IPv6 Networking training

Shane Duffy

Director, Network Infrastructure

B&B Electronics

Agenda

• IPv4 Addressing & Subnets refresher• IPv6 Addressing• IPv6 Neighbor Discovery• IPv6 Tools & Resources• Network layers / DNS & other services• Hands on labs

Prerequisites

• Willingness to learn new things

• An understanding of networks• Not customer service , Sales , etc

• Laptop / Computer for hands on– We will use CORE to setup a lab environment– http://bit.ly/TI5osL <- Lab files

IPv4 Addressing

IPv4 Addressing (32 bit)

• IPv4 - 32bits , 4 x decimal Octets– Subnet mask similar , bit masks network / host id

• 137.12.32.13 255.255.255.0

• Network ID 137.12.32.0• Broadcast 137.12.32.255

Subnet bit masking

IP Address: 209.85.128.5 “Mask”: 255.255.128.0

11010001 01010101 10000000 00000101

11111111 11111111 10000000 00000000

Use two 32-bit numbers to represent a network. Network number = IP address + Mask

Example: Google Prefix: 209.85.128.0/17

Address no longer specif ies network ID range.New forwarding tr ick: Longest Prefix Match

IPv4 RFC1918 / Loopbacks

• Private addressing– 192.168.x.x– 172.16-32.x.x– 10.x.x.x

Types of IPv4 Addresses

• Unicast• Broadcast– Last address in subnet range

• Loopback addressing– 127.0.0.1

• Multicast addressing– 224.0.0.0 - 239.255.255.255

ARP Refresher

• ARP Request• ARP Reply

• Broadcast ARP– To all machines on LAN FF:FF:FF:FF:FF:FF• Who has 192.168.0.12?

– Device with 192.168.0.12 will reply• Its me, 00:0E:BE:12:D4:0E

• ARP Cache stores list of mappings

IPv6 Addressing

Version IHL Type of Service Total Length

Identification Flags Fragment Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Options Padding

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

IPv4 HeaderIPv4 Header IPv6 HeaderHeader

- field’s name kept from IPv4 to IPv6

- fields not kept in IPv6

- Name & position changed in IPv6

- New field in IPv6Lege

nd

IPv4 & IPv6 Header Comparison

MTU > 68 bytes

MTU > 1280 bytes

IPv6 Addressing Format

• 8 x 16-bit hexadecimal nibbles (128 bits)• Numbers separated by “:”• Hex numbers are not case sensitive• Abbreviations are possible– Leading zeros in contiguous block could be

represented by “::”• 2000:ADAB:AAAA:0001:0000:0000:0000:0001• 2000:ADAB:AAAA:1::1

– Double colon only appears once in address

IPv6 Addressing (128 bit)

• IPv6 128 bits , 8 x hexadecimal • 2000:ADAB:AAAA:1::1/64

• 2000:ADAB:AAAA:0001:0000:0000:0000:0001/64

• Prefix just like CIDR – V4 192.168.0.0/16– V6 2000:ADAB:AAAA::/48

• Collapse leading zeros

IPv6 Link Local / Loopback

•Loopback address– ::1 (remember double colon notation)– 0000:0000:0000:0000:0000:0000:0000:0001

•Default Gateway route– ::/0

IPv6 Addressing Model

• Addresses are assigned to interfaces– Change from IPv4 (Host)

• Interface “expected” to have multiple addresses• Addresses have scope– Link Local– Unique Local– Global

• Addresses have lifetime– Valid and preferred lifetime

Global Unique Local Link Local

Special Addressing

Hex Binary Type

2 or 3 001 Aggregatable Global Unicast Address

FE80::/10 1111 1110 10 Link-Local Unicast Address

FC00::/7FC00::/8 (Registry)

FD00::/8 (No Registry)

1111 11001111 1101

Unique LocalUnicast Address

FF00::/8 1111 1111 Multicast Address

::1 Loopback Address

::/0 Default Gateway Route

Types of IPv6 Addresses

• Unicast– Address of a single interface. One-to-one delivery

to single interface

• Multicast– Address of a set of interfaces. One-to-many

delivery to all interfaces in the set

• Anycast– Address of a set of interfaces. One-to-one-of-

many delivery to a single interface in the set that is closest

• No broadcast addresses

Aggregatable Global Unicast

Interface IDSLAGlobal Routing Prefix

001

3 45 Bits 16 Bits 64 Bits

Provider Site Host

Aggregatable Global Unicast Addresses:

•Addresses for generic use of IPv6•Structure as a hierarchy to keep aggregation

2000:ABCD:AAAA:1234::1

IPv6 Address Allocation

Partitioning of IPv6 Allocated space•Lowest-order 64-bit field of unicast address may be assigned in multiple ways (See neighbor discovery)

– Auto-configured EUI-64 , Expanded 48-bit MAC– Auto generated pseudo-random number (privacy)– Assigned via DHCP– Manually configured

2001:ABCD:AAAA::/48 <- Customer

2001:ABCD:AAAA:0001::/64 <- LAN

2001:ABCD:AAAA:0001:0200:29FF:FE00:0001<- Interface

Unique-Local

Interface IDGlobal 40 Bits

1111 110

128 Bits

FC00::/7

7 Bits

Unique-local Addresses:•Local communications•Inter-site VPNs•Not routable on the internet ( Remember like RFC1918 )

Subnet ID

16 Bits

Link-Local

Interface IDRemaining 54 Bits

1111 1110 10

128 Bits

FE80::/10

10 Bits

Link-local Addresses:•Mandatory address for communication between two IPv6 devices (Like ARP but at layer 3)•Automatically assigned by router once IPv6 enabled•Used for next hop calculation in routing protocols•Only link specific scope•Remaining 54 Bits could be zero or any manually configured value

ICMPv6

• Internet Control Message Protocol v6• RFC 2463• Modification of ICMP from IPv4

• Message types are similar (but different types/codes)

– Destination unreachable (type 1)– Packet too big (type 2)– Time exceeded (type 3)– Parameter problem (type 4)– Echo request/reply (type 128 and 129)

IPv6 Neighbor Discovery

Neighbor Discovery

• Replaces ARP, ICMP (redirects, router discovery)

• Reachability of neighbors• Hosts use it to discover routers , auto

configuration of addresses• Duplicate Address Detection (DAD)

IPv6 – Replacing ARP

• ICMPv6– Neighbor Solicitation (type 135)

– Neighbor Advertisement (type 136)

• A host seeking the link layer address of a neighbor multicasts a neighbor solicitation and the neighbor (if online) responds with its link layer address in a neighbor advertisement.

Source: http://packetlife.net/blog/2008/aug/28/ipv6-neighbor-discovery/

Solicited-node multicast address

• Prefix ff02:0:0:0:0:1:ff00::/104

• Last 24 bits of Unicast / Anycast address– fe80::2aa:ff:fe28:9c5a <- IPv6 Address– ff02:0:0:0:0:1:ff28:9c5a <- Multicast address

• This becomes very powerful when the network is using MLD / IGMPv3 capable switches with multicast pruning– Failback looks like broadcasting

IPv6 – Router Discovery

Source: http://packetlife.net/blog/2008/aug/28/ipv6-neighbor-discovery/

• ICMPv6– Router Solicitation (type 133)

– Router Advertisement (type 134)

• When first joining a link, an IPv6 host multicasts a router solicitation to the all routers multicast group, and each router active on the link responds by sending a router advertisement with its address to the all nodes group.

IPv6 – Prefix Discovery

• Router Advertisement– Prefix information option (type 3)

• Each prefix information option lists an IPv6 prefix (subnet) reachable on the local link.

• Its not uncommon in IPv6 to have multiple IPv6 prefixes on the same link.

Address Autoconfiguration (SLAAC)

• Uses Prefix discovery• Prefix concatenated with EUI-64 style MAC

– Windows uses RFC4941 (Privacy pseudo random generated 64 bits)

• FFFE allows us to recognize the address is generated from a MAC address• Invert the universal/local (U/L) flag (bit 7) in the OUI portion of the

address– Globally unique addresses assigned by the IEEE originally have this bit set to

zero, indicating global uniqueness. Source: http://packetlife.net/blog/2008/aug/04/eui-64-ipv6/

IPv6 Tools

IPv6 Tools

• Similar to all the familiar IPv4 tools*nix Windows IPv4 Description

ping6 ping6 ping Ping a host to request a reply

traceroute6 tracert6 traceroute Ask each hop on route to reply

netstat –f inet -rn

ndp -an arp -an Neighbor discovery table IPv6 equivalent to IPv4 arp table

dig nslookup same DNS lookup. IPv6 records are AAAA

DNS and other services

DHCPv6 - FF02::1:2

• New UDP ports– 546 Client (IPv4 UDP 67)

– 547 Server (IPv4 UDP 68)

• Message – Solicit– Advertise– Request– Reply

IPv6 & DNS

• DNS adds AAAA record type (Quad A)

SDUFFY-L3:~ sduffy$ dig AAAA google.com

; <<>> DiG 9.8.3-P1 <<>> AAAA google.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25326

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;google.com. IN AAAA

;; ANSWER SECTION:

google.com. 192 IN AAAA 2001:4860:4007:801::100e

Hands on excercises

Hands on using CORE

• Laptop / Computer for hands on– We will use CORE to setup a lab environment– http://bit.ly/TI5osL <- Lab files & Documents

• CORE– http://www.nrl.navy.mil/itd/ncs/products/core

• Virtual Box– https://www.virtualbox.org/wiki/Download_Old_Builds_4_2

Hands on using CORE

• VM Running and internet connection ok– Download the template files for use later.

• sudo apt-get install wireshark– sudo setcap ‘CAP_NET_RAW+eip CAP_NET_ADMIN+eip’ /usr/bin/dumpcap

• sudo apt-get install radvd

Questions?

IPv6 Security

IPv6 restores end-to-end multimedia collaborationIPv6 restores end-to-end multimedia collaboration

The false automatic security from IPv6 NAT

Multicast Groups

• Group Concept– Multicast is based on the concept of a group. – A multicast group is an arbitrary group of receivers that expresses

an interest in receiving a particular data stream. – This group has no physical or geographical boundaries—the

receivers can be located anywhere on the Internet or in a private network.

– Receivers that are interested in receiving data flowing to a particular group must join the group by signalling their local router.

– This signalling is achieved with MLD protocol, which is the IPv6 equivalent of the IGMP protocol on IPv4.

– The network then delivers data to potentially unlimited receivers, using only one copy of the multicast data per subnet.

Multicast Refresher – IPv6

Multicast Refresher - Addresses

• RFC 3306 Unicast-Prefix-based IPv6 Multicast– The P flag indicates a prefix. Within IPv6 multicast, this flag allows part of

the group address to include the source network’s Unicast prefix, which creates a globally unique Group Address.

• Solves the old IPv4 address assignment problem:– How can I get global IPv4 multicast addresses (GLOB, ..)

In IPv6, if you own an IPv6 unicast address prefix you implicitly own an RFC3306 IPv6 multicast address prefix:

Multicast - Host to Router• MLD is equivalent to IGMP in IPv4• Sub protocol of ICMP: MLD messages are transported

over ICMPv6• MLD uses link local source addresses (hop limit 1, router

alert option)• Version number confusion:

– MLDv1 (RFC2710) like IGMPv2 (RFC2236)– MLDv2 (draft) like IGMPv3 (RFC3376)– MLDv2 enables IPv6 to use SSM operation

• Service Model requirements:– ASM – MLDv1 sufficient– SSM – Requires MLDv2 (Fully backward compatible with

MLDv1 on hosts)

Thank you!

Corporate Headquarters

707 Dayton Road, PO Box 1040Ottawa, IL 61350

Phone: 1-800-346-3119 Fax: 815-433-5109

Customer Service: orders@bb-elec.comTech Support: support@bb-elec.comGeneral Inquiries: info@bb-elec.com

European Headquarters

Westlink Commerical Park,Oranmore, Co. Galway, Ireland

Phone: +353 91 792444Fax: +353 91 792445

Customer Service: eSales@bb-elec.comTech Support: techSupport@bb-elec.comGeneral Inquiries: info@bb-elec.com

B&B Academy-your partner on the path to knowledge

Contact Information

Additional Slides

Network Layers

Network Layers

• File transfer, Email, Remote login7 Application

6 Presentation

• Establish/manage connection5 Session

• End-to-end control & error checking TCP4 Transport

• Routing and Forwarding IP3 Network

• Ethernet2 Data Link

• Transmission signalling1 Physical

OSI Model

ApplicationApplication

TransportTransport

NetworkNetwork

LinkLink

OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols

HTTPHTTP SMTPSMTP POP3POP3 FTPFTP ……

TCPTCP UDPUDP

IPIP

ETHERNETETHERNET PPP PPP ……

Link Layer : includes device driver and network interface cardNetwork Layer : handles the movement of packets, i.e. RoutingTransport Layer : provides a reliable flow of data between two hostsApplication Layer : handles the details of the particular application

EtherNet/IP

ApplicationApplication

TransportTransport

NetworkNetwork

LinkLink

OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols

HTTPHTTP CIPCIP ……

TCPTCP UDPUDP

IPIP

ETHERNETETHERNET ……

Modbus/TCP

ApplicationApplication

TransportTransport

NetworkNetwork

LinkLink

OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols

HTTPHTTP Modbus/TCPModbus/TCP FTPFTP ……

TCPTCP UDPUDP

IPIP

ETHERNETETHERNET PPP PPP ……

EtherCAT

ApplicationApplication

TransportTransport

NetworkNetwork

LinkLink

OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols

HTTPHTTP SMTPSMTP POP3POP3 FTPFTP ……

TCPTCP UDPUDP

IPIP

EtherCAT MACEtherCAT MAC PPP PPP ……

UDP

IP

PROFINET

ApplicationApplication

TransportTransport

NetworkNetwork

LinkLink

OSI ModelOSI Model TCP/IP TCP/IP ProtocolsProtocols

HTTPHTTP RT DataRT Data DataData

TCPTCP UDPUDP

IPIP

ETHERNETETHERNET PPP PPP ……

RT DataRT Data DataData

TCPTCP UDPUDP

IPIP

ETHERNETETHERNET

SRTSRT

RTRT

Protocol Stack

• Data is sent down the protocol stack• Each layer will at to the packet by prepending headers

ApplicationApplication

TransportTransport

NetworkNetwork

LinkLink

DataData

DataDataTCP/UDPheader

TCP/UDPheader

DataDataTCP/UDPheader

TCP/UDPheader

IPheader

IPheader

DataDataTCP/UDPheader

TCP/UDPheader

IPheader

IPheader

Frameheader

Frameheader

Frametrailer

Frametrailer

Application Data

TCP segment / UDP packet

IP Datagram

22Bytes 20Bytes 20Bytes 4Bytes

64 to 1500 BytesPhysicalPhysical

Network Frame