I pv6 foundations

IPv6 Foundations

Mukom Akong T. (@perfexcellent)

①  Understand IPv4 exhaustion and its implications ②  Identify IPv6 addresses ③  Create an IPv6 addressing plan ④  Configure and verify IPv6 on a LAN Fu

ndam

enta

ls o

f IP

v6

What you should be able to do after finishing this module

learn.afrinic.net | slide 2

①  Fundamental concepts of TCP/IPv4 ②  Building basic IPv4 networks. ③  Using the command line interface for common

routing platforms §  Cisco IOS §  Juniper JUNOS §  Quagga

Fund

amen

tals

of

IPv6

Module Assumptions


Fund

amen

tals

of

IPv6

Module deliverables

Describe differences between IPv4 and IPv6 Key protocols Basic configuration

Create an IPv6 addressing plan Subnetting Estimate space Allocation

Identify and work with IPv6 addresses Address structure and notation Types of IPv6 addresses

Understand IPv4 exhaustion implications Global IPv6 address distribution Implications of exhaustion


After this section, you should be able to:

①  Describe the world situation with respect to v4 addresses

②  Describe the implications of IPv4 exhaustion

Understanding IPv4 Exhaustion Implications!

Central IPv4 Pool as at 16.06.2010 U

nder

stan

ding

IPv4

Exh

aust

ion

Impl

icat

ions


Central IPv4 Pool as at 31.01.2011 U

nder

stan

ding

IPv4

Exh

aust

ion

Impl

icat

ions


Global IPv4 Address Distribution

Source: www.ipv4depletion.com Und

erst

andi

ng IP

v4 E

xhau

stio

n Im

plic

atio

ns


Projected RIR Depletion Dates

Source: Geof Houston Und

erst

andi

ng IP

v4 E

xhau

stio

n Im

plic

atio

ns


Exhaustion Consequence: IPv4 addresses are now more expensive

Und

erst

andi

ng IP

v4 E

xhau

stio

n Im

plic

atio

ns

$7.5m for 666,624 v4 addresses learn.afrinic.net | slide 10

Exhaustion Consequence: demand for IPv4 addresses may increase its price

Und

erst

andi

ng IP

v4 E

xhau

stio

n Im

plic

atio

ns


u  Black markets have well-known contrary consequences

Exhaustion Consequence: An IPv4 address black market emerges

Und

erst

andi

ng IP

v4 E

xhau

stio

n Im

plic

atio

ns


u Scenario #1: We remain complacent and the world leaves us behind in IPv4-land §  Cost of connecting to the rest of the world increases § We miss any market opportunities v6 adoption

presents u Scenario #2: A ‘rush’ for Africa’s pool by other regions

§  African networks deprived of critical v4 needed to facilitate transition to v6

§ We are forced to deploy greenfield IPv6 (good) §  Use of NAT increases (bad)

Implications of Africa running out last U

nder

stan

ding

IPv4

Exh

aust

ion

Impl

icat

ions


Ultimately…being left behind means U

nder

stan

ding

IPv4

Exh

aust

ion

Impl

icat

ions

IPv6 network

IPv4


How shall we deal with exhaustion? U

nder

stan

ding

IPv4

Exh

aust

ion

Impl

icat

ions

IPv4 ?

IPv4 preservation with NAPT

IPv6 Deployment


The Internet Numbers Registry for AfricaAFRINIC


Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32

Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30


Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161Questions? Comments?


①  Work comfortably with IPv6’s hexadecimal notation ②  Identify, write and shorten IPv6 addresses

IPv6 Addressing Basics!

u Network-layer successor to IPv4 § 128 bits long (296 times the total IPv4 address

space) § Runs on the same physical infrastructure § The same applications can also run on IPv6 §  Incompatible with IPv4!

u The only sustainable answer to IPv4 exhaustion § Enables continued growth of the Internet § Restores end-to-end model & related applications

Und

erst

andi

ng IP

v6 A

ddre

ssin

g What is IPv6?


u  The 8 groups of hexits are separated by colons u  Addresses are conventionally written in lower case

Und

erst

andi

ng IP

v6 A

ddre

ssin

g IPv6 addresses are written in hexadecimal

IPv6 address = 128 bits (1 or 0)

IPv6 address = 32 hexits (0 - 9, a , b , c , d , e , f)

IPv6 address = 8 groups of 4 hexits 2001 : db8 : c001 : face : b00c : dead : babe : 1cee


How IPv6 addresses are written U

nder

stan

ding

IPv6

Add

ress

ing

© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011


①  Zero-suppression: omit all leading zeroes in a group of hexits §  A leading zero is that which comes immediately after a

colon §  Each group must still contain at least one hexit

②  Zero-compression: substitute two or more consecutive groups of zeroes with one double colon (::) §  This should only be done once to avoid ambiguity §  If more than substitution is possible, make that which

replaces the most groups §  In case of two equal possible substitutions, make the

leftmost one.

Und

erst

andi

ng IP

v6 A

ddre

ssin

g Rules for shortening IPv6 addresses


Shortening IPv6 addresses: Example U

nder

stan

ding

IPv6

Add

ress

ing



Shortening IPv6 addresses: Example U

nder

stan

ding

IPv6

Add

ress

ing



Incorrect IPv6 shortening example U

nder

stan

ding

IPv6

Add

ress

ing



u  IPv6 is all CIDR i.e. no subnet masks u A prefix is written as:

aaaa:bbbb:cccc:dddd:eeee:ffff/prefix length u Prefix length is a decimal in the range [0 , 128] u Examples of prefix notation:

§  2001:db8::/32 --- a prefix assigned to an organisation §  2001:db8:1ce:c001::/64 --- a prefix assigned to a LAN §  2001:db8:1ce:c001::a/64 ---an address out of a /64

prefix

Und

erst

andi

ng IP

v6 A

ddre

ssin

g IPv6 prefixes









①  Identify different types of IPv6 addresses ②  Describe the structure and scopes these addresses

IPv6 Address Types!

Und

erst

andi

ng IP

v6 A

ddre

ssin

g Types of IPv6 addresses

Unicast addresses

•  Identifies and interface of an IPv6 node •  Can be used as source and destination of a packet •  An interface can have multiple valid IPv6 addresses

Multicast addresses

•  Identifies a group of IPv6 addresses •  Can only be used as the destination of a transmission •  An interface can belong to multiple multicast addresses

Anycast addresses

•  Same address on multiple nodes •  Packet to anycast address is delivered only to nearest one •  Packets are never sourced from an anycast address


Scope: An address’ extent of validity U

nder

stan

ding

IPv6

Add

ress

ing

Link Layer

Global Scope Link-local Scope

These two scopes do not apply to multicast addresses and the unspecified address

fe80::/10


u  Fixed high order bits of “001” => prefix of 2000::/3

u  Example: 2001:db8:dead:beef:c001:babe:0000:aaaf

Global unicast addresses

Global Routing Prefix SubnetID InterfaceID

45 bits 64 bits16 bits3

bits

001

Und

erst

andi

ng IP

v6 A

ddre

ssin

g

IANA>>LIR>>ISP


u  First 10 bits are 1111 1110 10 thus prefix fe80::/10

u  Scope is link local thus not forwarded off-link by routers

u  One per interface is always automatically configured when IPv6 is enabled

u  Used for

§  Automatic address configuration

§  Default gateway on hosts and next-hops to routes

§  Routing protocol updates

§  Neighbor discovery

Link local unicast addresses

0 InterfaceID

54 bits 64 bits10 bits

1111 1110 10

Und

erst

andi

ng IP

v6 A

ddre

ssin

g


“If you ping fe80::212:6bff:fe54:f99a (N1), what egress interface will router R use?” – see solution next slide

The Link local address reachability problem

fe80::212:6bff:fe54:f99a

R

N1

Fe 0/0Fe 0/1

N2

M2 M1

fe80::212:6bff:fe3a:9e9a

fe80::212:6bff:fe17:fc0f fe80::245:bcff:fe47:1530

Und

erst

andi

ng IP

v6 A

ddre

ssin

g


u ZoneID (or scopeID)

§  Provides the extra routing information required

§  Automatically assigned by the operating system

§ Only locally significant

u A full link-local address is written as : address%zoneID

u Examples of some full link-local addresses with zoneIDs:

§  [Windows] ping fe80::245:bcff:fe47:1530%11

§  [Linux] ping6 fe80::245:bcff:fe47:1530%eth0

ZoneIDs (scopeIDs) – resolving Link local address ambiguity

Und

erst

andi

ng IP

v6 A

ddre

ssin

g


u Windows Host X: fe80::1ce:c01d:dead:babe%7

u Windows Host Y: fe80::dead:beef:1ce:c01d%10

u Ping from X -> Y is accomplished thus

§ Use the link local address of Host Y

§ Append the ZoneID of Host X on the same broadcast

domain

§  ping fe80::dead:beef:1ce:c01d%7 [correct]

§  ping : fe80::dead:beef:1ce:c01d%11 [wrong]

Und

erst

andi

ng IP

v6 A

ddre

ssin

g Examples of using ZoneID


u  Private address space anyone can use without going to an ISP or RIRs

u  Prefix fc00::/7 and L flag indicates whether the prefix is locally assigned (1) or globally assigned (0) §  For L=1, we have fd00::/8 for ULAs that anyone can assign. §  For L=0, we have fc00::/8 for ULAs that are centrally

assigned. u  Scope is global but they are usually filtered by e-BGP routers

Unique local addresses

Global ID SubnetID InterfaceID


bits

1111 110L

Und

erst

andi

ng IP

v6 A

ddre

ssin

g


1.  Get the current time on the day in 64bit NTP format. 2.  Get the EUI-64 identifier from the MAC address or other

unique identifier. 3.  Concatenate (1) and (2) 4.  Compute the SHA-1 digest of (3) 5.  Use the least significant 40 bits of (4) as your globalID

Und

erst

andi

ng IP

v6 A

ddre

ssin

g Unique local addresses: globalID algorithm

Global ID SubnetID InterfaceID


bits

1111 110L


u  IPv4-derrived address used in the 6to4 transition mechanism

u WWXX:YYZZ is the hex form of public v4 address w.x.y.z u Each public IPv4 address gives an entire /48 IPv6 prefix

Und

erst

andi

ng IP

v6 A

ddre

ssin

g 6to4 transition addresses

WWXX:YYZZ SubnetID2002 InterfaceID

48 bits 64 bits16 bits

w.x.y.z


u Manually – typed by an admin on an interface

u Automatically

§  The EUI-64 algorithm.

§ A pseudo-random number.

§ A public key (e.g. in CGAs)

u Some InterfaceIDs are reserved (RFC 5433)

§  Subnet router anycast: 0000:0000:0000:0000

§ Reserved subnet anycast: fdff:ffff:ffff:ff80 - ff

Und

erst

andi

ng IP

v6 A

ddre

ssin

g Generating the InterfaceID – Last 64 bits


Und

erst

andi

ng IP

v6 A

ddre

ssin

g EUI-64 automatic interfaceID generation


u For a given MAC address

§  The EUI-64 interfaceID is fixed

§  It is re-used with the prefix of any network

encountered

u It is possible to track a user from their interfaceID

§  The prefix says what network a user is on

§  The MAC address can be inferred from the

interfaceID

u Privacy addressing (RFC4941) deals with this issue

Und

erst

andi

ng IP

v6 A

ddre

ssin

g Privacy concerns with EU-64


u  An IPv4 address represented in IPv6 format

u  Form: ::ffff:w.x.y.z/96 where w.x.y.z is a normal IPv4 address.

u  Internally represents a v4 node to a v6 node

u  Never used as a source or destination v6 address

Und

erst

andi

ng IP

v6 A

ddre

ssin

g IPv4-mapped transition addresses

0 ffff IPv4 Address

80 bits 16 bits 32 bits


u  An IPv6 address formed from an private IPv4 address u  Automatically generated and assigned to ISATAP tunnels u  Form: 64bitPrefix:0:5efe:a.b.c.d

§  Where a.b.c.d is an RFC1918 private IPv4 address

Und

erst

andi

ng IP

v6 A

ddre

ssin

g ISATAP transition addresses

Prefix 0000:5efe Private IPv4 Address

64 bits 32 bits 32 bits


u  Used as the destination of multicast communication

u  Start with bits 1111 1111 which is prefix: ff00::/8

u  Bits 8 – 16 specify further characteristics of the address

Und

erst

andi

ng IP

v6 A

ddre

ssin

g Multicast addresses

GroupID

112 bits

1111 1111

8 bi

ts

4 bi

ts

4 bi

tsSc

ope

Flag

s


The Flag Bits in multicast addresses U

nder

stan

ding

IPv6

Add

ress

ing

Bit Description

3 Reserved (must be set to 0)

2 (R flag) Rendezvous Point address is embedded (1) or not (0)

1 (P flag) Address is based on a unicast prefix (1) or not (0)

0 (T flag) Address is well-known (0) or dynamically assigned (1)


The Scope bits in multicast addresses U

nder

stan

ding

IPv6

Add

ress

ing

Binary Hex Scope

0001 0x1 Interface

0010 0x2 Link

0100 0x4 Administrative

0101 0x5 Site

1000 0x8 Organisation

1110 0xe Global

Others Unassigned or Reserved


Some reserved multicast groups

Some Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast Groups

Address Scope Description

FF01::1 1=Interface All nodes on the interface

FF02::1 2=Link All nodes on the link

FF01::2 1=Interface All routers on the interface

FF02::2 2=Link All routers on the link

FF05::2 5=site All routers in the site

FF02::5 2=Link All OSPFv3 routers

FF02::6 2=Link OSPFv3 designated routers

FF02::A 2=Link All EIGRPv6 routers

FF02::D 2=Link All PIM routers

FF02::1:FFXX:XXXX 2=Link Solicited-node address

Und

erst

andi

ng IP

v6 A

ddre

ssin

g


u  Multicast address for all nodes with the same IPv6 address u  Constructed as follows:

§  Prefix FF02:0:0:0:0:1:FF00::/104 §  Last 24 bits of the IPv6 unicast address §  See examples next slide

The solicited node multicast address U

nder

stan

ding

IPv6

Add

ress

ing


Prefix InterfaceID

FF02::1:FF00: Lower 24 bits

104 bits 24 bits

#show ipv6 interface g0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::CA9C:1DFF:FE6B:B6A0 No Virtual link-local address(es): Description: [Link to R1] Global unicast address(es): 2001:43F8:90:C0::2, subnet is 2001:43F8:90:C0::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:2 FF02::1:FF6B:B6A0 MTU is 1500 bytes

Und

erst

andi

ng IP

v6 A

ddre

ssin

g Solicited node multicast addresses in action


u Problem: The colon in v6 addresses has another

meeting in urls

§  It is a core part of the http://

§  It is also used to specify the port

u Solution: enclose the IPv6 address in square brackets

http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/

http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:80/ Und

erst

andi

ng IP

v6 A

ddre

ssin

g IPv6 address literals in URLs


u Problem: The colon a illegal character in Microsoft UNC pathnames

u The solution: § Replace each colon in the address with a dash § Replace any “%” in the zoneID with an “s” § Append “.ipv6-literal.net” to the address

u Example: 2001:db8:85a3:8d3:1319:8a2e:370:7348 2001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net u Example: fe80::1%4

fe80--1s4.ipv6-literal.net

Und

erst

andi

ng IP

v6 A

ddre

ssin

g IPv6 literals in UNC path names


Summary of IPv6 address types

Summary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address Types

Type Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)

Global Unicast GlobalIDGlobalID SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID

Link-local fe80 00 InterfaceIDInterfaceIDInterfaceIDInterfaceID

Unique-local fc00 0 SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID

Unique-local fd00 0 SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID

IPv4-mapped 0000 ffff <IPv4 Addr.><IPv4 Addr.>

6to4 2002 <IPv4 Addr.> SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID

ISATAP <64bit v6 Prefix><64bit v6 Prefix><64bit v6 Prefix> 0 5efe <IPv4 Addr.><IPv4 Addr.>

Unspecified 0000000

Loopback 000000 0001

Multicast ff<LS> Multicast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupID

Und

erst

andi

ng IP

v6 A

ddre

ssin

g









①  Describe the IPv6 header, noting differences from the v4 header

②  Identify the IPv6 equivalents and functioning of key IPv4 protocols

IPv6 from an IPv4 Perspective!

The IPv6 packet structure IP

v6 f

rom

an

IPv4

Per

spec

tive


u Fixed header size of 40 bytes (320 bits)

u Fragmentation not allowed by routers, only end hosts

u Minimum supported MTU is 1280 bytes

u Optional layer 3 information is put in extension headers

just before the upper-layer header

IPv6

fro

m a

n IP

v4 P

ersp

ecti

ve

Key characteristics of the IPv6 packet


u Serve similar functionality to IPv4 “Options” headers

u Processed only at packet's destination, except for Hop-

by-Hop Options header

u Only appear once in a packet, except for the

Destination Options header which appears twice

u A node discards the packet with a “Parameter Problem”

message in the following circumstances

u It sees an un-recognized extension header

u A Next Header value 0 appears in a header other

than the fixed header

IPv6

fro

m a

n IP

v4 P

ersp

ecti

ve

IPv6 extension headers


IPv6

fro

m a

n IP

v4 P

ersp

ecti

ve

IPv6 packet without extension header

Cou

rtesy

: cisc

o.co

m


IPv6

fro

m a

n IP

v4 P

ersp

ecti

ve

IPv6 packet with extension headers

Cou

rtesy

: cisc

o.co

m


IPv6

fro

m a

n IP

v4 P

ersp

ecti

ve

List and order of IPv6 extension headers

Order Header Code Description

1 Basic IPv6 header

2 Hop-by-hop options 0 Examined by all hosts in path

3 Destination options 60 Examined only by destination node

4 Routing 43 Specify the route for a datagram (mobile v6)

5 Fragment 44 Fragmentation parameters

6 Authentication (AH) 51 Verify packet authenticity

7 ESP 50 Encrypted data

8 Destination options 60 Examined only by destination node

9 Mobility 135 Parameters for use with mobile IPv6 learn.afrinic.net | slide 59

The IPv6 header compared to IPv4 header IP

v6 f

rom

an

IPv4

Per

spec

tive Version Header Length TOS Total Length

Identification Flags Fragment Offset

TTL Protocol Header Checksum

Source Address

Destination Address

Options

Version Traffic Class Flow LabelPayload Length Hop Limit

Source Address

Next Header

Destination Address

0 4 8 12 16 20 24 28 32


IPv6 packet header on the wire IP

v6 f

rom

an

IPv4

Per

spec

tive


Packet header structure changes from IPv4 IP

v6 f

rom

an

IPv4

Per

spec

tive

IPv4 header fields removed from the base IPv6 header §  Fragmentation fields [Identification, flags, fragment offset] §  Options

IPv4 header fields eliminated in IPv6 §  Header checksum §  Header length

Revised fields §  TTL à Hop count §  Protocol à Next header §  Precedence and ToS fields à Traffic class

New fields §  Flow label


IPv4 vs IPv6 key functionality comparison IP

v6 f

rom

an

IPv4

Per

spec

tive IPv4 IPv6

Network Access Layer §  Ethernet and variants §  PPP for serial links §  ATM

§  Ethernet and variants §  PPP for serial links §  ATM

Host auto-configuration §  DHCP §  DHCPv6

§  Stateless Address configuration

Network to Link-layer Address Resolution §  ARP broadcasts §  NDP via ICMPv6 (NS, NA)



v6 f

rom

an

IPv4

Per

spec

tive IPv4 IPv6

FQDN to IP-address resolution §  DNS client-server §  A resource records §  In-addr-arpa. reverse

zone

§  DNS client-server §  AAAA resource records §  ip6.arpa reverse zone

Host multicast group membership §  IGMPv1 §  IGMPv2

§  MLDv1

Automatic default gateway configuration §  DHCP, IRDP, passive

RIP §  NDP via ICMPv6 (RA)



v6 f

rom

an

IPv4

Per

spec

tive IPv4 IPv6

Routing protocols §  Static routing §  RIPv1, RIPv2 §  OSPFv2 §  BGP4+ IPv4 AF

§  Static routing §  RIPng §  OSPFv3 §  BGP4+ IPv6 AF

Minimum MTU size §  576 bytes §  1280 bytes

Sending packets to all hosts on subnet §  Broadcast to subnet

broadcast Multicast to ALL_NODES (ff02::1)


u Most modern DNS servers support IPv6 § AAAA records for IPv6 to FQDN mapping §  PTR records under ip6.arpa. TLD for FQDN to IP

mapping u DNS is transport-protocol agnostic i.e.

§ A query over IPv4 could yield AAAA records § A query over IPv6 could yield A records

Resolving names to IPv6 addresses IP

v6 f

rom

an

IPv4

Per

spec

tive


Sample IPv6 resource records

IPv4 IPv6

FQDN to IP Address

[A record]voyager.starfleet.org A

197.1.0.77

[AAAA record]voyager.starfleet.org IN AAAA

2001:0470:0000:0064:0000:0000:0000:0002

IP Address to FQDN

[PTR record]77.0.1.197.in-addr.arpa

PTR voyager.starfleet.org

[PTR record]2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.6.0.0.0

.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa IN PTR voyager.starfleet.orgIP

v6 f

rom

an

IPv4

Per

spec

tive


①  Write the IPv6 address in full reverse ②  Separate each hexit by a period ③  Append the “ip6.arpa” domain u Example with sipcalc

Generating IPv6 PTR records IP

v6 f

rom

an

IPv4

Per

spec

tive


The usual DNS test tools work as expected IP

v6 f

rom

an

IPv4

Per

spec

tive









①  Describe the importance and functioning of IPv6 ND

②  Describe how ND is used in other key IPv6 functions

The Key IPv6 Functionality Protocols!

u Key protocol upon which most of IPv6’s functionality depends

u Used by both hosts and routers u Consists of a set of ICMPv6 messages u Works at network layer, thus can use IPsec u Different message exchanges deliver various

functionalities

The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

IPv6 Neighbor Discovery Protocol (ND)


Functions of IPv6 Neighbor Discovery (ND) Th

e K

ey IP

v6 F

unct

iona

lity

Pro

toco

ls A

ddress resolution Address autoconfiguration

Parameter discovery

Prefix discovery

Router discovery

Host-Router Functions!

Duplicate address detection

Neighbour unreachability detection

Next-hop determination

Address resolution

Host-Communication! Functions!

Neighbour Discovery Protocol


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

5 ICMPv6 messages used by ND

ND!

Neighbour Solicitation!

Neighbour Advertisement!

Router Solicitation!

Router Advertisement!

Redirect!


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

Router Solicitation & Advertisement


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

The Router Solicitation message

Sent by IPv6 host

Purpose Find out what routers are present on the link

Src address

§ IP of querying interface if one exist § Unspecified address (::) if there is no IP address yet

Dst address FF02::2 (all-routers)

Notes ICMP type 133, ICMP code 0


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

Sample RS packet capture


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

The Router Advertisement message

Sent by IPv6 router

Purpose

§ Advertise its presence prefixes, MTU, hop limits § Sent periodically or in response to a RS

Src address Router’s link local IPv6 address

Dst address

§ FF02::1 (all-v6-nodes) for periodic broadcasts § v6 address of querying node if responding to a RS



The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

RA Message on the Wire


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

Sample RA packet capture


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

Neighbour Solicitations and Advertisements


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

The Neighbour Solicitation message

Sent by IPv6 host

Purpose

§ Find out link layer address of another host. § Duplicate address detection. § Verify that a neighbour is reachable.

Src address

§ IP of querying interface if one exist § Unspecified address (::) if there is no IP address yet

Dst address

§ Target neighbour’s address if known § Solicited node multicast address of target otherwise



The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

The Neighbour Advertisement message

Sent by IPv6 host

Purpose

§ Response to a neighbour solicitation (NS) § Periodically to update neighbors.

Src address

§ Manual or auto configured address of originating interface.

Dst address

§ IP address of the node which sent the NA. § FF02::1 for periodic advertisements.



The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

Capture of an NA from a router in response to a NS


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

Packet capture of NA message from a host


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

The Redirect message

Sent by IPv6 router

Purpose Informs a node of a better next-hop router.

Src address Link local address of router.

Dst address

IP address of requesting node.

Notes ICMP type 137, ICMP code 0 learn.afrinic.net | slide 86

Duplicate address detection Th

e K

ey IP

v6 F

unct

iona

lity

Pro

toco

ls

N2

N1

N3

Tentative IP: 2001:db8::2:260:8ff:fe53:f9d8

IP: 2001:db8::2:260:8ff:fe53:f9d8

NS1

src: ::dst: FF02::1:FF53:F9D8hop limit: 255Target: 2001:DB8::2:260:8FF:FE53:F9D8

NA2

src: 2001:DB8::2:260:8FF:FE53:F9D8dst: FF02::1hop limit: 255Target: 2001:DB8::2:260:8FF:FE53:F9D8


u DAD is performed on ALL unicast addresses u DAD is NEVER performed for anycast addresses u If DAD fails

§ That address cannot be assigned to the interface. § All addresses using that InterfaceID are also not

unique § A system management error must be logged

u Unrelated packets sent to a tentative address are discarded The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

Duplicate address detection


①  Host N1 is going to assign address “A” on its interface “I” ②  Interface “I” joins multicast groups:

§  ff02::1 -- “All IPv6 nodes” §  ff02::ff00:0:a – solicited node multicast address for “A”

③  N1 sends NS message to ff02::ff:0:a sourced from “::” ④  N1 listens for any NS messages to ff02::ff00:0:a from “::” ⑤  DAD fails under any of the following circumstances

§  N1 receives an NS for a tentative address prior to sending one. §  More NSs are received than those expected based on loopback

semantics

How duplicate address detection works Th

e K

ey IP

v6 F

unct

iona

lity

Pro

toco

ls


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

NS packet capture illustrating duplicate address detection (DAD)


Link-layer address resolution using ND

N2

N1

NS1

src: IPv6 address [N1]

dst: Solicited node multicast [N2]

data: Link layer address [N1]

query: "what's your link layer address?"

src: IPv6 address [N2]

dst: IPv6 address [N1]

data: Link layer address [N2]

NA 2

The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols


u Does not necessarily verify end-to-end reach-ability since a neighbour could be a router (not the final destination)

u How it works: § Sending a probe to desired hosts’ solicited node

multicast address and receiving a NA or RA in response

§ Receive a clue from higher level protocol that to say communication is happening e.g TCP ACK

u Can be used for first hop router redundancy

The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

Neighbour unreachability detection


The

Key

IPv6

Fun

ctio

nalit

y P

roto

cols

NS packet capture for neighbour reachability verification









①  Configure and verify IPv6 on Windows operating systems ②  Configure and verify IPv6 on Linux operating systems ③  Configure and verify IPv6 on the MAC OS X operating system ④  Configure and verify IPv6 on Cisco IOS ⑤  Configure and verify IPv6 on Junos

Basic IPv6 Configuration!

Operating system IPv6 supported Windows Windows XP Service Pack 2 and up Mac OS X 10.4 (Tiger) and up GNU Linux Kernel 2.6 and up FreeBSD FreeBSD 4.0 and up Cisco IOS IOS 12.4; 12.3; 12.xT from 12.2T and up Junos Junos 5.1 and up

Most Operating Systems have IPv6 enabled by default!

Bas

ic IP

v6 C

onfi

gura

tion


Host Configuration: Windows Vista/7 B

asic

IPv6

Con

figu

rati

on


Bas

ic IP

v6 C

onfi

gura

tion

Host configuration: Mac OS X


Host Configuration: Linux B

asic

IPv6

Con

figu

rati

on Configure IPv6 on an interface

[In /etc/network/interfaces] auto eth0 iface eth0 inet6 static address 2001:db8:fedc:abcd::1/64

force an interface to come up at boot-up and get address automatically. [In /etc/network/interfaces] auto eth0 iface eth0 inet manual up /sbin/ip -6 link set eth0 up

Verify

#ifconfig eth0 OR #ip -6 addr show eth0


u Offer host tracking when EUI-64 addresses are used u Privacy address status on various operating systems

§ Windows Vista/7 – Enabled by default § Mac OS X – Not enabled by default § Linux - not enabled by default

u Generally, enabling privacy addresses is not recommended

Bas

ic IP

v6 C

onfi

gura

tion

Working with privacy addresses


Disabling privacy addressing B

asic

IPv6

Con

figu

rati

on

Windows Vista/7 c:\netsh interface ipv6 set privacy state=enabled|disabled c:\netsh interface ipv6 set global randomizeidentifiers=enabled|disabled

Mac OS X In /etc/sysctl.conf net.inet6.ip6.use_tempaddr=0|1 net.inet6.ip6.temppltime=XX //lifetime of temporary address

Linux

#echo "1" > /proc/sys/net/ipv6/conf/default/use_tempaddr


Configuring basic IPv6 on Cisco IOS B

asic

IPv6

Con

figu

rati

on Enable IPv6 on an Interface!

(config)#ipv6 enable

Assign an IPv6 address with automatic interfaceID!

(config)#ipv6 address <prefix/prefix-length> eui-64

Assign a static IPv6 address!

(config)#ipv6 address <ipv6address/prefix-length>

Enable IPv6 routing and CEF!(config)#ipv6 unicast-routing (config)#ipv6 cef


Configuring basic IPv6 on Junos B

asic

IPv6

Con

figu

rati

on

Enable IPv6 on an Interface

#edit interfaces <interfacename> unit <unit_no>

Assign an IPv6 address with automatic interfaceID

#set family inet6 address <prefix/prefix-length> eui-64

Assign a static IPv6 address

#set family inet6 address <ipv6address/prefix-length>









①  Describe IPv6 parameter provisioning in IPv6 ②  Describe, and verify how SLAAC works ③  Describe and verify how DHCPv6 works ④  Describe how DHCPv6-PD works

Address Provisioning in IPv6!

Device

Hosts

IPv6 address

Default gateway

DNS server

CPEs

IPv6 address

Default gateway

DNS server

Prefix for LAN(s)

IPv6

Add

ress

Pro

visi

onin

g Base address provisioning requirements


IPv6

Add

ress

Pro

visi

onin

g Different ways of configuration IPv6 on hosts

and CPEs


IPv6 address configuration!

SLAAC!

Plain SLAAC!

SLAAC with RDNSS!

DHCPv6!

Stateful!

Stateless!

Manual!

u  Recursive DNS Server (RDNSS) uses RA to advertise a list of DNS resolvers.

IPv6

Add

ress

Pro

visi

onin

g Options for automatic address provisioning

Address Default Gateway

DNS server

Delegated Prefix

SLAAC ✔ ✔ ✖

Stateful DHCPv6 ✔ ✖ ✔ ✔ Stateless DHCPv6

✖ ✖ ✔ ✖

RDNSS ✖ ✖ ✔ ✖


u  SLAAC is used if none of the above flags is configured

IPv6

Add

ress

Pro

visi

onin

g Determining whether to use SLAAC or

DHCPv6 – M and O RA flags

The RA Managed-Config-Flag (M) •  Tells host to use DHCPv6 for everything •  The host must be set to configure IPv6 “automatically” •  Configured on the router interface facing hosts

The RA Other-Config-Flag (O) •  Tells host to use

•  SLAAC for address and prefix length •  DHCPv6 for other options (e.g DNS)

•  Configured on the router interface facing hosts


u N2 will auto-configure an address for each of the advertised prefixes 2001:db8:a::/64 and 2001:db8:d::/64

u Hosts will also auto-configure 2 default routers

u If RDNSS is active, N2 and M2 will also get a list of DNS resolvers

IPv6

Add

ress

Pro

visi

onin

g Stateless Auto-Configuration – How it Works

Network X

R1

N2

M2

ff02::1

R2

Network X

[RS] RA?1

[RA] 2001:db8:a::2

[RA] 2001:db8:d::3

ff02::1

ff02::1


①  Host generates an interfaceID and a link-local address ②  Perform Duplicate Address Detection [DAD] on selected

address ③  Query all routers (via RS messages) for additional ④  Router responds with Router Advertisement [RA] which

lists allocated prefixes for the subnet and indicates if it can provide routing services to connected hosts.

⑤  For each prefix received, the host adds its 64bit interfaceID configures an address and does DAD.

⑥  Host build a list of 'default routers' from RAs. There's no single default gateway like in IPv4.

Stateless Auto-Configuration – How it Works IP

v6 A

ddre

ss P

rovi

sion

ing


u  The routers on the subnet are pre-configured with: §  Appropriate IPv6 addresses on their interfaces. §  Desired prefixes for use on the subnet. §  List of DNS servers to send to hosts [RFC6106]

u  If the router advertise multiple prefixes, the host(s) will auto-configure an address for each of the prefixes.

u  If multiple routers advertise themselves as default, host typically chooses and uses one till it fails, then it uses other.

Stateless Auto-Configuration – How it works IP

v6 f

rom

an

IPv4

Per

spec

tive


Configuring a Cisco router for SLAAC

Network X

R1

N2

M2

ff02::1

R2

Network X

[RS] RA?1

[RA] 2001:db8:a::2

[RA] 2001:db8:d::3

ff02::1

ff02::1

R1(config)#Interface fastethernet 0/1 R1(config-if)#ipv6 nd prefix 2001:db8:a::/64

R1(config)#Interface fastethernet 0/1 R1(config-if)#ipv6 nd prefix 2001:db8:d::/64

IPv6

Add

ress

Pro

visi

onin

g


u  Host or CPE gets all of its config parameters from central server

u  Central server can keep state of who has what address u  A host may use DHCPv6 instead of SLAAC if it gets an

RA message with the M flag = ON and A flag=OFF u  Multicast addresses used by DHCPv6 §  All_DHCP_Relay_Agents_and_Servers (FF02::1:2) §  All_DHCP_Servers (FF05::1:3)

u  DHCP Messages: §  Clients listen on UDP port 546 §  Servers and relay agents listen on UDP port 547

u  DHCPv6 does not support a default gateway option!!

Stateful configuration with DHCPv6 IP

v6 A

ddre

ss P

rovi

sion

ing


How stateful DHCPv6 works

[ND] RS?1

[DHCP] Solicit3 [DHCP] Solicit4

[ND] RA (M set)2

[DHCP] Advertise (addr)5

[DHCP] Advertise (addr)6

[DHCP] Request (addr)7 [DHCP] Request (addr)8

[DHCP] Reply (addr)9

[DHCP] Reply (addr)10

[DHCP] Confirm (addr)11[DHCP] Confirm (addr)12

Client Router/DHCP RelayDHCP Server

IPv6

Add

ress

Pro

visi

onin

g


Advantages: a)  Similar to DHCPv4, so will be familiar to most operators. b)  More options to control how addresses are allocated e.g.

§  Restrict assignments to a small range of addresses §  Map IP addresses to specific clients.

c)  Dynamic DNS (DDNS) updates from a central server is more secure than permitting individual host to update the DNS.

d)  It has options to configure other services. e)  Can produce centralized accounting logs (troubleshooting and

forensics). Disadvantages:

a)  No DHCPv6 clients yet on some operating systems e.g, Android.

b)  Configuration information for addresses and DNS resolvers must be maintained in separate locations.

IPv6

Add

ress

Pro

visi

onin

g Stateful DHCPv6


IPv6

Add

ress

Pro

visi

onin

g How Stateless DHCPv6 works

[ND] RS?1

[DHCP] SolicitOptions e.g DNS server

3

[DHCP] Advertise DNS server address

5

Client RouterDHCP Server

[ND] RAPrefix:Default router:"O" flag set

2

[DHCP-RELAY] SolicitOptions

4

[DHCP-RELAY] Advertise DNS server address

6


Advantages: §  Support for SLAAC is ubiquitous. §  Non-DHCPv6 hosts will still be able to get basic

connectivity. (the DNS resolvers can be manually configured )

§  Other options possible (e.g NTP, NIS, SIP etc) Disadvantages:

§  Zero control over how addresses are allocated §  If using DDNS, permitting DDNS updates from all clients is

insecure. §  Privacy concerns if EUI-64 method is used for interfaceID §  No centralized log for forensics

IPv6

Add

ress

Pro

visi

onin

g Stateless DHCPv6 Pros and Cons


IPv6

Add

ress

Pro

visi

onin

g Configure an IOS router for stateful DHCPv6

client router

DHCPv6 server

router(config)# interface FastEthernet0/0 router(config-if)# ipv6 nd managed-config-flag router(config-if)# ipv6 nd other-config-flag router(config-if)# ipv6 nd prefix default no-autoconfig router(config-if)# exit


IPv6

Add

ress

Pro

visi

onin

g Configure DHCPv6 on Junos

client router DHCPv6 server

protocols { router-advertisement { interface ge-0/1/0.0 { managed-configuration; <--- sets the M bit in the RA other-stateful-configuration; <--- sets the O bit in the RA prefix 2001:0DB8:10:4::/64 { no-autonomous; <--- disable stateless auto-config } } }

}


u SLAAC plus the Recursive DNS server option

u Advantages: §  Single protocol (IPv6 ND) thus simpler configuration §  Support for SLAAC is ubiquitous

u Disadvantages: §  RDNSS option not widely supported §  No other parameters besides DNS resolver are

possible

IPv6

Add

ress

Pro

visi

onin

g SLAAC + RDNSS


u  Used to assign a delegated prefix to CPE to use on its LAN. u  The PE inserts a static route for the delegated prefix in its

table

IPv6

Add

ress

Pro

visi

onin

g Provisioning client prefixes automatically

with DHCPv6 - PD

[DHCP] SolicitOptions: IAPD

2

[DHCP] Advertise Delegated Prefix

4

[DHCP-RELAY] SolicitOption: IAPD

3

[DHCP-RELAY] Advertise Delegated Prefix

5

Provision CPE WAN address1

CPE PE

DHCP Server


Key differences between DHCPv4 & DHCPv6 IP

v6 A

ddre

ss P

rovi

sion

ing

Feature DHCPv4 DHCPv6 Benefit

Managed configuration flag N/A

Used by router to control host use of DHCP

Node config can be managed by network policy

Destination address of initial request

Broadcast ff02::1:2 Efficient link utilisation More specific link signaling

Source address of initial request 0.0.0.0 Link local

address of client More specific link signaling

Reconfiguration message N/A

Servers can ask clients to update their configurations

Easier to trigger site-wide reconfiguration

Identify association N/A Clients can deal with multiple servers

Scalability and redundancy


DHCPv6 server software capabilities IP

v6 A

ddre

ss P

rovi

sion

ing Software Platform Roles Options

ISC DHCPv6 Linux BSD Solaris

Server Relay Client

DNS, NTP, NIS, SIP, BCMCS, Lifetime, Prefix Delegation, Relay IDs, FQDN

WIDE DHCPv6

Linux BSD

Server Relay Client

DNS, NTP, NIS, SIP, BCMCS, Lifetime, Prefix delegation

Dibbler DHCPv6

Linux Windows

Server Relay Client

DNS, NTP, NIS, SIP, AAKey, Lifetime, FQDN, Prefix delegation, Leasequery, Timezone


DHCPv6 server software capabilities IP

v6 A

ddre

ss P

rovi

sion

ing

Software Platform Roles Options Windows Server 2008

Windows Server Relay

DNS, NIS, SIP, NTP, Lifetime User class

IOS DHCPv6 Cisco IOS

Server Relay Client

DNS, NTP, NIS, SIP Prefix Delegation Relay IDs, Lifetime








After this section, you should be able to: ①  Subnet an IPv6 prefix ②  Describe how IPv6 addresses are globally

managed ③  Estimate the IPv6 addressing needs of your

network ④  Carve out your allocated addresses and assign

them

IPv6 Address Planning!

For a given IPv6 prefix ‘P’ and prefix length L a)  List all the sub-prefixes of length L’ therein b)  Break ‘P’ into N subnets

Repeat for each sub-prefix as required

The generic IPv6 subnetting problem IP

v6 s

ubne

ttin

g

Parent prefix

Sub-prefix #1 Sub-prefix #2 Sub-prefix #3 Sub-prefix #n


①  Why do we do subnetting? §  IPv4: conserve address space §  IPv6: planning and optimization for routing or

security ②  VLSM vs SLSM – there’s no point to do VLSM in

IPv6 ③  Subnets vs hosts – number of hosts is irrelevant in

v6 ④  There’ll rarely be a need to expand a /64 subnet!

IPv6

sub

nett

ing

IPv4 subnetting concepts to FORGET!


IPv6

sub

nett

ing

Generic IPv6 subnetting procedure

Find subnet bits (s) Find Subnet hexits

Find SubnetID increment

(B)

Enumerate subnetIDs


Derived from total number of desired subnets

Range of hexits that define each individual subnet

The difference between each subnetID

The individual subnets

IPv6

sub

nett

ing

Step #1: Finding the subnet bits (s)

u The prefix lengths of the mother and sub-prefixes - (L) and L’ are known. s = L – L’ Ex: breaking a /32 to /56s requires 56 – 32 = 24 bits

u Only the number of desired subnets is known

Ex: breaking a /36 into 700 networks needs

2s ≥N thus s =logNlog2

2s ≥ 700 thus s =log700log2

= 9.45 ≈10bits


IPv6

sub

nett

ing

Step #2: Finding the number of subnet hexits

u These are the distinguishing hexits of each subnet § Knowing number of subnet bits ‘s’ § Knowing that 1 hexit = 4 bits, then § Number of subnet hexits = s/4 (round up)

u Ex: Breaking 2001:db8:c000::/36 to 700 subnets §  s = log 700 ÷ log 2 = 9.81 ≈ 10 § # subnet hexits = 10/4 = 2.5 ≈ 3 § Each of the subnets will be like: 2001:db8:cHHH::/

46


IPv6

sub

nett

ing

Step #3: Finding the Increment or Block (B)

u This is difference between consecutive subnetIDs

u Ex: Breaking 2001:db8:c000::/36 in to 700 subnets §  s = 3 (calculated in previous slides) § L’ = 46 (/36 original length + 10 bits of subnetting) § Format 2001:db8:cHHH::/46 (calculated

previously) § 

B = 216−(L'%16)

B = 216−(46%16) = 216−14 = 22= 4 (0x4)


IPv6

sub

nett

ing

Step #4: Enumerating the subnetIDs

u At this point you know the general subnet format u Taking the subnetIDs only, these form an

arithmetic progression with following characteristics § Common difference d = block (B) §  Initial term = 000

u Any term of the progression is u Substituting for d = B and initial term = 000 u The nth term is:

an =a0 + (n−1)d

an = (n−1)B


IPv6

sub

nett

ing

Step #4: Enumerating the subnetID example

u Ex: Breaking 2001:db8:c000::/36 to 900 subnets §  s = 3 (calculated in previous slides) §  L’ = L + s = 36 + 10 = 46 §  Format 2001:db8:cHHH::/46 (calculated previously) §  B = 4 (0x4) - as previously calculated

u First subnetID §  [Decimal]: a1= 4(1-1) = 0 (0x0) §  First subnet: 2001:db8:c000::/46

u Last subnetID §  [Decimal]: a1024 = 4(1024-1) = 4(1023) = 4092

(0xFFC) §  [Hex]: a400= 4(400-1) = 4(3ff) = FFC §  Last subnet: 2001:db8:cffc::/46


An ISP with operations in 10 cities just got a 2001:db8:: /32 allocation from AfriNIC, subnet this

prefix equally between the 10 cities.

Subnetting example : problem IP

v6 s

ubne

ttin

g


u  Number of subnets: N = 10 u  Subnet bits required (s): 2s ≥ 10 , s = 4 (to the nearest

integer)

u  Thus, to subnet 2001:db8::/32 to cover 10 subnets, §  We’ll need to use 4 bits §  Those 4 bits give us 24 = 16 subnets (we’ve 6 spare

subnets) §  Prefix length of each subnet is /36 (i.e 32 + 4 = 36)

u  We calculate §  Number of interesting hexits = s/4 = 1 §  Block:

Subnetting example : analysis IP

v6 A

ddre

ss P

lann

ing

s = log 10log 2

=1

0.301= 3.32 [4 approx]


B = 216−(36%16) = 216−4 = 212 = 4096=0x1000

u First subnetID §  [Decimal]: a1= 4096(1-1) = 0 (0x0) | from

an=(n-1)d § First subnet: 2001:db8:000::/36

u Last subnetID §  [Decimal]: a16 = 4096(16-1) = 61440 (0xf000) §  [Hex]: a10= 1000(10-1) = 1000(f) = 0xf000 § Last subnet: 2001:db8:f000::/36

u  Verify your answer using subnet tools §  e.g. sipcalc 2001:db8::/32 –v6split=36

Subnetting example : analysis IP

v6 A

ddre

ss P

lann

ing


sipcalc 2001:db8::/32 –v6split=36 | grep Network Network - 2001:0db8:0000:0000:0000:0000:0000:0000 - Network - 2001:0db8:1000:0000:0000:0000:0000:0000 - Network - 2001:0db8:2000:0000:0000:0000:0000:0000 - Network - 2001:0db8:3000:0000:0000:0000:0000:0000 - Network - 2001:0db8:4000:0000:0000:0000:0000:0000 - Network - 2001:0db8:5000:0000:0000:0000:0000:0000 - Network - 2001:0db8:6000:0000:0000:0000:0000:0000 - Network - 2001:0db8:7000:0000:0000:0000:0000:0000 - Network - 2001:0db8:8000:0000:0000:0000:0000:0000 - Network - 2001:0db8:9000:0000:0000:0000:0000:0000 - Network - 2001:0db8:a000:0000:0000:0000:0000:0000 - Network - 2001:0db8:b000:0000:0000:0000:0000:0000 - Network - 2001:0db8:c000:0000:0000:0000:0000:0000 - Network - 2001:0db8:d000:0000:0000:0000:0000:0000 - Network - 2001:0db8:e000:0000:0000:0000:0000:0000 - Network - 2001:0db8:f000:0000:0000:0000:0000:0000 -

Subnetting – Enumerate subnets with sipcalc IP

v6 A

ddre

ss P

lann

ing


IPv6

Add

ress

Pla

nnin

g Global IPv6 address management hierarchy

2000::/3

LIRprefix::/x y ⩽ x ⩽ 32LIRprefix::/x y ⩽ x ⩽ 32



LIRprefix::/x y ⩽ x ⩽ 32

RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24

RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24

RIRprefix::/w 12 ⩽ w ⩽ 24

End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]



End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]

[48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z

Host:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceID


u  /32 for LIRs is just minimum size according to most RIR policies

u  If you can show that you need more, you usually can get more! §  Do NOT start with /32 [or /48] and try to fit in. §  INSTEAD analyse your needs and apply based on them.

u  RFCs recommend /64 for all subnets (even p2p and loopbacks) §  DO allocate a /64 for all links …but, §  DO configure what makes operational sense (e.g /127 for

p2p and /128 for loopbacks) §  Do understand what will break if you use longer prefix

lengths

IPv6

Add

ress

Pla

nnin

g IPv6 address planning – a few clarifications


①  Ensure that all prefixes fall on nibble boundaries ②  Plan a hierarchical scheme to allow for aggregation §  Site: any logical L3 aggregation point (POP,

building, floor) §  Region: a collection of sites §  Autonomous System

③  Use same prefix lengths for all prefixes of the same level (SLSM)

IPv6

Add

ress

Pla

nnin

g Some recommendations for planning


IPv6

Add

ress

Pla

nnin

g Conceptual view of an ISP network

ASN

Region #1

Site #1

Site #2

Site #n

Region #2

Site #1

Site #2

Site #n

Region #n

Site #1

Site #2

Site #n


①  Select your largest SITE ②  Proceed as follows §  Estimate the number of end-networks in it now §  Adjust for growth in 5 years §  Round to nearest nibble boundary

(maxSITEsize)

Esti

mat

ing

the

size

of

your

init

ial I

Pv6

req

uest

Estimating the needs of SITEs


Try to align allocation units to nibble boundaries §  Round up your estimates to 2n where n is a multiple of

4 [16, 256, 4096, 65536 etc]

§  Ensure your prefixes fall on the following nibbles: /12, /16, /20, /24, /28, /32, /36, /40, /44, /48, /52, /56, /60, /64

u Working with nibble boundaries § Greatly simplifies address planning §  Provides room for expansion at each level of the

network hierarchy Esti

mat

ing

the

size

of

your

init

ial I

Pv6

req

uest

About nibble boundaries


u Consider the range of addresses for 2001:db8:3c00::/40

[first] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3cff:ffff:ffff:ffff:ffff:ffff

§ Easy to see that differentiating hexits range from 0-f

u Consider the range of addresses for 2001:df8:3c00::/42

[first] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3c3f:ffff:ffff:ffff:ffff:ffff

§ You’ll have to calculate the differentiating hexits Esti

mat

ing

the

size

of

your

init

ial I

Pv6

req

uest

Nibble boundary alignment example


u “End-prefix” is the prefix given to a network that connects to each site e.g customer network

①  Estimate the number of #SITEs in your largest region (round to nibble boundary)

②  Calculate the number of end-site prefixes: N = #regions x #SITEs x maxSITEsize

Esti

mat

ing

the

size

of

your

init

ial I

Pv6

req

uest Finding the total number of end prefixes

required


①  Calculate number of subnet bits required to give us N prefixes:

②  Allocation size (what you request from AfriNIC) is §  48 – s [if assigning /48s per end-site] §  52 – s [if assigning /52s per end-site]

Esti

mat

ing

the

size

of

your

init

ial I

Pv6

req

uest

Calculating your allocation size

s =log10Nlog10 2


①  For your largest SITE §  Estimate the number of end-networks in it now §  Adjust for growth in 5 years §  Round to nearest nibble boundary. (maxSITEsize)

②  Estimate the number of #SITEs in your largest region (round to nibble boundary)

③  #of end-site prefixes: N = #regions x #SITEs x maxSITEsize ④  Subnet bits required to give us N prefixes: ⑤  Allocation size is

§  48 – s [if assigning /48s per end-site] §  52 – s [if assigning /52s per end-site]

IPv6

Add

ress

Pla

nnin

g Overview: estimating the size of your initial IPv6

request

s =log10Nlog10 2


An ISP has operations in 10 provinces. The largest province has 50 POPs, the largest of which has about 2700 clients. Estimate the IPv6

addressing needs of this ISP IPv6

Add

ress

Pla

nnin

g IPv6 address planning | example


①  We know §  Number of regions: #regions = 10 [round to 16] §  Number of sites: #SITEs = 50 [round up to 256] §  maxSITEsize = 2700 [round up to 4096]

②  We calculate §  Total number of end-network prefixes required is N §  N=16 x 256 x 4096 = 16,777,216 §  Number of subnet bits required: s=log16,777,216/log2 =

24. u  Allocation size:

§  48 – 24 = 24 [Assuming /48s to end-sites] §  52 – 24 = 28 [Assuming /52s to end-sites]

u  Thus the ISP needs to request a /24 or /28 from AfriNIC.

IPv6

Add

ress

Pla

nnin

g Address planning example – analysis and

solution








I pv6 foundations

Technology

ipv6 addresses ipv6

ipv4 addresses

incorrect ipv6

ipv6 incompatible

n slide

ipv4 preservation

napt ipv6 deployment

central ipv4 pool