introduction to ipv6 - scte san diegoscte-sandiego.org/docs/introduction to ipv6-scte...

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID

Introduction to IPv6Murthy DevarakondaSystems [email protected]

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 2

Why IPv6?


A Need for IPv6? IETF IPv6 working group began in early 90s, to solve

addressing growth issues, butCIDR, NAT, DHCP(temporary use allocations)…were developed

IPv4 32 bit address = ~4 billion hosts~40% of the IPv4 address space is still unused which is different from unallocated(e.g. IBM is allocated with 8.0.0.0/8 subnet and it can support 16 million hosts)The rising of Internet connected device and appliance will eventually deplete the IPv4 address space

IP is everywhereData, voice, audio and video integration is a realityRegional registries apply a strict allocation control

So, only compelling reason: More IP addresses


IP Address Allocation History

The Host-Density ratio (RFC 3194) is the measure of allocation inefficiency; 1981—IPv4 protocol published

1985 ~ 1/16 of total space




2005 ~ 1/4 of total space remaining

2007 ~ 1/5 of total space remaining

This despite increasingly intense conservation effortPPP/DHCP, NAT (network address translation)

CIDR (classless inter-domain routing) plus some address reclamation

Theoretical limit of 32-bit space: ~4 billion devices,Practical limit of 32-bit space: ~250 million devices (RFC 3194)

As of 3 February 2011, the global free pool of IPv4 addresses is fully depleted, meaning all 256 /8 IPv4 address blocks have been distributed to the five RIRs


Why Not NAT

It was created as a temp solution

NAT breaks the end-to-end model

Growth of NAT has slowed down growth of transparent applications

No easy way to maintain states of NAT in case of node failures

NAT break security

NAT complicates mergers, double NATing is needed for devices to communicate with each other


IPv6 Technology


Version IHL Type of Service Total Length

Identification Flags Fragment Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Options Padding

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

IPv4 Header IPv6 Header

IPv4 and IPv6 Header Comparison

- Field name kept from IPv4 to IPv6

- Fields not kept in IPv6

- Name and position changed in IPv6

- New field in IPv6

Legend


IPv4/IPv6 Technology Comparison


MTU Issues

Minimum link MTU for IPv6 is 1280 octets(vs. 68 octets for IPv4)

=> on links with MTU < 1280, link-specificfragmentation and reassembly must be used

Implementations are expected to perform path MTU discovery to send packets bigger than 1280

Minimal implementation can omit PMTU discovery as long as all packets kept ≤ 1280 octets

A hop-by-hop option supports transmission of “jumbo grams” with up to 232 octets of payload; payload is normally 216


D:\>ping -l 1500 toshiba-redhat

Pinging toshiba-redhat [3ffe:c15:c003:1114:210:a4ff:fec7:5fcf]

Request timed out.Reply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3msReply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3msReply from 3ffe:c15:c003:1114:210:a4ff:fec7:5fcf : time=3ms

netsh interface ipv6>show destinationcacheInterface 6: LANPMTU Destination Address Next Hop Address---- --------------------------------------------- --------------------------1480 3ffe:c15:c003:1112::1 3ffe:c15:c003:1112::1

1500TooBig

1480

12 3

1480

1

2

3

Path MTU Discovery


IPv6 Addressing


Addressing Format

16-bit hexadecimal numbers

Numbers are separated by (:)

Hex numbers are not case sensitive

Abbreviations are possibleLeading zeros in contiguous block could be represented by (::)Example:

2001:0db8:0000:130F:0000:0000:087C:140B2001:0db8:0:130F::87C:140B

Double colon only appears once in the address


Addressing – Prefix Representation

Representation of prefix is just like CIDR

In this representation you attach the prefix length

Like v4 address:198.10.0.0/16

V6 address is represented the same way:2001:db8:12::/48

Only leading zeros are omitted. Trailing zeros are not omitted

2001:0db8:0012::/48 = 2001:db8:12::/482001:db8:1200::/48 ≠ 2001:db8:12::/48


IPv6 Address Representation

Loopback address representation0:0:0:0:0:0:0:1=> ::1Same as 127.0.0.1 in IPv4Identifies self

Unspecified address representation0:0:0:0:0:0:0:0=> ::Used as a placeholder when no address available (Initial DHCP request, Duplicate Address Detection DAD)


IPv6—Addressing Model

Addresses are assigned to interfacesChange from IPv4 mode:

Interface “expected” to have multiple addresses

Addresses have scopeLink LocalUnique LocalGlobal

Addresses have lifetimeValid and preferred lifetime

Link LocalUnique LocalGlobal


Addressing

Type Binary Hex

Aggregatable Global Unicast Address 001 2 or 3

Link Local Unicast Address 1111 1110 10 FE80::/10

Unique Local Unicast Address

1111 11001111 1101

FC00::/7FC00::/8(registry)

FD00::/8 (no registry)

Multicast Address 1111 1111 FF00::/8

Some Special Addresses


Types of IPv6 Addresses

UnicastAddress of a single interface. One-to-one delivery to single interface

MulticastAddress of a set of interfaces. One-to-many delivery to all interfaces in the set

AnycastAddress of a set of interfaces. One-to-one-of-many delivery to a single interface in the set that is closest

No more broadcast addresses


Global Unicast Addresses

Global Unicast Addresses Are: Addresses for generic use of IPv6

Structured as a hierarchy to keep the aggregation

001 (2)

011 (3)

64 Bits3 45 Bits 16 Bits

Provider Site Host

Global Routing Prefix Subnet ID Interface ID


Global ID 40 Bits

Unique-Local

Unique-Local Addresses Used for: Local communications

Inter-site VPNs

Not routable on the Internet

Subnet ID

16 Bits

128 Bits

Interface ID

1111 110

FC00::/7

7 Bits


Remaining 54 Bits

Link-Local

Link-Local Addresses Used for: Mandatory Address for Communication between two IPv6 device

(like ARP but at Layer 3) Automatically assigned by Router as soon as IPv6 is enabled Also used for Next-Hop calculation in Routing Protocols Only Link Specific scope Remaining 54 bits could be Zero or any manual configured value

128 Bits

Interface ID

1111 1110 10

FE80::/10

10 Bits


IPv6 Multicast Address

IP multicast address has a prefix FF00::/8 (1111 1111); the second octet defines the lifetime and scope of the multicast address

8-bit 4-bit 4-bit 112-bit

1111 1111 Lifetime Scope Group-ID

Lifetime0 If Permanent1 If Temporary

Scope1 Node2 Link5 Site8 OrganizationE Global


IPv6 – Valid and Preferred LifetimesFastEthernet0/0 is up, line protocol is upGlobal unicast address(es): 2001:DB8:1111::A1A1, subnet is 2001:DB8:1111::/64Valid lifetime 43192 preferred lifetime 20192

GlobalTentative Preferred Deprecated Invalid

Valid

Time

Preferred Lifetime

Valid Lifetime


Address Scope Meaning

FF01::1 Node-Local All Nodes

FF02::1 Link-Local All Nodes

FF01::2 Node-Local All Routers

FF02::2 Link-Local All Routers

FF05::2 Site-Local All Routers

FF02::1:FFXX:XXXX Link-Local Solicited-Node

Some Well Known Multicast Addresses

Note that 02 means that this is a permanent address and has link scope

More details at http://www.iana.org/assignments/ipv6-multicast-addresses


Solicited-Node Multicast Address

For each unicast and anycast address configured there is a corresponding solicited-node multicast

This is specially used for two purpose, for the replacement of ARP, and Duplicate Address Detection (DAD)

Used in neighbor solicitation messages

Multicast address with a link-local scope

Solicited-node multicast consists of prefix + lower 24 bits from unicast, FF02::1:FF:


R1#sh ipv6 int e0Ethernet0 is up, line protocol is upIPv6 is enabled, link-local address is FE80::200:CFF:FE3A:8B18No global unicast address is configuredJoined group address(es):

FF02::1FF02::2FF02::1:FF3A:8B18

MTU is 1500 bytesICMP error messages limited to one every 100 millisecondsICMP redirects are enabledND DAD is enabled, number of DAD attempts: 1ND reachable time is 30000 millisecondsND advertised reachable time is 0 millisecondsND advertised retransmit interval is 0 millisecondsND router advertisements are sent every 200 secondsND router advertisements live for 1800 secondsHosts use stateless autoconfig for addresses.

R1#

Router Interface

Solicited-Node Multicast Address


Anycast

Anycast allows a source node to transmit IP datagrams to a single destination node out of a group destination nodes with same subnet id based on the routing metrics

Only routers should respond to anycast addresses

Routers along the path to the destination just process the packets based on network prefix

Routers configured to respond to anycast packets will do so when they receive a packet send to the anycast address

Anycast Address Assignment


Anycast Address

Syntactical the same as a Unicast address

Is one-to-nearest type of address

Has a current limited use

111111X111111… 111Prefix

128 bits

7 bits

Anycast ID0 If EUI-64 Format

1 If Non-EUI-64 FormatX =

00000Prefix

128 bits

Reserved Subnet Anycast Address (RFC 2526)

Subnet Router Anycast Address (RFC 4291)

n bits (128-n) bits

Use Example: Mobile IPv6Home-Agent Anycast Address


IPv6 Prefix Allocation Hierarchy

Site/48Site

/48

ISP/32ISP

/32

IANA2001::/3

APNIC::/12 to::/23

AfriNIC::/12 to::/23

ARIN::/12 to::/23

LACNIC::/12 to::/23

RIPE NCC::/12 to::/23

ISP/32

Site/48

Site/48Site

/48

ISP/32ISP

/32ISP/32

Site/48

Site/48Site

/48

ISP/32ISP

/32ISP/32

Site/48

Site/48Site

/48

ISP/32ISP

/32ISP/32

Site/48

Site/48Site

/48

ISP/32ISP

/32ISP/32

Site/48


IPv6 Address Allocation Process

Lowest-Order 64-bit field of unicast address may be assigned in several different ways:

Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address)Auto-generated pseudo-random number(to address privacy concerns)Assigned via DHCPManually configured


IPv6 Interface Identifier

Cisco uses the EUI-64 format to do stateless auto-configuration

This format expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle 16 bits

To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (“u” bit) is set to 1 for global scope and 0 for local scope

00 90 27 FF FE 17 FC 0F

FF FE

00 90 27 17 FC 0F

00 90 27 17 FC 0F

000000U0 Where U=1 = Unique

0 = Not Unique

02 90 27 FF FE 17 FC 0F

U = 1


DHCP and DNS for IPv6


IPv4/IPv6 Provisioning Comparison

Function IPv4 IPv6

Address Assignment DHCPv4 DHCPv6, SLAAC, Reconfiguration

Address Resolution ARP, RARP NS, NA

Router DiscoveryICMP Router

DiscoveryRS, RA

Name Resolution DNSv4 DNSv6


Replaces ARP, ICMP (redirects, router discovery)

Reachability of neighbors

Hosts use it to discover routers, auto configuration of addresses

Duplicate Address Detection (DAD)

Neighbor Discovery


Neighbor Discovery – Router Solicitations

1—ICMP Type = 133 (RS)Src = link-local address (FE80::1/10) Dst = all-routers multicast address (FF02::2)Query = please send RA

2. RA1. RS

2—ICMP Type = 134 (RA)Src = link-local address (FE80::2/10)Dst = all-nodes multicast address (FF02::1)Data = options, subnet prefix, lifetime, autoconfigflag

• Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces

• Routers send periodic Router Advertisements (RA) to the all-nodes multicast address


Neighbor Solicitation and Advertisement

A and B can now exchange packets on this link

Neighbor SolicitationICMP type = 135

Src = A Dst = Solicited-node multicast of B Data = link-layer address of A Query = what is your link address?

Neighbor AdvertisementICMP type = 136 Src = B Dst = A Data = link-layer address of B

A B


Auto-configuration

Sends Network-Type Information (Prefix, Default Route, …)

Host AutoconfiguredAddress Is:Prefix Received + Link-Layer Address

Mac Address: 00:2c:04:00:FE:56

Larger Address Space Enables:• The use of link-layer addresses inside the address

space• Auto-configuration with “no collisions”• Offers “plug and play”


DHCPv6DHCPv6 is an updated version of DHCPv4

Supports new addressing of IPv6Allows for more control and management than SLAACUsed for Service Provider Prefix Delegation to customersCan be used in conjunction with DDNSRatified in RFC 3315

There are several DHCP v6 implementations availableCisco IOS softwareCisco Network RegistrarMicrosoft Windows Server 2008Dibbler and ISC (Linux, BSD, Solaris)


DHCPv6 OperationDHCPv6 operates in a similar manner to DHCPv4 with the following

exceptions:

• Client first detects the presence of routers on the link

• If found, the client examines the router advertisements to determine if DHCP can be employed

• If no router is found and/or DHCP is allowed to be used then the client:Sends DHCP SOLICT message to the all-DHCP-agents multicast addressUses the link-local address as the source address.

DHCPv6 Server

• Similar in function to DHCPv4

• Clients get address assigned

• Servers keep track of bindings

• Can operate in a stateless or state full manner. Stateless only assigns information not handled via SLAAC such and DNS, SIP server, etc.


DHCPv6 Prefix Delegation• Service provider allocates block of addresses for delegation to customers

• Customer receives a prefix (e.g., /56)

• Router assigns /64 prefixes to LAN interfaces

• The CPE on the “WAN” side will act as a DHCP client, acquire the prefix and then assign smaller prefixes to its own interfaces. It will then serve as an IPv6 router on these interfaces

• Indirectly the Service Provider is providing an addressing scheme for the customer’s internal network.

ISP Network and InternetISP Network and Internet

DelegatingRouter

DHCP

HOST A

HOST B

DHCP ClientDHCP Server

CPERouter

RA SLAAC Client


DNS Basics

DNS is a database managing Resource Records (RR)Stockage of RR from various types—IPV4 and IPV6:

Start of Authority (SoA)Name Server Address—A and AAAAPointer—PTR

DNS is an IP applicationIt uses either UDP or TCP on top of IPv4 or IPv6

ReferencesRFC3596: DNS Extensions to Support IP Version 6RFC3363: Representing Internet Protocol Version 6 Addresses in Domain Name system (DNS)RFC3364: Tradeoffs in Domain Name System (DNS) Support for Internet Protocol version 6 (IPv6)


IPv4 IPv6

Hostname to IP address

A record:www.abc.test. A 192.168.30.1

IPv6 and DNS

AAAA record: www.abc.test AAAA 2001:db8:C18:1::2

IP address to hostname

PTR record: 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.8.b.d.0.1.0.0.2.ip6.arpa PTR www.abc.test.

PTR record:1.30.168.192.in-addr.arpa. PTR

www.abc.test.


Router Advertisement

Stateless (RFC2462)RS Are Sent by Booting Nodes to Request RAs for Configuring the Interfaces; Host Autonomously Configures Its Own Link-Local Address

Source of RA

User of RA

A Bit M/O Bits

A Operation M/O Operation

PECPE

E10 Don’t Do Stateless

Address Assignment 11 Use Dhcpv6 for Address + Other Config. (i.e., Stateful Dhcpv6)

CPE Router Host 1 Do Stateless Address

Assignment 01 Use Dhcpv6 for Other Config. (i.e., Stateless Dhcpv6)

CPEHost

ISP Provisioning SystemDHCP Client DHCP Server

E0E1PE

ISP


Prefix/Options Assignment

DHCP ND/DHCPAAA

1. CPE Sends DHCP Solicit with ORO = PD

2. PE Sends RADIUS Request for the User

3. RADIUS Responds with User’s Prefix(es)

4. PE Sends DHCP REPLY with Prefix Delegation Options

5. CPE Configures Addresses from The Prefix on Its Downstream Interfaces, and Sends an RA. A-bit, O-bit are set to On

6. Host Configures Addresses Based on the Prefixes Received in the RA. As the O-bit Is on, It Sends a DHCP Information-request Message, with an ORO = DNS7. CPE Sends a DHCP REPLY

Containing Request Options

Host

ISP Provisioning System

E0E1PE

ISP

DHCP Client DHCP Server

CPE


Deployment


IPv4-IPv6 Transition/Coexistence

A wide range of techniques have been identified and implemented, basically falling into three categories:

1. Dual-stack techniques, to allow IPv4 and IPv6 toco-exist in the same devices and networks

2. Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions

3. Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices

Expect all of these to be used, in combination


Dual Stack Approach

Dual Stack Node Means: Both IPv4 and IPv6 stacks enabled Applications can talk to both Choice of the IP version is based on name lookup and application

preference

TCP UDP

IPv4 IPv6

Application

Data Link (Ethernet)

0x0800 0x86dd

TCP UDP

IPv4 IPv6

IPv6-Enabled Application

Data Link (Ethernet)

0x0800 0x86dd Frame Protocol ID

Preferred Method on

Application’s Servers


Host Running Dual Stack

In a Dual Stack Case, an Application that: Is IPv4 and IPv6-enabled Asks the DNS for all types of addresses Chooses one address and, for example, connects to the IPv6 address

DNS Server IPv6

www.a.com = * ?

2001:db8::1

2001:db8::110.1.1.1

IPv4


Cisco IOS Dual Stack Configuration

Cisco IOS® Is IPv6-Ready: If IPv4 and IPv6 are configured on one interface, the router is dual-stacked

Telnet, Ping, Traceroute, SSH, DNS client, TFTP, etc.

IPv6 and IPv4 Network

Dual-Stack Router

IPv4: 192.168.99.1

IPv6: 2001:db8:213:1::/64 eui-64

router#ipv6 unicast-routing

interface Ethernet0ip address 192.168.99.1 255.255.255.0ipv6 address 2001:db8:213:1::/64 eui-64


IPv6 Using a Dual Stack Backbone

IPv4/IPv6Core

IPv4/IPv6Core

CE

IPv6IPv4

PE P P PE CE IPv4IPv4

IPv6IPv6

IPv6 configured interface

IPv4 configured interface

Some or all interfaces in clouddual configured

IPv6 + IPv4CoreIPv4 + IPv6 Edge IPv4 and/or IPv4 edgeDual Stack App

• All P + PE routers are capable of IPv4+IPv6 support

• Two IGPs supporting IPv4 and IPv6

• Memory considerations for larger routing tables

• Native IPv6 multicast support

• All IPv6 traffic routed in global space

• Good for content distribution and global services (Internet)


IPv6 Dual Stack Configuration

IPv4/IPv6Core

IPv4/IPv6Core

CE

IPv6IPv4IPv6IPv4

PE P P PE CE IPv4IPv4

IPv6IPv6

IPv6 + IPv4CoreIPv4 + IPv6 Edge IPv4 and/or IPv4 edgeDual Stack App

ipv6 unicast-routinginterface Ethernet0ip address 192.168.99.1 255.255.255.0ipv6 address 2001:db8:213:1::1/64


Manually Configured IPv6 over IPv4 Tunnel

IPv4

IPv6 Network IPv6 Network

Dual-Stack Router2Dual-Stack Router1

IPv4: 192.168.99.1 IPv6: 2001:db8:800:1::3

IPv4: 192.168.30.1IPv6: 2001:db8:800:1::2

router1#

interface Tunnel0ipv6 enableipv6 address 2001:db8:c18:1::3/127tunnel source 192.168.99.1tunnel destination 192.168.30.1tunnel mode ipv6ip

router2#

interface Tunnel0ipv6 enableipv6 address 2001:db8:c18:1::2/127tunnel source 192.168.30.1tunnel destination 192.168.99.1tunnel mode ipv6ip


Manually Configured GRE Tunnel

IPv4

IPv6 Network IPv6 Network

Dual-Stack Router2Dual-Stack Router1

IPv4: 192.168.99.1IPv6: 2001:db8:800:1::3

IPv4: 192.168.30.1IPv6: 2001:db8:800:1::2

router1#

interface Tunnel0ipv6 enableipv6 address 2001:db8:c18:1::3/128tunnel source 192.168.99.1tunnel destination 192.168.30.1tunnel mode gre ipv6

router2#

interface Tunnel0ipv6 enableipv6 address 2001:db8:c18:1::2/128tunnel source 192.168.30.1tunnel destination 192.168.99.1tunnel mode gre ipv6


6rd

IPv4Backbone Network


RG

IPv6/IPv4IPv6/IPv4

IPv4 Backbone Network

6rd tunnel IPv6 InternetIPv6 Internet

6rd BR

• Native dual stack IPv4/IPv6 in the home• Simple, stateless and automatic IPv6-in-IPv4 encapsulation• IPv6 traffic follows IPv4 routing between CE and 6rd BR• Standardized in RFC 5969• BR are placed at the IPv6 edge and addressed via anycast


DSLite (IPv6 ISP Network)



CPE (B4)

RFC1918RFC1918


IPv4 Tunnel IPv4 InternetIPv4 Internet

BR (AFTR)NAT44

• 4over6 Tunnel• V4 to V4 CGN• Nothing special required with DNS• Does require CPE support


NAT64 (IPv6 ISP and Customer Network)



CPE

IPv6IPv6


IPv4 InternetIPv4 Internet

NAT64

DNS64

• Used when backbone is IPv6 and clients are IPv6 only• Allows IPv6 endpoint to access the IPv4 Internet• Requires DNS64• No CPE or network modifications required


Resources

http://www.cisco.com/web/solutions/netsys/ipv6/index.html

introduction to ipv6 - scte san diegoscte-sandiego.org/docs/introduction to ipv6-scte...

Documents