560 likes | 786 Views
IPv6. Chapter 13. Objectives. Discuss the fundamental concepts of IPv6 Describe IPv6 practices Implement IPv6 in a TCP/IP network. Overview. Introduction to IPv6. Internet Protocol version 4 (IPv4) Created around 1979 32-bit IP address space – ~4 billion addresses
E N D
IPv6 Chapter 13
Objectives Discuss the fundamental concepts of IPv6 Describe IPv6 practices Implement IPv6 in a TCP/IP network
Introduction to IPv6 • Internet Protocol version 4 (IPv4) • Created around 1979 • 32-bit IP address space – ~4 billion addresses • Allocation methods wasted addresses • Internet Protocol version 6 (IPv6) • 128-bit addresses • Improved security, routing, other features
Three Parts to Chapter 13 • IPv6 Basics • Using IPv6 • Moving to IPv6
IPv6 Address Notation • 128-bits written in hexadecimal • 2001:0000:0000:3210:0800:200C:00CF:1234 • Pair of colons represent string of consecutive groups of zeroes • 2001::3210:0800:200C:00CF:1234 • Only one set of colon pairs per address • FEDC:0000:0000:0000:00CF:0000:BA98:1234 • FEDC::CF:0:BA98:1234
IPv6 Address Notation • IPv6 loopback address • ::1 • 0000:0000:0000:0000:0000:0000:0000:0001
Link-Local Address • Self-generated (in manner of IPv4 APIPA) • First 64-bits always FE80::/64 • Second 64-bits EUI-64 • Generated with calculation using MAC address • Most operating systems use EUI-64 • Extra steps in Windows Vista and Windows 7 • Guaranteed unique • Link-local address works on private networks
IPv6 Subnet Masks • Function like IPv4 subnet masks • Represented with /x CIDR naming • FEDC::CF:0:BA98:1234/64 • No subnet is ever longer than /64 • IANA gives out /32 subnets to big ISPs • ISPs pass out /48 and /64 subnets • Most IPv6 subnets are between /48 & /64
The End of Broadcast • Each link-local is a unicast address • Multicast addresses replace broadcast • FF02::2 only read by routers • FF02::1 all nodes address • FF02::1:FFxx:xxxx solicited-node address • Anycast • Used in DNS • Looks like a unicast to sending computer
Table 13.1 IPv6 Multicast Addresses Address Function FF02::1 All Nodes Address FF02::2 All Routers Address FF02::FFXX:XXXX Solicited-Node Address
Global Addresses • Globalunicast address • Required for Internet access • IPv6-capable gateway router gives to hosts • Router configured to do this • 2001:470:B8F9:1/64 • Router provides prefix • NIC generates the rest (using EUI-64) • 2001:470:B8F9:1:20C:29FF:FE53:45CA
Aggregation • Current problem with tier-one routers • No default routes • Huge routing table (30,000-50,000 routes)
Aggregation • Every router uses a subnet of the next higher router’s routes • Reduces size and complexity of tables • Gives detailed geographic picture • IP address shows location • Part of IPv6
How aggregation works • Gateway gives first 64 bits of IP address to computers • Gateway gets its 48-bit prefix from upstream • 2001:d0be:7922:1:fc2d:aeb2:99d2:e2b4 • Network prefix is 2001:dObe:7922:1 /64 • ISP’s network prefix 2001:D0BE /32 • ISP adds 16-bit subnet: 2001:d0be:7922/48 • At your gateway, tech adds 160bit subnet • Result: 2001:d0be:7922:1 /64
Aggregation and router changes • From ISP1 to ISP2 • New 32-bit prefix: 2ab0:3c05/32 • Downstream routers make an “all nodes” multicast • All clients get new IP addresses • IPv6 address changes rare but normal
Enabling IPv6 • Table 13.2 lists IPv6 status of operating systems • Check to see if IPv6 is running • IPCONFIG in Windows • IFCONFIG in Linux or Mac OS X
Table 13.2 IPv6 Adoption by IS Operating System IPv6 Status Windows 2000 Windows 2000 came with “developmental” IPv6 support. Microsoft does not recommend using Windows 2000 for IPv6. Windows XP Original Windows XP came with a rudimentary but fully fun- ctional IPv6 stack that had to be installed from the command prompt. SP1 added the ability to add the same IPv6 stack under the Install | Protocols menu. Windows Vista/Windows 7 Complete IPv6 support. IPv6 is active on default installs. Windows Server 2003 Complete IPv6 support. IPv6 is not installed by default but is easily installed via the Install | Protocolsmenu. Windows Server 2008 Complete IPv6 support. IPv6 is active on default installs. Linux Complete IPv6 support from kernel 2.6. IPv6 is active on default installs. Macintosh OS X Complete IPv6 support on all versions. IPv6 is active on default installs.
NAT in IPv6 • NAT not used in IPv6 • All IP addresses exposed to the Internet • Huge address space makes IP scanning nearly impossible • IPSec important for security • Security options beyond IPv6 • Encryption • Firewall
DHCP in IPv6 • DHCPv6 • Works differently than in IPv4 • IP address and subnet received from gateway router • Need DCHPv6 for other IP information • Two modes of DHCPv6 • Stateful – works like DHCP in IPv4 • Stateless – only passes out optional information • Stateless is the norm
DNS in IPv6 • Trivial • Most DNS servers now support IPv6 addresses • DNS servers supporting IPv6 use AAAA records • DNSv6 details not finalized • For now manually add DNS server information to IPv6 clients
IPv4 and IPv6 • What is not ready for IPv6? • Most home routers • Some Internet routers • What is ready for IPv6? • Most recent operating systems • All root DNS servers • All tier-one ISP routers
Tunnels • IPv4-to-IPv6 tunnels bridge the gap • Encapsulate IPv6 traffic into an IPv4 tunnel • Endpoints at IPv6 client and IPv6 router
6to4 Tunnels • 6to4 dominant tunneling protocol • Does not require a tunnel broker • Usually connects two routers • Normally requires public IPv4 address • Uses public relay routers • 192.88.9.1 is 6to4 anycast address • Challenging to set up
6in4 Tunnels • 6in4 • Most popular tunneling protocol • One of only two that is NAT traversal
Teredo Tunnels • Teredo • NAT-traversal IPv6 tunneling protocol • Built into Microsoft Windows • Addresses start with 2001:0000 /32 • Many people use third-party tool
ISATAP • Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) • Works within an IPv4 network • Adds IPv4 address to an IPv6 prefix for endpoints • 2001:db8::98ca:200:131.107.28.9.