ccnp1 module 8 ipver6

7/27/2019 CCNP1 Module 8 IPver6

1/69

Cisco Networking Academy Program CCNP1 V5

AAST Cairo Local Academy

IP

Version

6

Module 8

IPv6


2/69



IP

Version

6

Index8.1Explaining IPv68.2IPv6 Addressing

8.3Dynamic IPv6 Addresses8.4IPv6 Routing8.5Implementing and Verifying OSPFv3

8.6Using IPv6 and IPv48.7IPv6 Lab Exercises


3/69



IP

Version

6

8.1.1Introducing IPv6 IP ver 4 with 32-bit address space, yielding almost 4.3

billion addresses, seemed inexhaustible.

That short-term solution was Network Address Translation

(NAT). The second fundamental driver for IPv6 is the rapidmodernization of heavily populated countries such as Indiaand China.

A compelling statistic is that the number of remaining

unallocated IPv4 addresses is almost the same as thepopulation of China: about 1.3 billion.

IPv6 replaces the 32-bit IPv4 address with a 128-bitaddress, making 340 trillion trillion trillionIP addressesavailable.


4/69



IP

Version

6

8.1.2IPv6 Features Larger address space

Provide four times the bits of IPv4

Simpler header Provides better routing efficiency

Mobility and security Ensures compliance with mobile IP and IPsec

standards functionality Transition richness:

Dual stack

IPv6 over IPv4 (also called 6to4 tunneling),


5/69



IP

Version

6

8.1.3Large Address Space IPv6 increases the

number of address bitsby a factor of four,from 32 to 128, whichenables a very largenumber ofaddressable nodes.

However, as in anyaddressing scheme,not all the addressesare used or available


6/69



IP

Version

6

Larger address spaces make room for large addressallocations to ISPs and organizations. An ISP aggregatesall the prefixes of its customers into a single prefix andannounces the single prefix to the IPv6 Internet. Theincreased address space is sufficient to alloworganizations to define a single prefix for the entirenetwork.


7/69



IP

Version

6

8.2.1IPv6 Addressing Architecture The IPv4 header contains 12 basic header fields,

followed by an options field and a data portion(usually the transport layer segment).

The basic IPv4 header has a fixed size of 20octets. The variable-length options field increases the

size of the total IP header.

IPv6 contains five of the 12 IPv4 basic headerfields. The IPv6 header does not require the other seven

fields.


8/69



IP

Version

6

Routers handle fragmentation in IPv4, which causes avariety of processing issues.

IPv6 routers do not perform fragmentation.

Instead, a discovery process determines the optimummaximum transmission unit (MTU) to use during a givensession.

In the discovery process, the source IPv6 device attemptsto send a packet at the size that is specified by the upper

layers, such as the transport or application layer. If the device receives an ICMP packet too big message,it retransmits the MTU discover packet with a smaller MTUand repeats the process until it gets a response that thediscover packet arrived intact.

Then it sets the MTU for the session.


9/69



IP

Version

6

8.2.2Comparing IPv4 and IPv6 Headers

The IPv6 header has 40 octets, in contrastto the 20 octets in IPv4. IPv6 has a smaller

number of fields, and the header is 64-bitaligned to enable fast processing by current

processors. Address fields are four times

larger than in IPv4


10/69



IP

Version

6


11/69



IP

Version

6

8.2.4Defining Address Representation 128-bit IPv6 addresses are represented by

breaking them up into eight 16-bit segments.

Each segment is written in hexadecimal between0x0000 and 0xFFFF, separated by colons.

An example of a written IPv6 address is

3ffe:1944:0100:000a:0000:00bc:2500:0d

0b

Two rules for reducing the size of written IPv6addresses


12/69



IP

Version

6

Rule 1: Leading 0s Two rules for reducing the size of written IPv6 addresses.

The first rule is:

The leading zeroes in any 16-bit segment do not have tobe written; if any 16-bit segment has fewer than fourhexadecimal digits, it is assumed that the missing digitsare leading zeroes.

Example3ffe : 1944 : 0100 : 000a : 0000 : 00bc : 2500 : 0d0b

3ffe : 1944 : 100 : a : 0 : bc : 2500 : d0b


13/69



IP

Version

6

Practice

3ffe : 0404 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00

3ffe : 404 : 1 : 1000 : 0 : 0 : ef0 : bc00

3ffe : 0000 : 010d : 000a : 00dd : c000 : e000 : 0001

3ffe : 0 : 10d : a : dd : c000 : e000 : 1

ff02 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0005

ff02 : 0 : 0 : 0 : 0 : 0 : 0 : 5


14/69



IP

Version

6

Rule 2: Double colon :: equals 00000000 The second rule can reduce this address even further:

Any single, contiguous string of one or more 16-bitsegments consisting of all zeroes can be represented with

a double colon.

ff02 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0005

ff02 : 0 : 0 : 0 : 0 : 0 : 0 : 5

ff02 : : 5

ff02::5


15/69



IP

Version

6

Only a singlecontiguous string of all-zero segments canbe represented with a double colon.

Example: Both of these are correct2001 : 0d02 : 0000 : 0000: 0014 : 0000 : 0000: 0095

2001 : d02 ::14 : 0: 0: 95

2001 : d02 : 0: 0: 14 ::95

2001 : 0d02 : 0000 : 0000: 0014 : 0000 : 0000: 0095

2001 : d02 :: 14 : 0: 0: 95

OR

2001 : d02 : 0: 0: 14 :: 95


16/69



IP

Version

6

Network Prefixes IPv4, the prefixthe network portionof the

addresscan be identified by a dotted decimal orhexadecimal address mask or a bitcount.

255.255.255.0 or /24

IPv6 prefixes are always identified by bitcount.

The address is followed by a forward slash and adecimal number indicating how many of the firstbits of the address are the prefix bits.

3ffe:1944:100:a::/64


17/69



IP

Version

6

8.2.5IPv6 Address Types

The three types of IPv6 address follow:

1. Unicast2. Anycast3. Multicast Unlike IPv4, there is no IPv6 broadcast address.

There is, however, an "all nodes" multicast address, which servesessentially the same purpose as a broadcast address.


18/69



IP

Version

6

Unicast Address

A unicast address identifies a single device. Apacket sent to a unicast address is delivered tothe interface identified by that address.

There are two types of unicast addresses: Link-local unicast address: Scope is configured to

single link. The address is unique only on this link, andit is not routable off the link.

Global unicast address: Globally unique, so it can berouted globally with no modification. A global addresshas an unlimited scope on the worldwide Internet.Packets with global source and destination addressesare routed to their target destination by the routers onthe Internet.


19/69



IP

Version

6

Multicast Address IPv6 does not have broadcast addresses.

Broadcasting in IPv4 results in several problems \

Broadcasts are replaced by multicast addresses.Multicast enables efficient network operation byusing functionally specific multicast groups tosend requests to a limited number of computerson the network. A packet sent to a multicastaddress is delivered to all interfaces identified bythat address.

The range of multicast addresses in IPv6 is largerthan in IPv4. For the foreseeable future, allocationof multicast groups is not being limited.


20/69



IP

Version

6

Anycast AddressesAn anycast addressrepresents a service

rather than a device

The same address can reside on one ormore devices providing the same service.


21/69



IP

Version

6

Special addresses There are a number of addresses with special

meaning in IPv6. Some of these are presented in

Figure


22/69



IP

Version

6

8.2.6IPv6 Global Unicast and Anycast Addresses

Global unicast and anycast addresses share the

same format. The unicast address spaceallocates the anycast addresses. Theseaddresses appear as unicast addresses todevices that are not configured for anycast.


23/69



IP

Version

6

A service is offered by three servers, all advertising the service at the IPv6 address3ffe:205:1100::15.

The router, receiving advertisements for the address, does not know that it is beingadvertised by three different devices; instead, the router assumes that it has threeroutes to the same destination and chooses the lowest-cost route.

In this is the route to server C with a cost of 20.

Preferred

route


24/69



IP

Version

6

8.3.1Defining Host Interface AddressesAn IPv6 address has two parts:

A subnet prefix representing the network to which the

interface is connected. The subnet prefix is a fixed 64-bit length for all current definitions.

A local identifier, sometimes called a token, whichuniquely identifies the host on the local network. The

local identifier is always 64 bits and is dynamically

created based on Layer 2 media and encapsulation. In

the simple case of an Ethernet medium, the local

identifier is usually derived from the EUI-48 MAC

address.


25/69



IP

Version

6

8.3.2Link Local Address

Interface identifiers in IPv6 addresses identify interfaces on a link.Link-local addresses can also be thought of as the host portion of anIPv6 address. The address is unique only on this link, and it is not

routable off the link. Packets with a link-local destination must stay onthe link where they were generated. Routers that could forward themto other links are not allowed to because there has been noverification of uniqueness outside the context of the origin link.

Link-local addresses are dynamically created using a link-local prefixof FE80::/10 and a 64-bit interface identifier in a process calledstateless autoconfiguration.


26/69



IP

Version

6

8.3.3Stateless Autoconfiguration Phase 1

Although manually configurable, the most commonmethod to obtain a unique identifier on an Ethernet link is

by using the EUI-48 MAC address and applying themodified IEEE EUI-64 standard algorithm.

Phase 2The well-known link-local prefix fe80::/64 is prepended tothe 64-bit identifier from phase one to create the 128-bit

link-local address, for example, fe80::20c:29ff:fec2:52ff.This address is associated with the interface and taggedtentative.


27/69



IP

Version

6

Phase 3Before final association, it is necessary to verify the addresssuniqueness on the link, called duplicate address detection (DAD). Theprobability of having a duplicate address on the same link is not null,because it is recognized that some vendors have shipped batches ofcards with the same MAC addresses.

The system sends ICMPv6 packets on the link where the detection

has to occur. Those packets contain neighbor solicitation messages.Their source address is the undefined address ::, and the targetaddress is the tentative address. A node already using this tentativeaddress replies with a neighbor advertisement message. In that case,the address cannot be assigned to the interface. If there is noresponse, it is assumed that the address is unique and can beassigned to the interface. If the address is not unique it must bemanipulated manually.

Phase 4This phase removes the tentative tag and formally assigns theaddress to the network interface. The system can now communicatewith its neighbors on the link.


28/69



IP

Version

6

8.3.4EUI-64 to IPv6 Identifier A MAC address (IEEE

802) is 48 bits long. Thespace for the localidentifier in an IPv6address is 64 bits. TheEUI-64 standard explainshow to stretch IEEE 802addresses from 48 to 64bits by inserting the 16-bit

0xFFFE in the middle atthe 24th bit of the MACaddress. This creates a64-bit, unique interfaceidentifier.


29/69



IP

Version

6

Universal/Local (U/L) The seventh bit in an IPv6 interface identifier is

referred to as the universal/local bit, or U/L bit.

This bit identifies whether this interface identifieris universally or locally administered .

If the U/L bit is set to 0, the address is locallyadministered. The network administrator has

overridden the manufactured address and specified adifferent address.

If the U/L bit is set to 1, the IEEE, through thedesignation of an ISP, has administered the address.


30/69



IP

Version

6

Individual/Group (I/G)

The I/G bit is the low order bit of the first

byte and determines whether the address isan individual address (unicast) or a group

address (multicast).

When set to 0, it is a unicast address.

When set to 1, it is a multicast address


31/69



IP

Version

6

8.3.5IPv6 over Data Link Layers IPv6 is defined on most of the current data link layers, including the following:

Ethernet* PPP* High-Level Data Link Control (HDLC)* FDDI Token Ring Attached Resource Computer Network (ARCNET) Nonbroadcast multiaccess (NBMA) ATM** Frame Relay*** IEEE 1394

* Cisco supports these data link layers.** Cisco supports only ATM permanent virtual circuit (PVC) and ATM LANEmulation (LANE).*** Cisco supports only Frame Relay PVC.

An RFC describes the behavior of IPv6 in each of these specific data linklayers, but Cisco IOS software does not necessarily support all of them.


32/69



IP

Version

6

8.3.6IPv6 Multicasting

The format of the multicast address is as follows: IPv6 multicast addresses are defined by the prefix FF00::/8. The

second octet defines the lifetime (flag) and the scope of the multicastaddress.

The flag parameter is equal to 0 for a permanent, or well-known, multicastaddress. For a temporary multicast address, the flag is equal to 1.

The scope parameter

The multicast group ID consists of the lower 112 bits of themulticast address.


33/69



IP

Version

6

8.3.7Permanent Multicast Addresses The multicast addresses, FF00:: to FF0F::, are reserved. Within that

range, the following are some examples of assigned addresses.Assignments are tracked by IANA.

FF02::1All nodes on link (link-local scope).

FF02::2All routers on link. FF02::9All IPv6 Routing Information Protocol (RIP) routers on link. FF02::1:FFXX:XXXXSolicited-node multicast on link, where

XX:XXXX is the rightmost 24 bits of the corresponding unicast oranycast address of the node. (Neighbor solicitation messages are senton a local link when a node wants to determine the link-layer address

of another node on the same local link, similar to Address ResolutionProtocol [ARP] in IPv4.)

FF05::101All Network Time Protocol (NTP) servers in the site(site-local scope).


34/69



IP

Version

6

very rare cases, the rightmost 24 bits of the unicast address of the

target is not unique on the link. Solicitednode multicast addressesare used in IPv6 for address resolution of an IPv6 address to a MACaddress on a LAN segment.

Source node send the full IPv6 address of destination (target address)in addition in other data


35/69



IP

Version

6

8.3.9Anycast

An IPv6 anycast address is a global unicast address thatis assigned to more than one interface. When a packet is

sent to an anycast address, it is routed to the nearest

interface having that address.

In a WAN scope, the nearest interface is found accordingto the measure of distance of the routing protocol. In a

LAN scope, the nearest interface is found according to the

first neighbor that is learned about.


36/69



IP

Version

6

8.3.10IPv6 Mobility Mobility is a very important featurein networks today. Mobile IP is anIETF standard available for bothIPv4 and IPv6. Mobile IP enablesmobile devices to move withoutbreaking current connections. In

IPv6, mobility is built in, whichmeans that any IPv6 node can useit as needed. However, in IPv4,mobility is a new function that mustbe added.

The routing headers of IPv6 makeMobile IPv6 much more efficient for

end nodes than Mobile IPv4.Mobility takes advantage of theflexibility of IPv6. For example,binding uses some header options(destination) that are mandatory forevery IPv6 device. Also, IPv6mobility creates a new mobilityextension header.


37/69



IP

Version

6

8.4.1Describing IPv6 Routing


38/69



IP

Version

6

Static Routing Static routing with IPv6 is used and configured in

the same way as IPv4. There is an IPv6-specific

requirement per RFC 2461: A router must be ableto determine the link-local address of each of its

neighboring routers to ensure that the target

address of a redirect message identifies the

neighbor router by its link-local address. This requirement basically means that using a

global unicast address as a next-hop address with

routing is not recommended.


39/69



IP

Version

6

RIPng Routing Information Protocol next generation (RIPng, RFC

2080) is a distance vector routing protocol with a limit of15 hops that uses split horizon and poison reverse to

prevent routing loops. The protocol implementation for IPv6 includes thesecharacteristics:

Based on IPv4 RIP version 2 (RIPv2) and similar to RIPv2

Uses IPv6 for transport

IPv6 prefix, next-hop IPv6 address Uses the multicast group FF02::9, the all-RIP-routers multicast

group, as the destination address for RIP updates

Updates sent on UDP port 521


40/69



IP

Version

6

OSPFv3 The protocol implementation for IPv6 includes these

characteristics: Based on OSPF version 2 (OSPFv2), with enhancements

Distributes IPv6 prefixes Runs directly over IPv6

Operates as ships in the night with OSPFv2

This implementation adds these IPv6-specific attributes: 128-bit addresses

Link-local address Multiple addresses and instances per interface

Authentication (now uses IPsec)

OSPFv3 runs over a link rather than a subnet


41/69



IP

Version

6

IS-IS Large address support facilitates the IPv6

address family. Intermediate System to

Intermediate System (IS-IS) is the same asIPv4 with the following extensions added:

Two new Type, Length, Value (TLV) attributes

IPv6 reachability IPv6 interface address

New protocol IDS


42/69



IP

Version

6

EIGRP Enhanced Interior Gateway Routing Protocol

(EIGRP) can be used to route IPv6 prefixes.

EIGRP IPv4 runs over an IPv4 transport,communicates only with IPv4 peers, and

advertises only IPv4 routes. EIGRP for IPv6

follows the same model. EIGRP for IPv4 and

EIGRP for IPv6 are configured and managedseparately. However, the configuration of EIGRP

for IPv4 and IPv6 is similar and provides

operational familiarity and continuity


43/69



IP

Version

6

Multiprotocol BGP (MP-BGP)Multiprotocol BGP is used to enable BGP4

to carry the information of other protocols,

for example, Multiprotocol Label Switching(MPLS) and IPv6.


44/69



IP

Version

6

8.4.2OSPFv3 and IPv6 OSPFv3, which is described inRFC 2740, supports IPv6.

The state of a link is a descriptionof that interface and its relationshipto its neighboring networkingdevices. The interface informationincludes the IPv6 prefix of theinterface, the network mask, thetype of network that it is connectedto, the routers connected to thatnetwork, and so on.

This information is propagated invarious types of link-stateadvertisements (LSAs). A collectionof LSA data on a router is stored ina link-state database (LSDB). Thecontents of the database, whensubjected to Dijkstras algorithm,result in the creation of the OSPFrouting table.


45/69



IP

Version

6

8.4.3Similarities Between OSPFv2 andOSPFv3 Many of the OSPF for IPv6 features are the same as in OSPFv2. OSPFv3 for

IPv6, which is described in RFC 2740, expands on OSPFv2 to provide supportfor IPv6 routing prefixes and the larger size of IPv6 addresses. Othersimilarities to OSPFv2 include the following:

Mechanisms for neighbor discovery and adjacency formation are identical. Operations of OSPFv3 over the RFC-compliant nonbroadcast multiaccess

(NBMA) and point-to-multipoint topology modes are supported. OSPFv3also supports the other modes from Cisco, such as point-to-point andbroadcast, including the interface.

LSA flooding and aging are the same for OSPFv2 and OSPFv3.

OSPFv3 uses the same basic packet types as OSPFv2, such as hellopackets, database description (also called database description packet),link-state request (LSR), link-state update (LSU), and LSA.

All of the optional capabilities of OSPF for IPv4, including on-demandcircuit support, not-so-stubby areas (NSSAs), and the extensions toMulticast OSPF (MOSPF) are also supported in OSPF for IPv6.


46/69



IP

Version

6


47/69



IP

Version

6

8.4.4Differences Between OSPFv2 and

OSPFv3 Differences between OSPFv2 and OSPFv3 include the following:

OSPFv3 runs over a link: OSPF for IPv6 runs per link instead ofthe IPv4 behavior of per IP subnet.

Multiple OSPFv3 instance support: Separate autonomoussystems, each running OSPF, use a common link. A single linkcould belong to multiple areas.

Multicast addresses:FF02::, equivalent to 224.0.0.5 in OSPFv2.FF02::, equivalent to 224.0.0.6 in OSPFv2.

Removal of address semantics:IPv6 addresses are no longer

present in the OSPF packet header (part of payload information).The DR and backup designated router (BDR) are identified by theirrouter ID and not by their IP address.

Security: OSPFv3 uses IPv6 Authentication Header (AH) andEncapsulating Security Payload (ESP) extension headers.


48/69



IP

Version

6

8.4.5LSA Types for IPv6 OSPFv3 LSA features include the following: The LSA is composed of a router ID, area ID, and link-state ID. They

are each 32 bits. Although they are written in dotted decimal, they arenot derived from an IPv4 address.

Router LSAs and network LSAs contain only 32-bit IDs. They do notcontain addresses. LSAs have flooding scopes that define the diameter that they should

be flooded to: Link local: Flood all routers on the link. Area: Flood all routers within an OSPF area.

Autonomous system: Flood all routers within the entire OSPFautonomous system.

OSPFv3 supports the forwarding of unknown LSAs based on theflooding scope. This can be useful in an NSSA.


49/69



IP

Version

6

The two renamed LSAs are as follows Interarea prefix LSAs for area border

routers (ABRs) (type 3): Type 3 LSAsadvertise internal networks to routers inother areas (interarea routes).

Interarea router LSAs for autonomoussystem boundary routers (ASBRs) (type

4): Type 4 LSAs advertise the location of anASBR.


50/69



IP

Version

6

The two new LSAs in IPv6 are as follows: Link LSAs (type 8): Type 8 LSAs have link-local flooding

scope and are never flooded beyond the link with whichthey are associated. Link LSAs provide the link-localaddress of the router to all other routers attached to thelink. Link LSAs also inform other routers attached to thelink of a list of IPv6 prefixes to associate with the link, andallow the router to assert a collection of options bits toassociate with the network LSA that will be originated for

the link. Intra-area prefix LSAs (type 9): A router can originatemultiple intra-area prefix LSAs for each router or transitnetwork, each with a unique link-state ID..

Ci N ki A d P CCNP1 V5


51/69



IP

Version

6

8.4.6Address Prefix and LSAs An address prefix occurs in almost all newly defined LSAs.

The prefix is represented by three fields: Prefix Length,Prefix Options, and Address Prefix. In OSPF for IPv6,

addresses for these LSAs are expressed asprefix,prefixlengthinstead of address, mask.

The default route is expressed as a prefix with length 0.

Ci N t ki A d P CCNP1 V5


52/69



IP

Version

6

8.5.1Configuring OSPFv3 in IPv6 Step 1Complete the OSPF network strategy and planning

for your IPv6 network. For example, you must decidewhether multiple areas are required.

Step 2Enable IPv6 unicast routing using the ipv6 unicast-routingcommand.

Step 3Enable IPv6 on the interface using the ipv6 ospfareacommand.

Step 4(Optional) Configure OPSFv3 interface specificsettings, including area, router priority, and OSPFv3 pathcost.

Step 5(Optional) Configure routing specifics from routerconfiguration mode, including router priority, routesummarization, and so on.



53/69



IP

Version

6

8.5.2Enabling OSPFv3 on an Interface



54/69



IP

Version

6

8.5.3Configuring OSPFv3 Routing

Specifics



55/69



IP

Version

6

8.5.4OSPFv3 Route Summarization



56/69



IP

Version

6

8.5.5OSPFv3 Configuration Example



57/69



IP

Version

6

8.5.6Verifying OSPFv3



58/69



IP

Version

6

The clear ipv6 ospf[process-id] {process|force-spf| redistribution| counters

[neighbor[neighbor-interface| neighbor-id]]} command triggers SPF recalculationand repopulation of the Routing InformationBase (RIB).

The show ipv6 ospf[process-id] [area-id]command displays general informationabout OSPF processes



59/69



IP

Version

6



60/69



IP

Version

6



61/69



IP

Version

6

show ipv6 ospf database



62/69



IP

Version

6



63/69



IP

Version

6

8.6.1IPv6 to IPv4 Transition Mechanism

Dual stack

IPv6-over-IPv4 (6to4) tunnels



64/69



IP

Version

6

8.6.2Cisco IOS Dual Stack



65/69



IP

Version

6

Considerations for dual-stack include: A dual-stack node chooses which stack to use

based on the destination address.

A new application programming interface(API)is defined to support both IPv4 and IPv6

addresses and Domain Name System (DNS)

requests.



66/69



IP

Version

6

8.6.3Overlay Tunnels Networking often uses tunnels to overlay an incompatible

functionality on an existing network. Tunneling IPv6 traffic

over an IPv4 network requires one edge router to

encapsulate the IPv6 packet inside an IPv4 packet andanother router to decapsulate it.



67/69



IP

Version

6

8.6.4Isolated Dual-Stack Host Encapsulation can be done by edge routers between hosts or betweena host and a router. The example in Figure shows an isolated dual-stack host using an encapsulated tunnel to connect to the edge routerof the IPv6 network.

Tunneling does not work if an intermediary node between the two end

points of the tunnel, such as a firewall, filters out IPv4 protocol 41,which is the IPv6-over-IPv4 encapsulation.



68/69



IP

Version

6

8.6.6Example of a Configured Tunnel



69/69


IP

Version

6

8.6.8Translation of NAT-PT

ccnp1 module 8 ipver6

Documents