COSC301: Lecture 3 IPv6 Bootcamp l Common IPv6 addresses l Basic mechanisms of IPv6 l StateLess Address AutoConfiguration (SLAAC) l Stateful address autoconfiguration (DHCPv6) l Tunnelling (SIT, 6to4, Toredo) l Security issues 1 Lecture 3: IPv6 Bootcamp
21
Embed
Lecture 3: IPv6 Bootcamp - cs.otago.ac.nz · Remember formats of various IPv6 addresses link local, global unicast, multicast, loopback, unspecified, etc. How to detect duplicate
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
COSC301: Lecture 3 IPv6 Bootcamp
l Common IPv6 addresses l Basic mechanisms of IPv6 l StateLess Address AutoConfiguration (SLAAC) l Stateful address autoconfiguration (DHCPv6) l Tunnelling (SIT, 6to4, Toredo) l Security issues
!1
Lecture 3: IPv6 Bootcamp
COSC301: Lecture 3 IPv6 Bootcamp
IPv6 Brief Recapl Much enlarged address space
l smaller routing tables, many more network IDs l more addresses (no NAT needed) l now everyone in the world could be online (directly)
l Autoconfiguration l Easier to have more devices (in-car networks, etc.)
l Streamlined packet header (easier routing) l Advanced features
l QoS, Mobility, (optional) IPSec!2
COSC301: Lecture 3 IPv6 Bootcamp
Address Notationl 8 groups of 16 bits in hex, can be compressed
l fe80:0000:0000:0000:0226:5eff:fe00:8242 l fe80:0:0:0:226:5eff:fe00:8242 l fe80::226:5eff:fe00:8242 l fe80::226:5eff:fe00:8242%6 (or %eth0) zone index
l Some addresses have embedded IPv4 l ::ffff:192.168.0.2 ≡ ::ffff:c0a8:2
l What about addresses with ports? (colon use) l [fe80::226:5eff:fe00:8242]:8081 l http://[fe80::226:5eff:fe00:8242]:8081/
!3
COSC301: Lecture 3 IPv6 Bootcamp
Prefix Notationl Functionally equivalent to network mask or IPv4
Classless Inter-Domain Routing (CIDR) prefix l but much easier to work with because IPv6 uses
hex notation, which is easier to convert to binary l Trailing /n means that the network ID ends after
the nth bit l e.g. fe80::/10 or 2002::/3 l Exercise: is 3001::1 in 2002::/3 ? l Exercise: is fd6b:4104:35ce:0:a00:fed9 in fc00::/7 ?
!4
COSC301: Lecture 3 IPv6 Bootcamp
Address Formulationl 128 bits: 64-bit prefix & 64-bit interface identifier l I’face IDs can be formed by hosts themselves
l e.g. may base on their EUI-64 interface identifier. l For Ethernet, this is based on MAC address 00-26-5E-00-82-42 → 0226:5eff:fe00:8242 insert ff:fe and swap universal/local bit (a MAC like
this that is universal will be manufacturer-assigned) l This interface identifier is added to the prefix of the
network. l “Privacy extensions”: random temporary
interface IDs generated for outgoing traffic!5
COSC301: Lecture 3 IPv6 Bootcamp
l See RFC4291 l ::1 and :: Loopback and Unspecified l fe80::/10 Link-local
l append %zone index: %eth0 (Linux) or %6 (MS) l fc00::/7 Unique-local RFC4193
l Like deprecated site-local, but with fewer problems, e.g. since RFC4193 addresses require good pseudo-random parts, organisations can most likely aggregate without conflict in their unique-local addresses.
IPv6 common unicast addresses
!6
COSC301: Lecture 3 IPv6 Bootcamp
IPv6 common unicast addresses (cont.d)
l 2000::/3 Global unicast RFC3513 RFC4291 l 2001:0000::/32 Teredo RFC4380 l 2002::/16 6to4 tunnelling RFC3056 l 2001:db8::/32 Documentation only RFC3849 l Others …
l These allocations are made by Internet Assigned Numbers Authority (IANA)
http://www.iana.org/numbers/
!7
COSC301: Lecture 3 IPv6 Bootcamp
Common IPv6 multicast addressesl ff00::/8 is multicast, but we also encode scope:
l ff + 4 bits of flags + 4 bits of scope + 112 bits of group ID
l There is no broadcast: special case of multicast l ff02::1 Link local ‘all-nodes’ l ff02::2 Link local ‘all-routers’ These are generally never used by applications l Scopes: e.g. 1 = node-local, 2 = link-local, 5 = site-
local, 8 = organisation-local, E = global scope. ff05::1 ‘Site’ local ‘all-nodes’
!8
COSC301: Lecture 3 IPv6 Bootcamp
Lots of addressesl Unicast addresses have a particular scope
l Node-local, Link-local, Global (Universal) l Hosts have multiple addresses
l must have link-local l plus any number of advertised prefixes (e.g. unique-
local + global) l plus any static addresses l addresses have a lifetime (preferred, deprecated) l addresses can be temporary (privacy addresses) l plus multicast addresses (solicited node and all-
nodes + ...) !9
COSC301: Lecture 3 IPv6 Bootcamp
Default Address Selectionl Choice of source address
l varying in version, scope, state l Choice of destination address
l varying in version, scope, state l could get multiple results during name lookup
l How to choose appropriate pairing? l source: global v4 or link-local v6 destination: global v4 or global v6 l Not simple, so RFC3484 defines algorithm
!10
COSC301: Lecture 3 IPv6 Bootcamp
What your IPv6 ISP should give you
l Smallest practical subnet size is /64 l RFC3177 contains recommendations l Home network subscribers /48
l In reality, some ISPs will give a /56, but a /64 is too small. You might give a /64 to a mobile network when you know no subnets are needed.
l Remember that a /48 allows for 264-48=216 subnets. l Small and large enterprises /48 l Very large /47 or many /48s
!11
COSC301: Lecture 3 IPv6 Bootcamp
How interfaces get configuredl Link-local address formulated and tested l StateLess Address AutoConfiguration (SLAAC)
l Nodes send out a Router Solicitation l Routers send out Router Advertisements informing
nodes on the link of prefixes and lifetimes. l DHCPv6 (either stateful or stateless)
l Stateful: gives out static addresses that you might give to a server, for example (think DHCP for IPv4)
l Stateless: augments SLAAC with extra info l Manual/Static
l Useful for routers and servers !12
COSC301: Lecture 3 IPv6 Bootcamp
Router Advertisementl Multicast ICMPv6 message to ff02::1
l or to the solicited node m’cast address for the addr. l Contents include at least these bits:
l Managed address config flag If 0: use stateless autoconfiguration If 1: use stateful configuration (DHCPv6) l Other stateful config flag If 1: use DHCPv6 for other information
l Router lifetime (>0 means default router) l Contains a list of prefixes advertised on this link!13
COSC301: Lecture 3 IPv6 Bootcamp
Neighbour Discoveryl Replaces ARP
l Implemented with ICMPv6 l Includes MTU and reachability information
l Caching Path MTU l Neighbour Solicitation & neighb’r advertisement
l Sent to the solicited node’s multicast address. This is formulated based on the queried address to reduce traffic to all nodes.
l SEcure Neighbour Discovery (SEND) l See also: IPSec