ipv6
DESCRIPTION
IPv6. Chapter 13. Objectives. Discuss the fundamental concepts of IPv6 Describe IPv6 practices Implement IPv6 in a TCP/IP network. Overview. Introduction to IPv6. Internet Protocol version 4 (IPv4) Created around 1979 32-bit IP address space – ~4 billion addresses - PowerPoint PPT PresentationTRANSCRIPT
IPv6IPv6
Chapter 13
ObjectivesObjectives• Discuss the fundamental concepts of
IPv6• Describe IPv6 practices• Implement IPv6 in a TCP/IP network
OverviewOverview
Introduction to IPv6Introduction to IPv6
• Internet Protocol version 4 (IPv4)– Created around 1979– 32-bit IP address space – ~4 billion addresses– Allocation methods wasted addresses
• Internet Protocol version 6 (IPv6)– 128-bit addresses– Improved security, routing, other features
Three Parts to Chapter 13Three Parts to Chapter 13
• IPv6 Basics• Using IPv6• Moving to IPv6
IPv6 BasicsIPv6 Basics
• IPv6 Address Notation– 128-bits written in hexadecimal– 2001:0000:0000:3210:0800:200C:00CF:1234– Pair of colons represent string of consecutive
groups of zeroes– 2001::3210:0800:200C:00CF:1234– Only one set of colon pairs per address– FEDC:0000:0000:0000:00CF:0000:BA98:1234– FEDC::CF:0:BA98:1234
• IPv6 Address Notation– IPv6 loopback address– ::1– 0000:0000:0000:0000:0000:0000:0000:0001
• Link-Local Address– Self-generated (in manner of IPv4 APIPA)– First 64-bits always FE80::/64– Second 64-bits EUI-64
• Generated with calculation using MAC address• Most operating systems use EUI-64• Extra steps in Windows Vista and Windows 7• Guaranteed unique• Link-local address works on private networks
Figure 13.1 Link-local address
• IPv6 Subnet Masks– Function like IPv4 subnet masks– Represented with /x CIDR naming– FEDC::CF:0:BA98:1234/64– No subnet is ever longer than /64– IANA gives out /32 subnets to big ISPs– ISPs pass out /48 and /64 subnets– Most IPv6 subnets are between /48 & /64
Figure 13.2 Link-local address in Windows Vista
• The End of Broadcast– Each link-local is a unicast address– Multicast addresses replace broadcast
• FF02::2 only read by routers• FF02::1 all nodes address• FF02::1:FFxx:xxxx solicited-node address
– Anycast• Used in DNS• Looks like a unicast to sending computer
Figure 13.3 Multicast to routers
IPv6 Multicast Addresses
Address Function
FF02::1 All Nodes Address
FF02::2 All Routers Address
FF02::FFXX:XXXX Solicited-Node Address
Table 13.1
• Global Addresses– Global unicast address– Required for Internet access– IPv6-capable gateway router gives to hosts– Router configured to do this– 2001:470:B8F9:1/64
• Router provides prefix• NIC generates the rest (using EUI-64)
– 2001:470:B8F9:1:20C:29FF:FE53:45CA
Figure 13.4 Getting a global address
Figure 13.5 IPv6 configuration on Macintosh OS X
• Aggregation– Current problem with tier-one routers
• No default routes• Huge routing table (30,000-50,000 routes)
Figure 13.6 No-default routers
• Aggregation– Every router uses a subnet of the next higher
router’s routes– Reduces size and complexity of tables– Gives detailed geographic picture– IP address shows location– Part of IPv6
• How aggregation works– Gateway gives first 64 bits of IP address to
computers– Gateway gets its 48-bit prefix from upstream– 2001:d0be:7922:1:fc2d:aeb2:99d2:e2b4– Network prefix is 2001:dObe:7922:1 /64– ISP’s network prefix 2001:D0BE /32– ISP adds 16-bit subnet: 2001:d0be:7922/48– At your gateway, tech adds 160bit subnet– Result: 2001:d0be:7922:1 /64
Figure 13.7 Aggregation
Figure 13.8 An IPv6 group of routers
Figure 13.9 Adding the first prefix
Figure 13.10 Adding the second prefix
• Aggregation and router changes– From ISP1 to ISP2– New 32-bit prefix: 2ab0:3c05/32– Downstream routers make an “all nodes”
multicast– All clients get new IP addresses– IPv6 address changes rare but normal
Figure 13.11 New IP address updated downstream
Using IPv6Using IPv6
• Enabling IPv6– Table 13.2 lists IPv6 status of operating systems– Check to see if IPv6 is running
• IPCONFIG in Windows• IFCONFIG in Linux or Mac OS X
IPv6 Adoption by IS
Operating System IPv6 StatusWindows 2000 Windows 2000 came with “developmental” IPv6 support.
Microsoft does not recommend using Windows 2000 for IPv6.Windows XP Original Windows XP came with a rudimentary but fully fun-
ctional IPv6 stack that had to be installed from the command prompt. SP1 added the ability to add the same IPv6 stack under the Install | Protocols menu.
Windows Vista/Windows 7 Complete IPv6 support. IPv6 is active on default installs.Windows Server 2003 Complete IPv6 support. IPv6 is not installed by default but is
easily installed via the Install | Protocols menu.
Windows Server 2008 Complete IPv6 support. IPv6 is active on default installs.Linux Complete IPv6 support from kernel 2.6. IPv6 is active on default
installs.Macintosh OS X Complete IPv6 support on all versions. IPv6 is active on default
installs.
Table 13.2
• NAT in IPv6– NAT not used in IPv6– All IP addresses exposed to the Internet– Huge address space makes IP scanning nearly
impossible– IPSec important for security– Security options beyond IPv6
• Encryption• Firewall
Figure 13.12 IPv6 enabled in Windows Vista
Figure 13.13 IPv6 enabled in Ubuntu 8.10
Figure 13.14 Angry IP scanner at work
• DHCP in IPv6– DHCPv6– Works differently than in IPv4– IP address and subnet received from gateway router– Need DCHPv6 for other IP information– Two modes of DHCPv6
• Stateful – works like DHCP in IPv4• Stateless – only passes out optional information• Stateless is the norm
Figure 13.15 DHCPv6 server in action
• DNS in IPv6– Trivial– Most DNS servers now support IPv6 addresses– DNS servers supporting IPv6 use AAAA records– DNSv6 details not finalized– For now manually add DNS server information to
IPv6 clients
Figure 13.16 IPv6 addresses on DNS server
Figure 13.17 Manually adding an IPv6 DNS server in Vista
Moving to IPv6Moving to IPv6
• IPv4 and IPv6– What is not ready for IPv6?
• Most home routers• Some Internet routers
– What is ready for IPv6?• Most recent operating systems• All root DNS servers• All tier-one ISP routers
Figure 13.18 IPv4 and IPv6 on one computer
Figure 13.19 The IPv6 gap
• Tunnels– IPv4-to-IPv6 tunnels bridge the gap
• Encapsulate IPv6 traffic into an IPv4 tunnel• Endpoints at IPv6 client and IPv6 router
Figure 13.20 The IPv4-to-IPv6 tunnel
• 6to4 Tunnels– 6to4 dominant tunneling protocol
• Does not require a tunnel broker• Usually connects two routers• Normally requires public IPv4 address• Uses public relay routers• 192.88.9.1 is 6to4 anycast address• Challenging to set up
• 6in4 Tunnels– 6in4
• Most popular tunneling protocol• One of only two that is NAT traversal
• Teredo Tunnels– Teredo
• NAT-traversal IPv6 tunneling protocol• Built into Microsoft Windows• Addresses start with 2001:0000 /32• Many people use third-party tool
• ISATAP– Intra-Site Automatic Tunnel Addressing
Protocol (ISATAP)– Works within an IPv4 network– Adds IPv4 address to an IPv6 prefix for
endpoints– 2001:db8::98ca:200:131.107.28.9.
• Tunnel Brokers– Someone must act as far endpoint– Must know tunneling standard and how
to connect to endpoint– Create tunnel– Usually offers custom-made endpoint client– May use automatic configuration protocols
• Tunnel Setup Protocol (TSP)• Tunnel Information and Control protocol (TIC)
URL
Hexago/Freenet/Go6 www.go6.net
SixXs www.sixxs.net
Hurricane Electric www.tunnelbroker.net (no TSP/TIC)
AARNet broker.aarnet.net.au
Tunnel Broker
• Setting Up a Tunnel– Each tunnel broker has its own setup– Read instructions carefully– Figure 13.21 uses Hexago client
• Join and download at www.go6.net• Install client• Enter Gateway 6 address, user name, password• You are now on the IPv6 Internet
Figure 13.21 Gateway6 Client Utility
Figure 13.22 Gateway6 Client Utility Status tab
• IPv6 is here, really!– IPv6 will happen very soon– IPv4 addresses are running out– “The Big Switchover” coming soon– Knowing IPv6 important to your future