1 / 90

Regional Cisco Networking Academy Conference 2014

Regional Cisco Networking Academy Conference 2014. Giving you the knowledge and confidence to teach IPv6. Introduction to IPv6: Exactly the same as IPv4… only completely different Rick Graziani CS/CIS Instructor Cabrillo College. Who am I?. Rick Graziani - graziani@cabrillo.edu

marcy
Télécharger la présentation

Regional Cisco Networking Academy Conference 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Regional Cisco Networking Academy Conference 2014 Giving you the knowledge and confidence to teach IPv6 Introduction to IPv6: Exactly the same as IPv4… only completely different Rick Graziani CS/CIS Instructor Cabrillo College

  2. Who am I? • Rick Graziani - graziani@cabrillo.edu • CS/CIS instructor at Cabrillo College, Santa Cruz, California • Cisco Networking Academy instructor since 1997 • Run native IPv6 at Cabrillo College and home • Curriculum Development Team for Cisco Networking Academy • When not working, hopefully I’m surfing.

  3. Topics A lot of stuff, but don’t be intimidated! • Why IPv6? • IPv6 and ICMPv6 at a glance • Format of an IPv6 Address • IPv6 Address • Global Unicast IPv6 Address • Subnetting • Link-Local Unicast IPv6 Address • Static Configuration of a Global Unicast Address • Dynamic Configuration of a Global Unicast Address • Three options • Link-local address • Multicast address • Address Resolution Please try to hold questions to the end… Lot’s of slides!

  4. Why are they making me learn IPv6?

  5. We’re running out of IPv4 • Monday, January 31, 2011 IANA allocated the last /8 IPv4 address blocks to the RIRs. • RIR’s have very few IPv4 address left, if any. • Many ISPs are severely limited and some have already run out.

  6. Internet Penetration Rate by Population About 80% of North America has Internet access Some ISPs are only giving out IPv6 Only 28% of Asia and 16% of Africa has Internet access

  7. When do I have to go to IPv6? • IPv4 and IPv6 will coexist for the foreseeable future. • Dual-stack – Device running both IPv4 and IPv6. • Enterprises and ISPs have to support both protocols, which is a reason to eventually go to only IPv6. IPv6 IPv4

  8. Other Transition Strategies – Mostly for ISPs Tunneling – IPv6 packets encapsulated inside IPv4 packets. NAT64 – Translating between IPv4 and IPv6. Native IPv6 – All IPv6 (our focus and the goal of every organization).

  9. No more NAT as we know it NAT 192.168.1.0/24 RFC 1918 Private Address Public IPv4 Address • Using NAT to “hide” IPv6 networks has been the source of some debate. • IETF continues to state that NAT is not a security feature. • NAT for IPv4 breaks many things. • IETF does not support the concept of translating a “private IPv6” address to a “public” IPv6 address... but there are exceptions.

  10. IPv4 and IPv6 • IPv6 is more than just larger address space. • It was a chance to make some improvements on the IP protocol.

  11. Internet Control Message Protocol (ICMPv6) IPv6 Next Header Value: 58 decimal or 3A hexadecimal • Described in RFC 4443 • Much more robust than ICMP for IPv4 • Contains new functionality and improvements. • More than just “messaging” but “how IPv6 conducts business”. • General message similar to ICMP for IPv4 (Type and Code fields) ICMPv6 Message Body ICMPv6 Header Next Header 58 IPv6 Header IPv6 Data

  12. Neighbor Discovery Protocol Uses ICMPv6 ICMPv6 informational messages used by Neighbor Discovery (RFC 4861): • Router Solicitation Message • Router Advertisement Message • Discussed with dynamic configuration of IPv6 addresses • We will also introduce assigned multicast addresses • Neighbor Solicitation Message • Neighbor Advertisement Message • Discussed with address resolution (IPv4 ARP) • We will also introduce solicited node multicast address • Redirect Message (Similar to ICMPv4) Router-Device Messaging Device-Device Messaging

  13. Understanding the format of IPv6 Address

  14. IPv6 Address Notation • IPv6 addresses are 128-bit addresses represented in: • Eight 16-bit segments or “hextets” (not a formal term) • Hexadecimal (non-case sensitive) between 0000 and FFFF • Separated by colons • Reading and subnetting IPv6 is easier than IPv4! One Hex digit = 4 bits 2001:0DB8:AAAA:1111:0000:0000:0000:0100/64 2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100 16 bits 8 16 bits 7 16 bits 6 16 bits 5 16 bits 4 16 bits 3 16 bits 2 16 bits 1

  15. 2001:0DB8:AAAA:1111:0000:0000:0000:0100/64 2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100 • How many addresses does 128 bits give us? • 340 undecillionaddesses or … • 340 trillion trillion trillion addresses or … • “50 billion billion billion addresses for every person on earth” or…. • “A string of soccer balls would wrap around our universe 200 billion times!” … in other words … • You won’t need to learn IPv7 for the next version of CCNA! 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits

  16. This isn’t the first time • Early versions of CCNA included: • IPv4 • Appletalk • IPX

  17. Rule 1: Leading 0’s • Two rules for reducing the size of written IPv6 addresses. • The first rule is: Leading zeroes in any 16-bit segment do not have to be written. 2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00 2001 : DB8 : 1 : 1000 : 0 : 0 : ef0 : bc00 2001 : 0DB8 : 010d : 000a : 00dd : c000 : e000 : 0001 2001 : DB8 : 10d : a : dd : c000 : e000 : 1 2001 : 0DB8 : 0000 : 0000 : 0000 : 0000 : 0000 : 0500 2001 : DB8 : 0 : 0 : 0 : 0 : 0 : 500

  18. Rule 2: Double colon :: equals 0000…0000 • The second rule can reduce this address even further: • Any single, contiguous string of one or more 16-bit segments consisting of all zeroes can be represented with a double colon. FE80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001 FE80 : : 1 FE80::1 Second Rule First Rule

  19. Rule 2: Double colon :: equals 0000…0000 • Only a single contiguous string of all-zero segments can be represented with a double colon. • Both of these are correct… FE80 : 0000 : 0000 : 0000 : 0014 : 0000 : 0000 : 0095 FE80 :: 14 : 0 : 0 : 95 OR FE80 : 0 : 0 : 0 : 14 :: 95

  20. Rule 2: Double colon :: equals 0000…0000 • Using the double colon more than once in an IPv6 address can create ambiguity because of the ambiguity in the number of 0’s. FE80::14::95 FE80:0000:0000:0000:0014:0000:0000:0095 FE80:0000:0000::0014:0000:00000000:0095 FE80:0000:0014:0000:0000:0000:0000:0095

  21. Network Prefixes • IPv4, the prefix—the network portion of the address—can be identified by a dotted decimal netmask or bitcount. 255.255.255.0 or /24 • IPv6 prefixes are always identified by bitcount (prefix length). • Prefix length notation: 2001:0DB8:100:a::/64 16 32 48 64 bits

  22. IPv6 Addresses

  23. IPv6 Addressing Anycast Multicast Unicast Assigned Solicited Node FF00::/8 FF02::1:FF00:0000/104 Embedded IPv4 Unique Local Unspecified Global Unicast Link-Local Loopback 2000::/3 3FFF::/3 ::/128 FE80::/10 FEBF::/10 ::1/128 ::/80 FC00::/7 FDFF::/7

  24. Global Unicast Address (GUA) Global Routing Prefix Subnet ID Interface ID Range: 2000::/3 0010 0000 0000 0000 :: to 3FFF::/3 0011 1111 1111 1111 :: 001 IANA’s allocation of IPv6 address space in 1/8th sections • Global unicast addresses are similar to IPv4 addresses • Routable • Unique

  25. Global Unicast Address (GUA) Global Routing Prefix Subnet ID Interface ID Range: 2000::/3 0010 0000 0000 0000 :: to 3FFF::/3 0011 1111 1111 1111 :: 001 • Global unicast addresses are equivalent to IPv4 public addresses • Except under very specific circumstances, all end users will have a global unicast address • Terminology: • Prefix equivalent to network address • Prefix length equivalent to subnet mask in IPv4 • Interface ID equivalent to host portion

  26. Typical Global Unicast Address and Why We Love IPv6! IPv4 Unicast Address /? Network portion Subnet portion Host portion 32 bits IPv6 Global Unicast Address /64 /48 16-bit Fixed Subnet ID Interface ID Global Routing Prefix 128 bits • 64-bit Interface ID = 18 quintillion (18,446,744,073,709,551,616) devices/subnet • 16-bit Subnet ID = 65,536 subnets

  27. /64 Global Unicast Addresses and the 3-1-4 rule /48 /64 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits Subnet ID Global Routing Prefix Interface ID 3 1 4 2001 : 0DB8 : AAAA : 1111: 0000 : 0000 : 0000 : 0100 3 + 1 = 4 (/64) :4 2001:0DB8:AAAA:1111:0000:0000:0000:0100/64 2001:0DB8:AAAA:1111::100/64

  28. Subnetting IPv6 and Why Our Students Will Love IPv6 • Just increment by 1 in Hexadecimal: • 2001:0DB8:AAAA:0000::/64 • 2001:0DB8:AAAA:0001::/64 • 2001:0DB8:AAAA:0002::/64 • 2001:0DB8:AAAA:000A::/64 • Valid abbreviation is to remove the 3 leading 0’s from the first shown quartet • 2001:0DB8:AAAA:1::/64 3-1-4Rule

  29. Subnetting into the Interface ID /112 /48 16bits 48 bits 64 bits Global Routing Prefix Subnet ID Prefix Interface ID Subnet-ID Interface ID Global Routing Prefix 2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0000 : 0000 2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0001 : 0000 2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0002 : 0000 thru 2001 : 0DB8 : AAAA : FFFF : FFFF : FFFF : FFFE : 0000 2001 : 0DB8 : AAAA :FFFF : FFFF : FFFF : FFFF : 0000

  30. Subnetting on a nibble boundary /68 /48 60 bits 48 bits 20 bits Subnet ID Global Routing Prefix Interface ID /68 Prefix • Subnetting on a nibble (4 bit) boundary makes it easier to list the subnets: • /64, /68, /72, etc. • 2001:0DB8:AAAA:0000:0000::/68 • 2001:0DB8:AAAA:0000:1000::/68 • 2001:0DB8:AAAA:0000:2000::/68 through • 2001:0DB8:AAAA:FFFF:F000::/68 /68

  31. Subnetting within a nibble /70 /48 58 bits 48 bits 22 bits Global Routing Prefix Subnet ID Interface ID /70 Prefix Four Bits: The two leftmost bits are part of the Subnet-ID, whereas the two rightmost bits belong to the Interface ID. • 2001:0DB8:AAAA:0000:0000::/70 0000 • 2001:0DB8:AAAA:0000:0400::/70 0100 • 2001:0DB8:AAAA:0000:0800::/70 1000 • 2001:0DB8:AAAA:0000:0C00::/701100 bits

  32. Do we need the IPv6 equivalent to a /30? /127? /127 /48 1bit 48 bits 79 bits Global Routing Prefix Subnet ID 127-bit Prefix 1 bit Interface ID 2001:0DB8:AAAA:F000::/64 • 2001:0DB8:AAAA:F000::A/127 • 2001:0DB8:AAAA:F000::B/127 2001:0DB8:AAAA:F001::/64 • 2001:0DB8:AAAA:F001::A/127 • 2001:0DB8:AAAA:F001::B/127 • Beyond the scope of CCNA but may be of interest…. • RFC 6164 - Using 127-Bit IPv6 Prefixes on Inter-Router Links • Ping-Pong Attack • Neighbor Cache Exhaustion Issue • There are mitigation techniques for both. • If you still want to use a /127, reserve a separate /64 for each /127.

  33. Global Unicast IPv6 AddressStatic Configuration

  34. Configuring a Global Unicast Address Global Unicast Manual Dynamic Stateless Autoconfiguration IPv6 Unnumbered IPv6 Address DHCPv6 Static EUI-64

  35. R1(config)#interface gigabitethernet 0/0 R1(config-if)#ipv6 address 2001:db8:acad:1::1/64 R1(config-if)#no shutdown R1(config-if)#exit No space • Exactly the same as an IPv4 address only different. • No space between IPv6 address and Prefix-length. • IOS commands for IPv6 are very similar to their IPv4 counterpart. • All 0’s and all 1’s are valid IPv6 host IPv6 addresses.

  36. show running-config command on router R1 R1# show running-config <output omitted for brevity> interface GigabitEthernet0/0 no ip address duplex auto speed auto ipv6 address 2001:DB8:ACAD:1::1/64 !

  37. show ipv6 interface brief command on router R1 R1# show ipv6 interface brief GigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:ACAD:1::1 Link-local unicast address Global unicast address • Link-local address automatically created when (before) the global unicast address is. • We will discuss link-local addresses soon.

  38. PC1: Static Global Unicast Address 2001:db8:acad:1::10 64 2001:db8:acad:1::1 (or link-local address)

  39. PC1: Static Global Unicast Address PC1> ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:  Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1::10 Link-local IPv6 Address . . . . . : fe80::50a5:8a35:a5bb:66e1 Default Gateway . . . . . . . . . : 2001:db8:acad:1::1

  40. Pinging a Global Unicast IPv6 Addresses Ping uses ICMPv6 Echo Request and Echo Reply messages similar to ICMPv4. PC1> ping 2001:db8:acad:1::1 Pinging 2001:db8:acad:1::1 from 2001:db8:acad:1::100 with 32 bytes of data: Reply from 2001:db8:acad:1::1: time=1ms Reply from 2001:db8:acad:1::1: time=1ms Reply from 2001:db8:acad:1::1: time=1ms Reply from 2001:db8:acad:1::1: time=1ms Ping statistics for 2001:db8:acad:1::1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms PC1>

  41. Global Unicast IPv6 AddressDynamic Configuration

  42. Dynamic Configuration of IPv6 Addresses Global Unicast Manual Dynamic Stateless Autoconfiguration IPv6 Unnumbered IPv6 Address DHCPv6 Static EUI-64

  43. IPv4 Dynamic Addresses DHCP Server

  44. With IPv6 it begins with the Router Advertisement To all IPv6 routers: I need IPv6 address information • The Router Advertisement (RA) tells hosts how it will receive IPv6 Address Information. • Sent periodically by an IPv6 router or… • … when the router receives a Router Solicitation message from a host. ICMPv6 Router Solicitation DHCPv6 Server To all IPv6 devices: Let me tell you how to do this … ICMPv6 Router Advertisement ICMPv6 Neighbor Discovery Router Solicitation Router Advertisement

  45. Router Advertisement ICMPv6 Router Advertisement Router Advertisement/Solicitation Messages • Part of ICMPv6 (Internet Control Message Protocol for IPv6) • Router Advertisements (RA) are sent by an “IPv6 router” – ipv6 unicast-routing command • Forwards IPv6 Packets • Can be enabled for IPv6 static and dynamic routing • Sends ICMPv6 Router Advertisements • Note: Routers can be configured with IPv6 addresses without being an IPv6 router R1(config)# ipv6 unicast-routing DHCPv6 Server

  46. SLAAC (Stateless Address Autoconfiguration) • Option 1 and 2: Stateless Address Autconfiguration– DHCPv6 Server does not maintain state of addresses • Option 3: Stateful Address Configuration – Address received from DHCPv6 Server DHCPv6 R1(config)# ipv6 unicast-routing DHCPv6 Server Option 1: SLAAC (Default on Cisco routers) “I’m everything you need (Prefix, Prefix-length, Default Gateway)” Option 2: SLAAC + Stateless DHCPv6 for DNS address “Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.” Option 3: All addressing except default gateway – DHCPv6 “I can’t help you. Ask a DHCPv6 server for all your information.” RA

  47. Router Advertisement – Option 1 SLAAC MAC: 00-03-6B-8C-E0-80 2001:DB8:ACAD:1::/64 1 Option 1 – RA Message To: FF02::1 (All IPv6 devices multicast – more later) From: FE80::1 (Link-local address) Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64 2 RA Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64 Default Gateway: FE80::1 Global Unicast Address: 2001:DB8:ACAD:1:+ Interface ID 3 EUI-64 Process or Random 64-bit value DHCPv6 Server

  48. Dynamic Interface ID Router Advertisement 2001:DB8:ACAD:1::/64 DHCPv6 Server • Windows operating systems, Windows XP and Server 2003 use EUI-64. • Windows Vista and newer; hosts create a random 64-bit Interface ID. • Linux: Mostly use random 64-bit number • Mac OSX: use EUI-64 (on my Macs) /48 /64 64 bits Subnet ID Global Routing Prefix Interface ID SLAAC EUI-64 Process Randomly Generated Number (Privacy Extension)

  49. EUI-64 (Extended Unique Identifier – 64) MAC: 00-03-6B-E9-D4-80 2001:DB8:ACAD:1::/64 1 Option 1 – RA Message To: FF02::1 (AllIPv6 devices multicast) From: FE80::1 (Link-local address) Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64 2 RA Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64 Default Gateway: FE80::1 Global Unicast Address: 2001:DB8:ACAD:1:+ Interface ID EUI-64 Process or Random 64-bit value DHCPv6 Server

  50. OUI 24 bits Device Identifier 24 bits EUI-64 Hexadecimal 00 03 6B E9 D4 80 Step 1: Split the MAC address 0000 0000 0000 0011 0110 1011 1110 1001 1101 0100 1000 0000 Binary F F F E Step 2: Insert FFFE 1110 1001 1101 0100 1000 0000 1111 1111 0000 0000 0000 0011 0110 1011 1111 1110 Binary Step 3: Flip the U/L bit 0000 0010 0000 0011 0110 1011 1111 1111 1110 1001 1101 0100 1000 0000 1111 1110 Binary Modified EUI-64 Interface ID in Hexadecimal Notation FF FE 02 03 6B E9 D4 80 Binary

More Related