690 likes | 870 Views
Introduction, inc . Addressing and Autoconfiguration. Carlos Fria ças , FCCN cfriacas@fccn.pt Luc De Ghein , CISCO ldeghein@cisco.com. IPv6 workshop Krakow May 2012. Contents. Introduction to IPv6 IPv6 Protocol (headers & options) IPv6 Addressing IPv6 Associated Protocols
E N D
Introduction, inc. Addressing and Autoconfiguration Carlos Friaças, FCCN cfriacas@fccn.pt Luc De Ghein, CISCO ldeghein@cisco.com IPv6 workshop Krakow May 2012
Contents • Introduction to IPv6 • IPv6 Protocol (headers & options) • IPv6 Addressing • IPv6 Associated Protocols • Autoconfiguration
Introduction to IPv6 IPv6 workshop Krakow May 2012
Why a new version for IP ?Historical factsIPv4 address space statusFrom Emergency measures …… to IPv6
Historical facts 1983 : Research network for ~ 100 computers 1992 : Internet is open to the commercial sector : Exponential growth IETF urged to work on an IP next generation protocol 1993 : Exhaustion of the class B address space Forecast of network collapse for 1994 ! RFC 1519 (CIDR) published Updated by RFC 4632 in 2006 1995 : RFC 1883 (IPv6 specs) published First RFC about IPv6
How does address distribution work? • Hierarchical & Regional
IPv4 address space status Source: http://www.nro.net/wp-content/uploads/nro_stats_2011_q2.ppt
IPv4 Regional Allocations Source: http://www.nro.net/statistics
Exhaustion at the RIPENCC Service Region The last /8 (~16.7 million addresses) will be distributed according to a different and more restrictive policy
RIR Allocation Policies • AfriNIC: • http://www.afrinic.net/IPv6/index.htm • http://www.afrinic.net/docs/policies/afpol-v6200407-000.htm * • APNIC: • http://www.apnic.org/docs/index.html • http://www.apnic.org/policy/ipv6-address-policy.html * • ARIN: • http://www.arin.net/policy/index.html • http://www.arin.net/policy/nrpm.html#ipv6 * • LACNIC: • http://lacnic.net/sp/politicas/ • http://lacnic.net/sp/politicas/ipv6.html * • RIPE-NCC: • http://www.ripe.net/ripe/docs/ipv6.html • http://www.ripe.net/ripe/docs/ipv6policy.html * • *describes policies for the allocation and assignment of globally unique IPv6 address space
RIR Allocation Statistics • AfriNIC: • http://www.afrinic.net/statistics/index.htm • APNIC: • http://www.apnic.org/info/reports/index.html • ARIN: • http://www.arin.net/statistics/index.html • LACNIC: • http://lacnic.org/sp/est.html • RIPE-NCC: • http://www.ripe.net/info/stats/index.html
Emergency measures … CIDR Privateaddresses NAT
CIDR … Allocate former “class B” addresses exceptionally known as /16 prefixes since then Re-use “class C” address space Without any more address classes CIDR (Classless Internet Domain Routing) RFC 1519 updated by RFC 4632 network address = {prefix/prefix length} Classes abandon = less address waste allows aggregation => reduces routing table size
Allow private addressing plans Addresses are used internally Similar to security architecture with firewall Use of proxies or NAT to go outside RFC 2663, 2993 and 3022 Private addresses (RFC 1918)
NAT (continued) Advantages: Reduce the need of official (public) addresses Ease the internal addressing plan Transparent to some applications “Security” vs obscurity Netadmins/sysadmin Disadvantages: Translation sometimes complex (e.g. FTP) Apps using dynamic ports Does not scale Introduce states inside the network: Multihomed networks Breaks the end-to-end paradigm Security with IPsec => Should be reserved for small sites in Client/Server mode
Emergency Measures These emergency measures provided time to develop a new version of IP, named IPv6 IPv6 keeps principles that have made the success of IP Open architecture CIDR usage Corrects what was wrong with the current version (v4) Header simplification BUT are emergency measures enough?
From emergency to IPv6 IPv6 is already there … Internet v6 is there today : NRENs in EU, North America, Asia … are interconnected in IPv6 Lots of IXP are offering IPv6 connectivity Several transit providers already have IPv6 at their services portfolio Several content providers have deployed it, and are actively promoting IPv6 ISPs and Telcos exchange IPv6 routes Vista and Windows 2008 (servers) are IPv6 enabled by default Around 5400 ASNs already visible (source: CIDR report) Then the question is not “if” but “when?” and “how?”
IPv6 Protocol (headers & options) IPv6 workshop Krakow May 2012
IPv6 Header Comparison with IPv4IPv6 optional headers (extensions)Processing IPv6 headers Comparison with IPv4
IPv6 Header • The IPv6 header is designed • To minimize header overhead • and reduce the header process for most of the packets • Less important information and option fields are moved to extension headers • IPv6 & IPv4 headers are not interoperable
Options IPv4 Header 32 bits Ver. IHL ToS Total Length 32 bits Identifier flags fragment 20 Bytes TTL Protocol Checksum Source Address Destination Address 32 bits
IPv6 Header simplification 32 bits Ver. Traffic Class Flow label 128 bits Payload length Next Header Hop Limit Source Address 40 Bytes Destination Address (Extensions) Data 128 bits
IPv6: optional Extensions • New “mechanism” replacing IPv4 options • An IPv6 extension : • Every extension has its own message format • Is a n x 8-byte datagram • Starts with a 1-byte ‘Next Header’ field • Pointing to either another extension or a L-4 protocol • Hop-by-hop (jumbogram, router alert) • Always the first extension • Analyzed by every router.
IPv6: optional Extensions • Destination • Routing (loose source routing) • Fragmentation • Security • Authentication (AH) • Encapsulating Security Payload (ESP) : confidentiality
A -> R1 A -> B B R1 IPv4 header options processing A R1 IPv4 options : processed in each router slow down packets B
A -> B A -> R1 R1 B IPv6 ext. header processing A R1 IPv6extensions (except Hop-by-Hop)are processed only by the destination. B
Conclusion • Main changes in IPv6 protocol are within address format and datagram headers • A lot of fields in the IPv6 header have disappeared • More efficient processing in the (intermediate) routers • Optional extensions allow more functionalities (source routing, authentication, …) • Optional header mechanism allows new options introduction without modifying the protocol
IPv6 Addressing IPv6 workshop Krakow May 2012
IPv6 Addressing Scheme Types Formats Type Prefixes SpaceProduction Addressing Scheme Plans
IPv6 Addressing Scheme • Defined in RFC 4291 (2006) Updated by RFC5952 and RFC6052 (2010) Several previous versions Oldest is from 1995 (RFC1884) • 128 bits Addresses (hierarchy & flexibility) • Hexadecimal representation (0 to F) • 1 Interface can have several IPv6 addresses
IPv6 Addressing Scheme • There is no broadcast nor network address • Global Unicast IPv6 addresses format defined in RFC 3587 • CIDR principles usage: Prefix / Prefix length (or mask) 2001:660:3003::/48 2001:660:3003:2:a00:20ff:fe18:964c/64 Aggregation reduces routing table size
IPv6 Address Types • Unicast (one-to-one) • global • link-local • site-local (deprecated) • Unique Local (ULA) • IPv4-compatible (deprecated) • IPv6-mapped • Multicast (one-to-many) • Anycast (one-to-nearest) • Reserved Source: http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml
IPv6 Addressing Formats • Basic Format (Global, 16 bytes/128 bits) : • Compact Format • Literal Format • [2001:0DB8:3003:0001:0000:0000:6543:210F] 2001:0DB8:3003:0001:0000:0000:6543:210F 2001:660:3003:1:0:0:6543:210F 2001:0660:3003:0001:0000:0000:6543:210F 2001:0660:3003:0001:0000:0000:6543:210F 2001:DB8:3003:1::6543:210F 2001:660:3003:1:0:0:6543:210F
IPv6 Address Type Prefixes • Global Unicast assigments actually use 2000::/3 (001 prefix) • Anycast addresses allocated from unicast prefixes
IPv6 Address Space • Aggregatable Global Unicast Addresses (001): 1/8 • Unique Local Unicast addresses (1111 1110 00): 1/128 • Link-Local Unicast Addresses (1111 1110 10): 1/1024 • Multicast Addresses(1111 1111): 1/256 • More info: • http://www.iana.org/assignments/ipv6-address-space For Future Use In Use 1/2 1/4 1/8 1/8
Production Addressing Scheme (2) Glob. Rout. prefix subnet ID • LIRs receive by default /32 • Production addresses today are from prefixes 2001, 2003, 2400, etc. • Can request for more if justified • /48 used only within the LIR network, with some exceptions for critical infrastructures • /48 to /128 is delegated to end users • Recommendations following RFC6177 (2011) and current policies • /48 general case, /47 if justified for bigger networks • /64 if one and only one network is required • /128 if it is sure that one and only one device is going to be connected interface ID 001 Subnet ID (16 bits) Interface Identifier (64 bits) Global Routable Prefix (45 bits)
Production Addressing Scheme (3) • Source: • http://www.iana.org/assignments/ipv6-unicast-address-assignments • IPv6 Global Unicast Address Assignments [0] • [last updated 2008-05-13] • Global Unicast Prefix Assignment Date Note • --------------------- ---------- ------ ---- • 2001:0000::/23 IANA 01 Jul 99 [1] • 2001:0200::/23 APNIC 01 Jul 99 • 2001:0400::/23 ARIN 01 Jul 99 • 2001:0600::/23 RIPE NCC 01 Jul 99 • 2001:0800::/23 RIPE NCC 01 May 02 • 2001:0A00::/23 RIPE NCC 02 Nov 02 • 2001:0C00::/23 APNIC 01 May 02 [2] • 2001:0E00::/23 APNIC 01 Jan 03 • 2001:1200::/23 LACNIC 01 Nov 02
Public topology /48 Site topology /80 Network portion /64 Host portion /64 Production Addressing Scheme (4) 3 45 16 64 bits IANA/RIR/LIR Fixed Prefix End User Interface ID
Addressing Plans • Preparing an IPv6 addressing plan is not a trivial task • Needs timely planning • All remote network points and existing topologies need to be remembered • Keep in mind: • Aggregation = YES • Conservation = NO
Decisions • Do we perform reservations? If yes, which size? • All departments have the same relevance/status? And the same networking needs? • Where to start performing assignments? Where to assign the “2nd block”? • Which block is to be used on infrastructure? Which network masks are we going to use for plain point-to-point connections?
LANs – last 64 bits? • Addressisdefinedwith: • EmbeddedMAC Address • or • Fixed • Theautomaticaddressobtainedthroughautoconfiguration, whenthe NIC ischanged, forces: • A DNS AAAA record update • Checkservices’ configs • Updatescriptswhich use theaddress in a staticway
IPv6 AssociatedProtocols IPv6 workshop Krakow May 2012
IPv6 Associated Protocols New Protocols Neighbor Discovery (NDP) Address Resolution Path MTU Discovery
New Protocols (1) • New features are specified in IPv6 Protocol -RFC 2460 DS • Neighbor Discovery (NDP) -RFC 4861 DS • Updated by RFC 5942 • Auto-configuration : • Stateless Address Auto-configuration -RFC 4862 DS • DHCPv6: Dynamic Host Configuration Protocol for IPv6 -RFC 4361 PS (updated by RFC 5494) • Path MTU discovery (pMTU) -RFC1981 DS
New Protocols (2) • MLD (Multicast Listener Discovery) –RFC 2710 PS • Updated by RFC 3590 and RFC 3810 • Multicast group management over an IPv6 link • Based on IGMPv2 • MLDv2 (equivalent to IGMPv3 in IPv4) • ICMPv6 (RFC 4443 DS): • Updated by RFC 4884 • Covers ICMP (v4) features (Error control, Administration, …) • Transports ND messages • Transports MLD messages (Queries, Reports, …)
Neighbor Discovery for IPv6 (1) • IPv6 nodes (hosts and routers) on the same physical medium (link) use Neighbor Discovery (NDP) to: • discover their mutual presence • determine link-layer addresses of their neighbors • find neighboring routers that are willing to forward packets on their behalf • maintain neighbors’ reachability information (NUD) • not directly applicable to NBMA (Non Broadcast Multi Access) networks NDP uses link-layer multicast for some of its services.
NDP for IPv6 (2) • Protocol features: • Router Discovery • Prefix(es) Discovery • Parameters Discovery (link MTU, Max Hop Limit, ...) • Address Autoconfiguration • Address Resolution • Next Hop Determination • Neighbor Unreachability Detection • Duplicate Address Detection • Redirect
NDP (3) : comparison with IPv4 • The IPv6 Neighbor Discovery protocol corresponds to a combination of the IPv4 protocols: • Address Resolution Protocol (ARP) • ICMP Router Discovery (RDISC) • ICMP Redirect (ICMPv4) • Improvements over the IPv4 set of protocols: • Router Discovery is part of the base protocol set • Router Advertisements carry link-layer addresses and prefixes for a link, and enable Address Autoconfiguration • Multiple prefixes can be associated with the same link. • Neighbor Unreachability Detection is part of the base protocol set • Detects half-link failures and avoids sending traffic to neighbors with which two-way connectivity is absent • By setting the Hop Limit to 255, Neighbor Discovery is immune to off-link senders that accidentally or intentionally send ND messages.