640 likes | 887 Views
IPv6 Overview. CIS 185 Advanced Routing (CCNP 1) Spring 2006 Rick Graziani Modified by S. G. Lee Based on Chapter 2: IPv6 Overview, Routing TCP/IP 2 nd Edition, Jeff Doyle and Jennifer Carroll. Background.
E N D
IPv6 Overview CIS 185 Advanced Routing (CCNP 1) Spring 2006 Rick Graziani Modified by S. G. Lee Based on Chapter 2: IPv6 Overview, Routing TCP/IP 2nd Edition, Jeff Doyle and Jennifer Carroll
Background • And when Vint Cerf and Bob Kahn invented TCP/IP for these networks, no one envisioned the Internet as it now is. • 32-bit address space, yielding almost 4.3 billion addresses, seemed inexhaustible. • The problem of IPv4 address exhaustion was recognized in the early 1990s, when various experts made projections showing that if the increasing rate of the allotment of IPv4 addresses continued, the entire address space could be depleted in just a few short years. • A new version of IP—known in the development stage as IP Next Generation or IPng, and which is now IPv6—was the proposed solution. • But it was recognized that developing the new standards would take time, and that a short-term solution to IPv4 address depletion also was needed. Rick Graziani graziani@cabrillo.edu
Background • That short-term solution was Network Address Translation (NAT). • Behind the NAT device, private IP addresses as specified in RFC 1918. • NAT has been so successful in slowing IPv4 address depletion, and has become such a standard part of most networks, that to this day many still question the need for a new version of IP. • There are two fundamental drivers behind the growing recognition of the need for IPv6. • The first is widespread vision of new applications using core concepts such as mobile IP, service quality guarantees, end-to-end security, grid computing, and peer-to-peer networking. • NAT stifles innovation in these areas, and the only way to get NAT out of the way is to make public IP addresses abundant and readily available. Rick Graziani graziani@cabrillo.edu
Background • The second fundamental driver for IPv6 is the rapid modernization of heavily populated countries such as India and China. • A compelling statistic is that the number of remaining unallocated IPv4 addresses is almost the same as the population of China: about 1.3 billion. • IPv6 replaces the 32-bit IPv4 address with a 128-bit address, making 340 trillion trillion trillion IP addresses available. Rick Graziani graziani@cabrillo.edu
IP Headers • The IPv4 header contains 12 basic header fields, followed by an options field and a data portion (usually the transport layer segment). • The basic IPv4 header has a fixed size of 20 octets. • The variable-length options field increases the size of the total IP header. • IPv6 contains five of the 12 IPv4 basic header fields. • The IPv6 header does not require the other seven fields. Rick Graziani graziani@cabrillo.edu
Routers handle fragmentation in IPv4, which causes a variety of processing issues. • IPv6 routers do not perform fragmentation. • Instead, a discovery process determines the optimum maximum transmission unit (MTU) to use during a given session. • In the discovery process, the source IPv6 device attempts to send a packet at the size that is specified by the upper layers, such as the transport or application layer. • If the device receives an “ICMP packet too big” message, it retransmits the MTU discover packet with a smaller MTU and repeats the process until it gets a response that the discover packet arrived intact. • Then it sets the MTU for the session. Rick Graziani graziani@cabrillo.edu
Address Representation • 128-bit IPv6 addresses are represented by breaking them up into eight 16-bit segments.(8개의 16비트 조각) • Each segment is written in hexadecimal between 0x0000 and 0xFFFF, separated by colons.(16비트 조각: 4 Hex) • An example of a written IPv6 address is 3ffe:1944:0100:000a:0000:00bc:2500:0d0b Rick Graziani graziani@cabrillo.edu
Rule 1: Leading 0’s - (선두 Hex 0는 삭제) • Two rules for reducing the size of written IPv6 addresses. • The first rule is: • The leading zeroes in any 16-bit segment do not have to be written; if any 16-bit segment has fewer than four hexadecimal digits, it is assumed that the missing digits are leading zeroes. Example 3ffe : 1944 : 0100 : 000a : 0000 : 00bc : 2500 : 0d0b 3ffe : 1944 : 100 : a : 0 : bc : 2500 : d0b Rick Graziani graziani@cabrillo.edu
Rule 1: Leading 0’s Practice 3ffe : 0404 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00 3ffe : 0000 : 010d : 000a : 00dd : c000 : e000 : 0001 ff02 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0005 Rick Graziani graziani@cabrillo.edu
Rule 1: Leading 0’s Practice 3ffe : 0404 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00 3ffe : 404 : 1 : 1000 : 0 : 0 : ef0 : bc00 3ffe : 0000 : 010d : 000a : 00dd : c000 : e000 : 0001 3ffe : 0 : 10d : a : dd : c000 : e000 : 1 ff02 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0005 ff02 : 0 : 0 : 0 : 0 : 0 : 0 : 5 Rick Graziani graziani@cabrillo.edu
Rule 1: Leading 0’s – (후미 Hex 0 – 유지) • Notice that only leading zeroes can be omitted; trailing zeroes cannot, because doing so would make the segment ambiguous. • You would not be able to tell whether the missing zeroes belonged before or after the written digits. 3ffe : 1944 : 100 : a : 0 : bc : 2500 : d0b Correct Original Address 3ffe : 1944 : 0100 : 000a : 0000 : 00bc : 2500 : 0d0b OR Wrong, Ambiguous Original Address 3ffe : 1944 : 1000 : a000 : 0000 : bc00 : 2500 : d0b0 Rick Graziani graziani@cabrillo.edu
Rule 2: Double colon :: equals 0000…0000 • The second rule can reduce this address even further: • Any single, contiguous string of one or more 16-bit segments consisting of all zeroes can be represented with a double colon. ff02 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0005 ff02 : 0 : 0 : 0 : 0 : 0 : 0 : 5 ff02 : : 5 ff02::5 Rick Graziani graziani@cabrillo.edu
Rule 2: Double colon :: equals 0000…0000 • Only a single contiguous string of all-zero segments can be represented with a double colon. (오직 한 개의 연속 0 조각만 제거) Example: Both of these are correct 2001 : 0d02 : 0000 : 0000 : 0014 : 0000 : 0000 : 0095 2001 : d02 :: 14 : 0 : 0 : 95 or 2001 : d02 : 0 : 0 : 14 :: 95 2001 : 0d02 : 0000 : 0000 : 0014 : 0000 : 0000 : 0095 2001 : d02 :: 14 : 0 : 0 : 95 OR 2001 : d02 : 0 : 0 : 14 :: 95 Rick Graziani graziani@cabrillo.edu
Rule 2: Double colon :: equals 0000…0000 • Using the double colon more than once in an IPv6 address can create ambiguity. (둘 이상의 연속 0 삭제는 혼란 초래) Example 2001:d02::14::95 • Illegal because the length of the two all-zero strings is ambiguous; it could represent any of the following IPv6 addresses: 2001:0d02:0000:0000:0014:0000:0000:00952001:0d02:0000:0000:0000:0014:0000:00952001:0d02:0000:0014:0000:0000:0000:0095 Rick Graziani graziani@cabrillo.edu
Network Prefixes (네트워크 마스크) • IPv4, the prefix—the network portion of the address—can be identified by a dotted decimal or hexadecimal address mask or a bitcount. 255.255.255.0 or /24 • IPv6 prefixes are always identified by bitcount. • The address is followed by a forward slash and a decimal number indicating how many of the first bits of the address are the prefix bits. 3ffe:1944:100:a::/64 Rick Graziani graziani@cabrillo.edu
All 0’s IPv6 Address • An IPv6 address consisting of all zeroes can be written simply with a double colon. • There are two cases where an all-zeroes address is used. • Default address, "Default Routes and On-Demand Routing," in which the address is all zeroes and the prefix length is zero: ::/0 • Unspecified address, which is used in some Neighbor Discovery Protocol procedures (later). • An unspecified address is a filler, indicating the absence of a real IPv6 address. • When writing an unspecified address, it is differentiated from a default address by its prefix length: ::/128 Rick Graziani graziani@cabrillo.edu
Three types of IPv6 The three types of IPv6 address follow: • Unicast • Anycast • Multicast • Unlike IPv4, there is no IPv6 broadcast address. • There is, however, an "all nodes" multicast address, which serves essentially the same purpose as a broadcast address. Rick Graziani graziani@cabrillo.edu
Global Unicast Addresses • A unicast address is an address that identifies a single device. • A global unicast address is a unicast address that is globally unique. • Global unicast addresses, we mean an address with global scope. • That is, an address that is globally unique and can therefore be routed globally with no modification. Rick Graziani graziani@cabrillo.edu
Global Unicast Addresses • The host portion of the address is called the Interface ID. • The reason for this name is that a host can have more than one IPv6 interface, and so the address more correctly identifies an interface on a host than a host itself. • But that subtlety only goes so far: • A single interface can have multiple IPv6 addresses, and can have an IPv4 address in addition. Rick Graziani graziani@cabrillo.edu
Global Unicast Addresses • Most striking difference between IPv4 addresses and IPv6 addresses, (aside from their lengths): location of the Subnet Identifier • Subnet Identifier is part of the network portion of the address rather than the host portion. Rick Graziani graziani@cabrillo.edu
Global Unicast Addresses • A big benefit of making the IPv6 Subnet ID field a part of the network portion of the address is that the Interface ID can be a consistent size for all IPv6 addresses, simplifying the parsing of the address. • And making the Subnet ID a part of the network portion creates a clear separation of functions: (?) • The network portion provides the location of a device down to the specific data link and • the host portion provides the identity of the device on the data link. Rick Graziani graziani@cabrillo.edu
Global Unicast Addresses • With very few exceptions: • Interface ID is 64 bits long • Subnet ID field is 16 bits • provides for 65,536 separate subnets • The IANA and the Regional Internet Registries (RIRs) assign IPv6 prefixes—normally /32 or /35 in length—to the Local Internet Registries (LIRs). • The LIRs, which are usually large Internet Service Providers, then allocate longer prefixes to their customers. In the majority of cases, the prefixes assigned by the LIRs are /48. Rick Graziani graziani@cabrillo.edu
Global Unicast Addresses Exceptions • If the customer is very large, a prefix shorter than /48 might be assigned. • If one and only one subnet is to be addressed, a /64 might be assigned. • If one and only one device is to be addressed, a /128 might be assigned. Rick Graziani graziani@cabrillo.edu
Correction in book FE80::/10 FEC0::/10 Rick Graziani graziani@cabrillo.edu
Identifying IPv6 Address Types • The first few bits of the address specify the address type. • For example, the first three bits of all global unicast addresses currently are 001, they all start with either 2 or 3. (0010 or 0011) • Binary 001 is expected to suffice for global unicast addresses for some time to come. FE80::/10 FEC0::/10 Rick Graziani graziani@cabrillo.edu
Local Unicast Addresses • Global unicast addresses • globally unique , therefore routed globally. • link-local unicast address • scope is confined to a single link. • Unique only on one link. • not routable off its link. • Address starts with 1111111010 (FE80::/10). FE80::/10 FEC0::/10 Rick Graziani graziani@cabrillo.edu
Local Unicast Addresses • Link-local addresses used for • Neighbor Discovery Protocol: that communicates only on a single link. • Devices that do not or have not yet been assigned global prefixes, ability to communicate with other devices. FE80::/10 FEC0::/10 Rick Graziani graziani@cabrillo.edu
Site-Local Unicast Addresses • IPv6 originally defined a site-local unicast address, similar toRFC 1918 IPv4 Addresses. (Private addresses) • As a result of these concerns, and after some heated debate, the IPv6 Working Group deprecated(전용) site-local addresses in RFC 3879. • An assurance has been given to those who see advantages in site-local addresses to introduce another scheme with similar "bigger scope than link but smaller scope than global" benefits, but as of this writing such a replacement scheme has yet to be seen. Rick Graziani graziani@cabrillo.edu
Anycast Addresses • An anycast address representsa service rather than a device • The same address can reside on one or more devices providing the same service. Rick Graziani graziani@cabrillo.edu
Anycast Addresses • A service is offered by three servers, all advertising the service at the IPv6 address 3ffe:205:1100::15. • The router, receiving advertisements for the address, does not know that it is being advertised by three different devices; instead, the router assumes that it has three routes to the same destination and chooses the lowest-cost route. • In this is the route to server C with a cost of 20. Preferred route Rick Graziani graziani@cabrillo.edu
Anycast Addresses • The advantage of anycast addresses is that a router always routes to the "closest" or "lowest-cost" server. • So servers providing some commonly used service can be spread across a large network and traffic can be localized or scoped to the nearest server, making traffic patterns in the network more efficient. • And if one server becomes unavailable, the router routes to the next nearest server. Preferred route Rick Graziani graziani@cabrillo.edu
Multicast Addresses • A multicast address identifies not one device but a set of devices—amulticast group. • A packet being sent to a multicast group is originated by a single device; therefore a multicast packet normally has a unicast address as its source address and a multicast address as its destination address. (unicast src addr, multicast dest addr) • IPv6 does not have a reserved broadcast address like IPv4, but it does have a reserved all-nodes multicast group. (FF02::1) FE80::/10 FEC0::/10 Rick Graziani graziani@cabrillo.edu
Multicast Addresses • Multicasting is essential to the basic operation of IPv6, particularly some of its plug-and-play features such as router discovery and address autoconfiguration. • These functions are a part of the Neighbor Discovery Protocol, discussed later. Rick Graziani graziani@cabrillo.edu
Multicast Addresses (Link-local) Rick Graziani graziani@cabrillo.edu
Neighbor Discovery Protocol (NDP) Provides plug-and-play features, using the following functions: • Router Discovery— Discover the local routers without • Prefix Discovery— Discover the prefix or prefixes assigned to that link. • Parameter Discovery— Discover other parameters such as the link MTU and hop limits for its connected link. • Address Autoconfiguration— Determine its full address, without DHCP. • Address Resolution— Discover the link-layer addresses of other nodes on the link without the use of Address Resolution Protocol (ARP). • Next-Hop Determination— Determine the link-layer next hop for a destination, either as a local destination or a router to the destination. • Neighbor Unreachability Detection(NUD)— Determine when a neighbor on a link, either another host or a router, is no longer reachable. • Duplicate Address Detection(DAD)— Determine if an address it wants to use is already being used by another node on the link. • Redirect— A router can notify a host of a better next-hop than itself to an off-link destination. The redirect function is a part of basic ICMP functionality in IPv4, but is redefined as part of NDP in IPv6. Rick Graziani graziani@cabrillo.edu
NDP Messages ( RFC 2461 ) • Uses ICMPv6 to exchange the messages, five new ICMPv6 messages • Router Advertisement (RA) messages are originated by routers to advertise their presence and link-specific parameters such as link prefixes, link MTU, and hop limits. • These messages are sent periodically, and also in response to Router Solicitation messages. • Router Solicitation (RS) messages are originated by hoststo request that a router send an RA. (간청) • Neighbor Solicitation (NS) messages are originated by nodes to request another node's link layer address and also for functions such as duplicate address detection and neighbor unreachability detection. • Neighbor Advertisement (NA) messages are sent in response to NS messages. If a node changes its link-layer address, it can send an unsolicited NA to advertise the new address. • Redirect messages are used the same way that redirects are used in ICMP for IPv4; they have merely been moved from being a part of the base ICMPv6 protocol to being a part of NDP. Rick Graziani graziani@cabrillo.edu
NDP Messages RA (Router Advertisement) - Address, prefix, link MTU Redirect - Suggest another Gateway RS (Router Solicitation) - Need RA from Router NS (Neighbor Solicitation) - Request another node's link layer address NA (Neighbor Advertisement) - Sent in response to NS Rick Graziani graziani@cabrillo.edu
NDP - Router Discovery • A router makes its presence knownby periodically sending RAs on its attached links. RA (Router Advertisement) - Address, prefix, link MTU - All-nodes multicast address (FF02::1) - Sent between 4 - 1,800 seconds, default every 200 seconds • Router(config)# ipv6 unicast-routing • : Cisco routers automatically send RAs on Ethernet and FDDI interfaces Rick Graziani graziani@cabrillo.edu
NDP - Router Discovery RS (Router Solicitation) Source Add: (::) or link-local layer Dest. Add: all-routers multicast(FF02::2) Immediate (.5 second delay) RA (Router Advertisement) Host adds router to default router list Dest. Add: unicast if source was link-local, otherwise multicast to all-nodes (FF02::1) When a host receives an RA, it adds the router to its default router list. If there is more than one router on the default router list, it could either rotate through the list, or select and keep a single router as default. Rick Graziani graziani@cabrillo.edu
NDP -Address Autoconfiguration • When an IPv6 host first becomes active on a link, it can self-configure its own interface address. • The first step • determination of the 64-bit Interface ID portion of the address. • A mechanism called MAC-to-EUI64 conversion is used. • The second step • Add link-local prefix is a reserved, well-known value of 0xFE80::/10 Rick Graziani graziani@cabrillo.edu
NDP -Address Autoconfiguration – Interface ID From : MAC Step (1) Step (2) Universal/Local (U/L) Rick Graziani graziani@cabrillo.edu
NDP -Address Autoconfiguration – Link Local Prefix Start with getting a Link-Local IPv6 Address • link-local prefix (0xFE80::/64) + EUI64 Interface Address. • can be used for communication with other devices on the same link. • For example, FE80::0200:0BFF:FE0A:2D51 Rick Graziani graziani@cabrillo.edu
NDP -Address Autoconfiguration – Link Local Prefix Original MAC: 0000:0B0A:2D51 Converted MAC: 0200:0BFF:FE0A:2D51 LINK LOCAL Add:FF80::0200:0BFF:FE0A:2D51 FE80::0200:0BFF:FE0A:2D51 11111110 10000000 [& 48 0’s]Interface ID [64 bits] Rick Graziani graziani@cabrillo.edu
NDP -Address Autoconfiguration – Link Local Prefix • Example of a link-local address, Ethernet interface "en1" on a Macintosh OS X host. • Using the link-local prefix FF80::/10 and a MAC-to-EUI64 conversion, an IPv6 interface derives its link-local address with no help from any other device: Rick Graziani graziani@cabrillo.edu
NDP - Address Autoconfiguration – Global Prefix • If the host only needs to communicate with devices on the link, autoconfiguring its link-local address is sufficient. • But if it needs to communicate with devices off-link, it needs an address with a wider scope—normally a global IPv6 address. • There are two ways it can acquire this address: • statefuladdress autoconfiguration • stateless address autoconfiguration Rick Graziani graziani@cabrillo.edu
NDP - Address Autoconfiguration – Global Prefix Stateful Address Autoconfiguration (Like IPv4 DHCP) • Consults a DHCPv6 server for the necessary address information: • Preconfigured to find a DHCPv6 server or • Received RA might have its M flag set telling it to use DHCPv6 • DHCPv6, described in RFC 3315, is not much different in its end results than DHCP for IPv4. RA (Router Advertisement) - Use DHCPv6 Server DHCPv6 Request Rick Graziani graziani@cabrillo.edu
NDP - Address Autoconfiguration – Global Prefix Stateless Address Autoconfiguration • Host acquires one or more link prefixes from the RAs it receives. • It then adds the prefix to its previously determined Interface ID, and it now has a globally unique IPv6 address. • Example, if the host received an RA advertising a prefix of 3FFE: 1104:404:1::/64, it would add that prefix to its Interface ID for a global address of 3FFE:1104:404:1:0200:0BFF:FE0A:2D51. RA (Router Advertisement) - Prefix of 3FFE:1104:404:1::/64 Original MAC: 0000:0B0A:2D51 Converted MAC: 0200:0BFF:FE0A:2D51 Router Adv: 3FFE:1104:404:1::/64 Global Add: 3FFE:1104:404:1:0200:0BFF:FE0A:2D51 Rick Graziani graziani@cabrillo.edu
NDP - Duplicate Address Detection • Use of MAC addresses to derive an Interface ID almost always guarantees a unique address of any scope. • Still wise to ensure that the address is unique. • Whenever a device acquires a unicast address, it must perform Duplicate Address Detection before using the address. • Required for stateful configuration, stateless configuration, or statically configured. • The only exception to the rule is an anycast address, because anycast addresses by definition can appear on more than one device. • There is also an exception for link local addresses. My Global Address is 3FFE:1104:404:1:0200:0BFF:FE0A:2D51 “Tentative”: Need to do Duplicate Address Detection Rick Graziani graziani@cabrillo.edu