ipv6 networking training sduffy v3
TRANSCRIPT
IPv6 Networking training
Shane Duffy
Director, Network Infrastructure
B&B Electronics
Agenda
• IPv4 Addressing & Subnets refresher• IPv6 Addressing• IPv6 Neighbor Discovery• IPv6 Tools & Resources• Network layers / DNS & other services• Hands on labs
Prerequisites
• Willingness to learn new things
• An understanding of networks• Not customer service , Sales , etc
• Laptop / Computer for hands on– We will use CORE to setup a lab environment– http://bit.ly/TI5osL <- Lab files
IPv4 Addressing
IPv4 Addressing (32 bit)
• IPv4 - 32bits , 4 x decimal Octets– Subnet mask similar , bit masks network / host id
• 137.12.32.13 255.255.255.0
• Network ID 137.12.32.0• Broadcast 137.12.32.255
Subnet bit masking
IP Address: 209.85.128.5 “Mask”: 255.255.128.0
11010001 01010101 10000000 00000101
11111111 11111111 10000000 00000000
Use two 32-bit numbers to represent a network. Network number = IP address + Mask
Example: Google Prefix: 209.85.128.0/17
Address no longer specif ies network ID range.New forwarding tr ick: Longest Prefix Match
IPv4 RFC1918 / Loopbacks
• Private addressing– 192.168.x.x– 172.16-32.x.x– 10.x.x.x
Types of IPv4 Addresses
• Unicast• Broadcast– Last address in subnet range
• Loopback addressing– 127.0.0.1
• Multicast addressing– 224.0.0.0 - 239.255.255.255
ARP Refresher
• ARP Request• ARP Reply
• Broadcast ARP– To all machines on LAN FF:FF:FF:FF:FF:FF• Who has 192.168.0.12?
– Device with 192.168.0.12 will reply• Its me, 00:0E:BE:12:D4:0E
• ARP Cache stores list of mappings
IPv6 Addressing
Version IHL Type of Service Total Length
Identification Flags Fragment Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
Version Traffic Class Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
IPv4 HeaderIPv4 Header IPv6 HeaderHeader
- field’s name kept from IPv4 to IPv6
- fields not kept in IPv6
- Name & position changed in IPv6
- New field in IPv6Lege
nd
IPv4 & IPv6 Header Comparison
MTU > 68 bytes
MTU > 1280 bytes
IPv6 Addressing Format
• 8 x 16-bit hexadecimal nibbles (128 bits)• Numbers separated by “:”• Hex numbers are not case sensitive• Abbreviations are possible– Leading zeros in contiguous block could be
represented by “::”• 2000:ADAB:AAAA:0001:0000:0000:0000:0001• 2000:ADAB:AAAA:1::1
– Double colon only appears once in address
IPv6 Addressing (128 bit)
• IPv6 128 bits , 8 x hexadecimal • 2000:ADAB:AAAA:1::1/64
• 2000:ADAB:AAAA:0001:0000:0000:0000:0001/64
• Prefix just like CIDR – V4 192.168.0.0/16– V6 2000:ADAB:AAAA::/48
• Collapse leading zeros
IPv6 Link Local / Loopback
•Loopback address– ::1 (remember double colon notation)– 0000:0000:0000:0000:0000:0000:0000:0001
•Default Gateway route– ::/0
IPv6 Addressing Model
• Addresses are assigned to interfaces– Change from IPv4 (Host)
• Interface “expected” to have multiple addresses• Addresses have scope– Link Local– Unique Local– Global
• Addresses have lifetime– Valid and preferred lifetime
Global Unique Local Link Local
Special Addressing
Hex Binary Type
2 or 3 001 Aggregatable Global Unicast Address
FE80::/10 1111 1110 10 Link-Local Unicast Address
FC00::/7FC00::/8 (Registry)
FD00::/8 (No Registry)
1111 11001111 1101
Unique LocalUnicast Address
FF00::/8 1111 1111 Multicast Address
::1 Loopback Address
::/0 Default Gateway Route
Types of IPv6 Addresses
• Unicast– Address of a single interface. One-to-one delivery
to single interface
• Multicast– Address of a set of interfaces. One-to-many
delivery to all interfaces in the set
• Anycast– Address of a set of interfaces. One-to-one-of-
many delivery to a single interface in the set that is closest
• No broadcast addresses
Aggregatable Global Unicast
Interface IDSLAGlobal Routing Prefix
001
3 45 Bits 16 Bits 64 Bits
Provider Site Host
Aggregatable Global Unicast Addresses:
•Addresses for generic use of IPv6•Structure as a hierarchy to keep aggregation
2000:ABCD:AAAA:1234::1
IPv6 Address Allocation
Partitioning of IPv6 Allocated space•Lowest-order 64-bit field of unicast address may be assigned in multiple ways (See neighbor discovery)
– Auto-configured EUI-64 , Expanded 48-bit MAC– Auto generated pseudo-random number (privacy)– Assigned via DHCP– Manually configured
2001:ABCD:AAAA::/48 <- Customer
2001:ABCD:AAAA:0001::/64 <- LAN
2001:ABCD:AAAA:0001:0200:29FF:FE00:0001<- Interface
Unique-Local
Interface IDGlobal 40 Bits
1111 110
128 Bits
FC00::/7
7 Bits
Unique-local Addresses:•Local communications•Inter-site VPNs•Not routable on the internet ( Remember like RFC1918 )
Subnet ID
16 Bits
Link-Local
Interface IDRemaining 54 Bits
1111 1110 10
128 Bits
FE80::/10
10 Bits
Link-local Addresses:•Mandatory address for communication between two IPv6 devices (Like ARP but at layer 3)•Automatically assigned by router once IPv6 enabled•Used for next hop calculation in routing protocols•Only link specific scope•Remaining 54 Bits could be zero or any manually configured value
ICMPv6
• Internet Control Message Protocol v6• RFC 2463• Modification of ICMP from IPv4
• Message types are similar (but different types/codes)
– Destination unreachable (type 1)– Packet too big (type 2)– Time exceeded (type 3)– Parameter problem (type 4)– Echo request/reply (type 128 and 129)
IPv6 Neighbor Discovery
Neighbor Discovery
• Replaces ARP, ICMP (redirects, router discovery)
• Reachability of neighbors• Hosts use it to discover routers , auto
configuration of addresses• Duplicate Address Detection (DAD)
IPv6 – Replacing ARP
• ICMPv6– Neighbor Solicitation (type 135)
– Neighbor Advertisement (type 136)
• A host seeking the link layer address of a neighbor multicasts a neighbor solicitation and the neighbor (if online) responds with its link layer address in a neighbor advertisement.
Source: http://packetlife.net/blog/2008/aug/28/ipv6-neighbor-discovery/
Solicited-node multicast address
• Prefix ff02:0:0:0:0:1:ff00::/104
• Last 24 bits of Unicast / Anycast address– fe80::2aa:ff:fe28:9c5a <- IPv6 Address– ff02:0:0:0:0:1:ff28:9c5a <- Multicast address
• This becomes very powerful when the network is using MLD / IGMPv3 capable switches with multicast pruning– Failback looks like broadcasting
IPv6 – Router Discovery
Source: http://packetlife.net/blog/2008/aug/28/ipv6-neighbor-discovery/
• ICMPv6– Router Solicitation (type 133)
– Router Advertisement (type 134)
• When first joining a link, an IPv6 host multicasts a router solicitation to the all routers multicast group, and each router active on the link responds by sending a router advertisement with its address to the all nodes group.
IPv6 – Prefix Discovery
• Router Advertisement– Prefix information option (type 3)
• Each prefix information option lists an IPv6 prefix (subnet) reachable on the local link.
• Its not uncommon in IPv6 to have multiple IPv6 prefixes on the same link.
Address Autoconfiguration (SLAAC)
• Uses Prefix discovery• Prefix concatenated with EUI-64 style MAC
– Windows uses RFC4941 (Privacy pseudo random generated 64 bits)
• FFFE allows us to recognize the address is generated from a MAC address• Invert the universal/local (U/L) flag (bit 7) in the OUI portion of the
address– Globally unique addresses assigned by the IEEE originally have this bit set to
zero, indicating global uniqueness. Source: http://packetlife.net/blog/2008/aug/04/eui-64-ipv6/
IPv6 Tools
IPv6 Tools
• Similar to all the familiar IPv4 tools*nix Windows IPv4 Description
ping6 ping6 ping Ping a host to request a reply
traceroute6 tracert6 traceroute Ask each hop on route to reply
netstat –f inet -rn
ndp -an arp -an Neighbor discovery table IPv6 equivalent to IPv4 arp table
dig nslookup same DNS lookup. IPv6 records are AAAA
DNS and other services
DHCPv6 - FF02::1:2
• New UDP ports– 546 Client (IPv4 UDP 67)
– 547 Server (IPv4 UDP 68)
• Message – Solicit– Advertise– Request– Reply
IPv6 & DNS
• DNS adds AAAA record type (Quad A)
SDUFFY-L3:~ sduffy$ dig AAAA google.com
; <<>> DiG 9.8.3-P1 <<>> AAAA google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25326
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 192 IN AAAA 2001:4860:4007:801::100e
Hands on excercises
Hands on using CORE
• Laptop / Computer for hands on– We will use CORE to setup a lab environment– http://bit.ly/TI5osL <- Lab files & Documents
• CORE– http://www.nrl.navy.mil/itd/ncs/products/core
• Virtual Box– https://www.virtualbox.org/wiki/Download_Old_Builds_4_2
Hands on using CORE
• VM Running and internet connection ok– Download the template files for use later.
• sudo apt-get install wireshark– sudo setcap ‘CAP_NET_RAW+eip CAP_NET_ADMIN+eip’ /usr/bin/dumpcap
• sudo apt-get install radvd
Questions?
IPv6 Security
IPv6 restores end-to-end multimedia collaborationIPv6 restores end-to-end multimedia collaboration
The false automatic security from IPv6 NAT
Multicast Groups
• Group Concept– Multicast is based on the concept of a group. – A multicast group is an arbitrary group of receivers that expresses
an interest in receiving a particular data stream. – This group has no physical or geographical boundaries—the
receivers can be located anywhere on the Internet or in a private network.
– Receivers that are interested in receiving data flowing to a particular group must join the group by signalling their local router.
– This signalling is achieved with MLD protocol, which is the IPv6 equivalent of the IGMP protocol on IPv4.
– The network then delivers data to potentially unlimited receivers, using only one copy of the multicast data per subnet.
Multicast Refresher – IPv6
Multicast Refresher - Addresses
• RFC 3306 Unicast-Prefix-based IPv6 Multicast– The P flag indicates a prefix. Within IPv6 multicast, this flag allows part of
the group address to include the source network’s Unicast prefix, which creates a globally unique Group Address.
• Solves the old IPv4 address assignment problem:– How can I get global IPv4 multicast addresses (GLOB, ..)
In IPv6, if you own an IPv6 unicast address prefix you implicitly own an RFC3306 IPv6 multicast address prefix:
Multicast - Host to Router• MLD is equivalent to IGMP in IPv4• Sub protocol of ICMP: MLD messages are transported
over ICMPv6• MLD uses link local source addresses (hop limit 1, router
alert option)• Version number confusion:
– MLDv1 (RFC2710) like IGMPv2 (RFC2236)– MLDv2 (draft) like IGMPv3 (RFC3376)– MLDv2 enables IPv6 to use SSM operation
• Service Model requirements:– ASM – MLDv1 sufficient– SSM – Requires MLDv2 (Fully backward compatible with
MLDv1 on hosts)
Thank you!
Corporate Headquarters
707 Dayton Road, PO Box 1040Ottawa, IL 61350
Phone: 1-800-346-3119 Fax: 815-433-5109
Customer Service: [email protected] Support: [email protected] Inquiries: [email protected]
European Headquarters
Westlink Commerical Park,Oranmore, Co. Galway, Ireland
Phone: +353 91 792444Fax: +353 91 792445
Customer Service: [email protected] Support: [email protected] Inquiries: [email protected]
B&B Academy-your partner on the path to knowledge
Contact Information
Additional Slides
Network Layers
Network Layers
• File transfer, Email, Remote login7 Application
6 Presentation
• Establish/manage connection5 Session
• End-to-end control & error checking TCP4 Transport
• Routing and Forwarding IP3 Network
• Ethernet2 Data Link
• Transmission signalling1 Physical
OSI Model
ApplicationApplication
TransportTransport
NetworkNetwork
LinkLink
OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols
HTTPHTTP SMTPSMTP POP3POP3 FTPFTP ……
TCPTCP UDPUDP
IPIP
ETHERNETETHERNET PPP PPP ……
Link Layer : includes device driver and network interface cardNetwork Layer : handles the movement of packets, i.e. RoutingTransport Layer : provides a reliable flow of data between two hostsApplication Layer : handles the details of the particular application
EtherNet/IP
ApplicationApplication
TransportTransport
NetworkNetwork
LinkLink
OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols
HTTPHTTP CIPCIP ……
TCPTCP UDPUDP
IPIP
ETHERNETETHERNET ……
Modbus/TCP
ApplicationApplication
TransportTransport
NetworkNetwork
LinkLink
OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols
HTTPHTTP Modbus/TCPModbus/TCP FTPFTP ……
TCPTCP UDPUDP
IPIP
ETHERNETETHERNET PPP PPP ……
EtherCAT
ApplicationApplication
TransportTransport
NetworkNetwork
LinkLink
OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols
HTTPHTTP SMTPSMTP POP3POP3 FTPFTP ……
TCPTCP UDPUDP
IPIP
EtherCAT MACEtherCAT MAC PPP PPP ……
UDP
IP
PROFINET
ApplicationApplication
TransportTransport
NetworkNetwork
LinkLink
OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols
HTTPHTTP RT DataRT Data DataData
TCPTCP UDPUDP
IPIP
ETHERNETETHERNET PPP PPP ……
RT DataRT Data DataData
TCPTCP UDPUDP
IPIP
ETHERNETETHERNET
SRTSRT
RTRT
Protocol Stack
• Data is sent down the protocol stack• Each layer will at to the packet by prepending headers
ApplicationApplication
TransportTransport
NetworkNetwork
LinkLink
DataData
DataDataTCP/UDPheader
TCP/UDPheader
DataDataTCP/UDPheader
TCP/UDPheader
IPheader
IPheader
DataDataTCP/UDPheader
TCP/UDPheader
IPheader
IPheader
Frameheader
Frameheader
Frametrailer
Frametrailer
Application Data
TCP segment / UDP packet
IP Datagram
22Bytes 20Bytes 20Bytes 4Bytes
64 to 1500 BytesPhysicalPhysical
Network Frame