Date post: | 05-Apr-2018 |
Category: |
Documents |
Upload: | abinash-rautaray |
View: | 238 times |
Download: | 0 times |
of 36
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
1/36
IPv6 Next Generation Internet
ProtocolHow do you get ready?
Dont get left out!
Presented by Pete Morasca, ThomasJefferson High School Science Technology
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
2/36
Is this for real?
IRS, DOE, other Federal departments aremandated to implement by 2008
Microsofts next generation OS and Server OS(VISTA, LONGHORN) have IPv6 automaticallybuilt-in
Router manufacturers already have their OSrouting the new protocol and transitionmechanisms
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
3/36
OUTLINE
MAJOR FACTORS DRIVING THE NEED
MAJOR CONCERNS IT-TEAM/ISP/APPS
ADDRESSING/SUBNETTING COEXISTENCE AND MIGRATION
ROUTING
NAME RESOLUTION / DNS SERVERS SETTING UP A TEST LAB
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
4/36
MAJOR FACTORS DRIVING THE
NEED Large address space The 128-bit address space for IPv6 provides ample
room to provide every device on the present and foreseeable future Internetwith a globally reachable address.
Efficient routing With a streamlined IPv6 header and addressing that
supports hierarchical routing infrastructures, IPv6 routers on the Internet
can forward IPv6 traffic faster than their IPv4 counterparts. Ease of configuration IPv6 hosts can configure themselves by either
interacting with a Dynamic Host Configuration Protocol for IPv6 (DHCPv6)server or by interacting with their local router and using stateless addressautoconfiguration. Stateful DHCPv6 is not really needed with a good router
Enhanced security The IPv6 standards solve some of the security issues
of IPv4 by providing better protection against address and port scanningattacks and by requiring that all IPv6 implementations support InternetProtocol security (IPsec) for cryptographic protection of IPv6 traffic.
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
5/36
MAJOR CONCERNS FOR IT-
TEAM / ISP / APPS IT? Easier than IPv4 static or dynamic address
assignment, just run the install mechanism, therouter will do all the work
Router engineer needs to learn the most
ISPs need to agree on routing native IPv6 or atleast tunnelling it. Assigning IPv6 addresses ismore important
APPS? Some will not care, others need to use
the new protocol. Example Internet Explorer, willfirst use IPv6 address, then revert to IPv4 (canslow things down in a migration period)
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
6/36
ADDRESSING/SUBNETTING
Where do global addresses come from? TheHierarchy. TJs next hop is Virginia Tech so theygave us our global subnet
128 bit addresses (3.4x1038
), 109
with IPv4 7x1023 global addresses for each square meter
of the earths surface
Link-local addresses (no router) similar to
169.254.0.0/16 used by microsoft Site-local addresses similar to the private
10.0.0.0/8 and 192.168.0.0/16
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
7/36
2001:0468:0CC0:0000:02E0:81FF:FE25:FA65 iswww.tjhsst.edu
Shorten 2001:468:cc0::2E0:81FF:FE25:FA65 Tjs network is 2001:468:cc0::/48
2001:468:cc0:0000:0000:0000:0000:0001 164 subnets inside of TJ = 65,000 1616 nodes on each subnet = 1019 Link-local addresses have a prefix FE80::/64 no traffic is
forwarded thru a router
Site-local addresses have a prefix FEC0::/48 trafficforwards thru internal routers but not thru the borderrouter to the world
http://www.tjhsst.edu/http://www.tjhsst.edu/8/2/2019 IPv6 Next Generation Internet Protocol BAK2
8/36
Instead of statefully using2001:468:cc0:0000:0000:0000:0000:0001 the router willassign an address that has embedded, the ethernet(MAC) address according to a special algorithm that
presumes the /64 mask for the network Thus subnets are best, but not required to be masked /64
The new address might look like2001:468:cc0:0001:290:96ff:fec3:380a
note that an IPCONFIG /ALL at a DOS prompt shows aMAC address of 00-90-96-c3-38-0a and note theunderscore ff:fe above
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
9/36
An example of a CISCO config:
Interface Vlan1
Description Schools student networkipv6 address 2001:468:cc0:1::/64
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
10/36
Other than the Unicast addresses, IPv6
uses Multicast, Anycast addresses (no
Broadcast!!!)
A multicast address is used for one-to-
many interfaces, an anycast is used for
one-to-one-of many, usually by routers to
communicate via shortest distance
C G S O
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
11/36
CREATING A LIST OF
SUBNETTED NETWORK
PREFIXES s the number of bits chosen for subnetting m the prefix length of the network being
subnetted
F the value of the subnet (in hex) f = m 48 the number of bits within the subnet
already fixed
n = 2s the number of network prefixes obtained
i = 216-(f+s) the incremental value between eachsuccessive subnet (in hex)
l = 48 + f + s the prefix length of the subnets
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
12/36
The first new subnetted prefix:
[48-bit prefix from ISP]:F::/l
The next new subnetted prefix:[48-bit prefix from ISP]:F+i::/l
etc. to a total of n
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
13/36
Example 1 (8 school district)
s= 3
m=48
F=0000 f= 48 48 =0
n = 23 = 8
i = 216 (0 + 3) = 213 = 8192 = 2000h l = 48 + 0 + 3 = 51
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
14/36
Subnet 2001:468:CC0::/48
2001:468:CC0:0000::/51
2001:468:CC0:2000::/51
2001:468:CC0:4000::/51
2001:468:CC0:6000::/51
2001:468:CC0:8000::/51
2001:468:CC0:A000::/51
2001:468:CC0:C000::/51
2001:468:CC0:E000::/51
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
15/36
Example 2 (one router network)
s= 16
m=48
F=0000 f= 48 48 =0
n = 216 = 65536
i = 216 (0 + 16) = 20 = 1 = 0001h l = 48 + 0 + 3 = 64
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
16/36
Subnet 2001:468:CC0::/48
2001:468:CC0:0000::/64
2001:468:CC0:0001::/64
2001:468:CC0:0002::/64
2001:468:CC0:0003::/64
2001:468:CC0:0004::/64
2001:468:CC0:0005::/64
2001:468:CC0:0006::/64
on up to 2001:468:CC0:FFFF::/64
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
17/36
COEXISTENCE AND MIGRATION
ISATAP addresses
Teredo addresses
Installing IPv6
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
18/36
ISATAP addresses
Intra-site Automatic Tunnel Addressing Protocol (ISATAP)addresses are composed of a valid 64-bit unicast addressprefix and the interface identifier ::0:5EFE:w.x.y.z(where
w.x.y.zis a unicast IPv4 address assigned to aninterface). An example of a link-local ISATAP address isFE80::5EFE:131.107.4.92. ISATAP is defined in theInternet draft titled "Intra-Site Automatic TunnelAddressing Protocol (ISATAP)" (draft-ietf-ngtrans-isatap-x
.txtat http://www.ietf.org/internet-drafts/). For moreinformation, see ISATAP in this white paper.
http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/8/2/2019 IPv6 Next Generation Internet Protocol BAK2
19/36
Host-to-Host Tunneling
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
20/36
Teredo addresses
Teredo addresses use the prefix 3FFE:831F::/32. Anexample of a Teredo address is3FFE:831F:CE49:7601:8000:EFFF:62C3:FFFE. Beyond
the first 32 bits, Teredo addresses are used to encode theIPv4 address of a Teredo server, flags, and the encodedversion of a Teredo client's external address and port.Teredo is defined in the Internet draft titled "Teredo:Tunneling IPv6 over UDP through NATs" (
draft-huitema-v6ops-teredo-0x.txtathttp://www.ietf.org/internet-drafts/). For more information,see Teredo
http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/http://www.ietf.org/internet-drafts/8/2/2019 IPv6 Next Generation Internet Protocol BAK2
21/36
Teredo is an address assignment and automatictunneling technology that provides unicast IPv6connectivity across the IPv4 Internet. 6to4 isanother automatic tunneling technology that
provides unicast IPv6 connectivity across theIPv4 Internet. However, 6to4 works well when a6to4 router exists at the edge of the site. The6to4 router uses a public IPv4 address toconstruct the 6to4 prefix and acts as an IPv6
advertising and forwarding router. The 6to4router encapsulates and decapsulates IPv6traffic sent to and from site nodes.
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
22/36
Teredo is designed as a last resort transition
technology for IPv6 connectivity. If native IPv6,
6to4, or Intrasite Automatic Tunnel Addressing
Protocol (ISATAP) connectivity is present, thehost does not act as a Teredo client. As more
IPv4 edge devices are upgraded to support 6to4
and IPv6 connectivity becomes ubiquitous,
Teredo will be used less and less until finally it isnot used at all.
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
23/36
Installing IPv6
1.Log on to the computer with a user accountthat has privileges to change networkconfiguration.2.Click Start, click Control Panel,and then double-click Network
Connections.3.Right-click any local areaconnection, and then click Properties. 4.ClickInstall. 5.In the Select Network ComponentType dialog box, click Protocol, and then clickAdd. 6.In the Select Network Protocol dialog
box, click Microsoft TCP/IP version 6, and thenclick OK. 7.Click Close to save changes to yournetwork connection.
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
24/36
Alternately, from the Windows Server 2003 desktop, clickStart, point to Programs, point to Accessories, and thenclick Command Prompt. At the command prompt, typenetsh interface ipv6 install.
The IPv6 protocol for Windows Vista and Windows ServerLonghorn is installed and enabled by default. It appearsas the Internet Protocol Version 6 (TCP/IP) componenton the Configure tab when you obtain the properties of aconnection or adapter in the Connections and Adapters
folder (available from the Network Center).
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
25/36
Alternately, from the Windows XP or
Windows Server 2003 desktop, click Start,
point to Programs, point to Accessories,
and then click Command Prompt. At thecommand prompt, type netsh interface
ipv6 uninstall.
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
26/36
ROUTING
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
27/36
ip name-server 198.38.31.9
ip name-server 2001:2F0:0:8800::1:1
!
!
ipv6 unicast-routing
ipv6 dhcp pool IPv6-dhcp-pool
dns-server 2001:468:CC0:0:2E0:81FF:FE25:FAE8
dns-server 2001:2F0:0:8800::1:1
domain-name tjhsst.edu
!
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
28/36
interface FastEthernet2/0 description Systems Lab IPv6 only no ip address duplex auto speed auto ipv6 address 2001:468:CC0::/64
ipv6 nd other-config-flag ipv6 dhcp server IPv6-dhcp-pool ! interface FastEthernet2/1 description LAN IPv6 only no ip address duplex auto
speed auto ipv6 address 2001:468:CC0:1::/64 ipv6 nd other-config-flag ipv6 dhcp server IPv6-dhcp-pool !
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
29/36
interface ATM3/0.1 point-to-point description Network VA and Internet-1 ip address 63.170.115.114 255.255.255.252 ip access-group 104 in atm pvc 1 0 34 aal5snap
! interface ATM3/0.2 point-to-point description Abilene Internet-2 ip address 65.172.70.210 255.255.255.252 ip access-group 104 in
atm pvc 2 0 33 aal5snap ipv6 address 2001:468:CFE:3001::2/64 ipv6 traffic-filter IPv6-103 in !
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
30/36
router bgp 3140
bgp log-neighbor-changes
neighbor 2001:468:CFE:3001::1 remote-as 7066
neighbor 63.170.115.113 remote-as 7066
neighbor 63.170.115.113 description Network Virginia
neighbor 65.172.70.209 remote-as 7066
neighbor 65.172.70.209 des Network Virginia Internet 2
neighbor 157.130.61.57 remote-as 701
!
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
31/36
! address-family ipv4 no neighbor 2001:468:CFE:3001::1 activate neighbor 63.170.115.113 activate neighbor 63.170.115.113 route-map nwv-local-pref-110 in neighbor 65.172.70.209 activate neighbor 65.172.70.209 route-map i2-local-pref-120 in
neighbor 157.130.61.57 activate neighbor 157.130.61.57 route-map redundant out no auto-summary no synchronization network 198.38.16.0 mask 255.255.240.0 exit-address-family ! address-family ipv6
neighbor 2001:468:CFE:3001::1 activate network 2001:468:CC0::/48 exit-address-family !
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
32/36
ipv6 route 2001:468:CC0::/48 Null0 ! ipv6 access-list IPv6-103 deny ipv6 2001:468:CC0::/48 any permit tcp any host 2001:468:CC0:0:2E0:81FF:FE25:FA65 eq www permit tcp any any eq 22 permit tcp any any established deny tcp any any permit udp any any eq ntp permit udp any any eq domain permit icmp any any echo-reply
permit icmp any any time-exceeded permit icmp any any unreachable permit icmp any any deny ipv6 any any !
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
33/36
NAME RESOLUTION / DNS
SERVERS DNS Infrastructure A Domain Name System (DNS) infrastructure is
needed for successful coexistence because ofthe prevalent use of names (rather than
addresses) to refer to network resources.Upgrading the DNS infrastructure consists ofpopulating the DNS servers with records tosupport IPv6 name-to-address and address-to-name resolutions. After the addresses areobtained using a DNS name query, the sendingnode must select which addresses are used forcommunication.
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
34/36
Address Records
The DNS infrastructure must contain the
following resource records (populated either
manually or dynamically) for the successfulresolution of domain names to addresses:
A records for IPv4-only and IPv6/IPv4 nodes
AAAA records for IPv6-only and IPv6/IPv4 nodes
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
35/36
Pointer Records
The DNS infrastructure must contain thefollowing resource records (populated eithermanually or dynamically) for the successfulresolution of address to domain names (reversequeries):
PTR records in the IN-ADDR.ARPA domain for
IPv4-only and IPv6/IPv4 nodes PTR records in the IP6.ARPA domain for IPv6-only and IPv6/IPv4 nodes (optional).
8/2/2019 IPv6 Next Generation Internet Protocol BAK2
36/36
SETTING UP A TEST LAB