8/13/19 1 1 IPv6 Basics Nauru 13 August 2019 2 Content • Intro to IPv6 • IPv6 Protocol Architecture • IPv6 Addressing and Subnetting • IPv6 Host Configuration • IPv6 and DNS
8/13/19
1
1
IPv6 Basics
Nauru13 August 2019
22
Content• Intro to IPv6
• IPv6 Protocol Architecture• IPv6 Addressing and Subnetting
• IPv6 Host Configuration
• IPv6 and DNS
8/13/19
2
3
IPV6 PROTOCOL ARCHITECTUREModule 1
44
What is IPv6? • IP stands for Internet Protocol which is one of the main
pillars that supports the Internet today
• Current version of IP protocol is IPv4
• The new version of IP protocol is IPv6
• There is a version of IPv5 but it was assigned for experimental use [RFC1190]
• IPv6 was also called IPng in the early days of IPv6 protocol development stage
8/13/19
3
55
Background of IPv6 Protocol • August 1990
– First wake-up call by Solensky in IETF on IPv4 address exhaustion• December 1994
– IPng area were formed within IETF to manage IPng effort [RFC1719] – List of technical criteria was defined to choose IPng [RFC1726]
• January 1995– IPng director recommendation to use 128 bit address [RFC1752]
• December 1995– First version of IPv6 address specification [RFC1883]
• December 1998– Updated version changing header format from 1st version [RFC2460]
66
Motivation Behind IPv6 Protocol • Plenty of address space (Mobile Phones, Tablet Computers, Car
Parts, etc. J )
• Solution of very complex hierarchical addressing need, which IPv4 is unable to provide
• End to end communication without the need of NAT for some real time application (i.e online transaction)
• Ensure security, reliability of data and faster processing of protocol overhead
• Stable service for mobile network (i.e Internet in airline, trains)
8/13/19
4
77
IPv4 Exhaustion
Reached the final /8
88
New Functional Improvement• Address Space
– Increase from 32-bit to 128-bit address space
• Management– Stateless autoconfiguration means no more need to configure IP
addresses for end systems, even via DHCP
• Performance– Fixed header size (40 bytes) and 64-bit header alignment mean
better performance from routers and bridges/switches
• No hop-by-hop segmentation– Path MTU discovery
8/13/19
5
99
New Functional Improvement• Multicast/Multimedia
– Built-in features for multicast groups, management, and new "anycast" groups
• Mobile IP – Eliminate triangular routing and simplify deployment of mobile IP-based
systems • Virtual Private Networks
– Built-in support for ESP/AH encrypted/ authenticated virtual private network protocols
• Built-in support for QoS tagging • No more broadcast
1010
v4/v6 Header Comparison
Not kept in IPv6
Renamed in IPv6
Same name and function
New in IPv6
8/13/19
6
1111
New Functional Improvement• Address Space
– Increase from 32-bit to 128-bit address space
• Management– Stateless autoconfiguration (SLAAC) means no more need to configure IP
addresses for end systems, even via DHCP
• Performance– Simplified header means efficient packet processing – No header checksum re-calculation at every hop (when TTL is decremented) =>
left up to the lower and upper layers!
• No hop-by-hop fragmentation - PMTUD
12
IPv6 Protocol Header Format • Version (4-bit):
– 4-bit IP version number (6)
• Traffic class (8-bit): – Similar to DiffServ in IPv4; define
different classes or priorities.
• Flow label (20-bit): – allows IPv6 packets to be identified
based on flows (multilayer switching techniques and faster packet-switching performance)
8/13/19
7
13
IPv6 Protocol Header Format • Payload length (16-bit):
– Defines the length of the IPv6 payload (including extension headers); Total Length in IPv4 includes the header.
• Next header (8-bit): – Identifies the type of information
following IPv6 header. Could be upper layer (TCP/UDP), or an extension header (similar to Protocol field in IPv4).
• Hop limit (8-bit): – Similar to TTL in IPv4
1414
IPv6 Extension Header • IPv6 allows an optional Extension Header in between the
IPv6 header and upper layer header– Allows adding new features to IPv6 protocol without major re-
engineering
IPv6 Header Next Header = 6 TCP header + data
IPv6 Header Next Header = 44
Fragment headerNext header = 6 TCP header + data
Next Header values:0 Hop-by-hop option6 TCP17 UDP43 Source routing (RFC5095)44 Fragmentation50 Encrypted security payload51 Authentication58 ICMPv659 Null (No next header)60 Destination option
Extension Header
8/13/19
8
1515
IPv6 Extension Header (contd)• An IPv6 packet may carry none or many extension headers
– A next header value of 6 or 17 (TCP/UDP) indicates there is no extension header• the next header field points to TCP/UDP header, which is the payload
• Unless the next header value is 0 (Hop-by-Hop option), extension headers are processed only by the destination node, specified by the destination address.
1616
Fragmentation Handling In IPv6• In IPv6, fragmentation is only performed by the host/source
nodes, and not the routers along the path (unlike IPv4)
• Each source device tracks the MTU size for each session
• When a IPv6 host has large amount of data to be sent, it will be send in a series of IPv6 packets (fragmented)– IPv6 hosts use Path MTU Discovery (PMTUD) to determine the most
optimum MTU size along the path
Source: www.cisco.com
8/13/19
9
1717
Path MTU Discovery• With PMTUD, the source IPv6 device assumes the initial PMTU
is the MTU of the first hop in the path
– upper layers (Transport/Application) send packets based on the first hop MTU
– If the device receives an “ICMPv6 packet too big (Type 2)” message, it informs the upper layer to reduce its packet size, based on the actual MTU size (contained in the message) of the node that dropped the packet
1500 1420 1280 1500
Path MTU =1280
18
8/13/19
10
19
IPV6 ADDRESSINGModule 2
2020
IPv6 Address Representation • IPv6 address is 128 bits
• Number of IPv6 addresses : 2^128 ~ 3.4 x 1038
• IPv6 address is represented in hexadecimal – 4-bits (nibble) represent a hexadecimal digit– 4 nibbles (16-bits) make a hextet– represented as eight hextets (4 nibbles or 16 bits), each separated by a colon (:)
2001:ABCD:1234::DC0:A910
1010 1001 0001 0000
nibble
Hextet
8/13/19
11
2121
IPv6 Address Representation (2) – 2001:0DB8:0000:0000:0000:036E:1250:2B00
• Abbreviated form
– 2001:0DB8:0000:0000:0000:036E:1250:2B00
– Leading zeroes (0) in any hextet can be omitted– 2001:DB8:0:0:0:36E:1250:2B00
– A double colon (::) can replace contiguous hextet segments of zeroes– 2001:DB8::36E:1250:2B00
– (::) can only be used once!
Sequence of 0s
Leading 0s
Double colons
2222
IPv6 Address Representation (3)• Double colons (::) representation
– RFC5952 recommends that the largest set of :0: be replaced with :: for consistency
– 2001:0:0:0:2F:0:0:5– 2001::2F:0:0:5 instead of 2001:0:0:0:2F::5
– Where there is same number of :0:, the first set be replaced with ::– 2001:DB8:0:0:2F:0:0:5– 2001:DB8::2F:0:0:5 instead of 2001:DB8:0:0:2F::5
• Prefix Representation– Representation of prefix is similar to IPv4 CIDR
– → prefix/prefix-length– 2001:DB8:12::/40
8/13/19
12
2323
IPv6 Addressing Model• Unicast Address
– Assigned to a single interface– Packet sent only to the interface with that address
• Anycast Address– Same address assigned to more than one interface (on different nodes)– Packet for an anycast address routed to the nearest interface (routing distance)
• Multicast Address– group of interfaces (on different nodes) join a multicast group– A multicast address identifies the interface group – Packet sent to the multicast address is replicated to all interfaces in the group
RFC 4291
AB
A
A
B
B
B
B
2424
Special Unicast Addresses• Unspecified Address (absence of a address)
• ::/128
• Loopback (test OSI/TCP-IP stack implementation)
• ::1/128
8/13/19
13
2525
Global Unicast Addresses• Globally unique and routable IPv6 address
• Currently, only global unicast address with first three bits of 001 have been assigned
• 0010 0000 0000 0000 (2000::/3)
• 0011 1111 1111 1111 (3FFF::/3)
• IANA gives a /12 each from 2000-3FFF::/3 to each RIRAPNIC2400::/12ARIN2600::/12LACNIC2800::/12RIPE NCC 2A00::/12AfriNIC 2C00::/12
2626
Global Unicast Addresses• RIRs assign /32 to ISPs
Global Unicast Address001
3 bits
RIR
128 bits
ISP
9 bits20 bits
/3 /12 /32
8/13/19
14
27
IPv6 Addressing Structure
Subnet ID
48 bits 16 bits
Customer(Site) Prefix
64 bits
Interface ID
Network PrefixRFC 6177
• Customer (Site) Prefix: assigned to a customer site – Group of subnets– ISPs/RIRs ‘would’ assign /48 (/56 to customers)
• Subnet ID: identifies the subnets (links) within a site
• Interface ID: host portion of the IPv6 address– how many hosts within a subnet
2828
IPv6 Addressing Structure0 127
ISP /32
32
Customer Site /48
16
End Site Subnet /64
16
64
Device 128 Bit Address
Interface ID64
Network Prefix 63
8/13/19
15
2929
Link-local Unicast Addresses• Auto configured address (similar to APIPA)
– Every IPv6 enabled device must have a link-local address– To communicate with other IPv6 devices on the same link– FE80::/10
• The link-local address is used by routers as the next-hop address when forwarding IPv6 packets
• All IPv6 hosts on a subnet/link, uses the router’s link-local as the default gateway– Routers use the link-local as the source in ND-RA messages
3030
Unique Local Unicast Addresses• Similar to RFC1918 addresses (but within a
“site”)– Unique within a site– Routable within site(s)– Not ‘expected’ to be routed on the internet
FC00::/7| 7 bits | 1 | 40 bits | 16 bits. | 64 bits | +--------+--+--------------+------------+---------------------------+ | Prefix | L | Global ID | Subnet ID | Interface ID. | +--------+--+--------------+------------+---------------------------+
L: 1 for local significanceGlobal ID: 40-bit pseudo-random
8/13/19
16
3131
Well-known Multicast Addresses• Multicast addresses can only be destinations and never a source
– FF00::/8
• Pre-defined multicast addresses:– FF02::1 All nodes multicast
• All IPv6 enabled devices join this multicast group• Packets sent to this address is received by all nodes
– FF02::2 All routers multicast• The moment IPv6 is enabled on a router (#ipv6 unicast-routing), the router becomes a member
of this group
– FF02::1:FFXX:XXXX/104 Solicited Node multicast• NS messages (~ARP request) are sent to this address• Uses the least significant 24-bits of its unicast/anycast address• Must compute and join for every unicast (link-local & global) on a interface
3232
Well-known Multicast Addresses• Pre-defined multicast addresses:
– FF02::1:2 All DHCP Servers/Relay Agents • Clients use this multicast address to discover any DHCPv6 servers/relays on the
local link (link-scoped)
– FF05::1:3 All DHCP servers• Generally used by Relays to talk to servers• Site-scoped
8/13/19
17
3333
Modified EUI-64 format• Allows IPv6 device to compute a unique 64 bit Interface ID using
the interface MAC address (48 bit)
– MAC address is split into two 24 bit halves• OUI and NIC
– Then 0xFFFE is inserted between the two halves• 0xFFFE is reserved value, not assigned to any OEM
– Invert 7th bit (U/L) of the OUI to get the EUI-64 address• addresses assigned to OEMs have this bit set to 0 to indicate global uniqueness• Set to 1 (invert 0) to indicate IEEE identifier (MAC( is used, or 0 if otherwise
(serials/tunnels).
00
21
48
A2
10
2F
OUI NIC
00
21
48
A2
10
2F
FF
FE
0000 00000000 0010
02
21
48
A2
10
2F
FF
FE
3434
IPv6 Addressing EUI-64LAN: 2001:db8:213:1::/64
Eth0
MAC address: 0060.3e47.1530interface Ethernet0ipv6 address 2001:db8:213:1::/64 eui-64
router# show ipv6 interface Ethernet0Ethernet0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::260:3EFF:FE47:1530Global unicast address(es):
2001:db8:213:1:260:3EFF:FE47:1530, subnet is 2001:db8:213:1::/64Joined group address(es):
FF02::1:FF47:1530FF02::1FF02::2
MTU is 1500 bytes
8/13/19
18
3535
ICMPv6 Neighbor Discovery• Router Solicitation (RS):
– sent by IPv6 host to "all routers" multicast to request RA
• Router Advertisement (RA): – sent by a IPv6 router to the "all nodes" multicast (200 secs)– IPv6 prefix/prefix length, and default gateway
• Neighbor Solicitation (NS): – sent by IPv6 host to the "solicited node" multicast to find the MAC address of a given IPv6 address (~ARP
request).
• Neighbor Advertisement (NA): – sent in response to a NS and informs of its MAC address.
• ICMPv6 Redirect: – informs the source of a better next-hop
RFC 4861
3636
IPv6 Neighbor Discovery (ND) • Host A would like to communicate with Host B
– Global address 2406:6400::10– Link-local fe80::226:bbff:fe06:ff81– MAC address 00:26:bb:06:ff:81
• Host B IPv6 global address 2406:6400::20– Link-local UNKNOWN (if GW outside the link)– MAC address UNKNOWN
• How will Host A create L2 frame and send to Host B?
8/13/19
19
3737
IPv6 Neighbor Discovery (ND)
3838
IPv6 Address Resolution
ICMPv6 NS Type135
ICMPv6 NA Type136
SMAC: 00:26:BB:06:FF:81 DMAC: 33:33:FF:00:00:20
Source IPv6: 2406:6400::0010
Destination IPv6:FF02:0:0:0:0:1:FF00:0020
Multicast
Unicast
SMAC: 00:26:BB:06:FF:82 DMAC: 00:26:BB:06:FF:81
Source IPv6:2406:6400::0020
Dest IPv6:2406:6400::0010
1
2
RFC2464 – 33:33:xx:xx:xx:xx
8/13/19
20
3939
IPv6 Address Resolution
IPv6 Packet
IPv6 Packet
SMAC: 00:26:BB:06:FF:81 DMAC: 00:26:BB:06:FF:82
Source IPv6:2406:6400::0010
Dest IPv6:2406:6400::0020
Payload
Unicast
Unicast
SMAC: 00:26:BB:06:FF:82 DMAC: 00:26:BB:06:FF:81
Source IPv6: 2406:6400::0020
Dest IPv6:2406:6400::0010
Payload
3
4
4040
IPv6 Address Auto-configuration• Stateless address auto-configuration (SLAAC)
– No manual configuration required– Gets the IPv6 prefix and prefix length through RA (local router)– EUI-64 for interface ID (pseudo random)
• Stateful - DHCPv6– To track address assignments
8/13/19
21
41
Stateless Address Autoconfig (1)RFC 2462When a host joins a link/subnet:
• It auto-generates a link-local using the FE80::/10 prefix and EUI-64:– Ex: FE80::346A:3BFF:FE76:CAF9
• DAD is performed on the link-local:– NS message is sent to the “solicited-
node” multicast (FF02::1:FF76:CAF9), with ::/128 as the source
– If no NA message is received back, the generated address is unique and can be used
FE80::346A:3BFF:FE76:CAF9
NS
42
Stateless Address Autoconfig (2)Once the node has a link-local address:
• sends a RS message to the ”all-routers” multicast (FF02::2)– link-local as the source address
• The router responds with a RA message– IPv6 prefix and prefix length– link-local as the source – Auto flag by default (Managed and Other flags
are not set!)
• The node generates the IPv6 address– uses the received prefix (2001:DB8::/64)– Interface ID (EUI-64)– 2001:DB8::346A:3BFF:FE76:CAF9– DAD not necessary (link-local validated for the
same interface!)
FE80::346A:3BFF:FE76:CAF92001:DB8::346A:3BFF:FE76:CAF9
RS
RA
2001:DB8::/64
8/13/19
22
43
DHCPv6 (1)RFC 3315DHCPv6 is used:
– If there are no router(s) on the subnet/link, OR– If the RA message specifies to get addressing
information via DHCPv6
If the router’s RA message has the:
– O (other) flag set: stateless DHCPv6• auto-generate IPv6 address using IPv6 prefix & prefix length in
the RA• obtain other information (DNS server, domain) via DHCPv6
– M (managed) flag set:• obtain all addressing information via DHCPv6• ‘O’ flag is redundant
44
1. Client sends Solicit message to FF02::1:2 to find any available DHCPv6 servers
2. Server responds with an Advertise message• the tentative IPv6 address/prefix• Other parameters (DNS, domain, default
gateway, lease time)• could receive multiple Advertise messages
3. Client selects the server, and sends a Request asking to formally request the indicated IPv6 address
4. Server responds with a Reply to confirm the assignment
5. Performs DAD before using!
Stateful Autoconfig – DHCPv6 (2)
Solicit
Advertise
Request
Reply
IPv6 ClientDHCPv6 Server
8/13/19
23
4545
IPv6 Interface ID – Privacy• Overcome the ability to track (interface ID based on MAC
address):– Temporary address (changes): outgoing connections– Secured address: incoming connection– Temp > 2001:dc0:a000:4:84a3:49b6:1919:26fb– Secured> 2001:dc0:a000:4:108b:3690:9335:b7ec– Temp > 2001:dc0:a000:4:14e6:d4a3:815d:91dd
• Ease network management yet improve privacy:– Stable interface identifiers for each subnet– Secured> 2001:dc0:a000:4:cbb:347c:6215:1083
RFC 4941
RFC 7217
4646
Zone IDs for Link-locals– Interface en0 - fe80::4e0:37e4:c5d1:c845%en0– Interface en5 - fe80::aede:48ff:fe00:1122%en5
• Zone IDs help uniquely distinguish which link/subnet an interface is connected to
• To ping a remote IPv6 node, use your interface zone ID (so that the response packet has a path)
8/13/19
24
4747
Quiz - Zone ID• Please write down the commands:
– PC-A pings PC-B– PC-A telnet PC-Cfe80::a1%11
fe80::a2%12
PC-A
PC-B
PC-C
fe80::b1%1
fe80::c1%en0
4848
Subnetting (Example)• Provider A has been allocated
• 2001:DB8::/32
– will delegate /48 blocks to its customers
• Q. Find the blocks provided to the first 4 customers
8/13/19
25
49
Subnetting (Example)
2001:0DB8::/32
2001:0DB8:0000::/48
Original block:
Rewrite as a /48 block: This is your network prefix!
How many /48 blocks are there in a /32?
Find only the first 4 /48 blocks…
2^16 = 65K
50
Subnetting (Example)
2001:0DB8:0000::/48 In bits
0000 0000 0000 0000
2001:0DB8: ::/48
0000 0000 0000 0001
2001:0DB8: ::/48
0000 0000 0000 0010
2001:0DB8: ::/48
0000 0000 0000 0011
2001:0DB8: ::/48
Start by manipulating the LSB of your network prefix – write in bits
2001:0DB8:0000::/48
2001:0DB8:0001::/48
2001:0DB8:0002::/48
2001:0DB8:0003::/48
Then write back into hex digits
8/13/19
26
5151
Exercise 1.1: IPv6 subnetting• Identify the first four /36 sub-prefixes out of 2406:6400::/32
– _____________________– _____________________– _____________________– _____________________
5252
Exercise 1.2: IPv6 subnettingIdentify the first four /35 blocks out of 2406:6400::/32
1. _____________________2. _____________________3. _____________________4. _____________________
8/13/19
27
53
54
IPV6 HOST CONFIGURATIONModule 3
8/13/19
28
5555
IPv6 Autoconfiguration• Stateless mechanism
– For a site not concerned with the exact addresses– No manual configuration required– Minimal configuration of routers– No additional servers
• Stateful mechanism– For a site that requires tighter control over exact address
assignments– Can be assigned using a DHCPv6 server or manually
RFC4862
5656
IPv6 Autoconfiguration• IPv6 Stateless Address Autoconfiguration (SLACC)• Allow a host to obtain or create unique addresses for its
interface/s– Manual configuration should not be required– Even if no servers/routers exist to assign an IP address to a device, the
device can still auto-generate an IP address
• Small sites should not require DHCPv6 server to communicate– Plug and play– Allows interfaces on the same link to communicate with each other
• Facilitate the renumbering of a site’s machines
RFC4862
8/13/19
29
5757
Interface ID• The lowest-order 64-bit field addresses
• May be assigned in several different ways:– auto-configured from a 48-bit MAC address expanded into a 64-bit
EUI-64– assigned via DHCP– manually configured– auto-generated pseudo-random number– possibly other methods in the future
5858
Modified EUI-643 4 5 6 7 8 9 A B C D E
0 0 1 1 0 1 0 0
0 0 1 1 0 1 1 0
3 4 5 6 7 8 9 A B C D E
F F F E
36 5 6 7 8 9 A B C D EF F
Mac Address
EUI-64 Address
Interface Identifier
U/L bit
F E
EUI-64 address is formed by inserting FFFE and OR’ing a bit identifying the uniqueness of the MAC address
8/13/19
30
5959
IPv6 Addressing ExamplesLAN: 2001:db8:213:1::/64
Ethernet0
MAC address: 0060.3e47.1530interface Ethernet0ipv6 address 2001:db8:213:1::/64 eui-64
router# show ipv6 interface Ethernet0Ethernet0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::260:3EFF:FE47:1530Global unicast address(es):
2001:db8:213:1:260:3EFF:FE47:1530, subnet is 2001:db8:213:1::/64Joined group address(es):
FF02::1:FF47:1530FF02::1FF02::2
MTU is 1500 bytes
6060
IPv6 Address Privacy
• Temporary address for IPv6 host client application– e.g. Web browser
• Intended to inhibit device/user tracking but is also a potential issue– More difficult to scan all IP addresses on a subnet– But port scan is identical when an address is known
• Random 64 bit interface ID, run DAD before using it• Rate of change based on local policy• Implemented on Microsoft Windows XP/Vista/7
– Can be activated on FreeBSD/Linux/MacOS with a system call
2001
0db8
/32
/48
/64
/12
Interface ID
RFC4941
8/13/19
31
6161
Zone IDs for Local-Use Addresses• In Windows XP for example:
• Host A:– fe80::2abc:d0ff:fee9:4121%4
• Host B:– fe80::3123:e0ff:fe12:3001%3
• Ping from Host A to Host B– ping fe80::3123:e0ff:fe12:3001%4 (not %3)
• identifies the interface zone ID on the host which is connected to that segment.
6262
IPv6 Neighbor Discovery (ND) • IPv6 uses multicast (L2) instead of broadcast to find out
target host MAC address
• It increases network efficiency by eliminating broadcast from L2 network
• IPv6 ND uses ICMPv6 as transport– Compared to IPv4 ARP, there is no need to write different ARP for
different L2 protocol i.e. Ethernet etc.
RFC4861
8/13/19
32
6363
IPv6 Neighbor Discovery (ND) • Solicited-Node Multicast is used for Duplicate Address
Detection– Part of the Neighbour Discovery process– Replaces ARP– Duplicate IPv6 Addresses are rare, but still have to be tested for
• For each unicast and anycast address configured, there is a corresponding solicited-node multicast address– This address is only significant for the local link
6464
IPv6 Neighbor Discovery (ND) • Solicited Node Multicast Address
– Starts with FF02::1:FF00:0/104– Last 24 bit from the interface IPV6 address
• Example Solicited Node Multicast Address– IPV6 Address 2406:6400:0:0:0:0:0000:0010– Solicited Node Multicast Address is FF02:0:0:0:0:1:FF00:0010
• All hosts listen to its solicited node multicast address corresponding to its unicast and anycast address (if defined)
8/13/19
33
6565
IPv6 Neighbor Discovery (ND) • Host A would like to communicate with Host B
– Host A IPv6 global address 2406:6400::10– Host A IPv6 link local address fe80::226:bbff:fe06:ff81– Host A MAC address 00:26:bb:06:ff:81
• Host B IPv6 global address 2406:6400::20– Host B Link local UNKNOWN [Gateway if outside the link]– Host B MAC address UNKNOWN
• How will Host A create L2 frame for Host B?
6666
IPv6 Neighbor Discovery (ND)
8/13/19
34
6767
IPv6 Autoconfiguration
1. A new host is turned on.
2. Tentative address will be assigned to the new host.
3. Duplicate Address Detection (DAD) is performed. First the host transmit
• a Neighbor Solicitation (NS) message to all-nodes multicast address (FF02::1)
5. If no Neighbor Advertisement (NA) message comes back then the address is unique.
6. FE80::310:BAFF:FE64:1D will be assigned to the new host.
Tentative address (link-local address)Well-known link local prefix +Interface ID (EUI-64)Ex: FE80::310:BAFF:FE64:1D
Is this address unique?
AssignFE80::310:BAFF:FE64:1D
2001:1234:1:1/64 network
6868
IPv6 Autoconfiguration
FE80::310:BAFF:FE64:1D
Send meRouter Advertisement
1. The new host will send Router Solicitation (RS) request to the all-routers multicast group (FF02::2).
2. The router will reply Routing Advertisement (RA).3. The new host will learn the network prefix. E.g, 2001:1234:1:1/644. The new host will assigned a new address Network prefix+Interface
ID E.g, 2001:1234:1:1:310:BAFF:FE64:1D
RouterAdvertisement Assign2001:1234:1:1:310:BAFF:FE64:1D
2001:1234:1:1/64 network
8/13/19
35
6969
ICMPv6 Messages for Autoconfiguration• 133 Router Solicitation
– Prompts a router to send a Router Advertisement.
• 134 Router Advertisement– Sent by routers to tell hosts on the local network the router exists and
describe its capabilities.
• 135 Neighbor Solicitation– Sent by a device to request the layer two address of another device
while providing its own as well.
• 136 Neighbor Advertisement– Provides information about a host to other devices on the network
7070
Configuration of IPv6 Nodes• There are 3 ways to configure IPv6 address on an IPv6
node:– Static address configuration – DHCPv6 assigned node address– Stateless autoconfiguration
8/13/19
36
7171
Configuration of IPv6 Node AddressQuantity Address Requirement Context
One Loopback [::1] Must define Each nodeOne Link-local Must define Each InterfaceZero to many Unicast Optional Each interfaceZero to many Unique-local Optional Each interfaceOne All-nodes multicast
[ff02::1]Must listen Each interface
One Solicited-node multicast ff02:0:0:0:0:1:ff/104
Must listen Each unicast and anycast define
Any Multicast Group Optional listen Each interfaceULA are unicast address globally unique but used locally within sites.Any sites can have /48 for private use. Each /48 is globally unique so no Collision of identical address in future when they connect together
7272
IPv6 Host Configuration (Windows)• Windows XP SP2
– netsh interface ipv6 install
• Windows XP– ipv6 install
8/13/19
37
7373
IPv6 Host Configuration (Windows)• Configuring an interface
netsh interface ipv6 add address “Local Area Connection” 2406:6400::1
• Note: Prefix length is not specified with address which will force a /64 on the interface
• Verify your Configurationipconfig
• Verify your neighbour table– netsh interface ipv6 show neighbors
7474
IPv6 Host Configuration (Windows)• Disable privacy state variable
netsh interface ipv6 set privacy state=disable
OR
netsh interface ipv6 set global randomizeidentifiers=disabled
8/13/19
38
7575
IPv6 Host Configuration (Windows)• Testing your configuration
ping fe80::260:97ff:fe02:6ea5%4
• Note: the Zone ID is your interface index Zone ID
7676
IPv6 Host Configuration (Mac OS X)• Disable privacy address
sysctl –w net.inet6.ip6.use_tempaddr=0
• Configuring an interface from the Terminalifconfig en0 inet6 2406:6400::2/48route add –inet6 –prefixlen 0 default \
2406:6400::1
• Verify your neighbor tablendp -a
8/13/19
39
7777
IPv6 Host Configuration (Linux)• Enabling IPv6 on Linux
– Set the NETWORKING_IPV6 variable to yes in /etc/sysconfig/networkvi /etc/sysconfig/network
NETWORKING_IPV6=yesservice network restart
• Adding IPv6 address on an interfaceifconfig eth0 add inet6 2406:6400::1/64 (OR)ifconfig eth0 add 2406:6400::1/64
7878
IPv6 Host Configuration (Linux)• Configuring Router Advertisement (RA) on Linux
– Set IPv6 address forwarding onecho “1” /proc/sys/net/ipv6/conf/all/forward
– Need radvd-0.7.1-3.i386.rpm installed– On the demon conf file /etc/radvd.conf
vi /etc/radvd.confinterface eth1 {advSendAdvert on;prefix 2406:6400::/64 {AdvOnLink on; }; };
8/13/19
40
7979
IPv6 Host Configuration (FreeBSD)• Enabling IPv6 on FreeBSD
– Set the ipv6_enable variable to yes in the /etc/rc.confvi /etc/rc.conf
ipv6_enable=yes
• Adding IPv6 address on an interfaceifconfig fxp0 inet6 2406:6400::1/64
8080
IPv6 Host Configuration (FreeBSD)• Configuring RA on FreeBSD
– Set IPv6 address forwarding onsysctl -w net.inet6.ip6.forwarding=1
– Assign IPv6 address on an interfaceifconfig en1 inet6 2001:07F9:0400:010E::1 \prefixlen 64
– RA on an interfacertadvd en1
8/13/19
41
8181
Exercise 1: IPv6 Host Configuration• Configure RA on Cisco
config t
interface e0/1
ipv6 nd prefix-advertisement 2406:6400::/64
82
8/13/19
42
83
IPV6 AND DNSModule 4
84
Reverse DNS Tree – with IPv6
84
Root.
in-addr
202 203
64
22
ip6
IPv6 addresses
net org com arpa
ianaapnic
8/13/19
43
8585
IPv6 Representation in the DNS• Forward lookup support: Multiple RR records for name to
number– AAAA (Similar to A RR for IPv4 )
• Reverse lookup support: – Reverse nibble format for zone ip6.arpa
85
8686
IPv6 Reverse Lookups – PTR records• Similar to the IPv4 reverse recordb.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa.
IN PTR test.ip6.example.com.
• Example: The reverse name lookup for a host with address• 3ffe:8050:201:1860:42::1
– $ORIGIN 0.6.8.1.1.0.2.0.0.5.0.8.e.f.f.3.ip6.arpa.– 1.0.0.0.0.0.0.0.0.0.0.0.2.4.0.0 14400 IN PTR host.example.com.
86
8/13/19
44
8787
IPv6 Forward Lookups• Multiple addresses possible for any given name
– Ex: in a multi-homed situation
• Can assign A records and AAAA records to a given name/domain
• Can also assign separate domains for IPv6 and IPv4
87
8888
Example: Forward Zone;; domain.edu$TTL 86400@ IN SOA ns1.domain.edu. root.domain.edu. (
2019021401 ; serial - YYYYMMDDXX21600 ; refresh - 6 hours1200 ; retry - 20 minutes3600000 ; expire - long time86400) ; minimum TTL - 24 hours
;; NameserversIN NS ns1.domain.edu.IN NS ns2.domain.edu.
;; Hosts with just A recordshost1 IN A 1.0.0.1
;; Hosts with both A and AAAA recordshost2 IN A 1.0.0.2
IN AAAA 2001:468:100::2
88
8/13/19
45
8989
Example: Reverse Zone;; 0.0.0.0.0.0.1.0.8.6.4.0.1.0.0.2.rev;; These are reverses for 2001:468:100::/64);; File can be used for both ip6.arpa and ip6.int.
$TTL 86400@ IN SOA ns1.domain.edu. root.domain.edu. (
2019021401 ; serial - YYYYMMDDXX21600 ; refresh - 6 hours1200 ; retry - 20 minutes3600000 ; expire - long time86400) ; minimum TTL - 24 hours
;; NameserversIN NS ns1.domain.edu.IN NS ns2.domain.edu.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR host1.ip6.domain.edu2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR host2.domain.edu
89
90
8/13/19
46
91
Thank You!END OF SESSION