In this post I will be focusing on IPv6 Review. In some of my previous posts, I've done work on IPv6. However, this will serve as a refresher. If you wish, you can go back to these for additional guidance.
IPv6 Header Format
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Key benefits of IPv6
- greater amount of addresses
- Multiple methods of dynamic address assignments, eg. DHCP and stateless autoconfiguration
- hosts can move around the network while retaining their addresses without loosing current session
- No need for NAT/PAT
- Built in IPSec support
- Improvements in the header such as no need for routers to calculate header checksum for each packet
Flow labels, which allows all packets sent across the same session to be easily identified
- No layer 3 broadcast. Instead multicast is used
Conventions
- 128-bit
- IPv6 uses 32 Hexadecmial numbers, organized into 8 quarters of 4 hex digits separated by a colon
2000:0000:0000:0000:0000:00A0:0000:0001
Hex Binary Table
Decimal Hex Binary
0 0 0000
1 1 0001
2 2 0010
3 3 0011
4 4 0100
5 5 0101
6 6 0110
7 7 0111
8 8 1000
9 9 1001
10 A 1010
11 B 1011
12 C 1100
13 D 1101
14 E 1110
15 F 1111
Conventions for shortening an IPv6 address
- Omit leading 0s
- represents one or more group of 0s with a "::". This can only be done once
- Using the example above (2000:0000:0000:0000:0000:00A0:0000:0001), we can reduce this as follows
2000::A0:0:1
2000:0:0:0:0:A0::1
if we used 2000::A0::1 - This would be INVALID as we cannot have two or more of "::"
IPv6 prefixes are often called IPv6 subnets
Dealing with prefixes
Address: 2000:0000:0000:0000:0000:00A0:0000:0001/64
The address above has a 64 bit prefix, this means that all hosts with the first 64 bits are in the same subnet. Thus we can rewrite the address as
2000:0000:0000:0000::/64 - I use "::" because the host part has now all become 0s.
Using a 56 bit prefix
2000:0000:0000:0000:0000:00A0:0000:0001/56
2000:0000:0000:0000::/56 - Once again "::" was used because the remainder bits are all 0s. However, even though we only used 56 bits we still have to write out the full quartet if our prefix does not fall on a 16-bit boundary
Using 3 bit prefix
2000:0000:0000:0000:0000:00A0:0000:0001/3
2000::/3 - Once again "::" was used because the remainder bits are all 0s. Remember we still have to write out the full quartet once we are not on a 16 bit boundary.
Using 26 bit prefix
2000:0000:0000:0000:0000:00A0:0000:0001/26
2000:0000::/26 - Once again "::" was used because the remainder bits are all 0s. Remember we still have to write out the full quartet once we are not on a 16 bit boundary.
Using 32 bit prefix
2000:0000::/32 - In this case we landed on a 16 bit boundarys
Subneting in IPv6
| n bits | m bits | 128-n-m bits |
+------------------------+-----------+----------------------------+
| global routing prefix | subnet ID | interface ID |
+------------------------+-----------+----------------------------+
2000:0000:0000:0000:0000:00A0:0000:0001/48
Before subneting the above has 80 bits for the host field. We will borrow from here for our subnet
No need to worry about the 0 or broadcast subnet in IPv6
This means "global routing prefix" = 2000:0000:0000
subnet ID (16 bits) = 0000
Interface ID (64 bits) = 0000:00A0:0000:0001
From the above we can create multiple subnets by changing the subnet value. eg, 00AD would give us an IPv6 address of
2000:0000:0000:00AD:0000:00A0:0000:0001/64
Likewise subnet ID of E02F = 2000:0000:0000:E02F:0000:00A0:0000:0001/64
Interface ID
- Interface IDs should be unique and thus are based on the interface MAC address
- Converts the 6 byte (48-bit) MAC address to an 8 byte (64-bit) value
- Using MAC address 01:02:03:04:05:06
first split the MAC into 2 3 byte portion - 01:02:03 and 04:05:06
Next in insert FFFE in the middle - 01:02:03:FF:FE:04:05:06
The above extended the 48-bit MAC address to 64-bit
Next to change to EUI-64 bit format, we flip the 7 bit in the leftmost byte
In the address "01:02:03:FF:FE:04:05:06" "01" would be the leftmost byte
01 (hex) = 0000 0001 (Binary)
The 7th bit is "0" when flipped it becomes "1"
New value = Binary: 0000 0011 or Hex 03
The new EUI-64 address is 03:02:03:FF:FE:04:05:06
The above host ID can now be assigned to any device
How IPv6 hosts obtain their IP, DNS, etc
- Stateful DHCP
Similar to DHCP in IPv4
Does not provide default router configuration
Relies on Neighbor Discovery Protocol which occurs between local routers and clients
Uses Stateful and Stateless configuration. In stateful, the server tracks and maintains lease information, in stateless it does not.
In IPv4 DHCP hosts send broadcast, in IPv6 hosts send IPv6 multicast
IPv6 multicast addresses start with FF00::/8
- Stateless Autoconfig
Core tool
allows hosts to learn IP (prefix, host, prefix length), DNS, default router, etc
Uses Neighbor Discover Protocol (NDP)
Derives the EUI-64 address
Stateless DHCP to learn DNS IPv6 addresses
Router Solicitation (uses ICMPv6)
- static configuration
Manually configure the entire 128-bit address
Host uses Network Diccovery Protocol (NDP) to learn DNS, default routers, etc
- Static configuration with EUI-64
Manually configure the prefix and let the device use an EUI-64 address for the interface
Host uses Network Diccovery Protocol (NDP) to learn DNS, default routers, etc
Types of IPv6 address
- Unicast - similar to IPv4. Every interface must have a unique address
- Unique Local
- Similar to IPv4 private addresses
- These addresses should be used within a private organization
- begins with FC00::/7
| 7 bits |1| 40 bits | 16 bits | 64 bits |
+--------+-+------------+-----------+----------------------------+
| Prefix |L| Global ID | Subnet ID | Interface ID |
+--------+-+------------+-----------+----------------------------+
- If L bit set address is locally assigned. This makes the first byte "FD"
- Link Local
- These packets should not leave the local subnet
- Router does not forward packets with Link Local address
- Used on a single subnet
- Used RS and RA messages
- Used by Neighbor Diccovery
- next hop address for IP Routes
- Each host can calculate its own address
- Addresses start with FE80::/10
- Multicast - represents a dynamic group of hosts.
FF02::1 - All IPv6 nodes on a link
FF02::2 - All IPv6 routers on a link
FF02::5, FF02::6 - OSPF
FF02::9 - RIP v2
FF02::A - EIGRP
FF02::1:2 - DHCP Relay Agents
FF05::1:3 - DHCP Servers
FF05::101 - NTP servers
- Anycast - Allows servers that serves the same function to use the same IP. It results in a nearest server first design.
Detecting Duplicate Addresses
- Network Discovery Matter
- Neighbor database get queried
- Duplicate Address Detection (DAD)
- Inverse Network Discovery
All IPv6 routing devices send updates either to Unicast or Multicast addresses
IPv6 interface typically have 2 IPv6 addresses, one link local and one global unicast
IPv6 allows for multiple IPs on an interface without the need for secondary address
Hex of all 0s, represent an unknown address
Examples are: - 0000:0000:0000:0000:0000:0000:0000:0000:/128-bit
::/128
The above address can be used as a source IP when a host has no suitable IP
Loopback
0000:0000:0000:0000:0000:0000:0000:0001:/128-bit
1::/128
Reference:
CCNP official Cert Guide - CCNP Routing and Switching - Route 300-101
https://www.ietf.org/rfc/rfc2460.txt
https://tools.ietf.org/html/rfc3513
https://tools.ietf.org/html/rfc4193
No comments:
Post a Comment