IPv6 Next Generation Internet Protocol BAK2

8/2/2019 IPv6 Next Generation Internet Protocol BAK2

1/36

IPv6 Next Generation Internet

ProtocolHow do you get ready?

Dont get left out!

Presented by Pete Morasca, ThomasJefferson High School Science Technology


2/36

Is this for real?

IRS, DOE, other Federal departments aremandated to implement by 2008

Microsofts next generation OS and Server OS(VISTA, LONGHORN) have IPv6 automaticallybuilt-in

Router manufacturers already have their OSrouting the new protocol and transitionmechanisms


3/36

OUTLINE

MAJOR FACTORS DRIVING THE NEED

MAJOR CONCERNS IT-TEAM/ISP/APPS

ADDRESSING/SUBNETTING COEXISTENCE AND MIGRATION

ROUTING

NAME RESOLUTION / DNS SERVERS SETTING UP A TEST LAB


4/36

MAJOR FACTORS DRIVING THE

NEED Large address space The 128-bit address space for IPv6 provides ample

room to provide every device on the present and foreseeable future Internetwith a globally reachable address.

Efficient routing With a streamlined IPv6 header and addressing that

supports hierarchical routing infrastructures, IPv6 routers on the Internet

can forward IPv6 traffic faster than their IPv4 counterparts. Ease of configuration IPv6 hosts can configure themselves by either

interacting with a Dynamic Host Configuration Protocol for IPv6 (DHCPv6)server or by interacting with their local router and using stateless addressautoconfiguration. Stateful DHCPv6 is not really needed with a good router

Enhanced security The IPv6 standards solve some of the security issues

of IPv4 by providing better protection against address and port scanningattacks and by requiring that all IPv6 implementations support InternetProtocol security (IPsec) for cryptographic protection of IPv6 traffic.


5/36

MAJOR CONCERNS FOR IT-

TEAM / ISP / APPS IT? Easier than IPv4 static or dynamic address

assignment, just run the install mechanism, therouter will do all the work

Router engineer needs to learn the most

ISPs need to agree on routing native IPv6 or atleast tunnelling it. Assigning IPv6 addresses ismore important

APPS? Some will not care, others need to use

the new protocol. Example Internet Explorer, willfirst use IPv6 address, then revert to IPv4 (canslow things down in a migration period)


6/36

ADDRESSING/SUBNETTING

Where do global addresses come from? TheHierarchy. TJs next hop is Virginia Tech so theygave us our global subnet

128 bit addresses (3.4x1038

), 109

with IPv4 7x1023 global addresses for each square meter

of the earths surface

Link-local addresses (no router) similar to

169.254.0.0/16 used by microsoft Site-local addresses similar to the private

10.0.0.0/8 and 192.168.0.0/16


7/36

2001:0468:0CC0:0000:02E0:81FF:FE25:FA65 iswww.tjhsst.edu

Shorten 2001:468:cc0::2E0:81FF:FE25:FA65 Tjs network is 2001:468:cc0::/48

2001:468:cc0:0000:0000:0000:0000:0001 164 subnets inside of TJ = 65,000 1616 nodes on each subnet = 1019 Link-local addresses have a prefix FE80::/64 no traffic is

forwarded thru a router

Site-local addresses have a prefix FEC0::/48 trafficforwards thru internal routers but not thru the borderrouter to the world
http://www.tjhsst.edu/http://www.tjhsst.edu/


8/36

Instead of statefully using2001:468:cc0:0000:0000:0000:0000:0001 the router willassign an address that has embedded, the ethernet(MAC) address according to a special algorithm that

presumes the /64 mask for the network Thus subnets are best, but not required to be masked /64

The new address might look like2001:468:cc0:0001:290:96ff:fec3:380a

note that an IPCONFIG /ALL at a DOS prompt shows aMAC address of 00-90-96-c3-38-0a and note theunderscore ff:fe above


9/36

An example of a CISCO config:

Interface Vlan1

Description Schools student networkipv6 address 2001:468:cc0:1::/64


10/36

Other than the Unicast addresses, IPv6

uses Multicast, Anycast addresses (no

Broadcast!!!)

A multicast address is used for one-to-

many interfaces, an anycast is used for

one-to-one-of many, usually by routers to

communicate via shortest distance

C G S O


11/36

CREATING A LIST OF

SUBNETTED NETWORK

PREFIXES s the number of bits chosen for subnetting m the prefix length of the network being

subnetted

F the value of the subnet (in hex) f = m 48 the number of bits within the subnet

already fixed

n = 2s the number of network prefixes obtained

i = 216-(f+s) the incremental value between eachsuccessive subnet (in hex)

l = 48 + f + s the prefix length of the subnets


12/36

The first new subnetted prefix:

[48-bit prefix from ISP]:F::/l

The next new subnetted prefix:[48-bit prefix from ISP]:F+i::/l

etc. to a total of n


13/36

Example 1 (8 school district)

s= 3

m=48

F=0000 f= 48 48 =0

n = 23 = 8

i = 216 (0 + 3) = 213 = 8192 = 2000h l = 48 + 0 + 3 = 51


14/36

Subnet 2001:468:CC0::/48

2001:468:CC0:0000::/51

2001:468:CC0:2000::/51

2001:468:CC0:4000::/51

2001:468:CC0:6000::/51

2001:468:CC0:8000::/51

2001:468:CC0:A000::/51

2001:468:CC0:C000::/51

2001:468:CC0:E000::/51


15/36

Example 2 (one router network)

s= 16

m=48

F=0000 f= 48 48 =0

n = 216 = 65536

i = 216 (0 + 16) = 20 = 1 = 0001h l = 48 + 0 + 3 = 64


16/36

Subnet 2001:468:CC0::/48

2001:468:CC0:0000::/64

2001:468:CC0:0001::/64

2001:468:CC0:0002::/64

2001:468:CC0:0003::/64

2001:468:CC0:0004::/64

2001:468:CC0:0005::/64

2001:468:CC0:0006::/64

on up to 2001:468:CC0:FFFF::/64


17/36

COEXISTENCE AND MIGRATION

ISATAP addresses

Teredo addresses

Installing IPv6


18/36

ISATAP addresses

Intra-site Automatic Tunnel Addressing Protocol (ISATAP)addresses are composed of a valid 64-bit unicast addressprefix and the interface identifier ::0:5EFE:w.x.y.z(where

w.x.y.zis a unicast IPv4 address assigned to aninterface). An example of a link-local ISATAP address isFE80::5EFE:131.107.4.92. ISATAP is defined in theInternet draft titled "Intra-Site Automatic TunnelAddressing Protocol (ISATAP)" (draft-ietf-ngtrans-isatap-x

.txtat http://www.ietf.org/internet-drafts/). For moreinformation, see ISATAP in this white paper.
http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/


19/36

Host-to-Host Tunneling


20/36

Teredo addresses

Teredo addresses use the prefix 3FFE:831F::/32. Anexample of a Teredo address is3FFE:831F:CE49:7601:8000:EFFF:62C3:FFFE. Beyond

the first 32 bits, Teredo addresses are used to encode theIPv4 address of a Teredo server, flags, and the encodedversion of a Teredo client's external address and port.Teredo is defined in the Internet draft titled "Teredo:Tunneling IPv6 over UDP through NATs" (

draft-huitema-v6ops-teredo-0x.txtathttp://www.ietf.org/internet-drafts/). For more information,see Teredo
http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/


21/36

Teredo is an address assignment and automatictunneling technology that provides unicast IPv6connectivity across the IPv4 Internet. 6to4 isanother automatic tunneling technology that

provides unicast IPv6 connectivity across theIPv4 Internet. However, 6to4 works well when a6to4 router exists at the edge of the site. The6to4 router uses a public IPv4 address toconstruct the 6to4 prefix and acts as an IPv6

advertising and forwarding router. The 6to4router encapsulates and decapsulates IPv6traffic sent to and from site nodes.


22/36

Teredo is designed as a last resort transition

technology for IPv6 connectivity. If native IPv6,

6to4, or Intrasite Automatic Tunnel Addressing

Protocol (ISATAP) connectivity is present, thehost does not act as a Teredo client. As more

IPv4 edge devices are upgraded to support 6to4

and IPv6 connectivity becomes ubiquitous,

Teredo will be used less and less until finally it isnot used at all.


23/36

Installing IPv6

1.Log on to the computer with a user accountthat has privileges to change networkconfiguration.2.Click Start, click Control Panel,and then double-click Network

Connections.3.Right-click any local areaconnection, and then click Properties. 4.ClickInstall. 5.In the Select Network ComponentType dialog box, click Protocol, and then clickAdd. 6.In the Select Network Protocol dialog

box, click Microsoft TCP/IP version 6, and thenclick OK. 7.Click Close to save changes to yournetwork connection.


24/36

Alternately, from the Windows Server 2003 desktop, clickStart, point to Programs, point to Accessories, and thenclick Command Prompt. At the command prompt, typenetsh interface ipv6 install.

The IPv6 protocol for Windows Vista and Windows ServerLonghorn is installed and enabled by default. It appearsas the Internet Protocol Version 6 (TCP/IP) componenton the Configure tab when you obtain the properties of aconnection or adapter in the Connections and Adapters

folder (available from the Network Center).


25/36

Alternately, from the Windows XP or

Windows Server 2003 desktop, click Start,

point to Programs, point to Accessories,

and then click Command Prompt. At thecommand prompt, type netsh interface

ipv6 uninstall.


26/36

ROUTING


27/36

ip name-server 198.38.31.9

ip name-server 2001:2F0:0:8800::1:1

!

!

ipv6 unicast-routing

ipv6 dhcp pool IPv6-dhcp-pool

dns-server 2001:468:CC0:0:2E0:81FF:FE25:FAE8

dns-server 2001:2F0:0:8800::1:1

domain-name tjhsst.edu

!


28/36

interface FastEthernet2/0 description Systems Lab IPv6 only no ip address duplex auto speed auto ipv6 address 2001:468:CC0::/64

ipv6 nd other-config-flag ipv6 dhcp server IPv6-dhcp-pool ! interface FastEthernet2/1 description LAN IPv6 only no ip address duplex auto

speed auto ipv6 address 2001:468:CC0:1::/64 ipv6 nd other-config-flag ipv6 dhcp server IPv6-dhcp-pool !


29/36

interface ATM3/0.1 point-to-point description Network VA and Internet-1 ip address 63.170.115.114 255.255.255.252 ip access-group 104 in atm pvc 1 0 34 aal5snap

! interface ATM3/0.2 point-to-point description Abilene Internet-2 ip address 65.172.70.210 255.255.255.252 ip access-group 104 in

atm pvc 2 0 33 aal5snap ipv6 address 2001:468:CFE:3001::2/64 ipv6 traffic-filter IPv6-103 in !


30/36

router bgp 3140

bgp log-neighbor-changes

neighbor 2001:468:CFE:3001::1 remote-as 7066

neighbor 63.170.115.113 remote-as 7066

neighbor 63.170.115.113 description Network Virginia


neighbor 65.172.70.209 des Network Virginia Internet 2


!


31/36

! address-family ipv4 no neighbor 2001:468:CFE:3001::1 activate neighbor 63.170.115.113 activate neighbor 63.170.115.113 route-map nwv-local-pref-110 in neighbor 65.172.70.209 activate neighbor 65.172.70.209 route-map i2-local-pref-120 in

neighbor 157.130.61.57 activate neighbor 157.130.61.57 route-map redundant out no auto-summary no synchronization network 198.38.16.0 mask 255.255.240.0 exit-address-family ! address-family ipv6

neighbor 2001:468:CFE:3001::1 activate network 2001:468:CC0::/48 exit-address-family !


32/36

ipv6 route 2001:468:CC0::/48 Null0 ! ipv6 access-list IPv6-103 deny ipv6 2001:468:CC0::/48 any permit tcp any host 2001:468:CC0:0:2E0:81FF:FE25:FA65 eq www permit tcp any any eq 22 permit tcp any any established deny tcp any any permit udp any any eq ntp permit udp any any eq domain permit icmp any any echo-reply

permit icmp any any time-exceeded permit icmp any any unreachable permit icmp any any deny ipv6 any any !


33/36

NAME RESOLUTION / DNS

SERVERS DNS Infrastructure A Domain Name System (DNS) infrastructure is

needed for successful coexistence because ofthe prevalent use of names (rather than

addresses) to refer to network resources.Upgrading the DNS infrastructure consists ofpopulating the DNS servers with records tosupport IPv6 name-to-address and address-to-name resolutions. After the addresses areobtained using a DNS name query, the sendingnode must select which addresses are used forcommunication.


34/36

Address Records

The DNS infrastructure must contain the

following resource records (populated either

manually or dynamically) for the successfulresolution of domain names to addresses:

A records for IPv4-only and IPv6/IPv4 nodes

AAAA records for IPv6-only and IPv6/IPv4 nodes


35/36

Pointer Records

The DNS infrastructure must contain thefollowing resource records (populated eithermanually or dynamically) for the successfulresolution of address to domain names (reversequeries):

PTR records in the IN-ADDR.ARPA domain for

IPv4-only and IPv6/IPv4 nodes PTR records in the IP6.ARPA domain for IPv6-only and IPv6/IPv4 nodes (optional).


36/36

SETTING UP A TEST LAB

Date post:	05-Apr-2018
Category:	Documents
Upload:	abinash-rautaray
View:	238 times
Download:	0 times

IPv6 Next Generation Internet Protocol BAK2

Documents