2.IPv6 Basics NR - wiki.apnictraining.net · IPv6 Basics Nauru 13 August 2019 2 Content •Intro to IPv6 •IPv6 Protocol Architecture •IPv6 Addressing and Subnetting •IPv6 Host

8/13/19

1

1

IPv6 Basics

Nauru13 August 2019

22

Content• Intro to IPv6

• IPv6 Protocol Architecture• IPv6 Addressing and Subnetting

• IPv6 Host Configuration

• IPv6 and DNS

8/13/19

2

3

IPV6 PROTOCOL ARCHITECTUREModule 1

44

What is IPv6? • IP stands for Internet Protocol which is one of the main

pillars that supports the Internet today

• Current version of IP protocol is IPv4

• The new version of IP protocol is IPv6

• There is a version of IPv5 but it was assigned for experimental use [RFC1190]

• IPv6 was also called IPng in the early days of IPv6 protocol development stage

8/13/19

3

55

Background of IPv6 Protocol • August 1990

– First wake-up call by Solensky in IETF on IPv4 address exhaustion• December 1994

– IPng area were formed within IETF to manage IPng effort [RFC1719] – List of technical criteria was defined to choose IPng [RFC1726]

• January 1995– IPng director recommendation to use 128 bit address [RFC1752]

• December 1995– First version of IPv6 address specification [RFC1883]

• December 1998– Updated version changing header format from 1st version [RFC2460]

66

Motivation Behind IPv6 Protocol • Plenty of address space (Mobile Phones, Tablet Computers, Car

Parts, etc. J )

• Solution of very complex hierarchical addressing need, which IPv4 is unable to provide

• End to end communication without the need of NAT for some real time application (i.e online transaction)

• Ensure security, reliability of data and faster processing of protocol overhead

• Stable service for mobile network (i.e Internet in airline, trains)

8/13/19

4

77

IPv4 Exhaustion

Reached the final /8

88

New Functional Improvement• Address Space

– Increase from 32-bit to 128-bit address space

• Management– Stateless autoconfiguration means no more need to configure IP

addresses for end systems, even via DHCP

• Performance– Fixed header size (40 bytes) and 64-bit header alignment mean

better performance from routers and bridges/switches

• No hop-by-hop segmentation– Path MTU discovery

8/13/19

5

99

New Functional Improvement• Multicast/Multimedia

– Built-in features for multicast groups, management, and new "anycast" groups

• Mobile IP – Eliminate triangular routing and simplify deployment of mobile IP-based

systems • Virtual Private Networks

– Built-in support for ESP/AH encrypted/ authenticated virtual private network protocols

• Built-in support for QoS tagging • No more broadcast

1010

v4/v6 Header Comparison

Not kept in IPv6

Renamed in IPv6

Same name and function

New in IPv6

8/13/19

6

1111

New Functional Improvement• Address Space

– Increase from 32-bit to 128-bit address space

• Management– Stateless autoconfiguration (SLAAC) means no more need to configure IP

addresses for end systems, even via DHCP

• Performance– Simplified header means efficient packet processing – No header checksum re-calculation at every hop (when TTL is decremented) =>

left up to the lower and upper layers!

• No hop-by-hop fragmentation - PMTUD

12

IPv6 Protocol Header Format • Version (4-bit):

– 4-bit IP version number (6)

• Traffic class (8-bit): – Similar to DiffServ in IPv4; define

different classes or priorities.

• Flow label (20-bit): – allows IPv6 packets to be identified

based on flows (multilayer switching techniques and faster packet-switching performance)

8/13/19

7

13

IPv6 Protocol Header Format • Payload length (16-bit):

– Defines the length of the IPv6 payload (including extension headers); Total Length in IPv4 includes the header.

• Next header (8-bit): – Identifies the type of information

following IPv6 header. Could be upper layer (TCP/UDP), or an extension header (similar to Protocol field in IPv4).

• Hop limit (8-bit): – Similar to TTL in IPv4

1414

IPv6 Extension Header • IPv6 allows an optional Extension Header in between the

IPv6 header and upper layer header– Allows adding new features to IPv6 protocol without major re-

engineering

IPv6 Header Next Header = 6 TCP header + data

IPv6 Header Next Header = 44

Fragment headerNext header = 6 TCP header + data

Next Header values:0 Hop-by-hop option6 TCP17 UDP43 Source routing (RFC5095)44 Fragmentation50 Encrypted security payload51 Authentication58 ICMPv659 Null (No next header)60 Destination option

Extension Header

8/13/19

8

1515

IPv6 Extension Header (contd)• An IPv6 packet may carry none or many extension headers

– A next header value of 6 or 17 (TCP/UDP) indicates there is no extension header• the next header field points to TCP/UDP header, which is the payload

• Unless the next header value is 0 (Hop-by-Hop option), extension headers are processed only by the destination node, specified by the destination address.

1616

Fragmentation Handling In IPv6• In IPv6, fragmentation is only performed by the host/source

nodes, and not the routers along the path (unlike IPv4)

• Each source device tracks the MTU size for each session

• When a IPv6 host has large amount of data to be sent, it will be send in a series of IPv6 packets (fragmented)– IPv6 hosts use Path MTU Discovery (PMTUD) to determine the most

optimum MTU size along the path

Source: www.cisco.com

8/13/19

9

1717

Path MTU Discovery• With PMTUD, the source IPv6 device assumes the initial PMTU

is the MTU of the first hop in the path

– upper layers (Transport/Application) send packets based on the first hop MTU

– If the device receives an “ICMPv6 packet too big (Type 2)” message, it informs the upper layer to reduce its packet size, based on the actual MTU size (contained in the message) of the node that dropped the packet

1500 1420 1280 1500

Path MTU =1280

18

8/13/19

10

19

IPV6 ADDRESSINGModule 2

2020

IPv6 Address Representation • IPv6 address is 128 bits

• Number of IPv6 addresses : 2^128 ~ 3.4 x 1038

• IPv6 address is represented in hexadecimal – 4-bits (nibble) represent a hexadecimal digit– 4 nibbles (16-bits) make a hextet– represented as eight hextets (4 nibbles or 16 bits), each separated by a colon (:)

2001:ABCD:1234::DC0:A910

1010 1001 0001 0000

nibble

Hextet

8/13/19

11

2121

IPv6 Address Representation (2) – 2001:0DB8:0000:0000:0000:036E:1250:2B00

• Abbreviated form

– 2001:0DB8:0000:0000:0000:036E:1250:2B00

– Leading zeroes (0) in any hextet can be omitted– 2001:DB8:0:0:0:36E:1250:2B00

– A double colon (::) can replace contiguous hextet segments of zeroes– 2001:DB8::36E:1250:2B00

– (::) can only be used once!

Sequence of 0s

Leading 0s

Double colons

2222

IPv6 Address Representation (3)• Double colons (::) representation

– RFC5952 recommends that the largest set of :0: be replaced with :: for consistency

– 2001:0:0:0:2F:0:0:5– 2001::2F:0:0:5 instead of 2001:0:0:0:2F::5

– Where there is same number of :0:, the first set be replaced with ::– 2001:DB8:0:0:2F:0:0:5– 2001:DB8::2F:0:0:5 instead of 2001:DB8:0:0:2F::5

• Prefix Representation– Representation of prefix is similar to IPv4 CIDR

– → prefix/prefix-length– 2001:DB8:12::/40

8/13/19

12

2323

IPv6 Addressing Model• Unicast Address

– Assigned to a single interface– Packet sent only to the interface with that address

• Anycast Address– Same address assigned to more than one interface (on different nodes)– Packet for an anycast address routed to the nearest interface (routing distance)

• Multicast Address– group of interfaces (on different nodes) join a multicast group– A multicast address identifies the interface group – Packet sent to the multicast address is replicated to all interfaces in the group

RFC 4291

AB

A

A

B

B

B

B

2424

Special Unicast Addresses• Unspecified Address (absence of a address)

• ::/128

• Loopback (test OSI/TCP-IP stack implementation)

• ::1/128

8/13/19

13

2525

Global Unicast Addresses• Globally unique and routable IPv6 address

• Currently, only global unicast address with first three bits of 001 have been assigned

• 0010 0000 0000 0000 (2000::/3)

• 0011 1111 1111 1111 (3FFF::/3)

• IANA gives a /12 each from 2000-3FFF::/3 to each RIRAPNIC2400::/12ARIN2600::/12LACNIC2800::/12RIPE NCC 2A00::/12AfriNIC 2C00::/12

2626

Global Unicast Addresses• RIRs assign /32 to ISPs

Global Unicast Address001

3 bits

RIR

128 bits

ISP

9 bits20 bits

/3 /12 /32

8/13/19

14

27

IPv6 Addressing Structure

Subnet ID

48 bits 16 bits

Customer(Site) Prefix

64 bits

Interface ID

Network PrefixRFC 6177

• Customer (Site) Prefix: assigned to a customer site – Group of subnets– ISPs/RIRs ‘would’ assign /48 (/56 to customers)

• Subnet ID: identifies the subnets (links) within a site

• Interface ID: host portion of the IPv6 address– how many hosts within a subnet

2828

IPv6 Addressing Structure0 127

ISP /32

32

Customer Site /48

16

End Site Subnet /64

16

64

Device 128 Bit Address

Interface ID64

Network Prefix 63

8/13/19

15

2929

Link-local Unicast Addresses• Auto configured address (similar to APIPA)

– Every IPv6 enabled device must have a link-local address– To communicate with other IPv6 devices on the same link– FE80::/10

• The link-local address is used by routers as the next-hop address when forwarding IPv6 packets

• All IPv6 hosts on a subnet/link, uses the router’s link-local as the default gateway– Routers use the link-local as the source in ND-RA messages

3030

Unique Local Unicast Addresses• Similar to RFC1918 addresses (but within a

“site”)– Unique within a site– Routable within site(s)– Not ‘expected’ to be routed on the internet

FC00::/7| 7 bits | 1 | 40 bits | 16 bits. | 64 bits | +--------+--+--------------+------------+---------------------------+ | Prefix | L | Global ID | Subnet ID | Interface ID. | +--------+--+--------------+------------+---------------------------+

L: 1 for local significanceGlobal ID: 40-bit pseudo-random

8/13/19

16

3131

Well-known Multicast Addresses• Multicast addresses can only be destinations and never a source

– FF00::/8

• Pre-defined multicast addresses:– FF02::1 All nodes multicast

• All IPv6 enabled devices join this multicast group• Packets sent to this address is received by all nodes

– FF02::2 All routers multicast• The moment IPv6 is enabled on a router (#ipv6 unicast-routing), the router becomes a member

of this group

– FF02::1:FFXX:XXXX/104 Solicited Node multicast• NS messages (~ARP request) are sent to this address• Uses the least significant 24-bits of its unicast/anycast address• Must compute and join for every unicast (link-local & global) on a interface

3232

Well-known Multicast Addresses• Pre-defined multicast addresses:

– FF02::1:2 All DHCP Servers/Relay Agents • Clients use this multicast address to discover any DHCPv6 servers/relays on the

local link (link-scoped)

– FF05::1:3 All DHCP servers• Generally used by Relays to talk to servers• Site-scoped

8/13/19

17

3333

Modified EUI-64 format• Allows IPv6 device to compute a unique 64 bit Interface ID using

the interface MAC address (48 bit)

– MAC address is split into two 24 bit halves• OUI and NIC

– Then 0xFFFE is inserted between the two halves• 0xFFFE is reserved value, not assigned to any OEM

– Invert 7th bit (U/L) of the OUI to get the EUI-64 address• addresses assigned to OEMs have this bit set to 0 to indicate global uniqueness• Set to 1 (invert 0) to indicate IEEE identifier (MAC( is used, or 0 if otherwise

(serials/tunnels).

00

21

48

A2

10

2F

OUI NIC

00

21

48

A2

10

2F

FF

FE

0000 00000000 0010

02

21

48

A2

10

2F

FF

FE

3434

IPv6 Addressing EUI-64LAN: 2001:db8:213:1::/64

Eth0

MAC address: 0060.3e47.1530interface Ethernet0ipv6 address 2001:db8:213:1::/64 eui-64

router# show ipv6 interface Ethernet0Ethernet0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::260:3EFF:FE47:1530Global unicast address(es):

2001:db8:213:1:260:3EFF:FE47:1530, subnet is 2001:db8:213:1::/64Joined group address(es):

FF02::1:FF47:1530FF02::1FF02::2

MTU is 1500 bytes

8/13/19

18

3535

ICMPv6 Neighbor Discovery• Router Solicitation (RS):

– sent by IPv6 host to "all routers" multicast to request RA

• Router Advertisement (RA): – sent by a IPv6 router to the "all nodes" multicast (200 secs)– IPv6 prefix/prefix length, and default gateway

• Neighbor Solicitation (NS): – sent by IPv6 host to the "solicited node" multicast to find the MAC address of a given IPv6 address (~ARP

request).

• Neighbor Advertisement (NA): – sent in response to a NS and informs of its MAC address.

• ICMPv6 Redirect: – informs the source of a better next-hop

RFC 4861

3636

IPv6 Neighbor Discovery (ND) • Host A would like to communicate with Host B

– Global address 2406:6400::10– Link-local fe80::226:bbff:fe06:ff81– MAC address 00:26:bb:06:ff:81

• Host B IPv6 global address 2406:6400::20– Link-local UNKNOWN (if GW outside the link)– MAC address UNKNOWN

• How will Host A create L2 frame and send to Host B?

8/13/19

19

3737

IPv6 Neighbor Discovery (ND)

3838

IPv6 Address Resolution

ICMPv6 NS Type135

ICMPv6 NA Type136

SMAC: 00:26:BB:06:FF:81 DMAC: 33:33:FF:00:00:20

Source IPv6: 2406:6400::0010

Destination IPv6:FF02:0:0:0:0:1:FF00:0020

Multicast

Unicast

SMAC: 00:26:BB:06:FF:82 DMAC: 00:26:BB:06:FF:81

Source IPv6:2406:6400::0020

Dest IPv6:2406:6400::0010

1

2

RFC2464 – 33:33:xx:xx:xx:xx

8/13/19

20

3939

IPv6 Address Resolution

IPv6 Packet

IPv6 Packet

SMAC: 00:26:BB:06:FF:81 DMAC: 00:26:BB:06:FF:82

Source IPv6:2406:6400::0010

Dest IPv6:2406:6400::0020

Payload

Unicast

Unicast

SMAC: 00:26:BB:06:FF:82 DMAC: 00:26:BB:06:FF:81

Source IPv6: 2406:6400::0020

Dest IPv6:2406:6400::0010

Payload

3

4

4040

IPv6 Address Auto-configuration• Stateless address auto-configuration (SLAAC)

– No manual configuration required– Gets the IPv6 prefix and prefix length through RA (local router)– EUI-64 for interface ID (pseudo random)

• Stateful - DHCPv6– To track address assignments

8/13/19

21

41

Stateless Address Autoconfig (1)RFC 2462When a host joins a link/subnet:

• It auto-generates a link-local using the FE80::/10 prefix and EUI-64:– Ex: FE80::346A:3BFF:FE76:CAF9

• DAD is performed on the link-local:– NS message is sent to the “solicited-

node” multicast (FF02::1:FF76:CAF9), with ::/128 as the source

– If no NA message is received back, the generated address is unique and can be used

FE80::346A:3BFF:FE76:CAF9

NS

42

Stateless Address Autoconfig (2)Once the node has a link-local address:

• sends a RS message to the ”all-routers” multicast (FF02::2)– link-local as the source address

• The router responds with a RA message– IPv6 prefix and prefix length– link-local as the source – Auto flag by default (Managed and Other flags

are not set!)

• The node generates the IPv6 address– uses the received prefix (2001:DB8::/64)– Interface ID (EUI-64)– 2001:DB8::346A:3BFF:FE76:CAF9– DAD not necessary (link-local validated for the

same interface!)

FE80::346A:3BFF:FE76:CAF92001:DB8::346A:3BFF:FE76:CAF9

RS

RA

2001:DB8::/64

8/13/19

22

43

DHCPv6 (1)RFC 3315DHCPv6 is used:

– If there are no router(s) on the subnet/link, OR– If the RA message specifies to get addressing

information via DHCPv6

If the router’s RA message has the:

– O (other) flag set: stateless DHCPv6• auto-generate IPv6 address using IPv6 prefix & prefix length in

the RA• obtain other information (DNS server, domain) via DHCPv6

– M (managed) flag set:• obtain all addressing information via DHCPv6• ‘O’ flag is redundant

44

1. Client sends Solicit message to FF02::1:2 to find any available DHCPv6 servers

2. Server responds with an Advertise message• the tentative IPv6 address/prefix• Other parameters (DNS, domain, default

gateway, lease time)• could receive multiple Advertise messages

3. Client selects the server, and sends a Request asking to formally request the indicated IPv6 address

4. Server responds with a Reply to confirm the assignment

5. Performs DAD before using!

Stateful Autoconfig – DHCPv6 (2)

Solicit

Advertise

Request

Reply

IPv6 ClientDHCPv6 Server

8/13/19

23

4545

IPv6 Interface ID – Privacy• Overcome the ability to track (interface ID based on MAC

address):– Temporary address (changes): outgoing connections– Secured address: incoming connection– Temp > 2001:dc0:a000:4:84a3:49b6:1919:26fb– Secured> 2001:dc0:a000:4:108b:3690:9335:b7ec– Temp > 2001:dc0:a000:4:14e6:d4a3:815d:91dd

• Ease network management yet improve privacy:– Stable interface identifiers for each subnet– Secured> 2001:dc0:a000:4:cbb:347c:6215:1083

RFC 4941

RFC 7217

4646

Zone IDs for Link-locals– Interface en0 - fe80::4e0:37e4:c5d1:c845%en0– Interface en5 - fe80::aede:48ff:fe00:1122%en5

• Zone IDs help uniquely distinguish which link/subnet an interface is connected to

• To ping a remote IPv6 node, use your interface zone ID (so that the response packet has a path)

8/13/19

24

4747

Quiz - Zone ID• Please write down the commands:

– PC-A pings PC-B– PC-A telnet PC-Cfe80::a1%11

fe80::a2%12

PC-A

PC-B

PC-C

fe80::b1%1

fe80::c1%en0

4848

Subnetting (Example)• Provider A has been allocated

• 2001:DB8::/32

– will delegate /48 blocks to its customers

• Q. Find the blocks provided to the first 4 customers

8/13/19

25

49

Subnetting (Example)

2001:0DB8::/32

2001:0DB8:0000::/48

Original block:

Rewrite as a /48 block: This is your network prefix!

How many /48 blocks are there in a /32?

Find only the first 4 /48 blocks…

2^16 = 65K

50

Subnetting (Example)

2001:0DB8:0000::/48 In bits

0000 0000 0000 0000

2001:0DB8: ::/48

0000 0000 0000 0001

2001:0DB8: ::/48

0000 0000 0000 0010

2001:0DB8: ::/48

0000 0000 0000 0011

2001:0DB8: ::/48

Start by manipulating the LSB of your network prefix – write in bits

2001:0DB8:0000::/48

2001:0DB8:0001::/48

2001:0DB8:0002::/48

2001:0DB8:0003::/48

Then write back into hex digits

8/13/19

26

5151

Exercise 1.1: IPv6 subnetting• Identify the first four /36 sub-prefixes out of 2406:6400::/32

– _____________________– _____________________– _____________________– _____________________

5252

Exercise 1.2: IPv6 subnettingIdentify the first four /35 blocks out of 2406:6400::/32

1. _____________________2. _____________________3. _____________________4. _____________________

8/13/19

27

53

54

IPV6 HOST CONFIGURATIONModule 3

8/13/19

28

5555

IPv6 Autoconfiguration• Stateless mechanism

– For a site not concerned with the exact addresses– No manual configuration required– Minimal configuration of routers– No additional servers

• Stateful mechanism– For a site that requires tighter control over exact address

assignments– Can be assigned using a DHCPv6 server or manually

RFC4862

5656

IPv6 Autoconfiguration• IPv6 Stateless Address Autoconfiguration (SLACC)• Allow a host to obtain or create unique addresses for its

interface/s– Manual configuration should not be required– Even if no servers/routers exist to assign an IP address to a device, the

device can still auto-generate an IP address

• Small sites should not require DHCPv6 server to communicate– Plug and play– Allows interfaces on the same link to communicate with each other

• Facilitate the renumbering of a site’s machines

RFC4862

8/13/19

29

5757

Interface ID• The lowest-order 64-bit field addresses

• May be assigned in several different ways:– auto-configured from a 48-bit MAC address expanded into a 64-bit

EUI-64– assigned via DHCP– manually configured– auto-generated pseudo-random number– possibly other methods in the future

5858

Modified EUI-643 4 5 6 7 8 9 A B C D E

0 0 1 1 0 1 0 0

0 0 1 1 0 1 1 0

3 4 5 6 7 8 9 A B C D E

F F F E

36 5 6 7 8 9 A B C D EF F

Mac Address

EUI-64 Address

Interface Identifier

U/L bit

F E

EUI-64 address is formed by inserting FFFE and OR’ing a bit identifying the uniqueness of the MAC address

8/13/19

30

5959

IPv6 Addressing ExamplesLAN: 2001:db8:213:1::/64

Ethernet0

MAC address: 0060.3e47.1530interface Ethernet0ipv6 address 2001:db8:213:1::/64 eui-64

router# show ipv6 interface Ethernet0Ethernet0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::260:3EFF:FE47:1530Global unicast address(es):

2001:db8:213:1:260:3EFF:FE47:1530, subnet is 2001:db8:213:1::/64Joined group address(es):

FF02::1:FF47:1530FF02::1FF02::2

MTU is 1500 bytes

6060

IPv6 Address Privacy

• Temporary address for IPv6 host client application– e.g. Web browser

• Intended to inhibit device/user tracking but is also a potential issue– More difficult to scan all IP addresses on a subnet– But port scan is identical when an address is known

• Random 64 bit interface ID, run DAD before using it• Rate of change based on local policy• Implemented on Microsoft Windows XP/Vista/7

– Can be activated on FreeBSD/Linux/MacOS with a system call

2001

0db8

/32

/48

/64

/12

Interface ID

RFC4941

8/13/19

31

6161

Zone IDs for Local-Use Addresses• In Windows XP for example:

• Host A:– fe80::2abc:d0ff:fee9:4121%4

• Host B:– fe80::3123:e0ff:fe12:3001%3

• Ping from Host A to Host B– ping fe80::3123:e0ff:fe12:3001%4 (not %3)

• identifies the interface zone ID on the host which is connected to that segment.

6262

IPv6 Neighbor Discovery (ND) • IPv6 uses multicast (L2) instead of broadcast to find out

target host MAC address

• It increases network efficiency by eliminating broadcast from L2 network

• IPv6 ND uses ICMPv6 as transport– Compared to IPv4 ARP, there is no need to write different ARP for

different L2 protocol i.e. Ethernet etc.

RFC4861

8/13/19

32

6363

IPv6 Neighbor Discovery (ND) • Solicited-Node Multicast is used for Duplicate Address

Detection– Part of the Neighbour Discovery process– Replaces ARP– Duplicate IPv6 Addresses are rare, but still have to be tested for

• For each unicast and anycast address configured, there is a corresponding solicited-node multicast address– This address is only significant for the local link

6464

IPv6 Neighbor Discovery (ND) • Solicited Node Multicast Address

– Starts with FF02::1:FF00:0/104– Last 24 bit from the interface IPV6 address

• Example Solicited Node Multicast Address– IPV6 Address 2406:6400:0:0:0:0:0000:0010– Solicited Node Multicast Address is FF02:0:0:0:0:1:FF00:0010

• All hosts listen to its solicited node multicast address corresponding to its unicast and anycast address (if defined)

8/13/19

33

6565

IPv6 Neighbor Discovery (ND) • Host A would like to communicate with Host B

– Host A IPv6 global address 2406:6400::10– Host A IPv6 link local address fe80::226:bbff:fe06:ff81– Host A MAC address 00:26:bb:06:ff:81

• Host B IPv6 global address 2406:6400::20– Host B Link local UNKNOWN [Gateway if outside the link]– Host B MAC address UNKNOWN

• How will Host A create L2 frame for Host B?

6666

IPv6 Neighbor Discovery (ND)

8/13/19

34

6767

IPv6 Autoconfiguration

1. A new host is turned on.

2. Tentative address will be assigned to the new host.

3. Duplicate Address Detection (DAD) is performed. First the host transmit

• a Neighbor Solicitation (NS) message to all-nodes multicast address (FF02::1)

5. If no Neighbor Advertisement (NA) message comes back then the address is unique.

6. FE80::310:BAFF:FE64:1D will be assigned to the new host.

Tentative address (link-local address)Well-known link local prefix +Interface ID (EUI-64)Ex: FE80::310:BAFF:FE64:1D

Is this address unique?

AssignFE80::310:BAFF:FE64:1D

2001:1234:1:1/64 network

6868

IPv6 Autoconfiguration

FE80::310:BAFF:FE64:1D

Send meRouter Advertisement

1. The new host will send Router Solicitation (RS) request to the all-routers multicast group (FF02::2).

2. The router will reply Routing Advertisement (RA).3. The new host will learn the network prefix. E.g, 2001:1234:1:1/644. The new host will assigned a new address Network prefix+Interface

ID E.g, 2001:1234:1:1:310:BAFF:FE64:1D

RouterAdvertisement Assign2001:1234:1:1:310:BAFF:FE64:1D

2001:1234:1:1/64 network

8/13/19

35

6969

ICMPv6 Messages for Autoconfiguration• 133 Router Solicitation

– Prompts a router to send a Router Advertisement.

• 134 Router Advertisement– Sent by routers to tell hosts on the local network the router exists and

describe its capabilities.

• 135 Neighbor Solicitation– Sent by a device to request the layer two address of another device

while providing its own as well.

• 136 Neighbor Advertisement– Provides information about a host to other devices on the network

7070

Configuration of IPv6 Nodes• There are 3 ways to configure IPv6 address on an IPv6

node:– Static address configuration – DHCPv6 assigned node address– Stateless autoconfiguration

8/13/19

36

7171

Configuration of IPv6 Node AddressQuantity Address Requirement Context

One Loopback [::1] Must define Each nodeOne Link-local Must define Each InterfaceZero to many Unicast Optional Each interfaceZero to many Unique-local Optional Each interfaceOne All-nodes multicast

[ff02::1]Must listen Each interface

One Solicited-node multicast ff02:0:0:0:0:1:ff/104

Must listen Each unicast and anycast define

Any Multicast Group Optional listen Each interfaceULA are unicast address globally unique but used locally within sites.Any sites can have /48 for private use. Each /48 is globally unique so no Collision of identical address in future when they connect together

7272

IPv6 Host Configuration (Windows)• Windows XP SP2

– netsh interface ipv6 install

• Windows XP– ipv6 install

8/13/19

37

7373

IPv6 Host Configuration (Windows)• Configuring an interface

netsh interface ipv6 add address “Local Area Connection” 2406:6400::1

• Note: Prefix length is not specified with address which will force a /64 on the interface

• Verify your Configurationipconfig

• Verify your neighbour table– netsh interface ipv6 show neighbors

7474

IPv6 Host Configuration (Windows)• Disable privacy state variable

netsh interface ipv6 set privacy state=disable

OR

netsh interface ipv6 set global randomizeidentifiers=disabled

8/13/19

38

7575

IPv6 Host Configuration (Windows)• Testing your configuration

ping fe80::260:97ff:fe02:6ea5%4

• Note: the Zone ID is your interface index Zone ID

7676

IPv6 Host Configuration (Mac OS X)• Disable privacy address

sysctl –w net.inet6.ip6.use_tempaddr=0

• Configuring an interface from the Terminalifconfig en0 inet6 2406:6400::2/48route add –inet6 –prefixlen 0 default \

2406:6400::1

• Verify your neighbor tablendp -a

8/13/19

39

7777

IPv6 Host Configuration (Linux)• Enabling IPv6 on Linux

– Set the NETWORKING_IPV6 variable to yes in /etc/sysconfig/networkvi /etc/sysconfig/network

NETWORKING_IPV6=yesservice network restart

• Adding IPv6 address on an interfaceifconfig eth0 add inet6 2406:6400::1/64 (OR)ifconfig eth0 add 2406:6400::1/64

7878

IPv6 Host Configuration (Linux)• Configuring Router Advertisement (RA) on Linux

– Set IPv6 address forwarding onecho “1” /proc/sys/net/ipv6/conf/all/forward

– Need radvd-0.7.1-3.i386.rpm installed– On the demon conf file /etc/radvd.conf

vi /etc/radvd.confinterface eth1 {advSendAdvert on;prefix 2406:6400::/64 {AdvOnLink on; }; };

8/13/19

40

7979

IPv6 Host Configuration (FreeBSD)• Enabling IPv6 on FreeBSD

– Set the ipv6_enable variable to yes in the /etc/rc.confvi /etc/rc.conf

ipv6_enable=yes

• Adding IPv6 address on an interfaceifconfig fxp0 inet6 2406:6400::1/64

8080

IPv6 Host Configuration (FreeBSD)• Configuring RA on FreeBSD

– Set IPv6 address forwarding onsysctl -w net.inet6.ip6.forwarding=1

– Assign IPv6 address on an interfaceifconfig en1 inet6 2001:07F9:0400:010E::1 \prefixlen 64

– RA on an interfacertadvd en1

8/13/19

41

8181

Exercise 1: IPv6 Host Configuration• Configure RA on Cisco

config t

interface e0/1

ipv6 nd prefix-advertisement 2406:6400::/64

82

8/13/19

42

83

IPV6 AND DNSModule 4

84

Reverse DNS Tree – with IPv6

84

Root.

in-addr

202 203

64

22

ip6

IPv6 addresses

net org com arpa

ianaapnic

8/13/19

43

8585

IPv6 Representation in the DNS• Forward lookup support: Multiple RR records for name to

number– AAAA (Similar to A RR for IPv4 )

• Reverse lookup support: – Reverse nibble format for zone ip6.arpa

85

8686

IPv6 Reverse Lookups – PTR records• Similar to the IPv4 reverse recordb.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa.

IN PTR test.ip6.example.com.

• Example: The reverse name lookup for a host with address• 3ffe:8050:201:1860:42::1

– $ORIGIN 0.6.8.1.1.0.2.0.0.5.0.8.e.f.f.3.ip6.arpa.– 1.0.0.0.0.0.0.0.0.0.0.0.2.4.0.0 14400 IN PTR host.example.com.

86

8/13/19

44

8787

IPv6 Forward Lookups• Multiple addresses possible for any given name

– Ex: in a multi-homed situation

• Can assign A records and AAAA records to a given name/domain

• Can also assign separate domains for IPv6 and IPv4

87

8888

Example: Forward Zone;; domain.edu$TTL 86400@ IN SOA ns1.domain.edu. root.domain.edu. (

2019021401 ; serial - YYYYMMDDXX21600 ; refresh - 6 hours1200 ; retry - 20 minutes3600000 ; expire - long time86400) ; minimum TTL - 24 hours

;; NameserversIN NS ns1.domain.edu.IN NS ns2.domain.edu.

;; Hosts with just A recordshost1 IN A 1.0.0.1

;; Hosts with both A and AAAA recordshost2 IN A 1.0.0.2

IN AAAA 2001:468:100::2

88

8/13/19

45

8989

Example: Reverse Zone;; 0.0.0.0.0.0.1.0.8.6.4.0.1.0.0.2.rev;; These are reverses for 2001:468:100::/64);; File can be used for both ip6.arpa and ip6.int.

$TTL 86400@ IN SOA ns1.domain.edu. root.domain.edu. (

2019021401 ; serial - YYYYMMDDXX21600 ; refresh - 6 hours1200 ; retry - 20 minutes3600000 ; expire - long time86400) ; minimum TTL - 24 hours

;; NameserversIN NS ns1.domain.edu.IN NS ns2.domain.edu.

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR host1.ip6.domain.edu2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR host2.domain.edu

89

90

8/13/19

46

91

Thank You!END OF SESSION