hb9g/iapc, genève ipv6 · rir since january 2011, iana has no more ipv4 to allocate to rir (like...

IPv6

Bastien Wethli <bastien@weth.li>François Deppierraz (HB9EWD) <francois@ctrlaltdel.

ch>

26 septembre 2013HB9G/IAPC, Genève

Agenda

● Théorie● Exercices● Pause● Un peu de pratique!

History

● Since the late 1980s, the growth of the Internet is important. The RFC 2460 (Internet Protocol version 6) was published in December 1998. The principal goal was to implement more available address.

RIR

● Since January 2011, IANA has no more IPv4 to allocate to RIR (like RIPE, AFNIC, ...). The last /8 was allocated to APNIC (Asia-Pacific RIR).

● Since April 2011 APNIC has no more IPv4 to allocate to the LIR. If a new provider is created in this region, he can only allocated IPv6 to they customers.

Address space

● Since the late 1980s, the growth of the Internet is important. The RFC 2460 (Internet Protocol version 6) was published in December 1998. The principal goal was to implement more available address.

● Addresses IPv4 :

2^32

4,294,967,296

● Addresses IPv6 :

2^128

340,282,366,920,938,463,463,374,607,431,768,211,456

More space in v6

● Source : http://v6stuff.leclanche.net/

Blocking points

● The chicken or the egg dilemna : 'There is no IPv6 ISP because there is no IPv6 content‘

● At the beginning, IP was a 'end-to-end' protocol, which mean, the IP packet contains both, source and destination address, without any translation. NAT (Network Address Translation) was introduced to anticipate the exhaustion of IPv4 address, but with IPv6, there is no more reason to do that. With IPv6, NAT will be disappear.

Transition mechanisms

● Dual-stack● Tunnels

○ 6to4 (original)○ 6rd (Swisscom/Bluewin)○ Teredo (Microsoft)

● Passerelles entre IPv4 et IPv6○ NAT64 et DNS64

Adressage IPv4

Rappel ● Format IPv4

● Scope : 2^32 bits => 4,294,967,296 IPv4 addresses

● Notation : 192.0.2.5● Reverse notation : 5.2.0.192.in-addr.arpa

Adressage IPv6

2001:db8::567:89abNotation hexadécimal et “:” au lieu de “.”● 2001:0db8:0000:0000:0000:0000:0567:89ab

But this address can be simplified => Four successive '0' on the same nibble can be replaced by one '0'● 2001:db8:0:0:0:0:567:89ab

=> A suite of ':0' can be replaced ONCE time only by a '::'● 2001:db8:::567:89ab

● Reverse notation : b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

● INUTILE : 212.147.10.162 in IPv6 notation will be only 'D493:0AA2' ;-)

Exercices

IPv6 Address Notation Exercice (from RIPE NCC)How do you correctly compress the following IPv6 address :

● 2001:0db8:0000:0000:0000:0000:0000:0c50● A) 2001:0db8:0:0:0:0:0:0c50● B) 2001:0db8::0c50● C) 2001:db8::c50● D) 2001:db8::c5

● 2001:0db8:0000:0000:b450:0000:0000:00b4● A) 2001:db8::b450::b4● B) 2001:db8::b450:0:0:b4● C) 2001:db8::b45:0000:0000:b4● D) 2001:db8:0:0:b450::b4

● 2001:0db8:00f0:0000:0000:03d0:0000:00ff● A) 2001:0db8:00f0::3d0:0:ff● B) 2001:db8:00f0::3d0:0:ff● C) 2001:db8:00f0::3d0:ff ● D) 2001:0db8:0f0:0:3d0:0:0ff

Exercices (Corrections)

IPv6 Address Notation Exercice (from RIPE NCC)How do you correctly compress the following IPv6 address :

● 2001:0db8:0000:0000:0000:0000:0000:0c50● A) 2001:0db8:0:0:0:0:0:0c50● B) 2001:0db8::0c50● C) 2001:db8::c50● D) 2001:db8::c5

● 2001:0db8:0000:0000:b450:0000:0000:00b4● A) 2001:db8::b450::b4● B) 2001:db8::b450:0:0:b4● C) 2001:db8::b45:0000:0000:b4● D) 2001:db8:0:0:b450::b4

● 2001:0db8:00f0:0000:0000:03d0:0000:00ff● A) 2001:0db8:00f0::3d0:0:ff● B) 2001:db8:00f0::3d0:0:ff● C) 2001:db8:00f0::3d0:ff ● D) 2001:0db8:0f0:0:3d0:0:0ff

IPV6 Address Types

● ::/128 (0.0.0.0)● ::1/128 Loopback (127.0.0.1)● ::ffff/96 IPv4-mapped IPv6 address (::ffff:198.51.100.1)● FC00::/7 ULA (Unique local address) (Like RFC1918)● FE80::10 Link-Local addresses (Like APIPA 169.254.0.0/16)

● 2001:DB8::/32 reserved prefix for use in documentation (RFC3849 like 192.0.2.5)

● 2002::/16 6to4● 2000::/3Global Unicast● FF00::/8 Multicast

More on : https://www.ripe.net/lir-services/new-lir/ipv6_reference_card.pdf

DNS & URL

● AAAA Record (Pronounce 'Quad A Record')● A dual stack computer will first ask for ‘AAAA’ record,

and if there is no answer, he retry for an ‘A’

To access directly a webserver with the IPv6 :

● http://[2002:400:2A41:378::34A2:36]:8080

Tools

● Linux: ○ ip -6○ ifconfig○ ping6○ traceroute6○ route -6

● Windows: ○ ipconfig○ ping -6○ tracert -d -6○ netsh interface ipv6 add route 2001:918:fffc:

12::/64 “Local Area Connection”

Certification IPv6 he.net

Une certification online proposée pour l’ISP he.net qui permet de gagner un t-shirt!

Certification IPv6 he.net (pratique)Through this test set you will be able to:● Prove that you have IPv6 connectivity● Prove that you have a working IPv6 web server● Prove that you have a working IPv6 email address● Prove that you have working forward IPv6 DNS● Prove that you have working reverse IPv6 DNS for your mail server● Prove that you have name servers with IPv6 addresses that can

respond to queries via IPv6● Prove your knowledge of IPv6 technologies through quick and easy

testing

Certification IPv6 he.net (théorie)You will also demonstrate that you are familiar with IPv6 concepts such as:● the format of IPv6 addresses● AAAA records● reverse DNS for IPv6● the IPv6 localhost address● the IPv6 default route● the IPv6 documentation prefix● the IPv6 link local prefix● the IPv6 multicast prefix● how to do an IPv6 ping● how to do an IPv6 traceroute● common IPv6 prefix lengths such as /64, /48, /32● and more!

Trucs utiles

● http://www.kame.net● http://ipv6.test-ipv6.com/● http://ip6.no/

Workshop

Schéma réseau

Exercices

● ping6 2001:4860:4860::8888● ping6 ip6.no● traceroute6 ip6.no● traceroute ip6.no● dig google.com AAAA

● Questions ?