tony kellar daymar institute. why the osi model multi-vendor support and standardization enhances...
TRANSCRIPT
INTRODUCTION TOINTERNET PROTOCOL 6
ESTIMATED TIME OF INSTRUCTION: 2 HOURS
Tony KellarDaymar Institute
Why the OSI Model Multi-vendor support and standardization Enhances simplicity and design and
troubleshooting Changes made at one layer do not affect
other layers TCP doesn’t care UDP doesn’t care Data-link doesn’t
care Only layer 3 cares IPv4 IPv6
WHY Internet Protocol 6 IPv4 address exhaustion has been a concern over time.
Roughly 2/3rd of actual addresses are publically usable
Source: http://en.wikipedia.org/wiki/IPv4
Current IPv4 status
Source: http://slideshow.techworld.com/3363475/ipv6--why-we-need-new-internet-protocol/2/
Additional reasons for IPv6
IPv4 was created in late 1960’s. Many lack of optimizations in design
Broadcast and Multicast concerns Fragmentation became necessary Hack, Hack, Hack to get certain things to work Lack of global focus Internet Routing Table became HUGE!
Impossible to optimize Security was not a concern in protocol creation IPv4 subnetting is….clunky and inefficient Poor management of IP space as we were
“NEVER GONNA RUN OUT!”
WE ARE NOT YET READY FOR THIS
http://slideshow.techworld.com/3363475/ipv6--why-we-need-new-internet-protocol/2/
WHAT IS AN IPv4 ADDRESS?
32 bits in succession indicating the address
Networks are sub-divided by the subnet mask
The Internet started out CLASSFULLY (A,B,C,D,E) Now we can subnet networks to create
optimizations of space (known as CLASSLESS)
Source:http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-1/ip_addresses.html
Whiteboard Review: How IPv4 talksConcept#1: ARPConcept#2: Intra-Network RoutingConcept#3: Inter-Network Routing
192.168.1.0/24
.1
.2 .3 .4 .2 .3 .4
192.168.3.0/24
.1 192.168.2.0/24 .2
.1
How much bigger is IPv6 than IPv4 We can assign an IPv6 address to every atom on the
surface of the Earth There are 2^52 more IPv6 addresses than known stars in
our universe. If the entire IPv4 space was the size of a basketball, IPv6 is
the size of the sun. My house is 4,294,967,296 times the space as the entire
Internet on my primary network My secondary network (at my house), is
281,474,976,710,656 times larger than the entire Internet 17 times larger than the National Debt
Comparison: IPv4 = 4,294,967,296 total address space IPv6 = APPROXIMATELY
3,402,823,669,209,384,634,633,746,074,317,700,000,000,000,000,000,000,000,000,000,000,000,000
MY CALCULATOR WILL NOT DISPLAY THE EXACT NUMBERLET’S FACE IT – BIG NUMBER
IPv6 Address Format 128 bits in length (versus IPv4 32 bit length) Each section is 16 bits represented by 4 characters between 0 – F If you understand MAC addresses…easy stuff then Expressed in hexadecimal format (Base 16)
0(0)=0000 4(4)=0100 8(8)=1000 12(C)=11001(1)=0001 5(5)=0101 9(9)=1001 13(D)=11012(2)=0010 6(6)=0110 10(A)=1010 14(E)=11103(3)=0011 7(7)=0111 11(B)=1011 15(F)=1111
Each section of 16 bits is separated by a “:” Leading zeros in a section can be dropped Successive zeros in multiple sections can be expressed with “::”
NOTE: Can be used only once
Whiteboard examples: 3f01:abcd:1234:5678:2780:1537:1100:1234 2001:0db8:00ca:1300:0000:0000:1350:aaaa 2001:0db8:0000:0bde:0000:0000:1306:0001 0000:0000:0000:0000:0000:0000:0000:0000
IPv6 Address Format – Different View
Exercise – Shortest Length These
ABCD:0807:0000:123D:5908:ABCD:8797:0001
2001:0DB8:0001:3092:0001:00DE:1230:0203
2001:0DB8:0000:3092:0000:0000:0020:1023
2001:1000:0000:3821:0000:0000:0000:E736
2610:1200:0010:0000:0000:0000:0000:000A
3001:3342:0101:0000:0001:0000:0001:0001
C000:0000:0000:0000:0000:0000:0000:0001
Exercise – Shortest Length These Answer ABCD:807::123D:5908:ABCD:8797:1
2001:DB8:1:3092:1:DE:1230:203 2001:DB8:0:3092::20:1023 2001:1000:0:3821::E736 2610:1200:10::A 3001:3342:101::1:0:1:1
OR 3001:3342:101:0:1::1:1 C000::1
Quick Note – IPv6 address within URL
URL’s explicitly use the : to designate a port number http://www.network-chef.com:8080
IPv6’s uses of colons creates problems http://2001:470:1f11:113b::2:8080
does not work If pointing directly to an IPv6 address
in a URL, encapsulate in brackets http://[2001:470:1f11:113b::2]:8080
IPv6 – Expressing Network vs. Host
In IPv4, we use subnet masks to support this I.E. 192.168.0.1 255.255.255.0
In IPv6, if we used a subnet mask for the same number of hosts, we would have to type: 255.255.255.255.255.255.255.255.255.255.255.255.255.255.255.0
IPv4: 255.255.255.0 = /24 (how many 1s) IPv6: /## - same deal, therefore:
2610:0018:02c1:0041:2342:ffe2:1234:0001/64 2610:0018:02c1:0041:2342:ffe2:1234:0001/64RED = NETWORKWHITE = HOST
Examples
ABCD:0807:0000:123D:5908:ABCD:8797:0001/82001:0DB8:0001:3092:0001:00DE:1230:0203/162001:0DB8:0000:3092:0000:0000:0020:1023/322001:1000:0000:3821:0000:0000:0000:E736/482610:1200:0010:0000:0000:0000:0000:000A/643001:3342:0101:0000:0001:0000:0001:0001/96C000:0000:0000:0000:0000:0000:0000:0001/128
Examples SOLVED
16 32 48 64 80 96 102 128
ABCD:0807:0000:123D:5908:ABCD:8797:0001/82001:0DB8:0001:3092:0001:00DE:1230:0203/162001:0DB8:0000:3092:0000:0000:0020:1023/322001:1000:0000:3821:0000:0000:0000:E736/482610:1200:0010:0000:0000:0000:0000:000A/643001:3342:0101:0000:0001:0000:0001:0001/96C000:0000:0000:0000:0000:0000:0000:0001/128
Addressing Hosts Statically – typing it in exactly (YUCK!
for hosts)
Addressing Hosts Dynamically
Method 1: Auto-configuration (privacy mechanism!!!) Host picks random and validates it is not already
on the network 2610:18:2c1:41:cca8:57fd:6a7c:cdbf Uses a mechanism known as RS/RA – Router
Solicitation and Router Advertisement for default-gateway establishment
Method 2: IPv6 DHCP (Stateful) Can use either RD/RA or statically defined
default-gateway Method 3: Cryptographically generated
addresses I BELIEVEBUTTON
Addressing Hosts Dynamically
Method 4: EUI-64 addressing Host uses MAC address on Ethernet NIC as
NIC is 48 bits and globally unique Flips 7th bit from 01 or 10
Why? Not a clue! I didn’t write it. Inserts FFFE between first 24 bits and last 24
bits of MAC and makes IP address See next slide for an example Also uses RS/RA for default-gateway
establishment
Addressing Hosts: EUI-64 example
Source: www.tcpipguide.com
IPv6 Address Apportionment
IPv6 addressing standard networks Businesses will go to RIR/NIR for IPv6
addresses if needing multipath routing Single path routing for businesses/large
customers will be provided a /48 from the ISP Extremely small business and private
customers (us)….will traditionally get a /64
NOTE: Even though obscene number of IPs…IETF specifies smallest network really should be /64….even in point-to-point networks
Certain tunneling technologies…i.e. ISATAP…REQUIRES the network to be a /64(I lost hair over this and I can’t afford that!)
Types of Traffic
IPv4 Unicast – host to host only communications Multicast – host to many (listening hosts) comms Broadcast – host to everybody on segment
IPv6 Unicast – host to host only communications Multicast – host to many (listening hosts) Anycast – host to closest address (Ugh!)
Wait – Where did broadcasts go? What about ARP???
We’ll get there…hold on that!
Types of Address (there are more) Aggregatable Global Unicast: 2000::/3 (2000-3FFF)
No such thing as a private IP in IPv6 Multicast: FF00::/8
This requirement will never go away Routing protocols Special services – Video
Link-Local Unicast: FE80::/10 – Ah-ha… IP address used by host to talk to other hosts within the
network (Time To Live of 1) Finds hosts and routers on link only
Solicited Node Multicast: FF02::1::/104 – Ah-ha!!! IP address used by host to query the MAC of a host Also used for Duplicate Address Detection (DAD)
Link Local – FE80::/10 Link local breakdown:
FE80 for first 10 bits Next 54 bits are all “0”s Last 64 bits are the last 64 bits of IP address
Given IP address: 2610:18:2c1:41:cca8:57fd:6a7c:cdbf
Link Local address: FE80::cca8:57fd:6a7c:cdbf
Link local does not talk outside of “link” Used by the host to talk WITHIN the link
Special IPv6 Addresses
:: = I don’t have an address – source = 0’s
::1 = Equal to IPv4’s 127.0.0.1 Ping it. It will respond (we hope)
IPv4 to IPv6 tunneling address IPv4 compatible IPv6 address
0:0:0:0:0:0:IPv4 address 0:0:0:0:0:0:192.168.1.1 or ::192.168.1.1
IPv4-mapped IPv6 address 0:0:0:0:FFFF:192.168.1.1
I BELIEVEBUTTON
I BELIEVEBUTTON
Solicited-Node Multicast Addresses Provides ability for host to contact an IP address when it only knows it’s IP (sounds like ARP)
Address format = FF02::1:FF00:0000/104 Last 24 bits are the IP address that is bound
to that host Link Local Only Used for Neighbor Discovery (ARP) and DAD
Solicited-Node Multicast Addresses
I know what you are thinking If the host size is 64 bits…but Solicited Node
Multicast = last 24 bits, isn’t it possible to have two nodes with the same address? I.E. 2610:18:2c1:abcd:abcd:1234:1234:1001 2610:18:2c1:abcd:abcd:1234:1334:1001
Yup! But given size of a /64…risk is small. 2^24=1,677,216 addresses. What…too small for you?
And if it happened, impact is small. Neighbors will be found.
DAD will recognize if a real duplicate exists.
Whiteboard Review: How IPv6 talksConcept#1: Neighbor /Router Solicitation/Advertisement
Solicited vs. UnsolicitedConcept#2: Intra-Network RoutingConcept#3: Inter-Network Routing
192.168.1.0/24
.1
.2 .3 .4 .2 .3 .4
192.168.3.0/24
.1 192.168.2.0/24 .2
.1
Multicast Starts with FF00::/8 So easily done in IPv6. Overcomes
major problems with IPv4 IETF did a wonderful job mapping old
to newProtocol IPv4 Multicast IPv6 Multicast
All hosts 224.0.0.1 FF02::1
All routers 224.0.0.2 FF02::2
All OSPF routers/OSPFv3
224.0.0.5 FF02::5
All OSPF DR|BDR/OSPFv3 DR|BDR
224.0.0.6 FF02::6
RIP/RIPng 224.0.0.9 FF02::9
EIGRP/EIGRPv6 224.0.0.10 FF02::A
IPv6 Transition Mechanisms
IPv6 only – sounds weird? Go to China. IPv4 and IPv6 dual stack – interface supports both
IPv4 and IPv6. Best implementation in my humble opinion.
IPv6 over IPv4 tunnels/IPv4 tunnels over IPv6 Complex Readily available as IPv4 is readily available
Active proxy NAT64 – translating IPv6 addresses to IPv4…vice
versa DNS64 – translating AAAA to A…requiring a server
Why Aren’t We All At IPv6 Yet?You:“I want to implement IPv6 across the enterprise. For our own /48, we will have to pay $2,000 per year, upgrade equipment software, setup the PCs, and will cost us about 1,000 man hours. Plus, we will have to train your staff.”Manager: “Will we make money off of this project?”You: “Not yet. But someday we might need it.”Manager: “Who is doing IPv6?”You: “About 1% of the planet”Manager’s response: <FILL IN THE BLANK>
Now adjust. You are an ISP. What is the justification for you to have IPv6 for all your customers when only 1% of the planet even knows what it is?
Infancy….Engineering….Cost….vs. Gain
Useful PC diagnostic commands ipconfig or ipconfig /all ping -4 IP or ping -6 IPv6 address
Note, if running both…IPv6 wins by default tracert -4 IP or tracert -6 netstat – r or route print : shows PC routing table (-
4 or -6 will specify only that table) netstat –ps IPv6: Shows IPv6 traffic stats netstat –ps ICMPv6: Shows IPv6 ICMP stats netstat –ps TCPv6: Shows TCP stats netsh interface ipv6 show neighbor: shows what
IPv6 neighbors have been learned on local link
Important Cisco commands - not in CCNA
Things to Remember – Part 1 IPv4 uses DNS A records. IPv6 uses DNS AAAA records or A6 (experimental) records.
You do not need explicitly an IPv6 server. An IPv4 DNS server will pass AAAA.
IPv4 has a primary address on the interface. It does all the talking.
IPv6 can have hundreds of addresses on the interface…with each capable of talking….even in the same subnet.
Windows XP is first Windows that started will down IPv6. However, go Windows 7 if you can. MUCH MORE CAPABLE.
Mobile devices – already ready and in many cases, can’t turn it off
IPv6 is really simpler than IPv4. The problem is concepts , availability of connections, and learning to understand it.
IPv6 does NOT allow for fragmentation. The router sends out the MTU in its advertisements. It is left to the host to perform any fragmentation prior to shipping.
There is way more to this thing….as one could expect
Things to Remember – Part 2SECURITY If you are not using IPv6, TURN IT OFF:
Disable TCP/IP IPv6 Disable Tunnel Adapters
Teredo Automatic 6-4 ISATAP
There is no such thing as private IPv6 addresses Firewall all machines Stateful packet inspection at hardware router/firewall is best
IPv6 is really simpler and more productive 1 drawback. 64-bit processor can process both IPv4 source and
destination in one pass. IPv6 – 4 passes. Security (IPSEC) built in Network apportionment is easy It is like going for a 2 mile run. It hurts BADLY at first … but
hurts less the next time….and always hurts a little.
Test Network Topology
IPv6
ipv6.google.com
HE ISPTony’sHouse
IPv6 over IPv4 GRE tunnel
IPv4
Your PCDaymar Network
IPv4
EncryptedIPv6 traffic overIPv4 tunnel
IPv4IPv6
Daymar
Switch
SAMEDaymar
Switch
PLAYTIME
Hopefully, you are now on the “IPv6 NET” Go to IPv6.google.com. Ping ipv6.google.com Ping each other’s address. Fun entering that…
huh? DNS will be HUGE in the future. Search for IPv6 enabled websites Do the PC associated commands NO IPv6 PORN…AKA PORN6? HAHA Remember, you are on my network!
Thank you for your time!
Useful PC diagnostic commands ipconfig or ipconfig /all ping -4 IP or ping -6 IPv6 address
Note, if running both…IPv6 wins by default tracert -4 IP or tracert -6 netstat – r or route print : shows PC routing
table (-4 or -6 will specify only that table) netstat –ps IPv6: Shows IPv6 traffic stats netstat –ps ICMPv6: Shows IPv6 ICMP stats netstat –ps TCPv6: Shows TCP stats netsh interface ipv6 show neighbor: shows
what IPv6 neighbors have been learned on local link