1 / 54

IPv6 Training Material Dave Wilson DW238-RIPE

IPv6 Training Material Dave Wilson DW238-RIPE. Agenda. Basic differences between v4 and v6 Layer 2: types of connection Layer 3: how to route Gotchas. The Basics The Differences. Differences. Addresses are 128 bits long Subnets are still variable /64 is preferred for a single link

july
Télécharger la présentation

IPv6 Training Material Dave Wilson DW238-RIPE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPv6 Training Material Dave Wilson DW238-RIPE

  2. Agenda • Basic differences between v4 and v6 • Layer 2: types of connection • Layer 3: how to route • Gotchas

  3. The Basics The Differences

  4. Differences • Addresses are 128 bits long • Subnets are still variable • /64 is preferred for a single link • /48 is usual for a “site”

  5. Why a /64? • It’s big • Automatic address assignmentbased on layer 2 features (e.g. EUI-64)

  6. EUI-64 • It’s just an algorithm - it doesn’t assign addresses 00:06:5B:3F:AA:DA 2001:770:18:2:206:5bff:fe3f:aada/64

  7. EUI-64 • It’s just an algorithm - it doesn’t assign addresses 00:06:5B:3F:AA:DA 2001:770:18:2:206:5bff:fe3f:aada/64

  8. EUI-64 • Different physical interface • Different MAC address • Different EUI-64 addresses salinger#show ipv6 neighbors | inc 18:2 2001:770:18:2:206:5BFF:FE8E:9319 0 0006.5b8e.9319 2001:770:18:2:206:2BFF:FE02:86 461 0006.2b02.0086 2001:770:18:2:206:5BFF:FE8C:3F37 60 0006.5b8c.3f37 2001:770:18:2:203:47FF:FEDF:2717 19 0003.47df.2717 2001:770:18:2:206:5BFF:FE3F:AADA 0 0006.5b3f.aada 2001:770:18:2:260:CFFF:FE20:F45C 15 0060.cf20.f45c

  9. EUI-64 • Same physical interface • Same MAC address • Same EUI-64 addresses, different prefix salinger#show ipv6 int brief FastEthernet0/0 [up/up] 2001:770:18:1:210:A6FF:FEA8:DC00 FastEthernet0/0.2 [up/up] 2001:770:18:2:210:A6FF:FEA8:DC00 FastEthernet0/0.3 [up/up] 2001:770:18:3:210:A6FF:FEA8:DC00 FastEthernet0/0.4 [up/up] 2001:770:18:4:210:A6FF:FEA8:DC00 FastEthernet0/0.7 [up/up] 2001:770:18:7:210:A6FF:FEA8:DC00

  10. EUI-64 or assign the address yourself 2001:770:8:f::1/64 (short for...) 2001:0770:0008:000f:0000:0000:0000:0001

  11. Address scoping • Real addresses start with 2001:, 2002: or (until 6/06/06) 3FFE: • Every interface has an IPv6 addressthat only works on the local link ping -I eth0 fe80::206:5bff:fe3f:aada • No need for ARP

  12. Other differences It’s just IP! The same rules apply.

  13. Agenda • Basic differences between v4 and v6 • Layer 2: types of connection • Layer 3: how to route • Gotchas

  14. Connection types

  15. Ways that matter • Native, IPv6 only • Native, dual stacked • Tunnelled, via configured endpoints • Tunnelled, via a tunnel broker • Tunnelled, via 6to4

  16. Native, IPv6 only interface Serial0 ipv6 address 2001:770:1000::1/64 ipv6 enable interface Ethernet0 ipv6 address 2001:770:18:1::/64 eui-64 ipv6 enable

  17. Native, IPv6 only interfaces { so-0/0/0 { description "IPv6 only link"; unit 0 { family inet6 { address 2001:770:1000::1/64 } } } }

  18. Native, dual-stacked interface Serial0 ip address 193.1.194.1 255.255.255.252 ipv6 address 2001:770:1000::1/64 ipv6 enable interface Ethernet0 ip address 193.1.219.129 255.255.255.128 ipv6 address 2001:770:18:1::/64 eui-64 ipv6 enable

  19. Native, dual-stacked interfaces { so-0/0/0 { description "IPv6 only link"; unit 0 { family inet { address 193.1.194.1; } family inet6 { address 2001:770:1000::1/64 } } } }

  20. Configured tunnel interface Loopback0 ip address 193.1.195.61 255.255.255.255 interface Tunnel1 description IPv6 in IPv4 Tunnel to TCD no ip address ipv6 address 2001:770:8::4/127 ipv6 enable tunnel source Loopback0 tunnel destination 134.226.10.51 tunnel mode ipv6ip

  21. Configured tunnel Juniper requires a tunnel services PIC! interfaces gr-1/0/0 { unit 0 { tunnel source 193.1.195.37; tunnel destination 212.17.35.15; family inet6 { address 2001:770:8:10::1/64; } } }

  22. Commands salinger#sh ipv6 int fast0/0.2 FastEthernet0/0.2 is up, line protocol is up IPv6 is enabled, link-local address is FE80::210:A6FF:FEA8:DC00 Global unicast address(es): 2001:770:18:2:210:A6FF:FEA8:DC00, subnet is 2001:770:18:2::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FFA8:DC00 MTU is 1500 bytes ICMP error messages limited to one every 0 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds . ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses.

  23. Commands salinger#sh ipv6 int fast0/0.2 FastEthernet0/0.2 is up, line protocol is up IPv6 is enabled, link-local address is FE80::210:A6FF:FEA8:DC00 Global unicast address(es): 2001:770:18:2:210:A6FF:FEA8:DC00, subnet is 2001:770:18:2::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FFA8:DC00 MTU is 1500 bytes ICMP error messages limited to one every 0 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses.

  24. Commands salinger#show ipv6 route connected IPv6 Routing Table - 563 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 C ::/96 [0/0] via ::, Tunnel99 C 2001:600:4:8D4::/64 [0/0] via ::, Tunnel4 C 2001:610:FF:6::/64 [0/0] via ::, Tunnel2 C 2001:660:1102:4008::/64 [0/0] via ::, Tunnel3 C 2001:770:8::/127 [0/0] via ::, Loopback0 C 2001:770:8::2/127 [0/0] via ::, ATM2/0.1 --More--

  25. Commands davew@callisto> show route table inet6 protocol local inet6.0: 535 destinations, 746 routes (535 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2001:770:800:1::1/128 *[Local/0] 7w3d 23:05:17 Local via so-0/0/2.0 2001:770:800:2::1/128 *[Local/0] 7w3d 23:05:17 Local via so-1/1/0.0 2001:770:800:3::1/128 *[Local/0] 7w3d 23:05:17 Local via fe-1/0/0.0 2001:770:800:4::1/128 *[Local/0] 1w4d 04:31:21 Local via so-0/0/0.0 ---(more)---

  26. Funnies • Separate IPv4 and IPv6 stats are not available on dual-stacked interfaces • Not all our routers support IPv6=> some workarounds in place • "ping" might not mean what you expect

  27. Break!

  28. Agenda • Basic differences between v4 and v6 • Layer 2: types of connection • Layer 3: how to route • Gotchas

  29. Routing

  30. ipv6 unicast-routing

  31. Routing protocols • Statics => no change • OSPF => IS-IS (in HEAnet) • BGP => BGP4+ (or MBGP)

  32. Static routes ipv6 route 2001:770:10::/48 2001:770:8:3::2 100 ipv6 route 2002::/16 Tunnel0 0.0.0.0/0 is now known as ::/0 Hosts might use 2000::/3

  33. IS-IS • At the moment we only use static routes to customers • All our routers are in the same "area" • Trouble running IS-IS over IPv4 tunnels? • Need a unique NET address

  34. Configuring IS-IS ! router isis backbone ! address-family ipv6 redistribute static exit-address-family net 49.0001.0770.0008.0000.00 !

  35. Configuring IS-IS ! interface FastEthernet0/0.2 encapsulation dot1Q 2 ipv6 address 2001:770:18:2::/64 eui-64 ipv6 router isis backbone ! • Configure this on the loopback interface as well

  36. Monitoring IS-IS salinger#sh ipv6 route 2001:770:8:10:: IPv6 Routing Table - 559 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 I1 2001:770:8:10::/64 [115/20] via FE80::20A:8BFF:FE0B:3935, FastEthernet0/0.99

  37. BGP4+ • Same process as used for IPv4 • Different IPv4 and IPv6 sessions to the same router • AS-path filter lists may be shared • Same best path selection algorithm applies • Different routing policy at the moment(subject to change)

  38. Configuring IPv6 BGP router bgp 1213 neighbor 2001:660:1102:4008::1 remote-as 2200 neighbor 2001:660:1102:4008::1 descriptionRENATER ! address-family ipv6 network 2001:770::/35 neighbor 2001:660:1102:4008::1 activate neighbor 2001:660:1102:4008::1 filter-list 40 out exit-address-family ! ip as-path access-list 40 permit _2128$ ip as-path access-list 40 permit ^$

  39. Configuring IPv6 BGP router bgp 1213 bgp router-id 193.1.195.69 neighbor 2001:798:2019:10AA::1 remote-as 20965 neighbor 2001:798:2019:10AA::1 descript GEANTv6 Primary neighbor 2001:798:2019:10AA::1 password 7 <passwd1> neighbor 62.40.103.229 remote-as 20965 neighbor 62.40.103.229 description Geant STM-16 Primary neighbor 62.40.103.229 password 7 <passwd2> neighbor 62.40.103.229 version 4

  40. Configuring IPv6 BGP ! address-family ipv6 neighbor 2001:798:2019:10AA::1 activate neighbor 2001:798:2019:10AA::1 filter-list 41 out exit-address-family ! address-family ipv4 no neighbor 2001:798:2019:10AA::1 activate neighbor 62.40.103.229 activate neighbor 62.40.103.229 send-community neighbor 62.40.103.229 route-map geantpri-in in neighbor 62.40.103.229 route-map geantpri-out out neighbor 62.40.103.229 filter-list 41 out exit-address-family !

  41. BGP: What's changed • Protocol-specific stuff has moved • Activate or deactivate peers in address-families (to avoid next-hop madness) • Other networks have varying policies on what routes they accept • WHOIS not caught up

  42. BGP: What's the same • A link is a link - native or tunnelled • route-maps, filter lists, localpref, path stuffing, communities - from BGP talk • Still need an iBGP full mesh, or route reflectors/confederations • next-hop is still an IP address, must be reachable through IS-IS

  43. BGP: What's the same • Still need next-hop-self on iBGP sessions • You still need to nail up the aggregate route router bgp 1 address-family ipv6 network 2001:db8:100::/48 exit-address-family ipv6 route 2001:db8:100::/48 null0

  44. Monitoring BGP Deimos#show bgp ipv6 summary BGP router identifier 193.1.195.69, local AS number 1213 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:770:8:: 4 1213 43554 29161 59095 0 0 5d00h 305 2001:770:8:10:: 4 1213 7433 29149 59095 0 0 5d03h 1 2001:770:88:8:: 4 1213 62765 29319 59095 0 0 5d02h 312 2001:770:90:6:: 4 1213 7445 29224 59095 0 0 5d03h 4 2001:770:400:3:: 4 1213 21549 29141 59095 0 0 5d03h 1 2001:770:800:: 4 1213 14844 36616 59095 0 0 5d03h 1 2001:770:1000:: 4 1213 7433 29229 59095 0 0 5d03h 1 2001:770:1800:: 4 1213 7432 29205 59095 0 0 5d03h 1 2001:798:2019:10AA::1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 4 20965 18726 14866 59093 0 0 5d03h 272 Deimos#

  45. Monitoring BGP Deimos#sh bgp ipv6 n 2001:798:2019:10AA::1 route BGP table version is 59110, local router ID is 193.1.195.69 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 2001:200::/35 2001:798:2019:10AA::1 0 20965 11537 2500 i * 2001:200::/32 2001:798:2019:10AA::1 0 20965 11537 2500 i * 2001:208::/32 2001:798:2019:10AA::1 0 20965 11537 7610 i * 2001:218::/32 2001:798:2019:10AA::1 0 20965 11537 145 2914 i *> 2001:220::/35 2001:798:2019:10AA::1 0 20965 1299 1752 9270 i * 2001:228::/35 2001:798:2019:10AA::1 0 20965 11537 6939 2516 2915 i --More--

  46. Monitoring BGP • Must specify exact prefix Deimos#show bgp ipv6 2001:200::/35 BGP routing table entry for 2001:200::/35, version 15749 Paths: (2 available, best #1, table Global-IPv6-Table) Not advertised to any peer 3425 2500 2001:770:88:8:: (metric 20) from 2001:770:88:8:: (193.1.195.41) Origin IGP, metric 0, localpref 100, valid, internal, best 20965 11537 2500, (aggregated by 2500 192.50.36.15) 2001:798:2019:10AA::1 from 2001:798:2019:10AA::1 (62.40.102.45) Origin IGP, localpref 100, valid, external, atomic-aggregate Community: 11537:2501 20965:11537 Deimos#

  47. Monitoring BGP • Must specify exact prefix Deimos#show bgp ipv6 2001:200::/35 BGP routing table entry for 2001:200::/35, version 15749 Paths: (2 available, best #1, table Global-IPv6-Table) Not advertised to any peer 3425 2500 2001:770:88:8:: (metric 20) from 2001:770:88:8:: (193.1.195.41) Origin IGP, metric 0, localpref 100, valid, internal, best 20965 11537 2500, (aggregated by 2500 192.50.36.15) 2001:798:2019:10AA::1 from 2001:798:2019:10AA::1 (62.40.102.45) Origin IGP, localpref 100, valid, external, atomic-aggregate Community: 11537:2501 20965:11537 Deimos#

  48. Agenda • Basic differences between v4 and v6 • Layer 2: types of connection • Layer 3: how to route • Gotchas

  49. Gotchas

  50. Different routing protocols Different layouts Different routes

More Related