ipv6 fundamentals
DESCRIPTION
IPv6 FundamentalsTRANSCRIPT
-
5/28/2018 IPv6 Fundamentals
1/137
IPv6FundamentalsMukom Akong T. (@perfexcellent)
-
5/28/2018 IPv6 Fundamentals
2/137
Understand IPv4 exhaustion and its implications Identify IPv6 addresses Create an IPv6 addressing plan Configure and verify IPv6 on a LANFun
damentalsofIPv6
What you should be able to do after "nishingthis module
www.afrinic.net | slide 2
-
5/28/2018 IPv6 Fundamentals
3/137
Fundamental concepts of TCP/IPv4 Building basic IPv4 networks.
Using the command line interface for common routingplatforms
! Cisco IOS! Juniper JUNOS! Quagga
www.afrinic.net | slide 3
FundamentalsofIPv6
Module Assumptions
-
5/28/2018 IPv6 Fundamentals
4/137
www.afrinic.net | slide 4
FundamentalsofIPv6
Module deliverables
Describe differences between IPv4 and IPv6Ke
y protocols Basicconfiguration
Create an IPv6 addressing planSubnetting Estimatespace
Allocation
Identify and work with IPv6 addresses
Address structure and notation Types of IPv6 addresses
Understand IPv4 exhaustion implicationsGlobal IPv6 address distribution
Implications of exhaustion
-
5/28/2018 IPv6 Fundamentals
5/137
After this section you should be able to:
Describe the world situation with respect to v4addresses Describe the implications of IPv4 exhaustion
UnderstandingIPv4ExhaustionImplications
-
5/28/2018 IPv6 Fundamentals
6/137
Central IPv4 Pool as at 16.06.2010
www.afrinic.net | slide 6Understa
ndingIPv4Ex
haustionImp
lications
-
5/28/2018 IPv6 Fundamentals
7/137
Central IPv4 Pool as at 31.01.2011
www.afrinic.net | slide 7Understa
ndingIPv4ExhaustionImp
lications
-
5/28/2018 IPv6 Fundamentals
8/137
Global IPv4 Address Distribution
www.afrinic.net | slide 8Source: www.ipv4depletion.com
Understa
ndingIPv4ExhaustionImp
lications
-
5/28/2018 IPv6 Fundamentals
9/137
Projected RIR Depletion Dates
www.afrinic.net | slide 9Source: Geof HoustonU
ndersta
ndingIPv4ExhaustionImp
lications
-
5/28/2018 IPv6 Fundamentals
10/137
Exhaustion Consequence: IPv4addresses are now more expensive
www.afrinic.net | slide 10Understa
ndingIPv4ExhaustionImp
lications
$7.5m for666,624v4 addresses
-
5/28/2018 IPv6 Fundamentals
11/137
Exhaustion Consequence: demand forIPv4 addresses may increase its price
www.afrinic.net | slide 11Understa
ndingIPv4ExhaustionImp
lications
-
5/28/2018 IPv6 Fundamentals
12/137
" Black markets have well-known contrary consequences
Exhaustion Consequence: An IPv4 addressblack market emerges
www.afrinic.net | slide 12Understa
ndingIPv4ExhaustionImp
lications
-
5/28/2018 IPv6 Fundamentals
13/137
" Scenario #1: We remain complacent and the world leaves usbehind in IPv4-land
! Cost of connecting to the rest of the world increases!
We miss any market opportunities v6 adoption presents" Scenario #2: A rush for Africas pool by other regions! African networks deprived of critical v4 needed to facilitate
transition to v6
!We are forced to deploy greenfield IPv6 (good)
! Use of NAT increases (bad)
Implications of Africa running out last
www.afrinic.net | slide 13Understa
ndingIPv4ExhaustionImp
lications
-
5/28/2018 IPv6 Fundamentals
14/137
After this section you should be able to:
Work comfortably with IPv6s hexadecimal notation Identify, write and shorten IPv6 addresses
IPv6AddressingBasics
-
5/28/2018 IPv6 Fundamentals
15/137
"Network-layersuccessor to IPv4! 128 bits long (296times the total IPv4 address space)! Runs on the same physical infrastructure! The same applications can also run on IPv6! Incompatible with IPv4!
"The only sustainable answer to IPv4 exhaustion! Enables continued growth of the Internet!
Restores end-to-end model! Enables the Internet of ThingsUn
derstanding
IPv6Address
ing
What is IPv6?
www.afrinic.net | slide 15
-
5/28/2018 IPv6 Fundamentals
16/137
" The 8 groups of hexits are separated by colons" Addresses are conventionally written in lower case
Understanding
IPv6Address
ing
IPv6 addresses are written in hexadecimal
www.afrinic.net | slide 16
IPv6 address = 128bits(1 or 0)
IPv6 address = 32hexits(0 - 9, a , b , c , d , e , f)
IPv6 address = 8groups of 4hexits2001 : db8 : c001 : face : b00c : dead : babe : 1cee : f001
-
5/28/2018 IPv6 Fundamentals
17/137
How IPv6 addresses are written
Un
derstanding
IPv6Address
ing
www.afrinic.net | slide 17
Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
-
5/28/2018 IPv6 Fundamentals
18/137
" IPv6 is all CIDR i.e. no subnet masks" A prefix is written as:
aaaa:bbbb:cccc:dddd:eeee:ffff/prefix length
" Prefix length is a decimal in the range [0 , 128]" Examples of prefix notation:! 2001:db8::/32 --- a prefix assigned to an organisation! 2001:db8:1ce:c001::/64 --- a prefix assigned to a LAN! 2001:db8:1ce:c001::a/64 ---an address out of a /64 prefixUn
derstanding
IPv6Address
ing
IPv6 pre"xes
www.afrinic.net | slide 18
-
5/28/2018 IPv6 Fundamentals
19/137
Zero-suppression: omit all leading zeroes in a group of hexits! A leading zero is that which comes immediately after a colon! Each group must still contain at least one hexit
Zero-compression: substitute two or more consecutive groups ofzeroes with one double colon (::)! This should only be done once to avoid ambiguity! If more than substitution is possible, make that which
replaces the most groups
! In case of two equal possible substitutions, make theleftmost one.
Understanding
IPv6Address
ing
Rules for shortening IPv6 addresses
www.afrinic.net | slide 19
-
5/28/2018 IPv6 Fundamentals
20/137
Shortening IPv6 addresses: Example
Un
derstanding
IPv6Address
ing
www.afrinic.net | slide 20
Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
-
5/28/2018 IPv6 Fundamentals
21/137
Shortening IPv6 addresses: Example
Un
derstanding
IPv6Address
ing
www.afrinic.net | slide 21
Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
-
5/28/2018 IPv6 Fundamentals
22/137
IncorrectIPv6 shortening example
Un
derstanding
IPv6Address
ing
www.afrinic.net | slide 22
Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
-
5/28/2018 IPv6 Fundamentals
23/137
After this section you should be able to:
Identify different types of IPv6 addresses Describe the structure and scopes these addresses
IPv6AddressTypes
-
5/28/2018 IPv6 Fundamentals
24/137
Understanding
IPv6Addressing
Types of IPv6 addresses
www.afrinic.net | slide 24
Unicast addresses Identifies and interface of an IPv6 node Can be used as source and destination of a packet An interface can have multiple valid IPv6 addresses
Multicast addresses Identifies a group of IPv6 addresses Can only be used as the destination of a transmission An interface can belong to multiple multicast addresses
Anycast addresses Same address on multiple nodes Packet to anycast address is delivered only to nearestone Packets are never sourced from an anycast address
-
5/28/2018 IPv6 Fundamentals
25/137
Scope: An address extent of validity
www.afrinic.net | slide 25
Understanding
IPv6Addressing
LinkLayer
Global Scope Link-local Scope
These scopes do not apply to multicast addresses and theunspecified address
fe80::/10
-
5/28/2018 IPv6 Fundamentals
26/137
"Fixed high order bits of 001=> prefix of 2000::/3
" Example: 2001:db8:dead:beef:c001:babe:0000:aaaf
www.afrinic.net | slide 26
Global unicast addresses
Global Routing Prefix SubnetID InterfaceID
45 bits 64 bits16 bits3
bits
001
U
nderstanding
IPv6Addressing
IANA>>LIR>>ISP
i k l l i dd
-
5/28/2018 IPv6 Fundamentals
27/137
" First 10 bits are 1111 1110 10 thus prefix fe80::/10" Scope is link local thus not forwarded off-link by routers" One per interface is always automatically configured when IPv6 is enabled" Used for! Automatic address configuration! Default gateway on hosts! Routing protocol updates! Neighbor discovery
www.afrinic.net | slide 27
Link local unicast addresses
0 InterfaceID
54 bits 64 bits10
bits
1111 1110 10
U
nderstanding
IPv6Addressing
h i k l l dd h bili bl
-
5/28/2018 IPv6 Fundamentals
28/137
If you ping fe80::212:6bff:fe54:f99a (N1), what egress interface
will router R use? see solution next slide
www.afrinic.net | slide 28
The Link local address reachability problem
fe80::212:6bff:fe54:f99a
R
N1
Fe 0/0Fe 0/1
N2
M2 M1
fe80::212:6bff:fe3a:9e9a
fe80::212:6bff:fe17:fc0f fe80::245:bcff:fe47:1530
U
nderstanding
IPv6Addressing
ZoneIDs resolving Link local address
-
5/28/2018 IPv6 Fundamentals
29/137
" ZoneID (or scopeID)! Provides the extra routing information required! Automatically assigned by the operating system! Only locally significant
" A full link-local address is written as : address%zoneID" Examples of some full link-local addresses with zoneIDs:! [Windows] ping fe80::245:bcff:fe47:1530%11! [Linux] ping6 fe80::245:bcff:fe47:1530%eth0
www.afrinic.net | slide 29
ZoneIDs resolving Link local addressambiguity
U
nderstanding
IPv6Addressing
E l f i Z ID
-
5/28/2018 IPv6 Fundamentals
30/137
" Windows Host X: fe80::1ce:c01d:dead:babe%7" Windows Host Y: fe80::dead:beef:1ce:c01d%10" Ping from X -> Y is accomplished thus! Use the link local address of Host Y! Append the ZoneID of Host X on the same broadcast domain! ping fe80::dead:beef:1ce:c01d%7 [correct]! ping : fe80::dead:beef:1ce:c01d%11 [wrong]
U
nderstanding
IPv6Addressing
Examples of using ZoneID
www.afrinic.net | slide 30
U i L l Add
-
5/28/2018 IPv6 Fundamentals
31/137
" Private address space anyone can use without going to an ISP orRIRs
" Prefix fc00::/7 and L flag indicates whether the prefix is locallyassigned (1) or globally assigned (0)
! For L=1, we have fd00::/8for ULAs that anyone can assign.! For L=0, we have fc00::/8for ULAs that are centrally
assigned.
" Scope is global but they are usually filtered by e-BGP routerswww.afrinic.net | slide 31
Unique Local Addresses
Global ID SubnetID InterfaceID
40 bits 64 bits16 bits8
bits
1111 110L
U
nderstanding
IPv6Addressing
U i L l Add Gl b lID Al ith
-
5/28/2018 IPv6 Fundamentals
32/137
1. Get the current time on the day in 64bit NTP format.2. Get the EUI-64 identifier from the MAC address or other unique
identifier.
3. Concatenate (1) and (2)4. Compute the SHA-1 digest of (3)5. Use the least significant 40 bits of (4) as your globalID
U
nderstanding
IPv6Addressing
Unique Local Addresses: GlobalID Algorithm
www.afrinic.net | slide 32
Global ID SubnetID InterfaceID
40 bits 64 bits16 bits8
bits
1111 110L
6to4 Transition Addresses
-
5/28/2018 IPv6 Fundamentals
33/137
" IPv4-derrived address used in the 6to4 transition mechanism" WWXX:YYZZ is the hex form of public v4 address w.x.y.z" Each public IPv4 address gives an entire /48 IPv6 prefix
U
nderstanding
IPv6Addressing
6to4 Transition Addresses
www.afrinic.net | slide 33
WWXX:YYZZ SubnetID2002 InterfaceID
48 bits 64 bits16 bits
w.x.y.z
Generating the InterfaceID Last 64 bits
-
5/28/2018 IPv6 Fundamentals
34/137
"Manually typed by an admin on an interface"Automatically! The EUI-64 algorithm.! A pseudo-random number.! A public key (e.g. in the CGAs)
"Reserved interfaceIDs (RFC 5433)! Subnet router anycast: 0000:0000:0000:0000! Reserved subnet anycast: fdff:ffff:ffff:ff80 - ffUn
derstanding
IPv6Addressing
Generating the InterfaceID Last 64 bits
www.afrinic.net | slide 34
EUI 64 Automatic InterfaceID Generation
-
5/28/2018 IPv6 Fundamentals
35/137
U
nderstanding
IPv6Addressing
EUI-64 Automatic InterfaceID Generation
www.afrinic.net | slide 35
Privacy concerns with EU 64
-
5/28/2018 IPv6 Fundamentals
36/137
" For a given MAC address! The EUI-64 interfaceID is fixed! It is re-used with the prefix of any network encountered
" It is possible to track a user from their interfaceID! The prefix says what network a user is on! The MAC address can be inferred from the interfaceID
" Privacy addressing (RFC4941) deals with this issueU
nderstanding
IPv6Addres
sing
Privacy concerns with EU-64
learn.afrinic.net | slide 36
IPv4 Mapped Transition Addresses
-
5/28/2018 IPv6 Fundamentals
37/137
" An IPv4 address represented in IPv6 format" Form: ::ffff:w.x.y.z/96 where w.x.y.z is a normal IPv4 address." Internally represents a v4 node to a v6 node" Never used as a source or destination v6 addressU
nderstanding
IPv6Addres
sing
IPv4-Mapped Transition Addresses
www.afrinic.net | slide 37
0 ffff IPv4 Address
80 bits 16 bits 32 bits
ISATAP transition addresses
-
5/28/2018 IPv6 Fundamentals
38/137
" An IPv6 address formed from an private IPv4 address" Automatically generated and assigned to ISATAP tunnels" Form: 64bitPrefix:0:5efe:a.b.c.d! Where a.b.c.d is an RFC1918 private IPv4 addressU
nderstanding
IPv6Addres
sing
ISATAP transition addresses
www.afrinic.net | slide 38
Prefix 0000:5efe Private IPv4 Address
64 bits 32 bits 32 bits
Multicast addresses
-
5/28/2018 IPv6 Fundamentals
39/137
" Used as the destination of multicast communication" Start with bits 1111 1111 which is prefix: ff00::/8" Bits 8 16 specify further characteristics of the addressU
nderstanding
IPv6Addres
sing
Multicast addresses
www.afrinic.net | slide 39
GroupID
112 bits
1111 1111
8
bits
4
bits
4
bits
Scope
Flags
The Flag Bits in multicast addresses
-
5/28/2018 IPv6 Fundamentals
40/137
The Flag Bits in multicast addresses
www.afrinic.net | slide 40
U
nderstanding
IPv6Addres
sing
Bit Description
3 Reserved (must be set to 0)
2 (R flag) Rendezvous Point address is embedded (1) or not (0)
1 (P flag) Address is based on a unicast prefix (1) or not (0)
0 (T flag) Address is well-known (0) or dynamically assigned (1)
The Scope Bits in multicast addresses
-
5/28/2018 IPv6 Fundamentals
41/137
The Scope Bits in multicast addresses
www.afrinic.net | slide 41
U
nderstanding
IPv6Addres
sing
Binary Hex Scope
0001 0x1 Interface
0010 0x2 Link
0100 0x4 Administrative
0101 0x5 Site
1000 0x8 Organisation
1110 0xe Global
Others Unassigned or Reserved
Some reserved multicast groups
-
5/28/2018 IPv6 Fundamentals
42/137
Some reserved multicast groups
www.afrinic.net | slide 42
Some Well-Known/Reserv d Multicast Groups
Address Scope Description
FF01::1 1=Interface All nodes on the interface
FF02::1 2=Link All nodes on the link
FF01::2 1=Interface All routers on the interface
FF02::2 2=Link All routers on the linkFF05::2 5=site All routers in the site
FF02::5 2=Link All OSPFv3 routers
FF02::6 2=Link OSPFv3 designated routers
FF02::A 2=Link All EIGRPv6 routers
FF02::D 2=Link All PIM routers
FF02::1:FFXX:XXXX 2=Link Solicited-node address
U
nderstanding
IPv6Addres
sing
The Solicited Node multicast address
-
5/28/2018 IPv6 Fundamentals
43/137
" Multicast address for all nodes with the same IPv6 address" Constructed as follows:! Prefix FF02::1:FF00:/104! Last 24 bits of the IPv6 unicast address! See examples next slide
The Solicited Node multicast address
IPv6Esse
ntialTheory
www.afrinic.net | slide 43
Prefix InterfaceID
FF02:1::FF00: Lower 24 bits
104 bits 24 bits
Solicited node multicast addresses in action
-
5/28/2018 IPv6 Fundamentals
44/137
#show ipv6 interface g0/0GigabitEthernet0/0 is up, line protocol is upIPv6 is enabled, link-local address is FE80::CA9C:1DFF:FE6B:B6A0No Virtual link-local address(es):Description: [Link to R1]
Global unicast address(es):2001:43F8:90:C0::2, subnet is 2001:43F8:90:C0::/64Joined group address(es):FF02::1FF02::2FF02::1:FF00:2FF02::1:FF6B:B6A0
MTU is 1500 bytes
IPv6Esse
ntialTheory
Solicited node multicast addresses in action
www.afrinic.net | slide 44
IPv6 address literals in URLs
-
5/28/2018 IPv6 Fundamentals
45/137
" Problem: The colon in v6 addresses has another meeting in urls! It is a core part of the http://!
It is also used to specify the port
" Solution: enclose the IPv6 address in square bracketshttp://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/
http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:80/
IPv6 address literals in URLs
www.afrinic.net | slide 45
IPv6 literals in UNC path names
-
5/28/2018 IPv6 Fundamentals
46/137
" Problem: The colon a illegal character in Microsoft UNCpathnames
" The solution:! Replace all colons in the address with a dash! Replace any % in the zoneID with an s! Append .ipv6-literal.net to the address
" Example: 2001:db8:85a3:8d3:1319:8a2e:370:73482001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net" Example: fe80::1%4fe80--1s4.ipv6-literal.net
IPv6 literals in UNC path names
www.afrinic.net | slide 46
Summary of IPv6 Address Types
-
5/28/2018 IPv6 Fundamentals
47/137
Su a y o 6 dd ess ypes
www.afrinic.net | slide 47
ummary of IPv6 Address Types
Type Struc ure (16 bit bound ries)
Global Unicast lobalID SubnetID Interf ceID
Link-local fe80 0 Interf ceID
Unique-local fc00 0 SubnetID Interf ceID
Unique-local fd00 0 SubnetID Interf ceIDIPv4-mapped 0 ffff
6to4 2002 SubnetID Interf ceID
ISATAP 64bit v6 Prefi > 0 5efe
Unspecified 0Loopback 0 0001
Multicast ff Multicast Gro pID
U
nderstandingIPv6Addres
sing
IPv6 addressing exercise
-
5/28/2018 IPv6 Fundamentals
48/137
Display the IPv6 configuration on your laptop
U
nderstandingIPv6Addres
sing
g
www.afrinic.net | slide 48
-
5/28/2018 IPv6 Fundamentals
49/137
After this section you should be able to:
IPv6fromanIPv4Perspective
Describe the IPv6 header, noting differences from the v4 header Identify the IPv6 equivalents and functioning of key IPv4 protocols
The IPv6 packet structure
-
5/28/2018 IPv6 Fundamentals
50/137
p
www.afrinic.net | slide 50
IPv6froma
n
IPv4Perspective
Key characteristics of the IPv6 packet
-
5/28/2018 IPv6 Fundamentals
51/137
"Fixed header size of 40 bytes (320 bits)"Fragmentation not allowed by routers, only end hosts"Minimum supported MTU is 1280 bytes"Optional layer 3 information is put in extension headers
just before the upper-layer headerIPv6froma
n
IPv4Perspec
tive
y p
www.afrinic.net | slide 51
IPv6 extension headers
-
5/28/2018 IPv6 Fundamentals
52/137
"Serve similar functionality to IPv4 Options headers"Processed only at packet's destination, except for Hop-
by-Hop Options header
"Only appear once in a packet, except for theDestination Options header which appears twice
"A node discards the packet with a Parameter Problemmessage in the following circumstances
"It sees an un-recognized extension header"A Next Header value 0 appears in a header other
than the fixed header
IPv6froma
n
IPv4Perspec
tive
www.afrinic.net | slide 52
IPv6 packet without extension header
-
5/28/2018 IPv6 Fundamentals
53/137
IPv6froma
n
IPv4Perspec
tive
learn.afrinic.net | slide 53
Courtesy:cisco.com
IPv6 packet with extension headers
-
5/28/2018 IPv6 Fundamentals
54/137
IPv6froma
n
IPv4Perspec
tive
learn.afrinic.net | slide 54
Courtesy:cisco.com
List and order of IPv6 extension headers
-
5/28/2018 IPv6 Fundamentals
55/137
IPv6froma
n
IPv4Perspec
tive
learn.afrinic.net | slide 55
Order Header Code Description1 Basic IPv6 header
2 Hop-by-hop options 0 Examined by all hosts in path
3 Destination options 60 Examined only by destination node
4 Routing 43 Specify the route for a datagram (mobilev6)
5 Fragment 44 Fragmentation parameters
6 Authentication (AH) 51 Verify packet authenticity
7 ESP 50 Encrypted data
8 Destination options 60 Examined only by destination node
9 Mobility 135 Parameters for use with mobile IPv6
The IPv6 header compared to IPv4 header
-
5/28/2018 IPv6 Fundamentals
56/137
www.afrinic.net | slide 56
Version Header Length TOS Total Length
Identification Flags Fragment OffsetTTL Protocol Header Checksum
Source Address
Destination Address
Options
Version Traffic Class Flow Label
Payload Length Hop Limit
Source Address
Next Header
Source Address
0 4 8 12 16 20 24 28 32
IPv6froma
n
IPv4Perspec
tive
IPv6 packet header on the wire
-
5/28/2018 IPv6 Fundamentals
57/137
www.afrinic.net | slide 57
IPv6froma
n
IPv4Perspec
tive
Packet header structure changes from IPv4
-
5/28/2018 IPv6 Fundamentals
58/137
www.afrinic.net | slide 58
IPv6froma
n
IPv4Perspec
tive IPv4 header fields removed from the base IPv6 header
! Fragmentation fields [Identification, flags, fragment offset]! Options
IPv4 header fields eliminated in IPv6
! Header checksum! Header length
Revised fields
! TTL#Hopcount! Protocol#Nextheader!
PrecedenceandToSfields#
TrafficclassNew fields
! Flow label
IPv4 vs IPv6 key functionality comparison
-
5/28/2018 IPv6 Fundamentals
59/137
www.afrinic.net | slide 59
IPv6froma
n
IPv4Perspec
tive IPv4 IPv6
Network Access Layer! Ethernet and variants! PPP for serial links! ATM
! Ethernet and variants! PPP for serial links! ATM
Host auto-configuration! DHCP ! DHCPv6
! Stateless Address configurationNetwork to Link-layer Address Resolution
! ARP broadcasts ! NDP via ICMPv6 (NS, NA)
IPv4 vs IPv6 key functionality comparison
-
5/28/2018 IPv6 Fundamentals
60/137
www.afrinic.net | slide 60
IPv6froma
n
IPv4Perspec
tive IPv4 IPv6
FQDN to IP-address resolution! DNS client-server! A resource records! In-addr-arpa. reverse zone
! DNS client-server! AAAA resource records! ip6.arpa reverse zone
Host multicast group membership! IGMPv1! IGMPv2 ! MLDv1
Automatic default gateway configuration
! DHCP, IRDP, passive RIP ! NDP via ICMPv6 (RA)
IPv4 vs IPv6 key functionality comparison
-
5/28/2018 IPv6 Fundamentals
61/137
www.afrinic.net | slide 61
IPv6froman
IPv4Perspec
tive IPv4 IPv6
Routing protocols! Static routing! RIPv1, RIPv2! OSPFv2! BGP4+ IPv4 AF
! Static routing! RIPng! OSPFv3! BGP4+ IPv6 AF
Minimum MTU size
! 576 bytes ! 1280 bytesSending packets to all hosts on subnet
! Broadcast to subnetbroadcast Multicast to ALL_NODES (ff02::1)
Resolving names to IPv6 addresses
-
5/28/2018 IPv6 Fundamentals
62/137
"Most modern DNS servers support IPv6! AAAA records for IPv6 to FQDN mapping! PTR records under ip6.arpa. TLD for FQDN to IP
mapping"DNS is transport-protocol agnostic i.e.! A query over IPv4 could yield AAAA records! A query over IPv6 could yield A records
www.afrinic.net | slide 62
IPv6froman
IPv4Perspec
tive
Sample IPv6 resource records
-
5/28/2018 IPv6 Fundamentals
63/137
www.afrinic.net | slide 63
IPv4 IPv6
FQDN toIP Address
[A record]voyager.starfleet.org A
197.1.0.77
[AAAA record]voyager.starfleet.org IN AAAA
2001:0470:0000:0064:0000:0000:0000:0002
IP Addressto FQDN
[PTR record]77.0.1.197.in-addr.arpa
PTR voyager.starfleet.org
[PTR record]2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.6.0.0.0
.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa IN PTRvoyager.starfleet.orgIP
v6froman
IPv4Perspec
tive
Generating IPv6 PTR records
-
5/28/2018 IPv6 Fundamentals
64/137
Write the IPv6 address in full reverse Separate each hexit by a period Append the ip6.arpa domain"Example with sipcalc
www.afrinic.net | slide 64
IPv6froman
IPv4Perspec
tive
The usual DNS test tools work as expected
-
5/28/2018 IPv6 Fundamentals
65/137
www.afrinic.net | slide 65
IPv6froman
IPv4Perspec
tive
-
5/28/2018 IPv6 Fundamentals
66/137
After this section you should be able to:
TheKeyIPv6FunctionalityProtocols
Describe the importance and functioning of IPv6 ND Describe how ND is used in other key functions of IPv6
ls
IPv6 Neighbor Discovery Protocol (ND)
-
5/28/2018 IPv6 Fundamentals
67/137
"Key protocol upon which most of IPv6s functionalitydepends
"Used by both hosts and routers"Consists of a set of ICMPv6 messages"Works at network layer, thus can use IPsec"Different message exchanges deliver various
functionalitiesTheKeyIPv6FunctionalityProtocol
www.afrinic.net | slide 67
Functions of IPv6 Neighbor Discovery (ND)ls
-
5/28/2018 IPv6 Fundamentals
68/137
www.afrinic.net | slide 68
TheKeyIPv6FunctionalityProtoco
Addressre
solutionAddress
autocon"guration
Parameter discovery
Pre"x discovery
Router discovery
Host Router Functions
Duplicate addressdetection
Neighbour
unreachability detection
Next-hop determination
Address resolution
Host CommunicationFunctions
Neighbour Discovery Protocol
ls
5 ICMPv6 messages used by ND
-
5/28/2018 IPv6 Fundamentals
69/137
TheKeyIPv6FunctionalityProtoco
www.afrinic.net | slide 69
ND
NeighbourSolicitation
Neighbour
Advertisement
RouterSolicitationRouterAdvertisement
Redirect
ols
Router Solicitations and Advertisement
-
5/28/2018 IPv6 Fundamentals
70/137
TheKeyIPv6Fu
nctionalityProtoco
www.afrinic.net | slide 70
ols
The Router Solicitation message
-
5/28/2018 IPv6 Fundamentals
71/137
TheKeyIPv6Fu
nctionalityProtoco
www.afrinic.net | slide 71
Sent by IPv6 hostPurpose Find out what routers are present on the link
Src address !IP of querying interface if one exist!Unspecified address ::) if there is no IP address yet
Dst address FF02::2 all-routers)Notes ICMP type 133, ICMP code 0
ols
Sample RS packet capture
-
5/28/2018 IPv6 Fundamentals
72/137
TheKeyIPv6Fu
nctionalityProtoco
www.afrinic.net | slide 72
ols
The Router Advertisement message
-
5/28/2018 IPv6 Fundamentals
73/137
TheKeyIPv6Fu
nctionalityProtoco
www.afrinic.net | slide 73
Sent by IPv6 routerPurpose !Advertise its presence prefixes, MTU, hop limits
!Sent periodically or in response to a RS
Src address Routers link local IPv6 address
Dst address !FF02::1 all-v6-nodes) for periodic broadcasts!v6 address of querying node if responding to a RS
Notes ICMP type 134, ICMP code 0
ols
RA Message on the Wire
-
5/28/2018 IPv6 Fundamentals
74/137
TheKeyIPv6Fu
nctionalityProtoco
www.afrinic.net | slide 74
ols
Sample RA packetcapture
-
5/28/2018 IPv6 Fundamentals
75/137
TheKeyIPv6Fu
nctionalityProtoco
www.afrinic.net | slide 75
ols
Neighbour Solicitations and Advertisements
-
5/28/2018 IPv6 Fundamentals
76/137
Th
eKeyIPv6Fu
nctionalityProtoco
www.afrinic.net | slide 76
ols
The Neighbour Solicitation message
-
5/28/2018 IPv6 Fundamentals
77/137
Th
eKeyIPv6Fu
nctionalityProtoco
www.afrinic.net | slide 77
Sent by IPv6 host
Purpose!Find out link layer address of another host.!Duplicate address detection.!Verify that a neighbour is reachable.
Src address !IP of querying interface if one exist!Unspecified address (::) if there is no IP address yetDst address
!Target neighbours address if known!Solicited node multicast address of target otherwise
Notes ICMP type 135, ICMP code 0
ols
The Neighbour Advertisement message
-
5/28/2018 IPv6 Fundamentals
78/137
Th
eKeyIPv6Fu
nctionalityProtoc
www.afrinic.net | slide 78
Sent by IPv6 host
Purpose!Response to a neighbour solicitation (NS)!Periodically to update neighbors.
Src address!Manual or auto configured address of originatinginterface.
Dst address!IP address of the node which sent the NA.!FF02::1 for periodic advertisements.
Notes ICMP type 136, ICMP code 0
cols
Capture of an NA from a router in responseto a NS
-
5/28/2018 IPv6 Fundamentals
79/137
Th
eKeyIPv6Fu
nctionalityProtoc
www.afrinic.net | slide 79
cols
Packet capture of NA message from a host
-
5/28/2018 IPv6 Fundamentals
80/137
Th
eKeyIPv6Fu
nctionalityP
rotoc
www.afrinic.net | slide 80
cols
The Redirect message
-
5/28/2018 IPv6 Fundamentals
81/137
Th
eKeyIPv6Fu
nctionalityP
rotoc
www.afrinic.net | slide 81
Sent by IPv6 router
Purpose Informs a node of a better next-hop router.
Srcaddress Link local address of router.
Dstaddress
IP address of requesting node.Notes ICMP type 137, ICMP code 0
Duplicate address detection
cols
-
5/28/2018 IPv6 Fundamentals
82/137
www.afrinic.net | slide 82
Th
eKeyIPv6Fu
nctionalityP
rotoc
N2
N1
N3
Tentative IP: 2001:db8::2:260:8ff:fe53:f9d8
IP: 2001:db8::2:260:8ff:fe53:f9d8
NS1
src: ::
dst: FF02::1:FF53:F9D8
hop limit: 255Target: 2001:DB8::2:260:8FF:FE53:F9D8
NA2
src: 2001:DB8::2:260:8FF:FE53:F9D8dst: FF02::1
hop limit: 255
Target: 2001:DB8::2:260:8FF:FE53:F9D8
cols
Duplicate address detection
-
5/28/2018 IPv6 Fundamentals
83/137
" DAD is performed on ALL unicast addresses" DAD is NEVER performed for anycast addresses" If DAD fails! That address cannot be assigned to the interface.! All addresses using that InterfaceID are also not unique! A system management error must be logged
" Unrelated packets sent to a tentative address are discardedTh
eKeyIPv6Fu
nctionalityP
rotoc
www.afrinic.net | slide 83
How duplicate address detection works
cols
-
5/28/2018 IPv6 Fundamentals
84/137
Host N1 is going to assign address A on its interface I Interface I joins multicast groups:! ff02::1 -- All IPv6 nodes! ff02::ff00:0:a solicited node multicast address for A
N1 sends NS message to ff02::ff:0:a sourced from :: N1 listens for any NS messages to ff02::ff00:0:a from :: DAD fails under any of the following circumstances! N1 receives an NS for a tentative address prior to sending one.! More NSs are received than those expected based on loopback semantics
www.afrinic.net | slide 84
Th
eKeyIPv6Fu
nctionalityP
rotoc
cols
NS packet capture illustrating duplicateaddress detection (DAD)
-
5/28/2018 IPv6 Fundamentals
85/137
Th
eKeyIPv6Fu
nctionalityP
rotoc
www.afrinic.net | slide 85
Link-layer address resolution using ND
cols
-
5/28/2018 IPv6 Fundamentals
86/137
www.afrinic.net | slide 86
N2
N1
NS1
src: IPv6 address [N1]
dst: Solicited node multicast [N2]
data: Link layer address [N1]
query: "what's your link layer address?"
src: IPv6 address [N2]
dst: IPv6 address [N1]
data: Link layer address [N2]
NA 2
Th
eKeyIPv6Fu
nctionalityP
roto
ocols
Neighbour unreachability detection
-
5/28/2018 IPv6 Fundamentals
87/137
" Does not necessarily verify end-to-end reach-ability since aneighbour could be a router (not the final destination)
" How it works:! Send a probe to desired hostssolicited node multicastaddress and receiving a NA or RA in response! Receive a clue from higher level protocol that to say
communication is happening e.g TCP ACK
Th
eKeyIPv6Fu
nctionalityP
roto
www.afrinic.net | slide 87
ocols
NS packet capture for neighbour reachabilityveri"cation
-
5/28/2018 IPv6 Fundamentals
88/137
Th
eKeyIPv6Fu
nctionalityP
roto
www.afrinic.net | slide 88
-
5/28/2018 IPv6 Fundamentals
89/137
After this section you should be able to:
BasicIPv6Configuration
Configure and verify IPv6 on Windows operating systems Configure and verify IPv6 on Linux operating systems Configure and verify IPv6 on the MAC OS X operating system Configure and verify IPv6 on Cisco IOS Configure and verify IPv6 on Junos
Most Operating Systems have IPv6 enabledby default!
-
5/28/2018 IPv6 Fundamentals
90/137
Operating system IPv6 supported
Windows Windows XP Service Pack 2 and up
Mac OS X 10.4 (Tiger) and up
GNU Linux Kernel 2.6 and up
FreeBSD FreeBSD 4.0 and up
Cisco IOS IOS 12.4; 12.3; 12.xT from 12.2T and up
Junos Junos 5.1 and upBasicIPv6Con"guration
learn.afrinic.net | slide 90
Host Con"guration: Windows Vista/7
-
5/28/2018 IPv6 Fundamentals
91/137
www.afrinic.net | slide 91
BasicIPv6Con"gurati
on
Host con"guration: Mac OS X
-
5/28/2018 IPv6 Fundamentals
92/137
BasicIPv
6Con"gurati
on
www.afrinic.net | slide 92
Host Con"guration: Linux
-
5/28/2018 IPv6 Fundamentals
93/137
www.afrinic.net | slide 93
BasicIPv
6Con"gurati
on
Configure IPv6 on an interface$ifconfig eth0 inet6 add 2001:db8:fedc:abcd::1/64
force an interface to come up at boot-up and get address automatically.In /etc/network/interfacesauto eth0iface eth0 inet manual up /sbin/ip -6 link set eth0 up
Verify#ifconfig eth0 OR
#ip -6 addr show eth0
Working with privacy addresses
-
5/28/2018 IPv6 Fundamentals
94/137
" Privacy address status on various operating sytems! Windows Vista/7 Enabled by default! Mac OS X Not enabled by default! Linux - not enabled by default
" Generally, enabling privacy addresses is not recommendedBasicIPv
6Con"gurati
on
learn.afrinic.net | slide 94
Disabling privacy addressing
-
5/28/2018 IPv6 Fundamentals
95/137
www.afrinic.net | slide 95
BasicIPv
6Con"gurati
on
Windows Vista/7c:\netsh interface ipv6 set privacy state=enabled|disabledc:\netsh interface ipv6 set global randomizeidentifiers=enabled|disabled
Mac OS XIn /etc/sysctl.confnet.inet6.ip6.use_tempaddr=0|1net.inet6.ip6.temppltime=XX //lifetime of temporary address
Linux#echo "1" > /proc/sys/net/ipv6/conf/default/use_tempaddr
Con"guring basic IPv6 on Cisco IOS
-
5/28/2018 IPv6 Fundamentals
96/137
www.afrinic.net | slide 96
BasicIPv
6Con"gurati
on Enable IPv6 on an Interface
(config)#ipv6 enable
Assign an IPv6 address with automatic interfaceID(config)#ipv6 address Prefix/prefix-length eui-64
Assign a static IPv6 address(config)#ipv6 address v6address/prefix-length
Enable IPv6 routing and CEF(config)#ipv6 unicast-routing(config)#ipv6 cef
Con"guring basic IPv6 on Junos
-
5/28/2018 IPv6 Fundamentals
97/137
www.afrinic.net | slide 97
BasicIPv
6Con"guration Enable IPv6 on an Interface
Assign an IPv6 address with automatic interfaceID
Assign a static IPv6 address
Enable IPv6 routing and CEF
-
5/28/2018 IPv6 Fundamentals
98/137
After this section you should be able to: Describe the options for provisioning addresses in IPv6 Describe, and verify how SLAAC works Describe and verify how DHCPv6 works Describe how DHCPv6-PD works
AddressProvisioninginIPv6
Device g
Provision requirements
-
5/28/2018 IPv6 Fundamentals
99/137
HostsIPv6 address
Default gateway
DNS server
CPEsIPv6 address
Default gateway
DNS server
Prefix for LAN(s)
IPv6Addr
essProvision
ing
learn.afrinic.net | slide 99
" The Problem with Traditional DHCP
Automatic IP Con"guration
g
-
5/28/2018 IPv6 Fundamentals
100/137
" The Problem with Traditional DHCP! It's a link-layer protocol and thus can't be routed without use of
relays on every subnet.
! Network and server staff are usually different thus closecoordination is needed (plus usual OSI Layer 8 issues!!)
! Difficult to implement redundancy.! Susceptible to rogue DHCP servers.! If the lease database is corrupted, addresses can be given to
multiple machines.
" Because there are no broadcasts in IPv6, traditional DHCP wont work." The options in IPv6 are:! Stateless Auto-Configuration - new to IPv6! Stateful Auto-Configuration - DHCPv6
www.afrinic.net | slide 100
IPv6Addr
essProvision
ing
g
Automatic IP Con"guration
-
5/28/2018 IPv6 Fundamentals
101/137
IPv6Addr
essProvision
ing
www.afrinic.net | slide 101
Typical configuration parametersIPv6 address For client WAN address
Required by clients and CPEs
DNS resolvers Required by clients and CPEsIPv6 delegatedprefix
Required by CPEs to automate LAN-sideconfiguration
g
Automatic IPv6 Con"guration
-
5/28/2018 IPv6 Fundamentals
102/137
IPv6AddressProvision
ing
www.afrinic.net | slide 102
" Enterprise and campus network config requirements! IPv6 address for the hosts interface! Default routers! DNS resolvers & other options
" Service Provider network config requirements! IPv6 address for CPE WAN interface! Default route to be used by client network! Prefix to be use for CPE LAN interface(s)
" The problem:
Options for Automatic Address Provisioning
g
-
5/28/2018 IPv6 Fundamentals
103/137
" The problem:! SLAAC does not hand out DNS server addresses! DHCPv6 does not hand out default router address! CPEs need auto-delegated prefix for simplicity
" Options: Stateful & stateless DHCPv6 and SLAAC+RDNSS
www.afrinic.net | slide 103
IPv6AddressProvision
ing
Stateful DHCP Stateless DHCP SLAAC RDNSSIPv6 Address DHCPv6 RA RA
Default routers RA RA RA
DNS resolver DHCPv6 DHCPv6 RA
Delegated prefix DHCPv6-PD DHCPv6-PD N/A
g
Stateless Auto-Con"guration How it Works
Network X
-
5/28/2018 IPv6 Fundamentals
104/137
" Host N2 will auto-configure anaddress for each of the advertises
prefixes 2001:db8:a::/64 and
2001:db8:d/64.
" Hosts will also auto-configure 2default routersIP
v6AddressProvision
ing
www.afrinic.net | slide 104
Network X
R1
N2
M2
ff02::1
R2
[RS] RA?1
[RA] 2001:db8:a::2
[RA] 2001:db8:d::3
ff02::1
ff02::1
H t t i t f ID d li k l l dd
Stateless Auto-Con"guration How it Works
g
-
5/28/2018 IPv6 Fundamentals
105/137
Host generates an interfaceID and a link-local address Perform Duplicate Address Detection [DAD] on selected address Query all routers (via RS messages) for additional Router responds with Router Advertisement [RA] which lists
allocated prefixes for the subnet and indicates if it can provide
routing services to connected hosts.
For each prefix received, the host adds its 64bit interfaceIDconfigures an address and does DAD.
Host build a list of 'default routers' from RAs. There's no singledefault gateway like in IPv4.
www.afrinic.net | slide 105
IPv6AddressProvision
ing
Stateless Auto-Con"guration How it Works
tive
-
5/28/2018 IPv6 Fundamentals
106/137
" The routers on the subnet are pre-configured with:! Appropriate IPv6 addresses on their interfaces.! Desired prefixes for use on the subnet.! Someday: List of DNS servers to send to hosts [RFC6106]
" If the router advertise multiple prefixes, the host(s) will auto-configure an address for each of the prefixes.
" If multiple routers advertise themselves as default, host typicallychooses and uses one till it fails, then it uses other.
www.afrinic.net | slide 106
IPv6froma
nIPv4Perspe
ct
Advantages of SLAAC Over Traditional DHCP
g
-
5/28/2018 IPv6 Fundamentals
107/137
"
No separate servers or relays needed on each subnet" No need to involve server admins with management of IP
addresses
" Easy to provide redundancy by plugging in more routers sincethey don't keep state
" No risk of duplicate addresses even after a router fails" Rogue routers less likely and if they do occur, their prefix will
just be in addition to the correct prefixes
" Enables network re-numbering on the flywww.afrinic.net | slide 107
IPv6AddressProvision
in
Con"guring a Cisco Router for StatelessAuto-Con"guration
Network X
ng
-
5/28/2018 IPv6 Fundamentals
108/137
www.afrinic.net | slide 108
Network X
R1
N2
M2
ff02::1
R2
[RS] RA?1
[RA] 2001:db8:a::2
[RA] 2001:db8:d::3
ff02::1
ff02::1
R1(config)Interface fastethernet 0/1R1(config-if)ipv6 nd prefix 2001:db8:a::/64
R1(config)Interface fastethernet 0/1
R1(config-if)ipv6 nd prefix 2001:db8:d::/64
IPv6AddressProvision
in
" Host gets all of its config parameters from central server" Central server can keep state of who has what address
Stateful Con"guration with DHCPv6
ng
-
5/28/2018 IPv6 Fundamentals
109/137
" Central server can keep state of who has what address" A host will use DHCPv6 instead of SLAAC if it gets an RA
message with the M flag = ON and A flag=OFF" Multicast addresses used by DHCPv6! All_DHCP_Relay_Agents_and_Servers (FF02::1:2)! All_DHCP_Servers (FF05::1:3)
" DHCP Messages:! Clients listen on UDP port 546! Servers and relay agents listen on UDP port 547
" Currently does not support a default gateway option!!www.afrinic.net | slide 109
IPv6AddressProvision
in
How Stateful DHCPv6 Works
Client Router/DHCP RelayDHCP Server
ng
-
5/28/2018 IPv6 Fundamentals
110/137
www.afrinic.net | slide 110
[ND] RS?1
[DHCP] Solicit3
[DHCP] Solicit4
[ND] RA (M set)2
[DHCP] Advertise (addr)5
[DHCP] Advertise (addr)6
[DHCP] Request (addr)7
[DHCP] Request (addr)8
[DHCP] Reply (addr)9
[DHCP] Reply (addr)10
[DHCP] Confirm (addr)11
[DHCP] Confirm (addr)12
IPv6AddressProvision
in
Advantages:) Si il t DHCP 4 ill b f ili t t tn
g
Stateful DHCPv6
-
5/28/2018 IPv6 Fundamentals
111/137
a) Similar to DHCPv4, so will be familiar to most operators.b) More options to control how addresses are allocated e.g.! Restrict assignments to a small range of addresses! Map IP addresses to specific clients.
c) Dynamic DNS (DDNS) updates from a central server is moresecure than permitting individual host to update the DNS.
d) It has options to configure other services.e) Can produce centralized accounting logs (troubleshooting and
forensics).Disadvantages:
a) No DHCPv6 clients yet on some operating systems e.g, Android.b) Configuration information for addresses and DNS resolvers mustbe maintained in separate locations.
IPv6AddressProvisionin
www.afrinic.net | slide 111
ng
Stateless DHCPv6
Client Router DHCP Server
-
5/28/2018 IPv6 Fundamentals
112/137
IPv6AddressProvisionin
www.afrinic.net | slide 112
[ND] RS?1
[DHCP] SolicitOptions e.g DNSserver
3
[DHCP] AdvertiseDNS server address
5
[ND] RAPrefix:
Default router:"O" flag set
2
[DHCP-RELAY] SolicitOptions
4
[DHCP-RELAY] AdvertiseDNS server address
6
Advantages:n
g
Stateless DHCPv6
-
5/28/2018 IPv6 Fundamentals
113/137
!Support for SLAAC is ubiquitous.
! Non-DHCPv6 hosts will still be able to get basic connectivity.(the DNS resolvers can be manually configured )
! Like stateful DHCPv6, other options possible (e.g NTP etc)Disadvantages:! Zero control over how addresses are allocated! If using DDNS, permitting DDNS updates from all clients is
insecure.
!Privacy concerns if EUI-64 method is used for interfaceID
! No centralized log for forensicsIPv6AddressProvisionin
www.afrinic.net | slide 113
ng
SLAAC + RDNSS
-
5/28/2018 IPv6 Fundamentals
114/137
"SLAAC plus the Recursive DNS server option
" Advantages:! Single protocol (IPv6 ND) thus simpler configuration!
Support for SLAAC is ubiquitous
" Disadvantages:! RDNSS option not widely supported!
No other parameters besides DNS resolver are possible
IPv6AddressProvisionin
www.afrinic.net | slide 114
ng
DHCPv6 - PD
CPE PE
DHCP Server
-
5/28/2018 IPv6 Fundamentals
115/137
" Used to assign a delegated prefix to CPE to use on its LAN." The PE inserts a static route for the delegated prefix in its table
IPv6Add
ressProvisioni
www.afrinic.net | slide 115
[DHCP] SolicitOptions: IAPD
2
[DHCP] AdvertiseDelegated Prefix
4
[DHCP-RELAY] SolicitOption: IAPD
3
[DHCP-RELAY] AdvertiseDelegated Prefix
5
Provision CPE WAN address1
Key Di#erences Between DHCPv4 & DHCPv6
ng
-
5/28/2018 IPv6 Fundamentals
116/137
www.afrinic.net | slide 116
IPv6Add
ressProvisioni
DHCPv6 Server Software
ing
-
5/28/2018 IPv6 Fundamentals
117/137
www.afrinic.net | slide 117
IPv6Add
ressProvisioni
-
5/28/2018 IPv6 Fundamentals
118/137
After this section you should be able to:
IPv6AddressPlanning
Subnet an IPv6 prefix Describe how IPv6 addresses are globally managed Estimate the IPv6 addressing needs of your network Carve out your allocated addresses and assign them
For a given IPv6 prefix P and prefix length L
The generic IPv6 subnetting problem
-
5/28/2018 IPv6 Fundamentals
119/137
g p p g
a) List all the sub-prefixes of length L thereinb) Break P into N subnets
Repeat for each sub-prefix as required
IPv6
subnetting
www.afrinic.net | slide 119
Parent prefix
Sub-prefix #1 Sub-prefix #2 Sub-prefix #3 Sub-prefix #n
IPv4 subnetting concepts to FORGET!
-
5/28/2018 IPv6 Fundamentals
120/137
The purpose of subnetting! IPv4: conserve address space! IPv6: planning and optimization for routing or
security VLSM vs SLSM theres no point to do VLSM in IPv6 Subnets vs hosts number of hosts is rarely relevant in
v6
IPv6
subnetting
www.afrinic.net | slide 120
Generic IPv6 subnetting procedure
-
5/28/2018 IPv6 Fundamentals
121/137
IPv6subnetting
www.afrinic.net | slide 121
Find subnet bits (s) Find Subnethexits
FindSubnetID
increment(B)Enumerate
subnetIDs
Step #1: Finding the subnet bits (s)
a) Both L and L are known
-
5/28/2018 IPv6 Fundamentals
122/137
IPv6subnetting
www.afrinic.net | slide 122
s = L L1
Ex: breaking a /32 to /56s needs 56-32=24 bits
b) Only the number of desired subnets is known
Ex: breaking a /36 into 900 networks needs
2s !N thus s =logN
log2
2s ! 700 thus s = log700log2
= 9.45 "10bits
Step #2: Finding the number of subnet hexits
" The distinguishing hexits of each subnet
-
5/28/2018 IPv6 Fundamentals
123/137
IPv6subnetting
www.afrinic.net | slide 123
"The distinguishing hexits of each subnet! Knowing number of subnet bits s! Knowing that 1 hexit = 4 bits, then! Number of subnet hexits = s/4 (round up)
"Ex: Breaking 2001:db8:c000::/36 to 900 subnets! s = log 900 log 2 = 9.81 10! # subnet hexits = 10/4 = 2.5 3! Each of the subnets will be like: 2001:db8:cHHH::/46
Step #3: Finding the Increment or Block (B)
" This is difference between consecutive subnetIDs
-
5/28/2018 IPv6 Fundamentals
124/137
IPv6subnetting
www.afrinic.net | slide 124
"This is difference between consecutive subnetIDs
"Ex: Breaking 2001:db8:c000::/36 to 900 subnets! s = 3 (calculated in previous slides)! L = L + s = 36 + 10 = 46! Format 2001:db8:cHHH::/46 (calculated previously)!
B =216!(L'%16)
B =216!(46%16)
= 216!14
= 22=4 (0x4)
Step #4: Enumerating the subnetIDs
"At this point you know the general subnet format
-
5/28/2018 IPv6 Fundamentals
125/137
IPv6subnetting
www.afrinic.net | slide 125
p y g
"Taking the subnetIDs only, these form an arithmeticprogression with following characteristics
!Common difference d = block B! Initial term = 000
"Any term of the progression is"Substituting for d = B and initial term = 000"The nth term is:
an=a
0+ (n!1)d
an = (n!1)B
Step #4: Enumerating the subnetID example
" Ex: Breaking 2001:db8:c000::/36 to 900 subnets! s = 3 (calculated in previous slides)
-
5/28/2018 IPv6 Fundamentals
126/137
IPv6subnetting
www.afrinic.net | slide 126
( p )
! L = L + s = 36 + 10 = 46! Format 2001:db8:cHHH::/46 (calculated previously)! B = 4 (0x4) - as previously calculated
" First subnetID! [Decimal]: a1= 4(1-1) = 0 (0x0)! First subnet: 2001:db8:000::/46
" Last subnetID! [Decimal]: a1024 = 4(1024-1) = 4(1023) = 4092 (0xFFC)!
[Hex]: a400= 4(400-1) = 4(3ff) = FFC! Last subnet: 2001:db8:ffc::/46
Subnetting example : problem
-
5/28/2018 IPv6 Fundamentals
127/137
An ISP with operations in 10cities just got a 2001:db8::/
32allocation from AfriNIC, subnet this prefix accordinglyIPv6subnetting
www.afrinic.net | slide 127
" Number of subnets: N = 10" Subnet bits required (s): 2s 10 , s = 4 (round to nearest integer)
Subnetting example : analysis
ng
-
5/28/2018 IPv6 Fundamentals
128/137
" Subnet bits required (s): 2 10 , s 4(round to nearest integer)
" Thus, to subnet 2001:db8::/32 to cover 10 subnets,! Well need to use 4 bits! Those 4 bits give us 24= 16 subnets (weve 6 spare subnets)! Prefix length of each subnet is /36 (32+ 4= 36)
" Use the procedure discussed to enumerate the various subnets"
Verify your answer using subnet tools! e.g. sipcalc 2001:db8::/32v6split=36IPv6AddressPlanni
n
www.afrinic.net | slide 128
s =log 10
log 2=
1
0.301= 3.32 [4 approx]
sipcalc 2001:db8::/32 v6split=36| grep NetworkNetwork - 2001:0db8:0000:0000:0000:0000:0000:0000 -
Subnetting Enumerate Subnets(sipcalc)
ng
-
5/28/2018 IPv6 Fundamentals
129/137
Network - 2001:0db8:1000:0000:0000:0000:0000:0000 -Network - 2001:0db8:2000:0000:0000:0000:0000:0000 -Network - 2001:0db8:3000:0000:0000:0000:0000:0000 -Network - 2001:0db8:4000:0000:0000:0000:0000:0000 -Network - 2001:0db8:5000:0000:0000:0000:0000:0000 -Network - 2001:0db8:6000:0000:0000:0000:0000:0000 -Network - 2001:0db8:7000:0000:0000:0000:0000:0000 -
Network - 2001:0db8:8000:0000:0000:0000:0000:0000 -Network - 2001:0db8:9000:0000:0000:0000:0000:0000 -Network - 2001:0db8:a000:0000:0000:0000:0000:0000 -Network - 2001:0db8:b000:0000:0000:0000:0000:0000 -Network - 2001:0db8:c000:0000:0000:0000:0000:0000 -Network - 2001:0db8:d000:0000:0000:0000:0000:0000 -
Network - 2001:0db8:e000:0000:0000:0000:0000:0000 -Network - 2001:0db8:f000:0000:0000:0000:0000:0000 -
IPv6AddressPlanni
www.afrinic.net | slide 129
ng
Global IPv6 address management hierarchy
2000::/3
RIRpre!x::/w 12 !w !24
RIRpre!x::/w 12 !w !24
RIRpre!x::/w 12 !w !24
RIRpre!x::/w 12 !w !24
-
5/28/2018 IPv6 Fundamentals
130/137
IPv6AddressPlanni
www.afrinic.net | slide 130
LIRpre!x::/x y !x !32LIRpre!x::/x y !x !32
LIRpre!x::/x y !x !32LIRpre!x::/x y !x !32
LIRpre!x::/x y !x !32LIRpre!x::/x y !x !32
LIRpre!x::/x y !x !32
RIRpre!x::/w
RIRpre!x::/w 12!
w!
24
End-sitepre!x::/y x !y ![48 | 52 | 56 | 60]End-sitepre!x::/y x !y ![48 | 52 | 56 | 60]
End-sitepre!
x::/yx !y ![48 | 52 | 56 | 60]
End-sitepre!x::/y x !y ![48 | 52 | 56 | 60]End-sitepre!x::/y x !y ![48 | 52 | 56 | 60]End-sitepre!x::/y x !y ![48 | 52 | 56 | 60]
End-sitepre!x::/y x !y ![48 | 52 | 56 | 60]
[48 | 52 | 56 | 60] !z !64Subnet::/z[48 | 52 | 56 | 60] !z !64Subnet::/z[48 | 52 | 56 | 60] !z !64Subnet::/z[48 | 52 | 56 | 60] !z !64Subnet::/z[48 | 52 | 56 | 60] !z !64Subnet::/z [48 | 52 | 56 | 60] !z !64Subnet::/z
Host:network:pre!xSubnet::/64 InterfaceIDHost:network:pre!xSubnet::/64 InterfaceIDHost:network:pre!xSubnet::/64 InterfaceIDHost:network:pre!xSubnet::/64 InterfaceIDHost:network:pre!xSubnet::/64 InterfaceIDHost:network:pre!xSubnet::/64 InterfaceIDHost:network:pre!xSubnet::/64 InterfaceID
"/32 for LIRs is just minimum size according to most RIR policies.
ng
IPv6 address planning a few clari"cations
-
5/28/2018 IPv6 Fundamentals
131/137
j g p
" If you can show that you need more, you usually can get more!! Do NOT start with /32 [or /48] and try to fit in.! INSTEADanalyse your needs and apply based on them.
" RFCs recommend /64 for all subnets (even p2p and loopbacks)! DO allocate a /64 for all links but,! DO configure what makes operational sense (e.g /127 for p2p
and /128 for loopbacks)
! Do understand what will break if you use longer prefixeswww.afrinic.net | slide 131
IPv6AddressPlanni
Assign at least one /64 per individual network segment Ensure that all prefixes fall on nibble boundaries
ing
Some recommendations for planning
-
5/28/2018 IPv6 Fundamentals
132/137
Plan a hierarchical plan to allow for aggregation! Site: any logical L3 aggregation point (POP, building, floor, )! Region: a collection of site! Autonomous System
Assign at least one /48 per site Reserve one /48 per region for infrastructure needs! Loopback addresses assign from the first bottom of range! Inter-device links assign a /64 but configure what makes
operational sense (/126 , /127 ) Use same prefix lengths for all prefixes of the same level (SLSM)
www.afrinic.net | slide 132
IPv6AddressPlanni
For your largest SITE! Estimate the number of end-networks in it now
ing
Estimating the size of your initial IPv6 request
-
5/28/2018 IPv6 Fundamentals
133/137
! Adjust for growth in 5 years! Round to nearest nibble boundary. (maxSITEsize)
Estimate the number of #SITEsin your largest region (round tonibble boundary)
#of end-site prefixes: N= #regions x #SITEsx maxSITEsize Subnet bits required to give us N prefixes: Allocation size is! 48 s [if assigning /48s per end-site]! 52 s [if assigning /52s per end-site]
www.afrinic.net | slide 133
IPv6AddressPlanni
s =log
10N
log102
ing
About Nibble Boundaries
-
5/28/2018 IPv6 Fundamentals
134/137
Try to align allocation units to nibble boundaries
! Round up your estimates to 2nwhere n is a multiple of 4[16, 256, 4096, 65536 etc]
! Ensure your prefixes fall on the following nibbles:/12, /16, /20, /24, /28, /32, /36, /40, /44, /48, /52, /56, /60, /64IPv6AddressPlann
www.afrinic.net | slide 134
ing
Nibble boundary alignment example
-
5/28/2018 IPv6 Fundamentals
135/137
"Consider the range of addresses for 2001:db8:3c00::/40[first] 2001:db8:3c00:0000:0000:0000:0000:0000[last] 2001:db8:3cff:ffff:ffff:ffff:ffff:ffff
! Easy see that differentiatinghexits range from 0 - f"Consider the range of addresses for 2001:df8:3c00::/42
[first] 2001:db8:3c00:0000:0000:0000:0000:0000
[last] 2001:db8:3c3f:ffff:ffff:ffff:ffff:ffff
! Youll have to calculate the differentiatinghexitsIPv6AddressPlann
www.afrinic.net | slide 135
ing
IPv6 Address Planning | Example
-
5/28/2018 IPv6 Fundamentals
136/137
An ISP has operations in 10 provinces. The largest
province has 50 POPs, the largest of which has
about 2700 clients. Estimate the IPv6addressing needs of this ISP
www.afrinic.net | slide 136
IPv6A
ddressPlann
We know! Number of regions: #regions = 10 [round to 16]
b f [ d ]ing
Address planning example analysis andsolution
-
5/28/2018 IPv6 Fundamentals
137/137
! Number of sites: #SITEs = 50 [round up to 256]! maxSITEsize = 2700 [round up to 4096] We calculate! Total number of end-network prefixes required is N! N=16 x 256x 4096= 16,777,216! Number of subnet bits required: s=log16,777,216/log2 = 24.
" Allocation size:! 48 24 = 24 [Assuming /48s to end-sites]! 52 24 = 28 [Assuming /52s to end-sites]
" Thus the ISP needs to request a /24 or /28 from AfriNIC.www.afrinic.net | slide 137
IPv6A
ddressPlann