Introduction to IPv6

Todd Lammle

Sybex Cisco Author

CEO, RouterSim, inc

President, GlobalNet Training, inc

Mark’s Buddy

About Todd Lammle

• Sybex author– More than 40 titles published on Cisco; Microsoft; and

wireless technologies.

• President, GlobalNet Training Inc.– Cisco, Microsoft, Security and wireless certification

hands-on courses. www.globalnettraining.com.

• CEO, RouterSim, LLC– Cisco and Microsoft certification software products.

www.routersim.com.

Introduction

This session will discuss the history of the Internet and discuss the future

protocol IPv6

Some IP history…• The earliest documentation goes back to

1957 with the launch of Sputnik in Russia and the formation of ARPA by the DoD

• The first RFC was sent in 1969 and it was a request for host software

• 1970: ARPANET started using NCP• 1971: 23 hosts are connected together from

various universities• 1972: ITWG created and Telnet protocol

published as a specification

History cont…• 1973: first international connection from

ARPANET to England and Norway• 1973: Bob Metcalf writes his thesis for

Ethernet at Harvard• 1973: FTP Specification is published• 1976: First email is sent – from whom?• 01/01/1983: ARPANET starts using

TCP/IP• 1984: A Record 1000 hosts are on the

Internet

History cont…

• 1987: email links from Germany to China are created – 1000 RFC’s exsist and they are still requesting!

• 1987: 10,000 hosts are on the Internet

• 1988: The first Internet worm goes through 6000 hosts out of now 60,000!

• 1989: 100,000 hosts! German cracker group infiltrates numerous US facilities

History cont…• 1991: WWW created – released by

CERN• 1992: 1,000,000 hosts!• 1993: White House comes online –

created by Al, of course. Internet infected by Worms, Spiders, Wanderers, Crawlers and Snakes

• 1993: IETF looks at IPng• 1994: First SPAM mail sent! From

whom?

History cont…

• 1995: domain names are no longer free…

• 1996: 9,272 organizations down after Internic drops their name service for non-payment

• 1997: 2000th RFC published…it is no longer looking for a request…

• 2000: 254 million users…

• 2002: 580 million users…

• 2005: 1.08 Billion users!

2008!• IPv6 mandated by DoD and OMB to be

online..• So…why IPv6?• The other contenders were:

– CNAT– IP Encaps– Nimrod– Simple CLNS– PIP– SIP (Simple Internet Protocol)– TP/IXSimple CLNS evolved into TCP and UDP with TUBA

in 1992 (TCP/UDP with Bigger Addresses)

Wait...there’s more!

• IP Encaps became IPAE (IP Address Encapsulation), which then merged PIP and SIP and was then called:– SIPP (Simple Internet Protocol Plus)– TP/IX then changed it’s name to:

• Common Architecture for the Intern (CATNIP)

•The main proposals were then:

•CATNIP, TUBA and SIPP…

However….

IPv6

• All of the proposals and protocols became obsolete in 1994 when the IETF committee approved the IPv6 specification.

• The core IPv6 protocols became an IETF draft standard in 1998…

IPv6

• IPv6 is an upgrade from IPv4

• The upgrades are:– Extended address space– Autoconfiguration– Simplification of header format– Improved support for options and

extensions

Extended Address Space

• The US uses 60% of the allocated IPv4 addresses – which leaves 40% for the rest of the world

• IPv4 theoretically has a limit of 4.3 billion addresses

• Only 14% of the worlds population has Internet access

• We cannot have 20% with the IPv4 address space…

Autoconfiguration

• Vendors of all industries are developing monitoring, control and management systems based on IP

• For many of the complex networks or tomorrow, autoconfiguration is a necessity

• This is called Stateless

• No NAT needed – not even supported!

Extension Headers• New IP header is only 2 times the size of IPv4

header, but is more flexible in design, streamlined and can have new extensions added

• Neighbor Discovery, autoconfiguation and Mobile IPv6 will push IIPv6 to all devices, including at least 12 addresses for every car produced

• In 2008 all Cell phones will have IPv6 addresses and become hosts

• We need a protocol with extensible and flexible header and autoconfiguration

Mobility• Cellular networks will continue to grow• EVDO Rev B is set to come out late this year

at 9Mbs!• Rev A is at 4 Megs now…• In the UK, cell phones actually outnumber the

number of people • Mobility is extremely important!• IPv6 is elegant in design, supporting mobile

users in a highly efficient manner which allows users to move between networks

Who is already running pure IPv6?• Much of the world with US almost last in

development…but will catch up fast!• Japan and Korea• China has probably one of the largest IPv6

backbones, but we can’t prove it…• EU• India• Australia, Taiwan, Singapore, England and

Egypt• It’s happening faster then you think it is…

IPv6 Addressing

• IPv4 is 32 bits long which provides 2,113, 389 networks

• IPv6 has 128 bits and provides:– Per square meter of earth

340,282,366,920,463,463,374,607,341,768,211,456 hosts

– 35,184,372,088,832 networks– Each of these networks can still be

subnetted to 65,536 subnets

Address Types• Unicast: Packets addressed to a unicast address are

delivered to a single interface. For load balancing, multiple interfaces can use the same address

• Multicast: Packets addressed to a multicast address are delivered to all interfaces identified by the multicast address – same as in IPv4. Also called one-to-many addresses. An IPv6 mutlicast address always starts with FF.

• Anycast: This type of address identifies multiple interfaces, which is the same as multicast, however, the anycast packet is only delivered to one address, the first one it finds defined in the terms of routing distance. Can be called one-to-one-of-many.

Interfaces and Scopes• IPv6 addresses assigned to interfaces• Single interfaces can have multiple addresses

of all types• Nodes identified by any interface• One unicast can be assigned to multiple

interfaces for load sharing• Scopes are global and non-global (link-local)

– think of a scope as what we now call a subnet

• Scope of an address is encoded as part of the whole address

Address Notation• 128 bits, 16 bytes, divided into eight 16-bit

hexadecimal blocks separated by colons. Example:

2001:DB8:0000:0000:0202:B3FF:FE1E:8329

Abbreviated:

2001:DB8:0:0:202:B3FF:FE1E:8329

Double colons:

2001:DB8::202:B3FF:FE1E:8329

Double colons can appear only once in an address

IPv4 Mixed with IPv6

• 192.168.10.2– 0.0.0.0.0.0:192.168.10.2– ::192.168.10.2

Aggregatable global unicast addresses

• These are referred to just as global addresses and are the equivalent of a public IPv4 address.

• They are routable and reachable on the IPv6 internet. These addresses were designed to help produce a more efficient, hierarchical addressing and routing infrastructure then in IPv4.

Prefix Notation

• The prefix notation is very similar to the way IPv4 are written in CIDR format

• Used for subnetting and routing

Global Routing Prefixes

• Outlines the current assignment of reserved prefixed and special addresses, such as link-local or multicast.

• Only 20% of the IPv6 addresses are reserved

• The Internet Assigned Numbers Authority (IANA) is responsible for assigning address space.

Interface ID• A node may discover a subnet ID by listening to

Router Advertisement messages sent by a router on its attached link(s), and then fabricating an IPv6 address for itself by using its IEEE MAC address as the interface ID on that subnet.

• A host uses an identifier called the EUI-64 format during autoconfiguration.

• Created by the 48-bit MAC address• The hex digits of 0xff-fe are inserted between the

third and four bytes of the IPv6 address• For example, a host with the MAC address of 00-90-

96-A4-3F-07, would now look like this: 00-90-96-FF-FE-A4-3F-07.

Special Addresses

• All zero’s: 0.0.0.0.0.0.0.0. Typically the source address of a host when you are using stateful. Written as ::. (0.0.0.0 with IPv4)

• Loopback: 127.0.0.1 = ::1 (0.0.0.0.0.0.0.1)

6to4 Addresses

• Used to let IPv6 hosts or networks communicate over an IPv4-only infrastructure.

ISATAP Addresses

• Intra-Site automatic Tunnel Address Protocol

• Used on dual-stack nodes that are separated by an IPv4 only infrastructure.

• Allows IPv6 node to automatically tunnel over the IPv4 network

Teredo addresses

• Allows IPv6 to run on hosts that are behind a NAT device.

• IPv6 is tunneled within UDP

Link-local Addresses• Link-local address is for use on a single link

and is not routed• Can be used for autoconfiguration, neighbor

discovery for networks with no router.• The link-local addresses are automatically

configured on each node and a router will never forward link-local traffic beyond the link. You can tell a link-local address because it always begins with FE80::

Site-local addresses• These addresses are equivalent to the private

space we use with IPv4, for example, 10.0.0.0, 172.16-31.0.0 and 192.168.0.0.

• Since IPv6 does not use NAT, the site-local addresses are used between nodes communicating other nodes in the same organization.

• These are not automatically assigned like link-local addresses and you can tell a site-local address because they always start with FEC0::

Example

Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : domain.actdsltm

IP Address. . . . . . . . . . . . : 192.168.0.3 Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::290:96ff:fea4:3f07%6 Default Gateway . . . . . . . . . : 192.168.0.1

Tunnel adapter Teredo Tunneling Pseudo-InterfaceConnection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%4 Default Gateway . . . . . . . . . :

Tunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : domain.actdsltmp IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.3%2

Default Gateway . . . . . . . . . :

Anycast

• Provides redundancy and load balancing in situations where multiple hosts or routers provide the same server.

• Originally created for IPv4

• Designed for DNS and HTTP servers

• Not used too often. Shared unicast is typically used. Means a regular unicast address I assigned to multiple interfaces

Multicast

• Identifier for a group of nodes identified by the high-order byte FF .

• A node can belong to more then one multicast group

• When a packet is sent to multicast address, all memebers fo the multicast goup process the packet.

• It is refined and improved in IPv6

ICMPv6• Like IPv4 implementation but much

more powerful and contains new functionality.

• IGMP is now implemented within ICMP• ARP is now implemented within ICMP• Neighbor discovery (ND): uses Link

local addresses for neighbors attached to the same link, find routers, keep track of neighbors, and detect changed link-layer addresses.

Ethernet II, Src: Aopen_57:d1:b0 (00:01:80:57:d1:b0), Dst: Aopen_3e:7f:dd (00:01:80:3e:7f:dd) Destination: Aopen_3e:7f:dd (00:01:80:3e:7f:dd)

Source: Aopen_57:d1:b0 (00:01:80:57:d1:b0) Type: IPv6 (0x86dd)

Internet Protocol Version 6 Version: 6

Traffic class: 0x00 Flowlabel: 0x00000 Payload length: 32

Next header: ICMPv6 (0x3a) Hop limit: 255

Source address: fe80::b8b7:d009:f2a4:7fc4 Destination address: fe80::fd63:8632:46fe:2ec3

Internet Control Message Protocol v6 Type: 135 (Neighbor solicitation)

Code: 0 Checksum: 0x3c3d [correct]

Target: fe80::fd63:8632:46fe:2ec3 ICMPv6 options

Type: 1 (Source link-layer address) Length: 8 bytes (1)

Link-layer address: 00:01:80:57:d1:b0

Ethernet II, Src: Aopen_3e:7f:dd (00:01:80:3e:7f:dd), Dst: Aopen_57:d1:b0 (00:01:80:57:d1:b0) Destination: Aopen_57:d1:b0 (00:01:80:57:d1:b0)

Source: Aopen_3e:7f:dd (00:01:80:3e:7f:dd) Type: IPv6 (0x86dd)

Internet Protocol Version 6 Version: 6

Traffic class: 0x00 Flowlabel: 0x00000 Payload length: 32

Next header: ICMPv6 (0x3a) Hop limit: 255

Source address: fe80::fd63:8632:46fe:2ec3 Destination address: fe80::b8b7:d009:f2a4:7fc4

Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement)

Code: 0 Checksum: 0x2c29 [correct]

Flags: 0x60000000 Target: fe80::fd63:8632:46fe:2ec3

ICMPv6 options Type: 2 (Target link-layer address)

Length: 8 bytes (1) Link-layer address: 00:01:80:3e:7f:dd

Autoconfiguration• Saves network administrators lots of

work• Manual configuration is not required,

even in very large networks• Reminder:

– Stateful means you are using a DHCP server

– Stateless means you are using autoconfiguration

– Hosts can use both…

Multicast Routing Discovery

• Hosts run MRD for the discovery of multicast routers.

• There are three types:– Router Advertisement: sent by routers from

a link-local address– Router solicitation: sent by hosts to solicit

advertisements messages from routers.– Router Termination: sent by routers to

advertise that is stops routing functions.

Security• IPsec must be implemented in the stack• This doesn’t mean that IPv6 is more secure

then IPv4 can be• IPv6 security it just easier to implement• AH and ESP can be part of the IPv6 header

extension• At a minimum, ESP must be supported

– AH provides integrity and authentication– ESP provides integrity, confidentiality, data origin

authentication, anti-replay service and limited traffic flow confidentially.

Routing Protocols

• RIPng

• OSPF for IPv6 (OSPFv3)

• IS-IS for IPv6

• BGP

• EIGRP for IPv6

Upper-Layer Protocols

• TCP/UDP

• DHCP

• DNS (BIND)

• Telnet/FTP

• WWW (www.ipv6.org/v6-www.html)

TCP/UDP

• Checksum generated by pseudoheader

• TCP/UDP must have new pseudoheader

• Checksum now mandatory in UDP

Stateful DHCPv6

• Not needed

• Routers can provide prefix information

• Host configuration can be provided by DHCPv6 server

• v4 and v6 are different servers

• Router Advertisement can inform client to get info from DHCP server

Stateless Autoconfiguration

Uses DHCPv6 server to provide information for hosts, but not IPv6 addresses-DNS server info-Turn off MAC address as part of the IPv6 address-etc.