateful Address Protocol (e.g. DHCPv6).
¬ Stateless with DHCP
Use of Router Advertisement messages for allocation of prefixes
In addition, DHCP for "other parameters” (e.g. DNS Server, Domain
Search List).
(In all cases there is always at least one link-local address anyway!)
4/30/2015 #6
8. www.ernw.de
Router Discovery ¬ Used to detect routers that are connected to
the local network.
¬ IPv6 router discovery can also help to
provide the following information:
Default value for the "Hop Limit" field
Whether any "stateful address protocol”
(DHCPv6) should be used.
Settings for the “Retransmission Timer”
The network prefix for the local network
The MTU of the network
Mobile IPv6 Information
Routing Information
4/30/2015 #8
10. www.ernw.de
Router AdvertisementMessageRouter
Alice
2. Multicast Router Advertisement
Router Advertisement
MAC: 00-01-02-03-04-05
IP: none
MAC: 00-11-22-33-44-55
IP: FE80::211:22FF:FE33:4455
Ethernet Header
• Dest.-MAC: 33-33-00-00-00-01
IPv6 Header
• Source-IP:FE80::211:22FF:FE33:4455
• Dest.-IP: FF02::1
• Hop limit: 255
Router Advertisement Header
• Current Hop Limit, Flags, Router Lifetime, Reachable
and Retransmission Timers
Neighbor Discovery Options
• Source Link-Layer Address
• MTU
• Prefix Information
4/30/2015 #10
11. www.ernw.de
Router Advertisements,
Flags (I)
¬ The “Autonomous address configuration” (A)
flag. When set, this flag indicates that this
prefix can be used for stateless address
autoconfiguration, as specified in [RFC4862].
4/30/2015 #11
12. www.ernw.de
Router Advertisements, Flags (II)
¬ Routers can inform adjacent hosts (neighbors on the local link) that additional
configuration parameters (like a DNS server) are available over a stateful
configuration protocol (DHCPv6).
¬ In the router advertisement header two flags (M and O) can be included which can be
set to inform the clients that additional configuration parameters are available.
4/30/2015 #12
13. www.ernw.de
O-Flag ¬ 1-bit ”other configuration“ flag
¬ When set, it indicates that other
configuration information is available via
DHCPv6.
¬ Examples of such information are DNS-
related information (DNS Server, DNS
Suffix).
¬ Both flags are defined in RFC 4861
(Section 4.2).
4/30/2015 #13
14. www.ernw.de
M-Flag ¬ 1-bit "Managed address configuration" flag.
¬ When set, it indicates that addresses are available
through DHCPv6.
¬ If the M flag is set, the O flag is redundant and can
be ignored because DHCPv6 will return all
available configuration information.
¬ If neither M nor O flags are set, this indicates that
no information is available via DHCPv6.
Rly? See below...
4/30/2015 #14
19. www.ernw.de
Main Differences
¬ There is no “route option“ in DHCPv6
¬ Concept of DUID
¬ The (Non-) Role of DHCPv6 in IPv6‘s
“Subnet Model“ (RFC 5942)
On the Protocol Level
4/30/2015 #19
20. www.ernw.de
Differences ¬ (Informational) RFC 6434 IPv6 Node
Requirements, sect. 5.9.5:
“[A]ll hosts SHOULD implement address
configuration via DHCPv6.”
¬ For the record, RFC 2119 states:
“SHOULD This word[…] mean[s] that there
may exist valid reasons in particular
circumstances to ignore a particular item, but
the full implications must be understood and
carefully weighed before choosing a different
course.”
Here‘s another one not to strictly blame
on the protocol itself.
4/30/2015 #20
21. www.ernw.de
DHCPv6 Support by OSs ¬ “Marking [Support for DHCPv6]
declined until there is a compelling
use case.
-- Lorenzo Colitti (Google) on Dec 07 2014
¬ No DHCPv6 on Android
Except for the Fairphone.
¬ There are people who expect that
Android is going to be one of the major
OS for #IoT...
What could possibly go wrong? Who could
possibly deviate?
https://code.google.com/p/android/issues
/detail?id=32621
4/30/2015 #21
22. www.ernw.de
Once upon a Time
¬ They had a certain place for DHCPv6
in mind, within the IPv6 universe.
¬ This happened to be a very different
role from the (at the time developing)
role of DHCP in IPv4.
¬ Tell you what: this is going to haunt
you.
When our ancestors did the initial specs
of IPv6
4/30/2015 #22
23. www.ernw.de
What Do You Mean? ¬ DHCPv4 was meant to be exclusive.
Either configure basic IPv4 properties manually
or get the stuff from DHCPv4.
Once DHCPv4 is used, it‘s used for everything.
¬ DHCPv6 is meant to be complementary.
It can (and must) be mixed with other spicy stuff.
Add some #RFCambiguity to the mix.
¬ To fully understand what this means, let‘s
step back one step and look at...
Can you please elude?
4/30/2015 #23
25. www.ernw.de
RFC 4861
¬ Sect. 4.2
“If neither M nor O flags are set, this
indicates that no information is available
via DHCPv6.”
¬ If the M flag is set, the O flag is
redundant and it can be ignored.
4/30/2015 #25
26. www.ernw.de
Some More Quotes ¬ RFC 4862, 5.5.2 Absence of Router
Advertisements
“Even if a link has no routers, the DHCPv6 service to
obtain addresses may still be available, and hosts may
want to use the service.”
¬ RFC 4862, 5.6 Configuration Consistency
“If the same configuration information is provided by
multiple sources, the value of this information should
be consistent.”
“In any case, if there is no security difference, the
most recently obtained values SHOULD have
precedence over information learned earlier.”
Not much RFC 2119 in there, is it?
4/30/2015 #26
27. www.ernw.de
RFC 6106 “1.2 Coexistence of RA Options and DHCP Options for
DNS Configuration
Two protocols exist to configure the DNS
information on a host, the Router Advertisement
options described in this document and the DHCPv6
options described in [RFC3646]. They can be used
together.
The rules governing the decision to use stateful
configuration mechanisms are specified in
[RFC4861]. Hosts conforming to this specification
MUST extract DNS information from Router
Advertisement messages, unless static DNS
configuration has been specified by the user.
If there is DNS information available from multiple
Router Advertisements and/or from DHCP, the host
MUST maintain an ordered list of this information
as specified in Section 5.3.1.
4/30/2015 #27
28. www.ernw.de
RFC 6106 In the case where the DNS options of RDNSS and DNSSL can be
obtained from multiple sources, such as RA and DHCP, the
IPv6 host SHOULD keep some DNS options from all sources.
Unless explicitly specified for the discovery mechanism, the
exact number of addresses and domain names to keep is a
matter of local policy and implementation choice.
However, the ability to store at least three RDNSS addresses
(or DNSSL domain names) from at least two different sources
is RECOMMENDED.
The DNS options from Router Advertisements and DHCP SHOULD
be stored into the DNS Repository and Resolver Repository so
that information from DHCP appears there first and therefore
takes precedence.
Thus, the DNS information from DHCP takes precedence over
that from RA for DNS queries.
Section 5.3.1
4/30/2015 #28
31. www.ernw.de
Problem Statement (I)
¬ IPv6 provides two mechanisms for
one task, that is provisioning of IP
parameters to nodes.
4/30/2015 #31
32. www.ernw.de
Problem Statement (II) ¬ They are independent.
Well, mostly.
¬ In many environments both of them are needed,
in some combination.
In particular this applies in (wrt OSs, devices)
heterogeneous environments.
Read: probably in pretty much all of your environments.
¬ In some environments different groups might be
responsible for operating them.
Why did you add this to the “problem statement“? Well...
¬ There‘s differences as for the degree of vendor
support & their strategies.
There‘s two mechanisms
4/30/2015 #32
33. www.ernw.de
Problem Statement (III)
¬ Some properties and elements
have been enhanced over time,
e.g. RFC 6106.
Evolution is a good thing. Seriously!
¬ Still, there‘s a certain (alas, when it
comes to IPv6: usual) amount of
ambiguity and vagueness in the
main RFCs.
Let‘s look at the specs...
4/30/2015 #33
34. www.ernw.de
Problem Statement (IV) ¬ The “cooperation“ of those two
mechanisms has been discussed quite
a bit, both in the specs and in “the
relevant fora“.
¬ However, not so much as for scenarios
where the information provided by
them is conflicting.
¬ This is what this talk is about.
4/30/2015 #34
35. www.ernw.de
Problem Statement (IV) ¬ Human error
Both on the active failure and latent failure level.
¬ Conflicting/differing vendor default settings
Network devices
CPEs!
Keep in mind: there might be any OS in
customers‘ networks.
¬ Attacker injecting nasty packets
Boils down to “standard local-link sec“
discussion I will only briefly cover this.
Can this (“contradiction
scenario“) happen?
4/30/2015 #35
37. www.ernw.de
Lab Setup
¬ A DHCPv6 Server (DHCP ISC Version 4.3.1) installed on
CentOs 6.6 . The DHCPv6 server is configured to provide
both IPv6 addresses and RDNSS information.
¬ Two (2) routers Cisco 4321 using Cisco IOS Software
version 15.5(1)S.
¬ The following OS as clients:
Fedora 21, kernel version 3.18.3-201 x64
Ubuntu 14.04.1 LTS, kernel version 3.13.0-44-generic
CentOS 7, kernel version 3.10.0-123.13.2.el7
Mac OS X 10.10.2 Yosemite
Windows 7
Windows 8.1
See also:
https://www.ernw.de/download/ERNW_White
paper_IPv6_RAs_RDNSS_DHCPv6_Conflictin
g_Parameters.pdf
4/30/2015 #37
38. www.ernw.de
Case 1: One Router with the
Management Flag not Set and
a DHCPv6 Server ¬ Fedora 21, MAC OS X, CentOS 7 and Ubuntu 14.04
Get an IPv6 address and an RDNSS from the IPv6 router
only.
¬ Windows 7
Get an IPv6 address from the router only, but they do not
get any DNS information, neither from the router nor
from the DHCPv6 server. They also do not get IPv6
address from the DHCPv6 server.
¬ Windows 8.1
Get an IPv6 address from both the IPv6 router and the
DHCPv6 server, despite the fact that the Management
flag (M) is not set. They get RDNSS information from the
DHCPv6 only.
Router: M=0, A=1, O=0 and an RDNSS is
advertised.
DHCPv6 server on the same link offering
IPv6 addresses & RDNSS
4/30/2015 #38
39. www.ernw.de
Case 2: One Router with
Conflicting Parameters and a
DHCPv6 Server
¬ Fedora 21, Centos 7 and Ubuntu 14.04
get IPv6 address using SLAAC only.
Fedora 21, Centos 7 get RDNSS from
both the RAs and the DHCPv6 server. The
RDNSS obtained from the router has a
higher priority though.
Ubuntu 14.04 gets an RDNSS from the
router, and a “domain search list”
information from the DHCPv6 server –
but not RDNSS information.
Router: M=0, A=1, O=1, and an RDNSS is
advertised.
A DHCPv6 server on the same link
advertising IPv6 addresses and RDNSS
4/30/2015 #39
40. www.ernw.de
Case 2 Results cont‘d ¬ MAC OS X
gets RDNSS from both, IPv6 address using
SLAAC (no IPv6 address from the DHCPv6
server) but the RDNSS obtained from the
DHCPv6 server is first (it has a higher priority).
However, the other obtained from the RAs is
also present.
¬ Windows 7 and Windows 8.1
obtain IPv6 addresses using SLAAC and
RDNSS from the DHCPv6 server. They do not
get an IPv6 address from the DHCPv6 server.
compare the Windows 8.1 behaviour with
the previous case.
4/30/2015 #40
41. www.ernw.de
Additional Observations ¬ [draft-ietf-v6ops-dhcpv6-slaac-problem-03]
explicitly discusses the role of state
transitions.
¬ We can confirm that these lead to
particularly interesting effects.
Pay special attention in times when you
perform those deliberately.
Be prepared for surprises...
¬ In general the order of events seems to play
a role, too.
See also test cases with two routers.
4/30/2015 #41
42. www.ernw.de
Case 4: All Flags are Set
and a DHCPv6 Server is
Present ¬ Fedora 21 and Centos 7:
They get IPv6 addresses both from SLAAC and
DHCPv6 server.
They get RDNSS both from RAs and DHCPv6
server.
The DNS of the RAs has higher priority.
¬ Ubuntu 14.04:
It gets IPv6 addresses both using SLAAC and
from the DHCPv6 server.
It gets RDNSS from RAs only.
From the DHCPv6 server it only gets “Domain
Search List” information, no RDNSS.
Router: M=1, A=1, O=1, and an RDNSS is
advertised.
A DHCPv6 server on the same link
advertising IPv6 addresses and RDNSS.
4/30/2015 #42
43. www.ernw.de
Case 4 Results cont‘d ¬ MAC OS X:
It gets IPv6 addresses both using SLAAC and
from the DHCPv6 server.
It also gets RDNSS both from RAs and the
DHCPv6 server.
The DNS server from DHCPv6 has higher
priority.
¬ Windows 7 and Windows 8.1:
They get IPv6 addresses both from SLAAC and
DHCPv6 server.
They get RDNSS only from the DHCPv6 server.
4/30/2015 #43
46. www.ernw.de
Case 7: Router 1 Advertising M=0, O=0 and
RDNSS, and then Router 2 advertising
M=1, O=1 while DHCPv6 is Present
¬ MAC OS X and Ubuntu 14.04:
Initially they get address and RDNSS
from the first router.
When they receive RAs from the second
router, they never get any information
(IPv6 address or RDNSS) from the
DHCPv6 server.
Initially:
One IPv6 router with the following
settings:
M=0, O=0, A=1 and RDNSS advertised
and 15 seconds time interval of the RAs.
After a while (when clients are configured
by the RAs of the above router) another
IPv6 router with the following:
M=1, O=1, no advertised prefix
information, and 30 seconds time
interval of the RAs.
4/30/2015 #46
47. www.ernw.de
Case 7 Results cont‘d
¬ Fedora 21 and Centos 7:
Initially they get IPv6 address and RDNSS from the RAs
of the first router.
When they receive an RA from router 2, they also get an
IPv6 address and RDNSS from the DHCPv6 server while
retaining the ones (IPv6 address and RDNSS) obtained
from the RAs of the first router.
The RDNSS obtained from the first router has a higher
priority than the one obtained from the DHCPv6 server
(probably because it was received first).
When they receive again RAs from the first router, they
lose/forget the information (IPv6 address and RDNSS)
obtained from the DHCPv6 server.
Troubleshooting nightmare…
4/30/2015 #47
48. www.ernw.de
Case 7 Results cont‘d
¬ Windows 7:
Initially they get address from the first
router – no RDNSS.
When they receive RAs from the second
router, they never get any information
(IPv6 address or RDNSS) from the
DHCPv6 server.
4/30/2015 #48
49. www.ernw.de
Case 7 Results cont‘d ¬ Windows 8.1:
Initially, they get just an IPv6 address from the
first router 1 - no RDNSS information (since
they do not implement RFC 6106).
When they receive RAs from the second
router, then they also get an IPv6 address
from the DHCPv6 server, as well as RDNSS
from it. They do not lose the IPv6 address
obtained by the first router using SLAAC.
When they receive another RA from the first
router, they retain all the information obtained
so far (there isn't any change).
4/30/2015 #49
52. www.ernw.de
¬ Don‘t assume a certain OS‘ IPv6 behavior
just because:
“the specs say so“
“another OS does it that way“
you have a good understanding of IPv4.
¬ Sorry guys ;-)
¬ Test, test, test!
Helps to gain (even more) IPv6 knowledge
anyway.
Yes, pls allocate budget for test lab.
4/30/2015 #52
53. www.ernw.de
Keep RFC 1925 in Mind ¬ “(4) Some things in life can never be fully
appreciated nor understood unless experienced
firsthand. Some things in networking can never
be fully understood by someone who neither
builds commercial networking equipment nor runs
an operational network.”
¬ Deploying IPv6 is not a paper exercise. You
need hands-on experience!
¬ Did you note Jeff Carrell gives his cool
workshops at the IPv6 Business
Conference?
Mark June 17–19 2015 in your calendar!
4/30/2015 #53
54. www.ernw.de
Operations Perspective
¬ Keep configs/properties related to
IPv6 parameter provisioning in
sync, at all times
IPv6 transition might be an opportunity
to re-think your ops model.
Yes, we understand you‘ll be happy to
survive that one mostly unscathed,
hence concentrate on one task at a
time. Still #justsayin ;-)
4/30/2015 #54
55. www.ernw.de
Planning Perspective ¬ In short: it depends 😉
¬ Seriously: it depends heavily on the client base
you want to support. Here’s some thoughts:
in case there’s Android devices, your routers should
advertise RDNSS info (RFC 6106), else the Android
clients will have to rely on their IPv4 DNS or manual
kludges. RFC 6106 is supported since Lollipop.
in case you don’t have Android devices, you might go
_without_ advertising RDNSS in RAs, for the simple
reason of reducing potential for errors/”unexpected
behavior”.
once you go with m-flag DHCPv6 clearing the A-flag in
prefix information, but leaving the L-flag set (to
“circumvent RFC 5942″) is usually a good idea.
Ofc, you can‘t do this once there‘s Android devices as
those won‘t generate any (non LL) address then.
we observe that most of our customers strive to go with
m-flag DHCPv6. that‘s just an observation...
4/30/2015 #55
Considerations how to set up the whole
SLAAC/DHCPv6 thing
56. www.ernw.de
Troubleshooting
¬ You should know how to diagnose a
node‘s exact properties on the OS level
incl. types of addresses and order of name
resolution
“netsh int ipv6“ commands on Win
“ip -6 add show“ on Linux
btw: /etc/resolv.conf not relevant on Mac
¬ The truth is in the packets...
For the poor sod responsible...
A helpful resource:
https://wikispaces.psu.edu/display/ipv6/IP
v6+Rosetta+Stone
4/30/2015 #56
57. www.ernw.de
Troubleshooting
¬ Being familiar with the following
certainly helps
Flags in router advertisements
Main DHCPv6 messages
IPv6 Subnet Model (RFC 5942) and its
(non-) relationship with DHCPv6
In such scenarios
4/30/2015 #57
58. www.ernw.de
Summary
¬ There‘s a certain learning curve
when it comes to IPv6.
¬ Just looking at the specs might not
be sufficient.
¬ Start now ;-)
4/30/2015 #58
60. www.ernw.de
Save the Dates ¬ Pre-Conference Day – Wednesday,17. June 2015
IPv6 Workshop: Build it, Use it
with Jeff Carrell
Hands-On
¬ IPv6 Business Conference – Thursday, 18. June
2015
¬ Post-Conference Day – Friday, 19. June 2015
IPv6 Interactive Addressing Workshop with
Practical Hands-on Labs with Jeff Carrell
Hands-On, Build your own lab and take it home!
¬ Do you want to be a sponsor?
4/30/2015 #60
61. www.ernw.de
March, 14-18 2016
Heidelberg, Germany
TROOPERS - Make the world a safer
place.
More info & extensive archives @ www.troopers.de
Guys, we would love to see you in Heidelberg!
4/30/2015 #61
62. www.ernw.de
Questions?
¬ You can reach us at:
erey@ernw.de, www.ernw.de
¬ Our blog:
www.insinuator.net
¬ Follow me at:
@Enno_Insinuator
4/30/2015 #62