Regional Cisco Networking Academy Conference 2014

1© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada

Regional Cisco Networking Academy Conference 2014

Giving you the knowledge and confidence to teach IPv6

Introduction to IPv6: Exactly the same as IPv4… only completely different

Rick GrazianiCS/CIS Instructor Cabrillo College


Who am I?• Rick Graziani - [email protected]

• CS/CIS instructor at Cabrillo College, Santa Cruz, California

• Cisco Networking Academy instructor since 1997

• Run native IPv6 at Cabrillo College and home

• Curriculum Development Team for Cisco Networking Academy

• When not working, hopefully I’m surfing.

mailto:[email protected]


Topics• Why IPv6?

• IPv6 and ICMPv6 at a glance

• Format of an IPv6 Address

• IPv6 Address• Global Unicast IPv6 Address• Subnetting• Link-Local Unicast IPv6 Address

• Static Configuration of a Global Unicast Address

• Dynamic Configuration of a Global Unicast Address• Three options

• Link-local address

• Multicast address

• Address Resolution

A lot of stuff, but don’t be intimidated!

Please try to hold questions to the end…Lot’s of slides!


Why are they making me learn IPv6?


We’re running out of IPv4• Monday, January 31,

2011 IANA allocated the last /8 IPv4 address blocks to the RIRs.

• RIR’s have very few IPv4 address left, if any.

• Many ISPs are severely limited and some have already run out.


Internet Penetration Rate by PopulationAbout 80% of North Americahas Internet access

Only 28% of Asia and 16%of Africa has Internet access

Some ISPs are only giving out IPv6


IPv4 IPv6

When do I have to go to IPv6?

• IPv4 and IPv6 will coexist for the foreseeable future.

• Dual-stack – Device running both IPv4 and IPv6.

• Enterprises and ISPs have to support both protocols, which is a reason to eventually go to only IPv6.


Other Transition Strategies – Mostly for ISPs

Tunneling – IPv6 packets encapsulated inside IPv4 packets.

NAT64 – Translating between IPv4 and IPv6.

Native IPv6 – All IPv6 (our focus and the goal of every organization).

No more NAT as we know it

• Using NAT to “hide” IPv6 networks has been the source of some debate.

• IETF continues to state that NAT is not a security feature.• NAT for IPv4 breaks many things.• IETF does not support the concept of translating a “private IPv6”

address to a “public” IPv6 address... but there are exceptions.

192.168.1.0/24RFC 1918 Private Address

Public IPv4 Address

NAT


IPv4 and IPv6

• IPv6 is more than just larger address space.

• It was a chance to make some improvements on the IP protocol.


Internet Control Message Protocol (ICMPv6)

• Described in RFC 4443

• Much more robust than ICMP for IPv4

• Contains new functionality and improvements.

• More than just “messaging” but “how IPv6 conducts business”.

• General message similar to ICMP for IPv4 (Type and Code fields)

IPv6 Next Header Value: 58 decimal or 3A hexadecimal

IPv6 Header

Next Header58

ICMPv6 Header

ICMPv6 Message Body

IPv6 Data


Neighbor Discovery Protocol Uses ICMPv6ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):

• Router Solicitation Message• Router Advertisement Message

• Discussed with dynamic configuration of IPv6 addresses• We will also introduce assigned multicast addresses

• Neighbor Solicitation Message• Neighbor Advertisement Message

• Discussed with address resolution (IPv4 ARP)• We will also introduce solicited node multicast address

• Redirect Message (Similar to ICMPv4)

Router-Device Messaging

Device-Device Messaging


Understanding the format of IPv6 Address


IPv6 Address Notation

IPv6 addresses are 128-bit addresses represented in:

Eight 16-bit segments or “hextets” (not a formal term)

Hexadecimal (non-case sensitive) between 0000 and FFFF

Separated by colons

Reading and subnetting IPv6 is easier than IPv4!

One Hex digit = 4 bits

2001:0DB8:AAAA:1111:0000:0000:0000:0100/64

2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 010016 bits

116 bits

216 bits

316 bits

416 bits

516 bits

616 bits

716 bits

8


How many addresses does 128 bits give us? 340 undecillion addesses or … 340 trillion trillion trillion addresses or … “50 billion billion billion addresses for every person on earth” or…. “A string of soccer balls would wrap around our universe 200 billion

times!” … in other words … You won’t need to learn IPv7 for the next version of CCNA!

2001:0DB8:AAAA:1111:0000:0000:0000:0100/64

2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 010016 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits


This isn’t the first time

• Early versions of CCNA included:•IPv4•Appletalk•IPX


Rule 1: Leading 0’s Two rules for reducing the size of written IPv6 addresses. The first rule is: Leading zeroes in any 16-bit segment do not have to

be written.

2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc002001 : DB8 : 1 : 1000 : 0 : 0 : ef0 : bc00

2001 : 0DB8 : 010d : 000a : 00dd : c000 : e000 : 00012001 : DB8 : 10d : a : dd : c000 : e000 : 1

2001 : 0DB8 : 0000 : 0000 : 0000 : 0000 : 0000 : 0500 2001 : DB8 : 0 : 0 : 0 : 0 : 0 : 500


Rule 2: Double colon :: equals 0000…0000 The second rule can reduce this address even further:

Any single, contiguous string of one or more 16-bit segments consisting of all zeroes can be represented with a double colon.

FE80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001

FE80 : : 1

FE80::1

Second Rule First Rule


Rule 2: Double colon :: equals 0000…0000 Only a single contiguous string of all-zero segments can be

represented with a double colon.

Both of these are correct…

FE80 : 0000 : 0000 : 0000 : 0014 : 0000 : 0000 : 0095

FE80 :: 14 : 0 : 0 : 95

OR

FE80 : 0 : 0 : 0 : 14 :: 95


Rule 2: Double colon :: equals 0000…0000 Using the double colon more than once in an IPv6 address can create

ambiguity because of the ambiguity in the number of 0’s.

FE80::14::95

FE80:0000:0000:0000:0014:0000:0000:0095

FE80:0000:0000::0014:0000:00000000:0095

FE80:0000:0014:0000:0000:0000:0000:0095


Network Prefixes IPv4, the prefix—the network portion of the address—can be identified

by a dotted decimal netmask or bitcount.

255.255.255.0 or /24

IPv6 prefixes are always identified by bitcount (prefix length).

Prefix length notation:

2001:0DB8:100:a::/64

16 32 48 64 bits


IPv6 Addresses


IPv6 Addressing

MulticastUnicast Anycast

Assigned Solicited Node

Global Unicast

UnspecifiedLoopback Embedded IPv4

Link-Local Unique Local

FF00::/8 FF02::1:FF00:0000/104

::/128::1/128

2000::/33FFF::/3

FE80::/10FEBF::/10

FC00::/7FDFF::/7

::/80


Interface IDSubnet IDGlobal Routing Prefix

Global Unicast Address (GUA)

001 Range: 2000::/3 0010 0000 0000 0000 :: to 3FFF::/3 0011 1111 1111 1111 ::

• Global unicast addresses are similar to IPv4 addresses• Routable• Unique

IANA’s allocation of IPv6 address space in 1/8th sections



Global Unicast Address (GUA)

001 Range: 2000::/3 0010 0000 0000 0000 :: to 3FFF::/3 0011 1111 1111 1111 ::

• Global unicast addresses are equivalent to IPv4 public addresses• Except under very specific circumstances, all end users

will have a global unicast address• Terminology:

• Prefix equivalent to network address• Prefix length equivalent to subnet mask in IPv4• Interface ID equivalent to host portion


Typical Global Unicast Address and Why We Love IPv6!

IPv4 Unicast Address

32 bits

Network portion Host portionSubnet portion

/?

IPv6 Global Unicast Address

128 bits

Global Routing Prefix Interface ID16-bit Fixed Subnet ID

/64

• 64-bit Interface ID = 18 quintillion (18,446,744,073,709,551,616) devices/subnet• 16-bit Subnet ID = 65,536 subnets

/48



/64 Global Unicast Addresses and the 3-1-4 rule

2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100

3 + 1 = 4 (/64) : 42001:0DB8:AAAA:1111:0000:0000:0000:0100/642001:0DB8:AAAA:1111::100/64

16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits

3 1 4

/48 /64


Subnetting IPv6 and Why Our Students Will Love IPv6

Just increment by 1 in Hexadecimal:

• 2001:0DB8:AAAA:0000::/64

• 2001:0DB8:AAAA:0001::/64

• 2001:0DB8:AAAA:0002::/64

• 2001:0DB8:AAAA:000A::/64 Valid abbreviation is to remove the 3 leading 0’s from the first shown quartet

• 2001:0DB8:AAAA:1::/64

3-1-4 Rule


Interface ID

Subnet IDGlobal Routing Prefix

Subnetting into the Interface ID

Prefix

64 bits48 bits 16bits/48 /112

2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0000 : 00002001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0001 : 00002001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0002 : 0000 thru2001 : 0DB8 : AAAA : FFFF : FFFF : FFFF : FFFE : 00002001 : 0DB8 : AAAA : FFFF : FFFF : FFFF : FFFF : 0000

Global Routing Prefix Subnet-ID Interface ID


Subnetting on a nibble boundary


/68 Prefix

60 bits48 bits 20 bits/48 /68

Subnetting on a nibble (4 bit) boundary makes it easier to list the subnets: /64, /68, /72, etc.2001:0DB8:AAAA:0000:0000::/682001:0DB8:AAAA:0000:1000::/682001:0DB8:AAAA:0000:2000::/68 through2001:0DB8:AAAA:FFFF:F000::/68

/68


Subnetting within a nibble


/70 Prefix

58 bits48 bits 22 bits/48 /70

2001:0DB8:AAAA:0000:0000::/70 00002001:0DB8:AAAA:0000:0400::/70 01002001:0DB8:AAAA:0000:0800::/70 10002001:0DB8:AAAA:0000:0C00::/70 1100

Four Bits: The two leftmost bits are part of the Subnet-ID, whereas the two rightmost bits belong to the Interface ID.

bits


1 bit Interface ID

Global Routing Prefix

Do we need the IPv6 equivalent to a /30? /127?

127-bit Prefix

79 bits48 bits 1bit/48 /127

• Beyond the scope of CCNA but may be of interest….

• RFC 6164 - Using 127-Bit IPv6 Prefixes on Inter-Router Links• Ping-Pong Attack • Neighbor Cache Exhaustion Issue

• There are mitigation techniques for both.• If you still want to use a /127, reserve a

separate /64 for each /127.

Subnet ID

2001:0DB8:AAAA:F000::/64

• 2001:0DB8:AAAA:F000::A/127

• 2001:0DB8:AAAA:F000::B/127

2001:0DB8:AAAA:F001::/64

• 2001:0DB8:AAAA:F001::A/127

• 2001:0DB8:AAAA:F001::B/127


Global Unicast IPv6 AddressStatic Configuration


Global Unicast

Configuring a Global Unicast Address

Dynamic

IPv6 Unnumbered

Stateless Autoconfigurati

onDHCPv6

Static EUI-64

Manual

IPv6 Address


• Exactly the same as an IPv4 address only different.• No space between IPv6 address and Prefix-length.• IOS commands for IPv6 are very similar to their IPv4 counterpart.• All 0’s and all 1’s are valid IPv6 host IPv6 addresses.

No space

R1(config)#interface gigabitethernet 0/0R1(config-if)#ipv6 address 2001:db8:acad:1::1/64R1(config-if)#no shutdownR1(config-if)#exit


show running-config command on router R1R1# show running-config<output omitted for brevity>interface GigabitEthernet0/0 no ip address duplex auto speed auto ipv6 address 2001:DB8:ACAD:1::1/64!


show ipv6 interface brief command on router R1R1# show ipv6 interface briefGigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:ACAD:1::1 Global unicast address

Link-local unicast address

• Link-local address automatically created when (before) the global unicast address is.

• We will discuss link-local addresses soon.


PC1: Static Global Unicast Address

2001:db8:acad:1::10

2001:db8:acad:1::1 (or link-local address)

64


PC1> ipconfigWindows IP ConfigurationEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1::10

Link-local IPv6 Address . . . . . : fe80::50a5:8a35:a5bb:66e1 Default Gateway . . . . . . . . . : 2001:db8:acad:1::1

PC1: Static Global Unicast Address


PC1> ping 2001:db8:acad:1::1

Pinging 2001:db8:acad:1::1 from 2001:db8:acad:1::100 with 32 bytes of data:

Reply from 2001:db8:acad:1::1: time=1msReply from 2001:db8:acad:1::1: time=1msReply from 2001:db8:acad:1::1: time=1msReply from 2001:db8:acad:1::1: time=1ms

Ping statistics for 2001:db8:acad:1::1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms

PC1>

Pinging a Global Unicast IPv6 AddressesPing uses ICMPv6 Echo Request and Echo Reply messages similar to ICMPv4.


Global Unicast IPv6 AddressDynamic Configuration


Global Unicast

Manual

IPv6 UnnumberedIPv6

AddressStateless

Autoconfiguration

DHCPv6

Static EUI-64

Dynamic

Dynamic Configuration of IPv6 Addresses


IPv4 Dynamic AddressesDHCP Server


• The Router Advertisement (RA) tells hosts how it will receive IPv6 Address Information.

• Sent periodically by an IPv6 router or…

• … when the router receives a Router Solicitation message from a host.

With IPv6 it begins with the Router Advertisement

DHCPv6 Server

ICMPv6 Router Advertisement

ICMPv6 Router Solicitation

To all IPv6 routers: I need

IPv6 address information

To all IPv6 devices:

Let me tell you how to do this …

ICMPv6 Neighbor DiscoveryRouter SolicitationRouter Advertisement


Router Advertisement

Router Advertisement/Solicitation Messages• Part of ICMPv6 (Internet Control Message Protocol for IPv6)

• Router Advertisements (RA) are sent by an “IPv6 router” – ipv6 unicast-routing command• Forwards IPv6 Packets• Can be enabled for IPv6 static and dynamic routing• Sends ICMPv6 Router Advertisements

• Note: Routers can be configured with IPv6 addresses without being an IPv6 router

DHCPv6 Server

R1(config)# ipv6 unicast-routing



SLAAC (Stateless Address Autoconfiguration)

DHCPv6 Server

R1(config)# ipv6 unicast-routing

Option 1: SLAAC (Default on Cisco routers)“I’m everything you need (Prefix, Prefix-length, Default Gateway)”

Option 2: SLAAC + Stateless DHCPv6 for DNS address“Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.”

Option 3: All addressing except default gateway – DHCPv6“I can’t help you. Ask a DHCPv6 server for all your information.”

RA

DHCPv6

• Option 1 and 2: Stateless Address Autconfiguration – DHCPv6 Server does not maintain state of addresses

• Option 3: Stateful Address Configuration – Address received from DHCPv6 Server


Router Advertisement – Option 1 SLAAC

Option 1 – RA MessageTo: FF02::1 (All IPv6 devices multicast – more later)From: FE80::1 (Link-local address)Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64

RA

1

MAC: 00-03-6B-8C-E0-80

Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64Default Gateway: FE80::1Global Unicast Address:2001:DB8:ACAD:1: + Interface ID

2001:DB8:ACAD:1::/64

EUI-64 Process or Random 64-bit value

2

DHCPv6 Server

3


Dynamic Interface ID

Interface IDSubnet IDGlobal Routing Prefix/48 /64 64 bits

EUI-64 Process Randomly Generated Number(Privacy Extension)

SLAAC

Router Advertisement2001:DB8:ACAD:1::/64

• Windows operating systems, Windows XP and Server 2003 use EUI-64. • Windows Vista and newer; hosts create a random 64-bit Interface ID. • Linux: Mostly use random 64-bit number• Mac OSX: use EUI-64 (on my Macs)

DHCPv6 Server


EUI-64 (Extended Unique Identifier – 64)

Option 1 – RA MessageTo: FF02::1 (All IPv6 devices multicast)From: FE80::1 (Link-local address)Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64

RA

1

MAC: 00-03-6B-E9-D4-80

Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64Default Gateway: FE80::1Global Unicast Address:2001:DB8:ACAD:1: + Interface ID

2001:DB8:ACAD:1::/64

EUI-64 Process or Random 64-bit value

2

DHCPv6 Server


Hexadecimal

OUI24 bits

Device Identifier24 bits

Binary

Step 1: Split the MAC address

Binary

Step 2: Insert FFFE

Binary

Step 3: Flip the U/L bit

Binary

Modified EUI-64 Interface ID in Hexadecimal Notation

1111 1111 1111 1110

1111 1111 1111 1110

02 03 6B E9 D4 80FF FE

00 03 6B E9 D4 80

0000 0000 0000 0011 0110 1011 1110 1001

1101 0100 1000 0000

1110 1001

1101 0100 1000 0000

1110 1001

1101 0100 1000 0000

0000 0000 0000 0011 0110 1011

0000 0010 0000 0011 0110 1011

EUI-64

F F F E


PC1> ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:02-03-6b-ff-fe-e9-d4-80

Link-local IPv6 Address . . . . . : fe80::02-03-6b-ff-fe-e9-d4-80

Default Gateway . . . . . . . . . : fe80::1

PC1: Global Unicast Address

• A 64-bit Interface ID and the EUI-64 process accommodate the IEEE specification for a 64-bit MAC address.

Router Advertisement EUI-64


Option 2:Stateless DHCPv6

DHCPv6

• Other Configuration Flag is set.

• Use me for your address information just like SLAAC but…

• … you need to get other information from a DHCPv6 server like possibly a DNS server address.

DHCPv6 Server

I created my own address,have a prefix-length, default gateway, but I need a DNS

address…

ICMPv6Router Advertisement

Learn how to configure the RA message and the Stateless DHCPv6 server in the Intermediate IPv6 presentation


Option 3: Stateful DHCPv6

DHCPv6

• Managed Configuration Flag is set.

• Get ALL of your address information from a DHCPv6 server except use my link-local address for your default gateway address.

DHCPv6 Server

The router’s Router Advertisement tells me it can’t help me and I need to

communicate with a stateful DHCPv6 server…

ICMPv6Router Advertisement

Learn how to configure the RA message and the Stateful DHCPv6 server in the Intermediate IPv6 presentation


What about Stateful DHCPv6?

DHCPv6• DHCPv6 is similar to

DHCPv4.

• Host operating systems “may” include the option of ignoring the Router Advertisement from the router and only use the stateful services of a DHCPv6 server.

• Note: All addresses should be checked before use with DAD (Duplicate Address Detection), similar to gratuitous ARP in IPv4.

DHCPv6 Server


The World of IPv4 – DHCPv4 and NAT

• What about DHCP and IPv6 for my home network – First IPv4 at home….

• ISP only has to deliver a public IPv4 address for Home router interface.

• DHCP and RFC 1918 private address space is used for home network (ISP is not involved).

• NAT is used for translation – but has its drawbacks!

• No NAT (like that… kind of) for IPv6

ISP HOME

Public IPv4 Addressfor the interface

G0/1 G0/1

10.0.0.0/8172.16.0.0/12192.168.0.0/16

G0/0

Private IPv4 Address

NAT

DHCPv4 DHCPv4


The World of IPv6 – DHCPv6-PD (Prefix Delegation)

In the Intermediate presentation we will learn the operations and configuration of DHCPv6-PD.

ISP-DR HOME-RR

IPv6 Address for the interface:• SLAAC • DHCPv6 (Stateful or Stateless)

G0/1 G0/1 G0/0

Complete IPv6 ReachabilityDelegating Router (DR)

Requesting Router (RR)

How does the home network get a “public” IPv6 address?DHCPv6 with Prefix Delegation


Link-Local Unicast IPv6 Addresses


IPv6 Addressing



Global Unicast

UnspecifiedLoopback Embedded IPv4

Link-Local Unique Local

FF00::/8 FF02::1:FF00:0000/104

::/128::1/128

2000::/33FFF::/3

FE80::/10FEBF::/10

FC00::/7FDFF::/7

::/80


• Used to communicate with other devices on the link.• Are NOT routable off the link (network).• Only have to be unique on the link.• Are not included in the IPv6 routing table.• An IPv6 device must have at least a link-local address.• Used by:

• Hosts to communicate to the IPv6 network before it has a global unicast address.• Router’s link-local address is used by hosts as the default gateway address.• Adjacent routers to exchange routing updates

Link-local unicastLink-Local Communications


Interface ID/64

1111 1110 10xx xxxx

FE80::/10

Remaining 54 bits10 bits 64 bits

EUI-64, Random or Manual Configuration

Link-local Unicast

Range: FE80::/10 1111 1110 1000 0000 :: to FEBF::/10 1111 1110 1011 1111 ::


R1

G0/0

G0/1

S0/0/0

R1#show interface gigabitethernet 0/0GigabitEthernet0/0 is up, line protocol is up Hardware is CN Gigabit Ethernet, address is fc99.4775.c3e0 (bia fc99.4775.c3e0)<Output Omitted>

R1#show ipv6 interface briefGigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:ACAD:1::1GigabitEthernet0/1 [up/up] FE80::FE99:47FF:FE75:C3E1 2001:DB8:ACAD:2::1Serial0/0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:ACAD:3::1R1#

IOS uses EUI-64 to Create Link-Local Addresses

EUI-64

Serial interfaces will use a MAC address of an Ethernet interface.

FF:FE = EUI-64 (most likely)

Wait! Two Link-Locals

are the same!


PC1> ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix .:

IPv6 Address. . . . . . . . . : 2001:db8:acad:1:3496:1c51:3f57:fe89

Link-local IPv6 Address . . . : fe80::3496:1c51:3f57:fe89

Default Gateway . . . . . . . : fe80::1

PC1: Link-Local Unicast Address

• Many operating systems will use a random 64-bit Interface IDs for GUA and Link-Local IPv6 Addresses.


R1

G0/0 FE80::1

G0/1FE80::1

S0/0/0FE80::1

Configuring Static Link-Local Addresses

R1(config)#interface gigabitethernet 0/0R1(config-if)#ipv6 address fe80::1 ? link-local Use link-local address

R1(config-if)#ipv6 address fe80::1 link-localR1(config-if)#exitR1(config)#interface gigabitethernet 0/1R1(config-if)#ipv6 address fe80::1 link-localR1(config-if)#exitR1(config)#interface serial 0/0/0R1(config-if)#ipv6 address fe80::1 link-localR1(config-if)#

Link-Local Addresses only have to be unique on the link!

Static addresses are more easily remembered and recognizable.


ipv6 enable commandRouter(config)# interface gigabitethernet 0/1Router(config-if)# ipv6 enableRouter(config-if)# endRouter# show ipv6 interface briefGigabitEthernet0/1 [up/up] FE80::20C:30FF:FE10:92E1Router#

• Link-local addresses are automatically created whenever a global unicast address is configured

• The ipv6 enable command will:• Create a link-local address when there is no global unicast address• Maintain the link-local address even when the global unicast address is

removed

Link-local unicast address only


R1# ping fe80::2Output Interface: ser 0/0/0% Invalid interface. Use full interface name without

spaces (e.g. Serial0/1)Output Interface: serial0/0/0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to FE80::2, timeout is 2

secs:!!!!!

Must include exit-interface

G0/0 FE80::1 2001:0DB8:ACAD:2::/64

Ser 0/0/0:1

Ser 0/0/0 :2

R2R1FE80::1 FE80::2

Pinging a Link-Local Address

2001:0DB8:ACAD:1::/64


Next-hop addresses in IPv6 Routing TablesR1# show ipv6 route ospf

O 2001:DB8:CAFE:2::/64 [110/657] via FE80::2, Serial0/0/0O 2001:DB8:CAFE:3::/64 [110/1304] via FE80::2, Serial0/0/0O 2001:DB8:CAFE:A002::/64 [110/1294] via FE80::2, Serial0/0/0R1#

Link-local addresses are used as next hop addresses


Multicast IPv6 Addresses


IPv6 MulticastIPv6 Addressing



FF00::/8 FF02::1:FF00:0000/104

ICMPv6 Neighbor DiscoveryNeighbor Solicitation

ICMPv6 Neighbor DiscoveryRouter SolicitationRouter Advertisement


Group IDFlag1111 1111

FF00::/8

8 bits 112bits

4 bits4 bits

Scope

IPv6 Multicast

• Similar to Multicast addresses for IPv4.

• Used to send a packet to a group of devices.

Two types:

1. Assigned

2. Solicited Node


Assigned Multicast Addresses

• FF02::1 – All IPv6 Devices• All IPv6 devices, including the router, belong to this group.

• Every IPv6 device will listen and process packets to this address.


FF02::1FE80::1


Assigned Multicast Addresses R1(config)# ipv6 unicast-routing

• FF02::2 – All IPv6 Routers• All IPv6 routers belong to this group.

• Used to communicate with an IPv6 Router (ipv6 unicast routing)

FF02::2FE80::0123:456:789A:BCDE

ICMPv6 Router Solicitation


R1# show ipv6 interface gigabitethernet 0/0FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::FE99:47FF:FE75:C3E0 Global unicast address(es): 2001:DB8:ACAD:1::1, subnet is 2001:DB8:ACAD:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::5 FF02::6 FF02::1:FF00:1 FF02::1:FF75:C3E0<output omitted for brevity>

All-IPv6 devices on this linkAll-IPv6 routers on this link: IPv6 routing enabled

Solicited-node multicast addresses

Member of these Multicast Groups

• FF02 – “2” means link-local scope• What is a solicited node multicast address? Let’s talk address

resolution.

Multicast Groups of a Router

OSPFv3 All OSPF Routers (similar to 224.0.0.5)OSPFv3 All DR Routers (similar to 224.0.0.6)


Address Resolution


Address Resolution: IP to MAC Mapping

IP to data link (MAC) address mapping:

• IPv4 addresses use ARP

• IPv6 addressing use ICMPv6 Neighbor Discovery messages• Neighbor Solicitation• Neighbor Advertisement

• Devices store this mapping in their Neighbor Cache

PC1PC2ARP Request

Neighbor Advertisement

1

2Neighbor

Solicitation

1

ARP Reply2

Know IPv4, what is

the MAC?My IPv4! Here is the

MAC?

Know IPv6, what is

the MAC?

My IPv6! Here is the

MAC?

ICMPv6 Neighbor DiscoveryNeighbor SolicitationNeighbor Advertisement

ARP Cache

NeighborCache

3

3


Address Resolution: IP to MAC Mapping

ARP Request/ReplyEthernet

ICMPv6: Neighbor Solicitation/Advertisement IPv6 HeaderEthernet

IPv4: ARP over Ethernet

IPv6: ICMPv6 over IPv6 over Ethernet

PC1PC2ARP Request


1

2Neighbor

Solicitation

1

ARP Reply2

Know IPv4, what is

the MAC?My IPv4!

Here is the MAC?

Know IPv6, what is

the MAC?

My IPv6! Here is the

MAC?

ARP Request: Broadcast

NS: Multicast NS: Solicited Node Multicast


Advantages of Multicast

Ethernet Broadcast

IPv4/IPv6 MulticastIGMP/MLD Snooping

Ethernet Broadcast

• Destination MAC Address: Broadcast

• Data must be passed to upper layer for processing.

IPv4 or IPv6 Multicast

• IP multicast packets can be filtered by the switch, only sending packets to members of that group • IPv4 - IGMP (Internet Group Management

Protocol) • IPv6 - MLD (Multicast Listener Discovery)

• However, Solicited Node Multicasts are forwarded out all ports because of the potentially huge forwarding tables needed to to store these addresses. (For now.)


Why layer 2 multicast?ARP Requests: Layer 2 broadcasts:• Ethernet broadcasts are sent to all devices.• Flood the entire broadcast domain (subnet/VLAN).• Ethernet NIC must process the frame.• Any filtering is done by a higher layer protocol such as ARP.

Solicited Node Multicasts: Layer 2 and Layer 3 multicasts:• Although solicited node multicasts are forwarded out all ports, ….• Layer 2 multicast allows frames to be filtered by the NIC and not have send data to an

upper layer protocol for inspection.

Target IPv4Address


PC2

How is created?• There is a direct relationship between the unicast/anycast address its

solicited node multicast address.• The solicited node multicast address formed by:

• Prefix FF02:0:0:0:0:1:FF00::/104 (FF02::1:FFxx:xxxx)• Append the low-order 24 bits of the address (unicast or anycast• Like other multicast addresses, solicited node multicast addresses are also

mapped to an Ethernet MAC address. (next)

Unicast Addresses Solicited Node MulticastGlobal Unicast 2001:DB8:CAFE:1::20 FF02::1:FF00:20Link-local unicast FE80::1111:2222:3333

:4444FF02::1:FF33:4444

Solicited Node Multicast


• Besides its own MAC address, the Ethernet NIC will accept multicast addresses created from the:

• Solicited node multicast (global unicast address)• Solicited node multicast (link-local address)• Any assigned multicast address such as All-IPv6-Devices.

• See my presentation: Additional Topics, ICMPv6 Details, and Securing IPv6

Unicast Addresses Solicited Node Multicast

Ethernet MAC

Ethernet NIC N/A N/A 00-1B-24-04-A2-1EGlobal Unicast 2001:DB8:CAFE:1::200 FF02::1:FF00:200 33-33-FF-00-02-00Link-local FE80::1111:2222:3333:

4444FF02::1:FF33:4444 33-33-FF-33-44-44

Multicast(All-IPv6-Devices)

FF02::1 N/A 33-33-00-00-00-01

PC Processes the following IPv6 and Ethernet MAC Addresses

* Ethernet MAC addresses such as broadcasts and those associated with other protocols are not shown.

Extra – Mapping from IPv6 Multicast to MAC Address


Neighbor Cache (IPv4 ARP Cache)

• Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses

• Similar to ARP Cache for IPv4

• 5 States (2 noticeable and 3 transitory): (My CCNP Presentation)• Reachable: Packets have recently been received providing confirmation that this device is

reachable.• Stale: A certain time period has elapsed since a packet has been received from this address.• Transitory States: INCOMPLETE, DELAY, PROBE

PC1Neighbor CacheIPv6 Address MAC Address2001:DB8:ACAD:1::10 0021.9bd9.c644 IPv6 -

2001:DB8:ACAD:1::10MAC - 0021.9bd9.c644



R1# show ipv6 neighborsIPv6 Address Age Link-layer Addr State InterfaceFE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/02001:DB8:ACAD:1::10 16 0021.9bd9.c644 STALE Fa0/0

R1# ping 2001:db8:aaaa:1::100

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 msR1# show ipv6 neighborsIPv6 Address Age Link-layer Addr State InterfaceFE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/02001:DB8:ACAD:1::10 0 0021.9bd9.c644 REACH Fa0/0

R1#

Neighbor CacheWindows: netsh interface ipv6 show neighborLinux/MAC: ip neighbor show


ICMPv6 Review


Internet Control Message Protocol (ICMPv6)

• Described in RFC 4443

• Much more robust than ICMP for IPv4

• Contains new functionality and improvements.

• More than just “messaging” but “how IPv6 conducts business”.

• General message similar to ICMP for IPv4

• Also uses Type and Code fields like in ICMPv4.

IPv6 Next Header Value: 58 decimal or 3A hexadecimal

IPv6 Header

Next Header58

ICMPv6 Header

ICMPv6 Message Body

IPv6 Data


Neighbor Discovery Protocol Uses ICMPv6ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):

• Router Solicitation Message• Router Advertisement Message

• Discussed with dynamic configuration of IPv6 addresses• Introduced with assigned multicast addresses

• Neighbor Solicitation Message• Neighbor Advertisement Message

• Discussed with address resolution (IPv4 ARP)• Introduced with solicited node multicast address

• Redirect Message (Similar to ICMPv4)

Router-Device Messaging

Device-Device Messaging


Router Solicitations and Router AdvertisementsUsed by SLAAC (Stateless Address Autoconfiguration)

Router Advertisement MessageHere is one of three options:1. I have everything you need.2. I have mostly what you need, but you

will need to contact a DHCPv6 server for other information like a DNS address.

3. I have nothing for you. Contact a DHCPv6 serverl

FF02::1All IPv6 Devices

Router Solicitation MessageI need IPv6 address information.

FF02::2All IPv6 Routers

PC1

DHCPv6 Server

1

2


Neighbor Solicitations and Neighbor Advertisements

• Address Resolution - A device knows the IPv6 address but needs the Layer 2 MAC address.

• Unlike ARP, ICMPv6 Neighbor Solicitation/Advertisement messages are encapsulated in IPv6.

• Information is stored in the Neighbor Cache.

Neighbor Solicitation MessageWhoever has the IPv6 Address 2001:DB8:ACAD:1::10 please send me your Ethernet MAC address.

Solicited Node Multicast

Neighbor Advertisement MessageI have the IPv6 Address 2001:DB8:ACAD:1::10. Here is my Ethernet MAC address: 0021:9bd9:c644.

Unicast

PC2 PC11

2


IPv6 at home

• Learn IPv6 in the Lab• Implement IPv6 in a part of

your network• See if you get IPv6 at home

• Contact ISP• IPv6 enabled modem• IPv6 enabled router Linksys

ea6500 Router


What we covered…• Why IPv6?

• IPv6 and ICMPv6 at a glance

• Format of an IPv6 Address

• IPv6 Address• Global Unicast IPv6 Address• Subnetting• Link-Local Unicast IPv6 Address

• Static Configuration of a Global Unicast Address

• Dynamic Configuration of a Global Unicast Address• Three options

• Link-local address

• Multicast address

• Address Resolution

Teach it and use it, and it will all make sense!


Web Site, Book, Etc.• Rick Graziani - [email protected]

• PowerPoints for CCNA, CCNP, IPv6• www.cabrillo.edu/~rgraziani• Username = cisco• Password = perlman

Shameless plug!

Quality time with my two nieces…



http://www.cabrillo.edu/~rgraziani


And…… Thank you very much!Rick Graziani - [email protected]/~rgrazianiUsername = ciscoPassword = perlman


http://www.cabrillo.edu/~rgraziani

Date post:	24-Feb-2016
Category:	Documents
Upload:	marcy
View:	55 times
Download:	0 times

Regional Cisco Networking Academy Conference 2014

Documents