network fundamentals - bdnogwiki.bdnog.org/lib/exe/fetch.php/bdnog7/bdnog7-ip-fundamentals.pdf ·...
Post on 15-Aug-2020
2 Views
Preview:
TRANSCRIPT
NetworkFundamentals
Matsuzaki ‘maz’Yoshinobu<maz@iij.ad.jp>
bdNOG7 maz@iij.ad.jp 1
IPv4andIPv6
• almostthesame– forwardingarchitecture– abitdifferentonIPheader
• addresslength– IPv432-bitlong(4octets)– IPv6128-bitlong(16octets)
bdNOG7 maz@iij.ad.jp 2
addressnotation
• IPv4– 255.255.255.255– 4fieldsof1octetindecimal– separatedbyadot[.]
• IPv6– ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff– 8fieldsof2octetsinhexadecimal– separatedbyacolon[:]
bdNOG7 maz@iij.ad.jp 3
it’sjustanumber
• youcanusedifferentnotationsifyourapplicationacceptsit
• IPv4– ping2130706433– ping017700000001– ping127.0.0.1
• IPv6– ping::1– ping::0.0.0.1
bdNOG7 maz@iij.ad.jp 4
etherframe
IPv4 packetforwarding
• senddirectlyifthedestinationisonthesamenetwork
inet192.168.0.1netmask255.255.255.0:
192.168.0.0- 192.168.0.255 areonthelink
src-macdst-macdst-ip src-ip
datadst-macdst-ip src-ip
src-macdst src
ip:192.168.0.2 ip:192.168.0.1
bdNOG7 5maz@iij.ad.jp
IPv4packetforwarding
• sendtorouterbasedonroutinginformationifdestinationisnotonthesamenetwork
ether framesrc-macrt-mac
dst-ip src-ip
data
src-ipsrc-macsrc
ip:192.168.0.1
dst-ip
ip:10.0.0.1
rt-macdst
rt-ip
defaultroute:rt-ip
bdNOG7 6maz@iij.ad.jp
arp (AddressResolutionProtocol)
• MAC addressisneededtoforwardapacketoverEthernet– IPv4addresstoMACaddressresolution
• arp– RFC826
bdNOG7 7maz@iij.ad.jp
arp who-has 192.168.0.2 tell 192.168.0.10x0000: ffff ffff ffff 0019 bb27 37e0 0806 00010x0010: 0800 0604 0001 0019 bb27 37e0 c0a8 00010x0020: 0000 0000 0000 c0a8 0002
arp reply 192.168.0.2 is-at 00:16:17:61:64:860x0000: 0019 bb27 37e0 0016 1761 6486 0806 00010x0010: 0800 0604 0002 0016 1761 6486 c0a8 00020x0020: 0019 bb27 37e0 c0a8 0001 0000 0000 00000x0030: 0000 0000 0000 0000 0000 0000
ether frame
IPv6 packetforwarding
• senddirectlyifthedestinationison-link
2001:db8::/64 ison-link:
2001:db8::~2001:db8::ffff:ffff:ffff:ffff areonthelink
src-macdst-macdst-ip src-ip
datadst-macdst-ip src-ip
src-macdst src
ip:2001:db8::beef:cafe ip:2001:db8::1
bdNOG7 8maz@iij.ad.jp
IPv6packetforwarding
• sendtorouterbasedonroutinginformationifdestinationisnotonthesamelink
ether framesrc-macrt-mac
dst-ip src-ip
data
src-ipsrc-macsrc
ip:2001:db8::1
dst-ip
ip:2001:db8:cafe::1
rt-macdst
rt-ip
default route:rt-ip
bdNOG7 9maz@iij.ad.jp
ndp(Neighbor DiscoveryProtocol)
• MAC addressisneededtoforwardapacketoverEthernet
• ndp resolution[RFC4861]– queryMACaddressusingICMP6– destinationisSolicited-Nodemulticastaddress• IP:ff02::1:ff00:0000~ ff02::1:ffff:ffff
– generatedbylower24-bitofthedestinationaddress
• MAC:33:33:00:00:00:00~ 33:33:ff:ff:ff:ff– generatedbylower32-bitofthedestinationaddress
bdNOG7 10maz@iij.ad.jp
MACaddressresolutionbyndp
bdNOG7 11maz@iij.ad.jp
IP6 2001:db8::1 > ff02::1:ffef:cafeICMP6, neighbor solicitation, who has 2001:db8::beef:cafesource link-address option: 00:19:bb:27:37:e0
0x0000: 3333 ffef cafe 0019 bb27 37e0 86dd 60000x0010: 0000 0020 3aff 2001 0db8 0000 0000 00000x0020: 0000 0000 0001 ff02 0000 0000 0000 00000x0030: 0001 ffef cafe 8700 9a90 0000 0000 20010x0040: 0db8 0000 0000 0000 0000 beef cafe 01010x0050: 0019 bb27 37e0
IP6 2001:db8::beef:cafe > 2001:db8::1ICMP6, neighbor advertisement, tgt is 2001:db8::beef:cafedestination link-address option: 00:16:17:61:64:86
0x0000: 0019 bb27 37e0 0016 1761 6486 86dd 60000x0010: 0000 0020 3aff 2001 0db8 0000 0000 00000x0020: 0000 beef cafe 2001 0db8 0000 0000 00000x0030: 0000 0000 0001 8800 c1fd 6000 0000 20010x0040: 0db8 0000 0000 0000 0000 beef cafe 02010x0050: 0016 1761 6486
IPv6history• 1990concernsaboutRoutingandClassBexhaustion• 1991IETFRoutingandAddressinggroup– tosolveIPaddressexhaustionandroutingexplosion– 1992RFC1380introducingCIDRandrecommendationofnewinternetprotocol
• 1992-1994proposalsforIPng– 1992IABproposedIPv7basedonCLNP,butrejected– 1992IPng proposals:TUBA,CATNIP,SIPP,etc– 1994basedonSIPP,128bitlongIPng wasadopted
• 1994-1996IPng basicspec– 1995RFC1883IPv6Spec
bdNOG7 maz@iij.ad.jp 12
IPv6spec
• 128-bitlongaddressspace• multipleIPaddressesonainterface– nodehasapolicyofsourceaddressselection
• scope– linklocal,global
bdNOG7 maz@iij.ad.jp 13
IPv6addressnotation
• hexadecimaldigitoftheeight16-bitpiecesoftheaddressseparatedby“:”– 2001:0db8:0000:0000:0000:0000:0000:0001• suppressleadingzeros• use“::”toshorten2ormoregroupsofzeros
– 2001:db8::1• RFC5952– ARecommendationforIPv6AddressTextRepresentation
bdNOG7 maz@iij.ad.jp 14
IPv6prefixnotation
• thesameasIPv4– thefirstIPaddressoftheip block,and– trailing“/”anddecimaldigitofprefixlength
• 2001:db8::/64– 2001:db8::- 2001:db8::ffff:ffff:ffff:ffff
bdNOG7 maz@iij.ad.jp 15
IPv6addressing
• Unicast– anidentifierforasingleinterface.Apacketsenttoanunicastaddressisdeliveredtotheinterfaceidentifiedbythataddress
• Multicast– anidentifierforagroupofinterfaces.Apacketsenttoamulticastaddressisdeliveredtoallinterfacesidentifiedbythataddress
bdNOG7 maz@iij.ad.jp 16
unicastaddress
• link-local– foruseonasinglelink– fe80::/64isused
• globalunicast– otherthanspecialaddresses
bdNOG7 maz@iij.ad.jp 17
link-localaddress
• foruseonasinglelink– anaddressfromfe80::/64isassignedforaninterface
– routersMUSTnotforwardanypacketwithlink-localsourceordestinationaddressestootherlinks
• forautomaticaddressconfiguration,routing– communicationbetweennodesonthesamelink– asanimmediatenexthop ofip routing
bdNOG7 maz@iij.ad.jp 18
inter-segmentcommunication
• apackethasglobalunicastsourceaddresssanddestinationaddressesintheothersegment
nodeA• 2001:db8:20::c• fe80::c
fe80::/642001:db8:20::/64
fe80::/642001:db8::/64
2001:db8:20::1fe80::1
2001:db8::1fe80::1
nodeB• 2001:db8::110• fe80::110
default
dstsrc
2001:db8::1102001:db8:20::c
bdNOG7 19maz@iij.ad.jp
routersmustnotforwardlink-locals
• Routersmustnotforwardapacketwithalink-localsourceaddress
nodeA• 2001:db8:20::c• fe80::c
fe80::/642001:db8:20::/64
fe80::/642001:db8::/64
2001:db8:20::1fe80::1
2001:db8::1fe80::1
nodeB• 2001:db8::110• fe80::110
default
dstsrc
2001:db8::110fe80::c
bdNOG7 20maz@iij.ad.jp
link-localforasinglelink
• Routersreceiveapacketwithalink-localsourceaddressifthedestinationisthemselves
nodeA• 2001:db8:20::c• fe80::c
fe80::/642001:db8:20::/64
fe80::/642001:db8::/64
2001:db8:20::1fe80::1
2001:db8::1fe80::1
nodeB• 2001:db8::110• fe80::110
default
dstsrc
fe80::1fe80::c
bdNOG7 21maz@iij.ad.jp
multicastaddress
• couldbeagroupofnodes• Allnodesonalink– ff02::1
• Solicited-Nodemulticastaddress– ff02::1:ff00:0/104– generateusinglower24-bitofanunicastaddress• 2001:db8::1234:5678-> ff02::1:ff34:5678
bdNOG7 maz@iij.ad.jp 22
allocatedspace
• 2000::/3binary(001xxxxx xxxx xxxx ….xxxx )GlobalUnicast
• fc00::/7binary(1111110xxxxx xxxx ….xxxx )
UniqueLocalUnicast
• fe80::/10binary(1111111010xxxxxx ….xxxx )
LinkLocalUnicast
• ff00::/8binary (11111111xxxx xxxx ….xxxx )Multicast
http://www.iana.org/assignments/ipv6-address-spacebdNOG7 23maz@iij.ad.jp
specialaddresses
•documentaddress2001:db8::/32
•unspecifiedaddress::
• loopbackaddress::1
•AllIPv6Nodesonalinkff02::1
•AllIPv6Routersonalinkff02::2
bdNOG7 24maz@iij.ad.jp
IPv6addressstructure
• 128-bitlongaddressspace• basically/64anywhere– upper64-bitisprefix– lower64-bitisinterfaceidentifier
prefix interfaceidentifier
128bit
2001:0db8:0000:0000:0000:0000:0000:0001
bdNOG7 maz@iij.ad.jp 25
interfaceidentifier
• toidentifyaninterfaceonalink– uniquewithinasubnetprefix
• severalwaystoauto-generatetheidentifier– modifiedEUI-64format
– randomlygenerated64-bitlongaddress
MAC address - 00:19:bb:27:37:e0(example)1. separatetotwo24-bitpieces2. insert“ff:fe”3. invertuniversal/local bit(modifiedfromEUI-64)
modifiedEUI-64 format- 0219:bbff:fe27:37e0
bdNOG7 maz@iij.ad.jp 26
for“plugandplay”
• IPv6address= prefix+ interfaceidentifier– interfaceidentifiercanbegeneratedautomatically– prefixisneeded• link-local(fe80::/64)isavailable
• generatingalink-localaddress–MACaddress- 00:19:bb:27:37:e0(example)• modifiedEUI-64- 0219:bbff:fe27:37e0• tentativeaddress- fe80::0219:bbff:fe27:37e0
bdNOG7 maz@iij.ad.jp 27
DuplicateAddressDetection(DAD)
• totestforuniquenessoftheunicastaddress– sourceaddress“::”– destinationaddress“Solicited-Nodemulticast”
IPv6 :: > ff02::1:ff27:37e0ICMP6, neighbor solicitation,who has fe80::219:bbff:fe27:37e0
0x0000: 3333 ff27 37e0 0019 bb27 37e0 86dd 60000x0010: 0000 0018 3aff 0000 0000 0000 0000 00000x0020: 0000 0000 0000 ff02 0000 0000 0000 00000x0030: 0001 ff00 0001 8700 5764 0000 0000 fe800x0040: 0000 0000 0000 0219 bbff fe27 37e0
bdNOG7 maz@iij.ad.jp 28
RouterAdvertisement(RA)
• RoutersadvertiseRAbyICMP6– ahostcanaskrouterstoadvertiseifnecessary
IP6 fe80::20b:fdff:fed5:e17f > ff02::1ICMP6, router advertisement,
prefix info option: 2001:db8::/64, valid time 2592000s
0x0000: 3333 0000 0001 000b fdd5 e17f 86dd 6e000x0010: 0000 0040 3aff fe80 0000 0000 0000 020b0x0020: fdff fed5 e17f ff02 0000 0000 0000 00000x0030: 0000 0000 0001 8600 3aa1 4000 0708 00000x0040: 0000 0000 0000 0101 000b fdd5 e17f 05010x0050: 0000 0000 05dc 0304 40c0 0027 8d00 00090x0060: 3a80 0000 0000 2001 0db8 0000 0000 00000x0070: 0000 0000 0000
bdNOG7 maz@iij.ad.jp 29
RAinforms
• adefaultrouter• prefixesonthelinkanditslifetime
• ahostcancommunicatewithothernodes– howtoconfigureaDNSresolveronthehost• DHCPv6• RAoptionforDNSconfiguration• useIPv4DNSresolverifthehostalreadyhas
bdNOG7 maz@iij.ad.jp 30
summaryofIPv6plug&play
• RA– statelessautoconfiguration– RFC4862IPv6StatelessAddressAutoconfiguration– RFC6106IPv6RAOptionforDNSConfiguration
• DHCPv6– stateless/fullautoconfiguration– RFC3315DHCPv6– RFC3646DNSConfigurationoptionsforDHCPv6
bdNOG7 maz@iij.ad.jp 31
stepsofaddressauto-configuration
1. auto-generationoflink-localaddressexample)fe80::219:bbff:fe27:37e0
2. DuplicateAddressDetection(DAD)3. acceptRouterAdvertisement(RA)
example)2001:db8::/64
4. auto-generationofglobalunicastaddressexample)2001:db8::219:bbff:fe27:37e0
bdNOG7 maz@iij.ad.jp 32
IPv6addressesofahost
RA2001:db8::/64
link-local- fe80::211:22ff:fe33:4455global- 2001:db8::211:22ff:fe33:4455
MAC– 00:11:22:33:44:55
AllNodes – ff02::1Solicited-Nodemulticast– ff02::1:ff33:4455
MAC– 00:11:22:33:44:55
MAC– 33:33:00:00:00:01MAC– 33:33:ff:33:44:55
loopback - ::1
bdNOG7 maz@iij.ad.jp 33
addressandinterface
• localscopeandmultipleinterfaces– “ping6ff02::1”isnotdeterministicifahosthas2ormoreinterfaces
– severalOSes assumea‘default’interface
• addressnotationwithoutboundinterface– <ipv6address>%<outgoinginterface>– example)pingff02::2%8– example)ping6ff02::1%em0
bdNOG7 maz@iij.ad.jp 34
Exercise1
• Trythefollowings• IPv4– ping2130706433– ping017700000001– ping127.0.0.1
• IPv6– ping::1– ping::0.0.0.1
bdNOG7 maz@iij.ad.jp 35
Exercise2
• What’syourIPaddress(es)
• tips:–Windows:ipconfig/all– Unix:ifconfig -a
bdNOG7 maz@iij.ad.jp 36
Exercise3
• pingyourIPv6linklocal address
• tips:–Windows:ping<ipv6>%<zoneid>– Unix:ping6<ipv6>%<outgoingif>
bdNOG7 maz@iij.ad.jp 37
top related