IPv6 Foundations
Mukom Akong T. (@perfexcellent)
① Understand IPv4 exhaustion and its implications ② Identify IPv6 addresses ③ Create an IPv6 addressing plan ④ Configure and verify IPv6 on a LAN Fu
ndam
enta
ls o
f IP
v6
What you should be able to do after finishing this module
learn.afrinic.net | slide 2
① Fundamental concepts of TCP/IPv4 ② Building basic IPv4 networks. ③ Using the command line interface for common routing
platforms
§ Cisco IOS § Juniper JUNOS § Quagga
Fund
amen
tals
of
IPv6
Module Assumptions
learn.afrinic.net | slide 3
Fund
amen
tals
of
IPv6
Module deliverables
Describe differences between IPv4 and IPv6 Key protocols Basic configuration
Create an IPv6 addressing plan Subnetting Estimate space Allocation
Identify and work with IPv6 addresses Address structure and notation Types of IPv6 addresses
Understand IPv4 exhaustion implications Global IPv6 address distribution Implications of exhaustion
learn.afrinic.net | slide 4
After this section, you should be able to:
① Describe the world situation with respect to v4 addresses
② Describe the implications of IPv4 exhaustion
Understanding IPv4 Exhaustion Implications!
Central IPv4 Pool as at 16.06.2010 U
nder
stan
ding
IPv4
Exh
aust
ion
Impl
icat
ions
learn.afrinic.net | slide 6
Central IPv4 Pool as at 31.01.2011 U
nder
stan
ding
IPv4
Exh
aust
ion
Impl
icat
ions
learn.afrinic.net | slide 7
Global IPv4 Address Distribution
Source: www.ipv4depletion.com Und
erst
andi
ng IP
v4 E
xhau
stio
n Im
plic
atio
ns
learn.afrinic.net | slide 8
Projected RIR Depletion Dates
Source: Geof Houston Und
erst
andi
ng IP
v4 E
xhau
stio
n Im
plic
atio
ns
learn.afrinic.net | slide 9
Exhaustion Consequence: IPv4 addresses are now more expensive
Und
erst
andi
ng IP
v4 E
xhau
stio
n Im
plic
atio
ns
$7.5m for 666,624 v4 addresses learn.afrinic.net | slide 10
Exhaustion Consequence: demand for IPv4 addresses may increase its price
Und
erst
andi
ng IP
v4 E
xhau
stio
n Im
plic
atio
ns
learn.afrinic.net | slide 11
u Black markets have well-known contrary consequences
Exhaustion Consequence: An IPv4 address black market emerges
Und
erst
andi
ng IP
v4 E
xhau
stio
n Im
plic
atio
ns
learn.afrinic.net | slide 12
u Scenario #1: We remain complacent and the world leaves us behind in IPv4-land § Cost of connecting to the rest of the world increases § We miss any market opportunities v6 adoption
presents u Scenario #2: A ‘rush’ for Africa’s pool by other regions
§ African networks deprived of critical v4 needed to facilitate transition to v6
§ We are forced to deploy greenfield IPv6 (good) § Use of NAT increases (bad)
Implications of Africa running out last U
nder
stan
ding
IPv4
Exh
aust
ion
Impl
icat
ions
learn.afrinic.net | slide 13
Ultimately…being left behind means U
nder
stan
ding
IPv4
Exh
aust
ion
Impl
icat
ions
IPv4 network
IPv6
learn.afrinic.net | slide 14
How shall we deal with exhaustion? U
nder
stan
ding
IPv4
Exh
aust
ion
Impl
icat
ions
IPv4 ?
IPv4 preservation with NAPT
IPv6 Deployment
learn.afrinic.net | slide 15
The Internet Numbers Registry for AfricaAFRINIC
The Internet Numbers Registry for AfricaAFRINIC
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161
Questions? Comments?
After this section, you should be able to:
① Work comfortably with IPv6’s hexadecimal notation ② Identify, write and shorten IPv6 addresses
IPv6 Addressing Basics!
u Network-layer successor to IPv4 § 128 bits long (296 times the total IPv4 address space) § Runs on the same physical infrastructure § The same applications can also run on IPv6 § Incompatible with IPv4!
u The only sustainable answer to IPv4 exhaustion § Enables continued growth of the Internet § Restores end-to-end model § Enables the Internet of Things
Und
erst
andi
ng IP
v6 A
ddre
ssin
g What is IPv6?
learn.afrinic.net | slide 18
u The 8 groups of hexits are separated by colons u Addresses are conventionally written in lower case
Und
erst
andi
ng IP
v6 A
ddre
ssin
g IPv6 addresses are written in hexadecimal
IPv6 address = 128 bits (1 or 0)
IPv6 address = 32 hexits (0 - 9, a , b , c , d , e , f)
IPv6 address = 8 groups of 4 hexits 2001 : db8 : c001 : face : b00c : dead : babe : 1cee : f001
learn.afrinic.net | slide 19
How IPv6 addresses are written U
nder
stan
ding
IPv6
Add
ress
ing
© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
learn.afrinic.net | slide 20
u IPv6 is all CIDR i.e. no subnet masks u A prefix is written as:
aaaa:bbbb:cccc:dddd:eeee:ffff/prefix length u Prefix length is a decimal in the range [0 , 128] u Examples of prefix notation:
§ 2001:db8::/32 --- a prefix assigned to an organisation § 2001:db8:1ce:c001::/64 --- a prefix assigned to a LAN § 2001:db8:1ce:c001::a/64 ---an address out of a /64 prefix Und
erst
andi
ng IP
v6 A
ddre
ssin
g IPv6 prefixes
learn.afrinic.net | slide 21
① Zero-suppression: omit all leading zeroes in a group of hexits § A leading zero is that which comes immediately after a colon § Each group must still contain at least one hexit
② Zero-compression: substitute two or more consecutive groups of zeroes with one double colon (::) § This should only be done once to avoid ambiguity § If more than substitution is possible, make that which
replaces the most groups § In case of two equal possible substitutions, make the
leftmost one.
Und
erst
andi
ng IP
v6 A
ddre
ssin
g Rules for shortening IPv6 addresses
learn.afrinic.net | slide 22
Shortening IPv6 addresses: Example U
nder
stan
ding
IPv6
Add
ress
ing
© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
learn.afrinic.net | slide 23
Shortening IPv6 addresses: Example U
nder
stan
ding
IPv6
Add
ress
ing
© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
learn.afrinic.net | slide 24
Incorrect IPv6 shortening example U
nder
stan
ding
IPv6
Add
ress
ing
© Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
learn.afrinic.net | slide 25
The Internet Numbers Registry for AfricaAFRINIC
The Internet Numbers Registry for AfricaAFRINIC
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161
Questions? Comments?
After this section, you should be able to:
① Identify different types of IPv6 addresses ② Describe the structure and scopes these addresses
IPv6 Address Types!
Und
erst
andi
ng IP
v6 A
ddre
ssin
g Types of IPv6 addresses
Unicast addresses
• Identifies and interface of an IPv6 node • Can be used as source and destination of a packet • An interface can have multiple valid IPv6 addresses
Multicast addresses
• Identifies a group of IPv6 addresses • Can only be used as the destination of a transmission • An interface can belong to multiple multicast addresses
Anycast addresses
• Same address on multiple nodes • Packet to anycast address is delivered only to nearest one • Packets are never sourced from an anycast address
learn.afrinic.net | slide 28
Scope: An address’ extent of validity U
nder
stan
ding
IPv6
Add
ress
ing
Link Layer
Global Scope Link-local Scope
These scopes do not apply to multicast addresses and the unspecified address
fe80::/10
learn.afrinic.net | slide 29
u Fixed high order bits of “001” => prefix of 2000::/3 u Example: 2001:db8:dead:beef:c001:babe:0000:aaaf
Global unicast addresses
Global Routing Prefix SubnetID InterfaceID
45 bits 64 bits16 bits3
bits
001
Und
erst
andi
ng IP
v6 A
ddre
ssin
g
IANA>>LIR>>ISP
learn.afrinic.net | slide 30
u First 10 bits are 1111 1110 10 thus prefix fe80::/10 u Scope is link local thus not forwarded off-link by routers u One per interface is always automatically configured when IPv6 is enabled u Used for
§ Automatic address configuration § Default gateway on hosts and next-hops to routes § Routing protocol updates § Neighbor discovery
Link local unicast addresses
0 InterfaceID
54 bits 64 bits10 bits
1111 1110 10
Und
erst
andi
ng IP
v6 A
ddre
ssin
g
learn.afrinic.net | slide 31
“If you ping fe80::212:6bff:fe54:f99a (N1), what egress interface will router R use?” – see solution next slide
The Link local address reachability problem
fe80::212:6bff:fe54:f99a
R
N1
Fe 0/0Fe 0/1
N2
M2 M1
fe80::212:6bff:fe3a:9e9a
fe80::212:6bff:fe17:fc0f fe80::245:bcff:fe47:1530
Und
erst
andi
ng IP
v6 A
ddre
ssin
g
learn.afrinic.net | slide 32
u ZoneID (or scopeID) § Provides the extra routing information required § Automatically assigned by the operating system § Only locally significant
u A full link-local address is written as : address%zoneID u Examples of some full link-local addresses with zoneIDs:
§ [Windows] ping fe80::245:bcff:fe47:1530%11 § [Linux] ping6 fe80::245:bcff:fe47:1530%eth0
ZoneIDs (scopeIDs) – resolving Link local address ambiguity
Und
erst
andi
ng IP
v6 A
ddre
ssin
g
learn.afrinic.net | slide 33
u Windows Host X: fe80::1ce:c01d:dead:babe%7 u Windows Host Y: fe80::dead:beef:1ce:c01d%10 u Ping from X -> Y is accomplished thus
§ Use the link local address of Host Y § Append the ZoneID of Host X on the same broadcast
domain § ping fe80::dead:beef:1ce:c01d%7 [correct] § ping : fe80::dead:beef:1ce:c01d%11 [wrong]
Und
erst
andi
ng IP
v6 A
ddre
ssin
g Examples of using ZoneID
learn.afrinic.net | slide 34
u Private address space anyone can use without going to an ISP or RIRs
u Prefix fc00::/7 and L flag indicates whether the prefix is locally assigned (1) or globally assigned (0) § For L=1, we have fd00::/8 for ULAs that anyone can assign. § For L=0, we have fc00::/8 for ULAs that are centrally
assigned. u Scope is global but they are usually filtered by e-BGP routers
Unique local addresses
Global ID SubnetID InterfaceID
40 bits 64 bits16 bits8
bits
1111 110L
Und
erst
andi
ng IP
v6 A
ddre
ssin
g
learn.afrinic.net | slide 35
1. Get the current time on the day in 64bit NTP format. 2. Get the EUI-64 identifier from the MAC address or other unique
identifier. 3. Concatenate (1) and (2) 4. Compute the SHA-1 digest of (3) 5. Use the least significant 40 bits of (4) as your globalID
Und
erst
andi
ng IP
v6 A
ddre
ssin
g Unique local addresses: globalID algorithm
Global ID SubnetID InterfaceID
40 bits 64 bits16 bits8
bits
1111 110L
learn.afrinic.net | slide 36
u IPv4-derrived address used in the 6to4 transition mechanism
u WWXX:YYZZ is the hex form of public v4 address w.x.y.z u Each public IPv4 address gives an entire /48 IPv6 prefix
Und
erst
andi
ng IP
v6 A
ddre
ssin
g 6to4 transition addresses
WWXX:YYZZ SubnetID2002 InterfaceID
48 bits 64 bits16 bits
w.x.y.z
learn.afrinic.net | slide 37
u Manually – typed by an admin on an interface u Automatically
§ The EUI-64 algorithm. § A pseudo-random number. § A public key (e.g. in the CGAs)
u Reserved interfaceIDs (RFC 5433) § Subnet router anycast: 0000:0000:0000:0000 § Reserved subnet anycast: fdff:ffff:ffff:ff80 - ff
Und
erst
andi
ng IP
v6 A
ddre
ssin
g Generating the InterfaceID – Last 64 bits
learn.afrinic.net | slide 38
Und
erst
andi
ng IP
v6 A
ddre
ssin
g EUI-64 automatic interfaceID generation
learn.afrinic.net | slide 39
u For a given MAC address § The EUI-64 interfaceID is fixed § It is re-used with the prefix of any network
encountered u It is possible to track a user from their interfaceID
§ The prefix says what network a user is on § The MAC address can be inferred from the
interfaceID u Privacy addressing (RFC4941) deals with this issue
Und
erst
andi
ng IP
v6 A
ddre
ssin
g Privacy concerns with EU-64
learn.afrinic.net | slide 40
u An IPv4 address represented in IPv6 format u Form: ::ffff:w.x.y.z/96 where w.x.y.z is a normal IPv4 address. u Internally represents a v4 node to a v6 node u Never used as a source or destination v6 address
Und
erst
andi
ng IP
v6 A
ddre
ssin
g IPv4-mapped transition addresses
0 ffff IPv4 Address
80 bits 16 bits 32 bits
learn.afrinic.net | slide 41
u An IPv6 address formed from an private IPv4 address u Automatically generated and assigned to ISATAP tunnels u Form: 64bitPrefix:0:5efe:a.b.c.d
§ Where a.b.c.d is an RFC1918 private IPv4 address
Und
erst
andi
ng IP
v6 A
ddre
ssin
g ISATAP transition addresses
Prefix 0000:5efe Private IPv4 Address
64 bits 32 bits 32 bits
learn.afrinic.net | slide 42
u Used as the destination of multicast communication u Start with bits 1111 1111 which is prefix: ff00::/8 u Bits 8 – 16 specify further characteristics of the address
Und
erst
andi
ng IP
v6 A
ddre
ssin
g Multicast addresses
GroupID
112 bits
1111 1111
8 bi
ts
4 bi
ts
4 bi
tsSc
ope
Flag
s
learn.afrinic.net | slide 43
The Flag Bits in multicast addresses U
nder
stan
ding
IPv6
Add
ress
ing
Bit Description
3 Reserved (must be set to 0)
2 (R flag) Rendezvous Point address is embedded (1) or not (0)
1 (P flag) Address is based on a unicast prefix (1) or not (0)
0 (T flag) Address is well-known (0) or dynamically assigned (1)
learn.afrinic.net | slide 44
The Scope bits in multicast addresses U
nder
stan
ding
IPv6
Add
ress
ing
Binary Hex Scope
0001 0x1 Interface
0010 0x2 Link
0100 0x4 Administrative
0101 0x5 Site
1000 0x8 Organisation
1110 0xe Global
Others Unassigned or Reserved
learn.afrinic.net | slide 45
Some reserved multicast groups
Some Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast GroupsSome Well-Known/Reserved Multicast Groups
Address Scope Description
FF01::1 1=Interface All nodes on the interface
FF02::1 2=Link All nodes on the link
FF01::2 1=Interface All routers on the interface
FF02::2 2=Link All routers on the link
FF05::2 5=site All routers in the site
FF02::5 2=Link All OSPFv3 routers
FF02::6 2=Link OSPFv3 designated routers
FF02::A 2=Link All EIGRPv6 routers
FF02::D 2=Link All PIM routers
FF02::1:FFXX:XXXX 2=Link Solicited-node address
Und
erst
andi
ng IP
v6 A
ddre
ssin
g
learn.afrinic.net | slide 46
u Multicast address for all nodes with the same IPv6 address u Constructed as follows:
§ Prefix FF02::1:FF00:/104 § Last 24 bits of the IPv6 unicast address § See examples next slide
The solicited node multicast address U
nder
stan
ding
IPv6
Add
ress
ing
Prefix InterfaceID
FF02:1::FF00: Lower 24 bits
104 bits 24 bits
learn.afrinic.net | slide 47
#show ipv6 interface g0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::CA9C:1DFF:FE6B:B6A0 No Virtual link-local address(es): Description: [Link to R1] Global unicast address(es): 2001:43F8:90:C0::2, subnet is 2001:43F8:90:C0::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:2 FF02::1:FF6B:B6A0 MTU is 1500 bytes
Und
erst
andi
ng IP
v6 A
ddre
ssin
g Solicited node multicast addresses in action
learn.afrinic.net | slide 48
u Problem: The colon in v6 addresses has another meeting in urls § It is a core part of the http:// § It is also used to specify the port
u Solution: enclose the IPv6 address in square brackets http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/ http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:80/ U
nder
stan
ding
IPv6
Add
ress
ing
IPv6 address literals in URLs
learn.afrinic.net | slide 49
u Problem: The colon a illegal character in Microsoft UNC pathnames
u The solution: § Replace each colon in the address with a dash § Replace any “%” in the zoneID with an “s” § Append “.ipv6-literal.net” to the address
u Example: 2001:db8:85a3:8d3:1319:8a2e:370:7348 2001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net u Example: fe80::1%4
fe80--1s4.ipv6-literal.net
Und
erst
andi
ng IP
v6 A
ddre
ssin
g IPv6 literals in UNC path names
learn.afrinic.net | slide 50
Summary of IPv6 address types
Summary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address TypesSummary of IPv6 Address Types
Type Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)Structure (16 bit boundaries)
Global Unicast GlobalIDGlobalID SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID
Link-local fe80 00 InterfaceIDInterfaceIDInterfaceIDInterfaceID
Unique-local fc00 0 SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID
Unique-local fd00 0 SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID
IPv4-mapped 0000 ffff <IPv4 Addr.><IPv4 Addr.>
6to4 2002 <IPv4 Addr.> SubnetID InterfaceIDInterfaceIDInterfaceIDInterfaceID
ISATAP <64bit v6 Prefix><64bit v6 Prefix><64bit v6 Prefix> 0 5efe <IPv4 Addr.><IPv4 Addr.>
Unspecified 0000000
Loopback 000000 0001
Multicast ff<LS> Multicast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupIDMulticast GroupID
Und
erst
andi
ng IP
v6 A
ddre
ssin
g
learn.afrinic.net | slide 51
The Internet Numbers Registry for AfricaAFRINIC
The Internet Numbers Registry for AfricaAFRINIC
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161
Questions? Comments?
After this section, you should be able to:
① Describe the IPv6 header, noting differences from the v4 header
② Identify the IPv6 equivalents and functioning of key IPv4 protocols
IPv6 from an IPv4 Perspective!
The IPv6 packet structure IP
v6 f
rom
an
IPv4
Per
spec
tive
learn.afrinic.net | slide 54
u Fixed header size of 40 bytes (320 bits) u Fragmentation not allowed by routers, only end hosts u Minimum supported MTU is 1280 bytes u Optional layer 3 information is put in extension headers
just before the upper-layer header
IPv6
fro
m a
n IP
v4 P
ersp
ecti
ve
Key characteristics of the IPv6 packet
learn.afrinic.net | slide 55
u Serve similar functionality to IPv4 “Options” headers u Processed only at packet's destination, except for Hop-
by-Hop Options header u Only appear once in a packet, except for the
Destination Options header which appears twice u A node discards the packet with a “Parameter Problem”
message in the following circumstances u It sees an un-recognized extension header u A Next Header value 0 appears in a header other
than the fixed header
IPv6
fro
m a
n IP
v4 P
ersp
ecti
ve
IPv6 extension headers
learn.afrinic.net | slide 56
IPv6
fro
m a
n IP
v4 P
ersp
ecti
ve
IPv6 packet without extension header
Cou
rtesy
: cisc
o.co
m
learn.afrinic.net | slide 57
IPv6
fro
m a
n IP
v4 P
ersp
ecti
ve
IPv6 packet with extension headers
Cou
rtesy
: cisc
o.co
m
learn.afrinic.net | slide 58
IPv6
fro
m a
n IP
v4 P
ersp
ecti
ve
List and order of IPv6 extension headers
Order Header Code Description
1 Basic IPv6 header
2 Hop-by-hop options 0 Examined by all hosts in path
3 Destination options 60 Examined only by destination node
4 Routing 43 Specify the route for a datagram (mobile v6)
5 Fragment 44 Fragmentation parameters
6 Authentication (AH) 51 Verify packet authenticity
7 ESP 50 Encrypted data
8 Destination options 60 Examined only by destination node
9 Mobility 135 Parameters for use with mobile IPv6
learn.afrinic.net | slide 59
The IPv6 header compared to IPv4 header IP
v6 f
rom
an
IPv4
Per
spec
tive Version Header Length TOS Total Length
Identification Flags Fragment Offset
TTL Protocol Header Checksum
Source Address
Destination Address
Options
Version Traffic Class Flow LabelPayload Length Hop Limit
Source Address
Next Header
Destination Address
0 4 8 12 16 20 24 28 32
learn.afrinic.net | slide 60
IPv6 packet header on the wire IP
v6 f
rom
an
IPv4
Per
spec
tive
learn.afrinic.net | slide 61
Packet header structure changes from IPv4 IP
v6 f
rom
an
IPv4
Per
spec
tive
IPv4 header fields removed from the base IPv6 header § Fragmentation fields [Identification, flags, fragment offset] § Options
IPv4 header fields eliminated in IPv6 § Header checksum § Header length
Revised fields § TTL à Hop count § Protocol à Next header § Precedence and ToS fields à Traffic class
New fields § Flow label
learn.afrinic.net | slide 62
IPv4 vs IPv6 key functionality comparison IP
v6 f
rom
an
IPv4
Per
spec
tive
IPv4 IPv6 Network Access Layer
§ Ethernet and variants § PPP for serial links § ATM
§ Ethernet and variants § PPP for serial links § ATM
Host auto-configuration § DHCP § DHCPv6
§ Stateless Address configuration
Network to Link-layer Address Resolution § ARP broadcasts § NDP via ICMPv6 (NS, NA)
learn.afrinic.net | slide 63
IPv4 vs IPv6 key functionality comparison IP
v6 f
rom
an
IPv4
Per
spec
tive
IPv4 IPv6 FQDN to IP-address resolution
§ DNS client-server § A resource records § In-addr-arpa. reverse zone
§ DNS client-server § AAAA resource records § ip6.arpa reverse zone
Host multicast group membership § IGMPv1 § IGMPv2
§ MLDv1
Automatic default gateway configuration § DHCP, IRDP, passive RIP § NDP via ICMPv6 (RA)
learn.afrinic.net | slide 64
IPv4 vs IPv6 key functionality comparison IP
v6 f
rom
an
IPv4
Per
spec
tive
IPv4 IPv6 Routing protocols
§ Static routing § RIPv1, RIPv2 § OSPFv2 § BGP4+ IPv4 AF
§ Static routing § RIPng § OSPFv3 § BGP4+ IPv6 AF
Minimum MTU size § 576 bytes § 1280 bytes
Sending packets to all hosts on subnet § Broadcast to subnet
broadcast Multicast to ALL_NODES (ff02::1)
learn.afrinic.net | slide 65
u Most modern DNS servers support IPv6 § AAAA records for IPv6 to FQDN mapping § PTR records under ip6.arpa. TLD for FQDN to IP
mapping u DNS is transport-protocol agnostic i.e.
§ A query over IPv4 could yield AAAA records § A query over IPv6 could yield A records
Resolving names to IPv6 addresses IP
v6 f
rom
an
IPv4
Per
spec
tive
learn.afrinic.net | slide 66
Sample IPv6 resource records
IPv4 IPv6
FQDN to IP Address
[A record]voyager.starfleet.org A
197.1.0.77
[AAAA record]voyager.starfleet.org IN AAAA
2001:0470:0000:0064:0000:0000:0000:0002
IP Address to FQDN
[PTR record]77.0.1.197.in-addr.arpa
PTR voyager.starfleet.org
[PTR record]2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.6.0.0.0
.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa IN PTR voyager.starfleet.orgIP
v6 f
rom
an
IPv4
Per
spec
tive
learn.afrinic.net | slide 67
① Write the IPv6 address in full reverse ② Separate each hexit by a period ③ Append the “ip6.arpa” domain u Example with sipcalc
Generating IPv6 PTR records IP
v6 f
rom
an
IPv4
Per
spec
tive
learn.afrinic.net | slide 68
The usual DNS test tools work as expected IP
v6 f
rom
an
IPv4
Per
spec
tive
learn.afrinic.net | slide 69
The Internet Numbers Registry for AfricaAFRINIC
The Internet Numbers Registry for AfricaAFRINIC
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161
Questions? Comments?
After this section, you should be able to:
① Describe the importance and functioning of IPv6 ND ② Describe how ND is used in other key IPv6 functions
The Key IPv6 Functionality Protocols!
u Key protocol upon which most of IPv6’s functionality depends
u Used by both hosts and routers u Consists of a set of ICMPv6 messages u Works at network layer, thus can use IPsec u Different message exchanges deliver various
functionalities
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
IPv6 Neighbor Discovery Protocol (ND)
learn.afrinic.net | slide 72
Functions of IPv6 Neighbor Discovery (ND) Th
e K
ey IP
v6 F
unct
iona
lity
Pro
toco
ls A
ddress resolution Address autoconfiguration
Parameter discovery
Prefix discovery
Router discovery
Host-Router Functions!
Duplicate address detection
Neighbour unreachability detection
Next-hop determination
Address resolution
Host-Communication! Functions!
Neighbour Discovery Protocol
learn.afrinic.net | slide 73
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
5 ICMPv6 messages used by ND
ND!
Neighbour Solicitation!
Neighbour Advertisement!
Router Solicitation!
Router Advertisement!
Redirect!
learn.afrinic.net | slide 74
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
Router Solicitation & Advertisement
learn.afrinic.net | slide 75
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
The Router Solicitation message
Sent by IPv6 host
Purpose Find out what routers are present on the link
Src address § IP of querying interface if one exist § Unspecified address (::) if there is no IP address yet
Dst address FF02::2 (all-routers)
Notes ICMP type 133, ICMP code 0
learn.afrinic.net | slide 76
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
Sample RS packet capture
learn.afrinic.net | slide 77
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
The Router Advertisement message
Sent by IPv6 router
Purpose
§ Advertise its presence prefixes, MTU, hop limits § Sent periodically or in response to a RS
Src address Router’s link local IPv6 address
Dst address § FF02::1 (all-v6-nodes) for periodic broadcasts § v6 address of querying node if responding to a RS
Notes ICMP type 134, ICMP code 0
learn.afrinic.net | slide 78
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
RA Message on the Wire
learn.afrinic.net | slide 79
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
Sample RA packet capture
learn.afrinic.net | slide 80
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
Neighbour Solicitations and Advertisements
learn.afrinic.net | slide 81
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
The Neighbour Solicitation message
Sent by IPv6 host
Purpose
§ Find out link layer address of another host. § Duplicate address detection. § Verify that a neighbour is reachable.
Src address § IP of querying interface if one exist § Unspecified address (::) if there is no IP address yet
Dst address
§ Target neighbour’s address if known § Solicited node multicast address of target otherwise
Notes ICMP type 135, ICMP code 0
learn.afrinic.net | slide 82
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
The Neighbour Advertisement message
Sent by IPv6 host
Purpose
§ Response to a neighbour solicitation (NS) § Periodically to update neighbors.
Src address § Manual or auto configured address of originating interface.
Dst address
§ IP address of the node which sent the NA. § FF02::1 for periodic advertisements.
Notes ICMP type 136, ICMP code 0
learn.afrinic.net | slide 83
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
Capture of an NA from a router in response to a NS
learn.afrinic.net | slide 84
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
Packet capture of NA message from a host
learn.afrinic.net | slide 85
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
The Redirect message
Sent by IPv6 router
Purpose Informs a node of a better next-hop router.
Src address Link local address of router.
Dst address
IP address of requesting node.
Notes ICMP type 137, ICMP code 0
learn.afrinic.net | slide 86
Duplicate address detection Th
e K
ey IP
v6 F
unct
iona
lity
Pro
toco
ls
N2
N1
N3
Tentative IP: 2001:db8::2:260:8ff:fe53:f9d8
IP: 2001:db8::2:260:8ff:fe53:f9d8
NS1
src: ::dst: FF02::1:FF53:F9D8hop limit: 255Target: 2001:DB8::2:260:8FF:FE53:F9D8
NA2
src: 2001:DB8::2:260:8FF:FE53:F9D8dst: FF02::1hop limit: 255Target: 2001:DB8::2:260:8FF:FE53:F9D8
learn.afrinic.net | slide 87
u DAD is performed on ALL unicast addresses u DAD is NEVER performed for anycast addresses u If DAD fails
§ That address cannot be assigned to the interface. § All addresses using that InterfaceID are also not
unique § A system management error must be logged
u Unrelated packets sent to a tentative address are discarded The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
Duplicate address detection
learn.afrinic.net | slide 88
① Host N1 is going to assign address “A” on its interface “I” ② Interface “I” joins multicast groups:
§ ff02::1 -- “All IPv6 nodes” § ff02::ff00:0:a – solicited node multicast address for “A”
③ N1 sends NS message to ff02::ff:0:a sourced from “::” ④ N1 listens for any NS messages to ff02::ff00:0:a from “::” ⑤ DAD fails under any of the following circumstances
§ N1 receives an NS for a tentative address prior to sending one. § More NSs are received than those expected based on loopback semantics
How duplicate address detection works Th
e K
ey IP
v6 F
unct
iona
lity
Pro
toco
ls
learn.afrinic.net | slide 89
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
NS packet capture illustrating duplicate address detection (DAD)
learn.afrinic.net | slide 90
Link-layer address resolution using ND
N2
N1
NS1
src: IPv6 address [N1]
dst: Solicited node multicast [N2]
data: Link layer address [N1]
query: "what's your link layer address?"
src: IPv6 address [N2]
dst: IPv6 address [N1]
data: Link layer address [N2]
NA 2
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
learn.afrinic.net | slide 91
u Does not necessarily verify end-to-end reach-ability since a neighbour could be a router (not the final destination)
u How it works: § Sending a probe to desired hosts’ solicited node
multicast address and receiving a NA or RA in response
§ Receive a clue from higher level protocol that to say communication is happening e.g TCP ACK
u Can be used for first hop router redundancy
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
Neighbour unreachability detection
learn.afrinic.net | slide 92
The
Key
IPv6
Fun
ctio
nalit
y P
roto
cols
NS packet capture for neighbour reachability verification
learn.afrinic.net | slide 93
The Internet Numbers Registry for AfricaAFRINIC
The Internet Numbers Registry for AfricaAFRINIC
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161
Questions? Comments?
After this section, you should be able to:
① Configure and verify IPv6 on Windows operating systems ② Configure and verify IPv6 on Linux operating systems ③ Configure and verify IPv6 on the MAC OS X operating system ④ Configure and verify IPv6 on Cisco IOS ⑤ Configure and verify IPv6 on Junos
Basic IPv6 Configuration!
Operating system IPv6 supported Windows Windows XP Service Pack 2 and up Mac OS X 10.4 (Tiger) and up GNU Linux Kernel 2.6 and up FreeBSD FreeBSD 4.0 and up Cisco IOS IOS 12.4; 12.3; 12.xT from 12.2T and up Junos Junos 5.1 and up
Most Operating Systems have IPv6 enabled by default!
Bas
ic IP
v6 C
onfi
gura
tion
learn.afrinic.net | slide 96
Host Configuration: Windows Vista/7 B
asic
IPv6
Con
figu
rati
on
learn.afrinic.net | slide 97
Bas
ic IP
v6 C
onfi
gura
tion
Host configuration: Mac OS X
learn.afrinic.net | slide 98
Host Configuration: Linux B
asic
IPv6
Con
figu
rati
on Configure IPv6 on an interface
[In /etc/network/interfaces] auto eth0 iface eth0 inet6 static address 2001:db8:fedc:abcd::1/64
force an interface to come up at boot-up and get address automatically.
[In /etc/network/interfaces] auto eth0 iface eth0 inet manual up /sbin/ip -6 link set eth0 up
Verify
#ifconfig eth0 OR #ip -6 addr show eth0
learn.afrinic.net | slide 99
u Offer host tracking when EUI-64 addresses are used u Privacy address status on various operating systems
§ Windows Vista/7 – Enabled by default § Mac OS X – Not enabled by default § Linux - not enabled by default
u Generally, enabling privacy addresses is not recommended
Bas
ic IP
v6 C
onfi
gura
tion
Working with privacy addresses
learn.afrinic.net | slide 100
Disabling privacy addressing B
asic
IPv6
Con
figu
rati
on
Windows Vista/7 c:\netsh interface ipv6 set privacy state=enabled|disabled c:\netsh interface ipv6 set global randomizeidentifiers=enabled|disabled
Mac OS X In /etc/sysctl.conf net.inet6.ip6.use_tempaddr=0|1 net.inet6.ip6.temppltime=XX //lifetime of temporary address
Linux
#echo "1" > /proc/sys/net/ipv6/conf/default/use_tempaddr
learn.afrinic.net | slide 101
Configuring basic IPv6 on Cisco IOS B
asic
IPv6
Con
figu
rati
on Enable IPv6 on an Interface!
(config)#ipv6 enable
Assign an IPv6 address with automatic interfaceID!
(config)#ipv6 address <prefix/prefix-length> eui-64
Assign a static IPv6 address!
(config)#ipv6 address <ipv6address/prefix-length>
Enable IPv6 routing and CEF!(config)#ipv6 unicast-routing (config)#ipv6 cef
learn.afrinic.net | slide 102
Configuring basic IPv6 on Junos B
asic
IPv6
Con
figu
rati
on
Enable IPv6 on an Interface
#edit interfaces <interfacename> unit <unit_no>
Assign an IPv6 address with automatic interfaceID
#set family inet6 address <prefix/prefix-length> eui-64
Assign a static IPv6 address
#set family inet6 address <ipv6address/prefix-length>
learn.afrinic.net | slide 103
The Internet Numbers Registry for AfricaAFRINIC
The Internet Numbers Registry for AfricaAFRINIC
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161
Questions? Comments?
After this section, you should be able to:
① Describe IPv6 parameter provisioning in IPv6 ② Describe, and verify how SLAAC works ③ Describe and verify how DHCPv6 works ④ Describe how DHCPv6-PD works
Address Provisioning in IPv6!
Device
Hosts
IPv6 address
Default gateway
DNS server
CPEs
IPv6 address
Default gateway
DNS server
Prefix for LAN(s)
IPv6
Add
ress
Pro
visi
onin
g Base address provisioning requirements
learn.afrinic.net | slide 106
IPv6
Add
ress
Pro
visi
onin
g Different ways of configuration IPv6 on hosts
and CPEs
learn.afrinic.net | slide 107
IPv6 address configuration!
SLAAC!
Plain SLAAC!
SLAAC with RDNSS!
DHCPv6!
Stateful!
Stateless!
Manual!
u Recursive DNS Server (RDNSS) uses RA to advertise a list of DNS resolvers.
IPv6
Add
ress
Pro
visi
onin
g Options for automatic address provisioning
Address Default
Gateway DNS
server Delegated
Prefix
SLAAC ✔ ✔ ✖
Stateful DHCPv6 ✔ ✖ ✔ ✔
Stateless DHCPv6 ✖ ✖ ✔ ✖
RDNSS ✖ ✖ ✔ ✖
learn.afrinic.net | slide 108
u SLAAC is used if none of the above flags is configured
IPv6
Add
ress
Pro
visi
onin
g Determining whether to use SLAAC or
DHCPv6 – M and O RA flags
The RA Managed-Config-Flag (M)
• Tells host to use DHCPv6 for everything • The host must be set to configure IPv6 “automatically” • Configured on the router interface facing hosts
The RA Other-Config-Flag (O)
• Tells host to use • SLAAC for address and prefix length • DHCPv6 for other options (e.g DNS)
• Configured on the router interface facing hosts
learn.afrinic.net | slide 109
u N2 will auto-configure an address for each of the advertised prefixes 2001:db8:a::/64 and 2001:db8:d/64.
u Hosts will also auto-configure 2 default routers
u If RDNSS is active, N2 and M2 will also get a list of DNS resolvers
IPv6
Add
ress
Pro
visi
onin
g Stateless Auto-Configuration – How it Works
Network X
R1
N2
M2
ff02::1
R2
Network X
[RS] RA?1
[RA] 2001:db8:a::2
[RA] 2001:db8:d::3
ff02::1
ff02::1
learn.afrinic.net | slide 110
① Host generates an interfaceID and a link-local address ② Perform Duplicate Address Detection [DAD] on selected
address ③ Query all routers (via RS messages) for additional ④ Router responds with Router Advertisement [RA] which lists
allocated prefixes for the subnet and indicates if it can provide routing services to connected hosts.
⑤ For each prefix received, the host adds its 64bit interfaceID configures an address and does DAD.
⑥ Host build a list of 'default routers' from RAs. There's no single default gateway like in IPv4.
Stateless Auto-Configuration – How it Works IP
v6 A
ddre
ss P
rovi
sion
ing
learn.afrinic.net | slide 111
u The routers on the subnet are pre-configured with: § Appropriate IPv6 addresses on their interfaces. § Desired prefixes for use on the subnet. § List of DNS servers to send to hosts [RFC6106]
u If the router advertise multiple prefixes, the host(s) will auto-configure an address for each of the prefixes.
u If multiple routers advertise themselves as default, host typically chooses and uses one till it fails, then it uses other.
Stateless Auto-Configuration – How it works IP
v6 f
rom
an
IPv4
Per
spec
tive
learn.afrinic.net | slide 112
Configuring a Cisco router for SLAAC
Network X
R1
N2
M2
ff02::1
R2
Network X
[RS] RA?1
[RA] 2001:db8:a::2
[RA] 2001:db8:d::3
ff02::1
ff02::1
R1(config)⌗Interface fastethernet 0/1 R1(config-if)⌗ ipv6 nd prefix 2001:db8:a::/64
R1(config)⌗Interface fastethernet 0/1 R1(config-if)⌗ ipv6 nd prefix 2001:db8:d::/64
IPv6
Add
ress
Pro
visi
onin
g
learn.afrinic.net | slide 113
u Host or CPE gets all of its config parameters from central server
u Central server can keep state of who has what address u A host may use DHCPv6 instead of SLAAC if it gets an RA
message with the M flag = ON and A flag=OFF u Multicast addresses used by DHCPv6 § All_DHCP_Relay_Agents_and_Servers (FF02::1:2) § All_DHCP_Servers (FF05::1:3)
u DHCP Messages: § Clients listen on UDP port 546 § Servers and relay agents listen on UDP port 547
u DHCPv6 does not support a default gateway option!!
Stateful configuration with DHCPv6 IP
v6 A
ddre
ss P
rovi
sion
ing
learn.afrinic.net | slide 114
How stateful DHCPv6 works
[ND] RS?1
[DHCP] Solicit3 [DHCP] Solicit4
[ND] RA (M set)2
[DHCP] Advertise (addr)5
[DHCP] Advertise (addr)6
[DHCP] Request (addr)7 [DHCP] Request (addr)8
[DHCP] Reply (addr)9
[DHCP] Reply (addr)10
[DHCP] Confirm (addr)11[DHCP] Confirm (addr)12
Client Router/DHCP RelayDHCP Server
IPv6
Add
ress
Pro
visi
onin
g
learn.afrinic.net | slide 115
Advantages: a) Similar to DHCPv4, so will be familiar to most operators. b) More options to control how addresses are allocated e.g.
§ Restrict assignments to a small range of addresses § Map IP addresses to specific clients.
c) Dynamic DNS (DDNS) updates from a central server is more secure than permitting individual host to update the DNS.
d) It has options to configure other services. e) Can produce centralized accounting logs (troubleshooting and
forensics). Disadvantages:
a) No DHCPv6 clients yet on some operating systems e.g, Android. b) Configuration information for addresses and DNS resolvers must
be maintained in separate locations.
IPv6
Add
ress
Pro
visi
onin
g Stateful DHCPv6
learn.afrinic.net | slide 116
IPv6
Add
ress
Pro
visi
onin
g How Stateless DHCPv6 works
[ND] RS?1
[DHCP] SolicitOptions e.g DNS server
3
[DHCP] Advertise DNS server address
5
Client RouterDHCP Server
[ND] RAPrefix:Default router:"O" flag set
2
[DHCP-RELAY] SolicitOptions
4
[DHCP-RELAY] Advertise DNS server address
6
learn.afrinic.net | slide 117
Advantages: § Support for SLAAC is ubiquitous. § Non-DHCPv6 hosts will still be able to get basic
connectivity. (the DNS resolvers can be manually configured )
§ Other options possible (e.g NTP, NIS, SIP etc) Disadvantages:
§ Zero control over how addresses are allocated § If using DDNS, permitting DDNS updates from all clients
is insecure. § Privacy concerns if EUI-64 method is used for interfaceID § No centralized log for forensics
IPv6
Add
ress
Pro
visi
onin
g Stateless DHCPv6 Pros and Cons
learn.afrinic.net | slide 118
IPv6
Add
ress
Pro
visi
onin
g Configure an IOS router for stateful DHCPv6
client router
DHCPv6 server
router(config)# interface FastEthernet0/0 router(config-if)# ipv6 nd managed-config-flag router(config-if)# ipv6 nd other-config-flag router(config-if)# ipv6 nd prefix default no-autoconfig router(config-if)# exit
learn.afrinic.net | slide 119
IPv6
Add
ress
Pro
visi
onin
g Configure DHCPv6 on Junos
client router DHCPv6 server
protocols { router-advertisement { interface ge-0/1/0.0 { managed-configuration; <--- sets the M bit in the RA other-stateful-configuration; <--- sets the O bit in the RA prefix 2001:0DB8:10:4::/64 { no-autonomous; <--- disable stateless auto-config } } }
}
learn.afrinic.net | slide 120
u SLAAC plus the Recursive DNS server option
u Advantages: § Single protocol (IPv6 ND) thus simpler configuration § Support for SLAAC is ubiquitous
u Disadvantages: § RDNSS option not widely supported § No other parameters besides DNS resolver are
possible
IPv6
Add
ress
Pro
visi
onin
g SLAAC + RDNSS
learn.afrinic.net | slide 121
u Used to assign a delegated prefix to CPE to use on its LAN. u The PE inserts a static route for the delegated prefix in its table
IPv6
Add
ress
Pro
visi
onin
g Provisioning client prefixes automatically
with DHCPv6 - PD
[DHCP] SolicitOptions: IAPD
2
[DHCP] Advertise Delegated Prefix
4
[DHCP-RELAY] SolicitOption: IAPD
3
[DHCP-RELAY] Advertise Delegated Prefix
5
Provision CPE WAN address1
CPE PE
DHCP Server
learn.afrinic.net | slide 122
Key differences between DHCPv4 & DHCPv6 IP
v6 A
ddre
ss P
rovi
sion
ing
Feature DHCPv4 DHCPv6 Benefit
Managed configuration flag N/A
Used by router to control host use of DHCP
Node config can be managed by network policy
Destination address of initial request Broadcast ff02::1:2 Efficient link utilisation
More specific link signaling
Source address of initial request 0.0.0.0 Link local
address of client More specific link signaling
Reconfiguration message N/A
Servers can ask clients to update their configurations
Easier to trigger site-wide reconfiguration
Identify association N/A Clients can deal with multiple servers
Scalability and redundancy
learn.afrinic.net | slide 123
DHCPv6 server software capabilities IP
v6 A
ddre
ss P
rovi
sion
ing Software Platform Roles Options
ISC DHCPv6 Linux BSD Solaris
Server Relay Client
DNS, NTP, NIS, SIP, BCMCS, Lifetime, Prefix Delegation, Relay IDs, FQDN
WIDE DHCPv6 Linux BSD
Server Relay Client
DNS, NTP, NIS, SIP, BCMCS, Lifetime, Prefix delegation
Dibbler DHCPv6
Linux Windows
Server Relay Client
DNS, NTP, NIS, SIP, AAKey, Lifetime, FQDN, Prefix delegation, Leasequery, Timezone
learn.afrinic.net | slide 124
DHCPv6 server software capabilities IP
v6 A
ddre
ss P
rovi
sion
ing
Software Platform Roles Options Windows Server 2008
Windows Server Relay
DNS, NIS, SIP, NTP, Lifetime User class
IOS DHCPv6 Cisco IOS Server Relay Client
DNS, NTP, NIS, SIP Prefix Delegation Relay IDs, Lifetime
learn.afrinic.net | slide 125
The Internet Numbers Registry for AfricaAFRINIC
The Internet Numbers Registry for AfricaAFRINIC
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161
Questions? Comments?
After this section, you should be able to:
① Subnet an IPv6 prefix ② Describe how IPv6 addresses are globally managed ③ Estimate the IPv6 addressing needs of your network ④ Carve out your allocated addresses and assign them
IPv6 Address Planning!
For a given IPv6 prefix ‘P’ and prefix length L a) List all the sub-prefixes of length L’ therein b) Break ‘P’ into N subnets
Repeat for each sub-prefix as required
The generic IPv6 subnetting problem IP
v6 s
ubne
ttin
g
Parent prefix
Sub-prefix #1 Sub-prefix #2 Sub-prefix #3 Sub-prefix #n
learn.afrinic.net | slide 128
① Why do we do subnetting? § IPv4: conserve address space § IPv6: planning and optimization for routing or
security ② VLSM vs SLSM – there’s no point to do VLSM in IPv6 ③ Subnets vs hosts – number of hosts is irrelevant in v6 ④ There’ll rarely be a need to expand a /64 subnet!
IPv6
sub
nett
ing
IPv4 subnetting concepts to FORGET!
learn.afrinic.net | slide 129
IPv6
sub
nett
ing
Generic IPv6 subnetting procedure
Find subnet bits (s) Find Subnet hexits
Find SubnetID increment
(B)
Enumerate subnetIDs
learn.afrinic.net | slide 130
Derived from total number of desired subnets
Range of hexits that define each individual subnet
The difference between each subnetID
The individual subnets
IPv6
sub
nett
ing
Step #1: Finding the subnet bits (s)
u The prefix lengths of the mother and sub-prefixes - (L) and L’ are known. s = L – L’ Ex: breaking a /32 to /56s requires 56 – 32 = 24 bits
u Only the number of desired subnets is known
Ex: breaking a /36 into 700 networks needs
2s ≥N thus s =logNlog2
2s ≥ 700 thus s =log700log2
= 9.45 ≈10bits
learn.afrinic.net | slide 131
IPv6
sub
nett
ing
Step #2: Finding the number of subnet hexits
u These are the distinguishing hexits of each subnet § Knowing number of subnet bits ‘s’ § Knowing that 1 hexit = 4 bits, then § Number of subnet hexits = s/4 (round up)
u Ex: Breaking 2001:db8:c000::/36 to 700 subnets § s = log 700 ÷ log 2 = 9.81 ≈ 10 § # subnet hexits = 10/4 = 2.5 ≈ 3 § Each of the subnets will be like: 2001:db8:cHHH::/46
learn.afrinic.net | slide 132
IPv6
sub
nett
ing
Step #3: Finding the Increment or Block (B)
u This is difference between consecutive subnetIDs
u Ex: Breaking 2001:db8:c000::/36 in to 700 subnets § s = 3 (calculated in previous slides) § L’ = 46 (/36 original length + 10 bits of subnetting) § Format 2001:db8:cHHH::/46 (calculated previously) §
B = 216−(L'%16)
B = 216−(46%16) = 216−14 = 22= 4 (0x4)
learn.afrinic.net | slide 133
IPv6
sub
nett
ing
Step #4: Enumerating the subnetIDs
u At this point you know the general subnet format u Taking the subnetIDs only, these form an arithmetic
progression with following characteristics § Common difference d = block (B) § Initial term = 000
u Any term of the progression is u Substituting for d = B and initial term = 000 u The nth term is:
an =a0 + (n−1)d
an = (n−1)B
learn.afrinic.net | slide 134
IPv6
sub
nett
ing
Step #4: Enumerating the subnetID example
u Ex: Breaking 2001:db8:c000::/36 to 900 subnets § s = 3 (calculated in previous slides) § L’ = L + s = 36 + 10 = 46 § Format 2001:db8:cHHH::/46 (calculated previously) § B = 4 (0x4) - as previously calculated
u First subnetID § [Decimal]: a1= 4(1-1) = 0 (0x0) § First subnet: 2001:db8:c000::/46
u Last subnetID § [Decimal]: a1024 = 4(1024-1) = 4(1023) = 4092 (0xFFC) § [Hex]: a400= 4(400-1) = 4(3ff) = FFC § Last subnet: 2001:db8:cffc::/46
learn.afrinic.net | slide 135
An ISP with operations in 10 cities just got a 2001:db8:: /32 allocation from AfriNIC, subnet this prefix equally
between the 10 cities.
Subnetting example : problem IP
v6 s
ubne
ttin
g
learn.afrinic.net | slide 136
u Number of subnets: N = 10 u Subnet bits required (s): 2s ≥ 10 , s = 4 (to the nearest integer)
u Thus, to subnet 2001:db8::/32 to cover 10 subnets, § We’ll need to use 4 bits § Those 4 bits give us 24 = 16 subnets (we’ve 6 spare subnets) § Prefix length of each subnet is /36 (i.e 32 + 4 = 36)
u We calculate § Number of interesting hexits = s/4 = 1 § Block:
Subnetting example : analysis IP
v6 A
ddre
ss P
lann
ing
s = log 10log 2
=1
0.301= 3.32 [4 approx]
learn.afrinic.net | slide 137
B = 216−(36%16) = 216−4 = 212 = 4096=0x1000
u First subnetID § [Decimal]: a1= 4096(1-1) = 0 (0x0) | from an=(n-1)d § First subnet: 2001:db8:000::/36
u Last subnetID § [Decimal]: a16 = 4096(16-1) = 61440 (0xf000) § [Hex]: a10= 1000(10-1) = 1000(f) = 0xf000 § Last subnet: 2001:db8:f000::/36
u Verify your answer using subnet tools § e.g. sipcalc 2001:db8::/32 –v6split=36
Subnetting example : analysis IP
v6 A
ddre
ss P
lann
ing
learn.afrinic.net | slide 138
sipcalc 2001:db8::/32 –v6split=36 | grep Network Network - 2001:0db8:0000:0000:0000:0000:0000:0000 - Network - 2001:0db8:1000:0000:0000:0000:0000:0000 - Network - 2001:0db8:2000:0000:0000:0000:0000:0000 - Network - 2001:0db8:3000:0000:0000:0000:0000:0000 - Network - 2001:0db8:4000:0000:0000:0000:0000:0000 - Network - 2001:0db8:5000:0000:0000:0000:0000:0000 - Network - 2001:0db8:6000:0000:0000:0000:0000:0000 - Network - 2001:0db8:7000:0000:0000:0000:0000:0000 - Network - 2001:0db8:8000:0000:0000:0000:0000:0000 - Network - 2001:0db8:9000:0000:0000:0000:0000:0000 - Network - 2001:0db8:a000:0000:0000:0000:0000:0000 - Network - 2001:0db8:b000:0000:0000:0000:0000:0000 - Network - 2001:0db8:c000:0000:0000:0000:0000:0000 - Network - 2001:0db8:d000:0000:0000:0000:0000:0000 - Network - 2001:0db8:e000:0000:0000:0000:0000:0000 - Network - 2001:0db8:f000:0000:0000:0000:0000:0000 -
Subnetting – Enumerate subnets with sipcalc IP
v6 A
ddre
ss P
lann
ing
learn.afrinic.net | slide 139
IPv6
Add
ress
Pla
nnin
g Global IPv6 address management hierarchy
2000::/3
LIRprefix::/x y ⩽ x ⩽ 32LIRprefix::/x y ⩽ x ⩽ 32
LIRprefix::/x y ⩽ x ⩽ 32LIRprefix::/x y ⩽ x ⩽ 32
LIRprefix::/x y ⩽ x ⩽ 32LIRprefix::/x y ⩽ x ⩽ 32
LIRprefix::/x y ⩽ x ⩽ 32
RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24
RIRprefix::/w 12 ⩽ w ⩽ 24 RIRprefix::/w 12 ⩽ w ⩽ 24
RIRprefix::/w 12 ⩽ w ⩽ 24
End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]
End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]
End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]
End-siteprefix::/y x ⩽ y ⩽ [48 | 52 | 56 | 60]
[48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z [48 | 52 | 56 | 60] ⩽ z ⩽ 64Subnet::/z
Host:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceIDHost:network:prefixSubnet::/64 InterfaceID
learn.afrinic.net | slide 140
u /32 for LIRs is just minimum size according to most RIR policies u If you can show that you need more, you usually can get more!
§ Do NOT start with /32 [or /48] and try to fit in. § INSTEAD analyse your needs and apply based on them.
u RFCs recommend /64 for all subnets (even p2p and loopbacks) § DO allocate a /64 for all links …but, § DO configure what makes operational sense (e.g /127 for p2p
and /128 for loopbacks) § Do understand what will break if you use longer prefix
lengths
IPv6
Add
ress
Pla
nnin
g IPv6 address planning – a few clarifications
learn.afrinic.net | slide 141
① Ensure that all prefixes fall on nibble boundaries ② Plan a hierarchical scheme to allow for aggregation § Site: any logical L3 aggregation point (POP, building,
floor) § Region: a collection of sites § Autonomous System
③ Use same prefix lengths for all prefixes of the same level (SLSM)
IPv6
Add
ress
Pla
nnin
g Some recommendations for planning
learn.afrinic.net | slide 142
IPv6
Add
ress
Pla
nnin
g Conceptual view of an ISP network
ASN
Region #1
Site #1
Site #2
Site #n
Region #2
Site #1
Site #2
Site #n
Region #n
Site #1
Site #2
Site #n
learn.afrinic.net | slide 143
① Select your largest SITE ② Proceed as follows § Estimate the number of end-networks in it now § Adjust for growth in 5 years § Round to nearest nibble boundary (maxSITEsize)
Esti
mat
ing
the
size
of
your
init
ial I
Pv6
req
uest
Estimating the needs of SITEs
learn.afrinic.net | slide 144
Try to align allocation units to nibble boundaries § Round up your estimates to 2n where n is a multiple of 4
[16, 256, 4096, 65536 etc] § Ensure your prefixes fall on the following nibbles: /12, /16, /20, /24, /28, /32, /36, /40, /44, /48, /52, /56, /60, /64
u Working with nibble boundaries § Greatly simplifies address planning § Provides room for expansion at each level of the
network hierarchy
Esti
mat
ing
the
size
of
your
init
ial I
Pv6
req
uest
About nibble boundaries
learn.afrinic.net | slide 145
u Consider the range of addresses for 2001:db8:3c00::/40 [first] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3cff:ffff:ffff:ffff:ffff:ffff
§ Easy to see that differentiating hexits range from 0-f u Consider the range of addresses for 2001:df8:3c00::/42 [first] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3c3f:ffff:ffff:ffff:ffff:ffff
§ You’ll have to calculate the differentiating hexits
Esti
mat
ing
the
size
of
your
init
ial I
Pv6
req
uest
Nibble boundary alignment example
learn.afrinic.net | slide 146
u “End-prefix” is the prefix given to a network that connects to each site e.g customer network
① Estimate the number of #SITEs in your largest region (round to nibble boundary)
② Calculate the number of end-site prefixes: N = #regions x #SITEs x maxSITEsize
Esti
mat
ing
the
size
of
your
init
ial I
Pv6
req
uest Finding the total number of end prefixes
required
learn.afrinic.net | slide 147
① Calculate number of subnet bits required to give us N prefixes:
② Allocation size (what you request from AfriNIC) is § 48 – s [if assigning /48s per end-site] § 52 – s [if assigning /52s per end-site]
Esti
mat
ing
the
size
of
your
init
ial I
Pv6
req
uest
Calculating your allocation size
s =log10Nlog10 2
learn.afrinic.net | slide 148
① For your largest SITE § Estimate the number of end-networks in it now § Adjust for growth in 5 years § Round to nearest nibble boundary. (maxSITEsize)
② Estimate the number of #SITEs in your largest region (round to nibble boundary)
③ #of end-site prefixes: N = #regions x #SITEs x maxSITEsize ④ Subnet bits required to give us N prefixes: ⑤ Allocation size is
§ 48 – s [if assigning /48s per end-site] § 52 – s [if assigning /52s per end-site]
IPv6
Add
ress
Pla
nnin
g Overview: estimating the size of your initial IPv6
request
s =log10Nlog10 2
learn.afrinic.net | slide 149
An ISP has operations in 10 provinces. The largest province has 50 POPs, the largest of which has
about 2700 clients. Estimate the IPv6 addressing needs of this ISP IP
v6 A
ddre
ss P
lann
ing
IPv6 address planning | example
learn.afrinic.net | slide 150
① We know § Number of regions: #regions = 10 [round to 16] § Number of sites: #SITEs = 50 [round up to 256] § maxSITEsize = 2700 [round up to 4096]
② We calculate § Total number of end-network prefixes required is N § N=16 x 256 x 4096 = 16,777,216 § Number of subnet bits required: s=log16,777,216/log2 = 24.
u Allocation size: § 48 – 24 = 24 [Assuming /48s to end-sites] § 52 – 24 = 28 [Assuming /52s to end-sites]
u Thus the ISP needs to request a /24 or /28 from AfriNIC.
IPv6
Add
ress
Pla
nnin
g Address planning example – analysis and
solution
learn.afrinic.net | slide 151
The Internet Numbers Registry for AfricaAFRINIC
The Internet Numbers Registry for AfricaAFRINIC
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone 159 UC:0 M:66 Y:100 K:7R:227 G:111 B: 30
Pantone Process Black UC:0 M:0 Y:0 K:100R:35 G:31 B: 32
Pantone Process Black U 45%C:0 M:0 Y:0 K:45R:157 G:159 B: 161
Questions? Comments?