1 / 48

There’s No Place Like ::1 - IPv6 for Dummies

SESSION CODE: WSV328. There’s No Place Like ::1 - IPv6 for Dummies. Marc Michault Technologist Sidem Systems Solutions. WHAT DOES IT ALL MEAN? Feeling like a dummy…. ? ? ? ?. AGENDA. Packet Overview and IPv6 Addresses Configuration (and Auto-Configuration ) Name Resolution

rex
Download Presentation

There’s No Place Like ::1 - IPv6 for Dummies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SESSION CODE: WSV328 There’s No Place Like ::1 - IPv6 for Dummies Marc Michault Technologist Sidem Systems Solutions

  2. WHAT DOES IT ALL MEAN?Feeling like a dummy… ? ? ? ?

  3. AGENDA • Packet Overview and IPv6 Addresses • Configuration (and Auto-Configuration ) • Name Resolution • Transition Technologies

  4. I - Packet Overview and IPv6 Addresses • Packet Overview • How to Write IPv6 Addresses • Subnetting • Address Types • Unicast • Multicast

  5. THE IPv6 PACKETNew and improved… • IPv6 uses 128 bit addresses • Reduced header for faster routing • Options in Extensions Headers • Supports IPSec(specific extension headers) • Supports QoS (Flow Label in header) Extension x8-byte Protocol Data Unit (PDU) Extension x8-byte IPv6 Header 40-byte …

  6. IPv6 ADDRESSESHow to write them • Use colons to separate 8 blocks of 4 hexadecimal digits • Leading zeros removed • Block of zeroes compressed • Once only… 1111 1101 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0010 0001 0000 0000 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0101 0001 0100 0011 FD000000000000210001000000005143 FD00:0000:0000:0021:0001:0000:0000:5143 FD00:0:0:21:1:0:0:5143 FD00:0000:0000:0021:0001:0000:0000:5143 FD00:0:0:21:1:0:0:5143 FD00::21:1:0:0:5143 FD00::21:1:0:0:5143 FD00::21:1::5143 FD00::21:1:0:0:5143

  7. SUBNETTINGVariable-length subnet mask is rarely changed from default… • By default: • 48-bit Network ID • 16-bit Subnet ID • 64-bit Interface ID • Prefix in CIDR notation: • Address/Prefix length: FD00::21:1:0:0:5143/96 Subnet 16-bit Network ID48-bit Interface ID64-bit

  8. IPv6 ADDRESS TYPESMeet the family • A node typically has multiple IPv6 addresses • Link-Local Unicast • Interface IDs • Global Unicast • Unique Local Unicast • Multicast addresses • Solicited Node • Link-Layer multicast addresses • Tunnel interfaces • Special (Reserved)

  9. LINK-LOCAL IPv6 ADDRESSESWelcome to the neighborhood • FE80::/64 • Similar use to APIPA addresses (169.254.0.0) • Always present • Required for link-local operations

  10. ZONE (Scope) IDENTIFIERSWhich link are we using? • Local-use addresses can be reused • To avoid confusion a ZONE ID indicates the link • On Windows represents the interface index • Syntax: • ADDRESS%ZONE_ID • Example:FE80::C582:1680:D349:A6BF%13

  11. GLOBAL UNICAST IPv6 ADDRESSESPublic IPv6 Internet • Similar use to public IPv4 addresses • 2000::/3 (= 2000-3FFF) • 2001 used for Teredo and 2002 for 6to4 IPv4 compatibility solutions • 45-bit Global Routing Prefix, 16-bit Subnet ID

  12. UNIQUE LOCAL IPv6 UNICAST ADDRESSESPrivate IPv6 Intranets • Similar use to private IPv4 addresses (RFC 1918) • Site-Local addresses (FEC0::) deprecated • FC::/7 • but 8th bit defines “local” so FD:: “local”

  13. MULTICAST IPv6 ADDRESSESCalling on all members • Used for link-local operations • No broadcast in IPv6 • FF followed by 4-bit flags and 4-bit scope 1=Interface-Local 2=Link-Local 5=Site-Local Scope Flags 1=All Nodes 2=All Routers

  14. COMMON MULTICAST ADDRESSESExamples • Nodes • FF01::1 – Interface-Local All Nodes • FF02::1 – Link-Local All Nodes • Routers • FF01::2 – Interface-Local All Routers • FF02::2 – Link-Local All Routers • FF05::2 – Site-Local All Aouters

  15. SOLICITED NODELink-local address-associated multicast address • Nodes registers multicast address associated to their IPv6 addresses • Syntax:FF02::1:FF00:0/104 + <last 24 bit of IPv6 address Interface-ID> • Used to obtain link-layer address of interface • FE80::C582:1680:D349:A6BF • FE80::C582:1680:D349:A6BF • FF02::1:FF49:A6BF • FF02::1:FF49:A6BF

  16. LINK-LAYER MULTICAST ADDRESSMAC multicast addresses registered by interface • Nodes also register MAC multicast addresses associated to their IPv6 multicast addresses • Syntax:33-33 + <last 32 bit of IPv6 multicast address> • Used to respond to associated IPv6 multicasts at the link layer • 33-33-FF-49-A6-BF • 33-33-00-00-00-01

  17. RESERVED ADDRESSES & ROUTINGWhere shall I go? • ::1: Localhost • :: : Undefined address • Routing is similar to IPv4 • Router • Can be defined automatically by advertisement • ICMPv6 Router Solicitation and Router Advertisement

  18. II – Auto-Configuration • Stateful and Stateless Configuration • Neighbor Discovery • Address Auto-Allocation • Router Discovery

  19. IPv6 ADDRESS ALLOCATIONHow to get them • Stateless • Link-Local Neighbor Discovery • Router Advertisement • Stateful • Manual • DHCPv6

  20. NEIGHBOR DISCOVERYKeeping up with the Joneses… • ICMPv6 Options Types: • 1-127: Error codes • 128-255: Informational codes • Neighbor Discovery uses ICMPv6 packets • With specific informational options types • Sent to multicast • Advertisements sent: • Routinely (to link-local all nodes multicast) • In response to a request (to unicast of requester)

  21. Neighbor Advertisement ICMPv6 Options Type: 136 MAC Src: Dest. IPv6: Src: Dest: Target: Option: NEIGHBOR DISCOVERYKeeping up with the Joneses… BLUE IPv6: FE80::2AA:FF:FE11:1111 MAC: 00-AA-00-AA-AA-AA • 00-AA-00-BB-BB-BB • 00-AA-00-AA-AA-AA • FE80::2AA:FF:FE22:2222 • FE80::2AA:FF:FE11:1111 • FE80::2AA:FF:FE22:2222 • 00-AA-00-BB-BB-BB • White MAC Addr. • Blue MAC Addr. • White IPv6 Addr. • Blue IPv6 Addr. • White IPv6 Addr. • White MAC Addr. Neighbor Solicitation ICMPv6 Options Type: 135 MAC Src: Dest. IPv6: Src: Dest: Target: Option: • 00-AA-00-AA-AA-AA • 33-33-FF-22-22-22 • FE80::2AA:FF:FE11:1111 • FF02::1:FF22:2222 • FE80::2AA:FF:FE22:2222 • Source Link-Layer Address • Blue MAC Addr. • White Solicited. Addr. • Blue IPv6 Addr. • White Solicited Addr. • White IPv6 Addr. • Source Link-Layer Address White IPv6: FE80::2AA:FF:FE22:2222 MAC: 00-AA-00-BB-BB-BB

  22. IPv6 ADDRESS AUTO-ALLOCATIONHow to get mine • Neighbor Solicitation with auto-assigned address • But source is ::(unspecified address) • Address is defined as“Tentative” • Host still cannot receive unicast packets sent to that address • If a conflict exist a Neighbor Advertisement is sent by conflicting machine • If not, address is kept • Address is defined as “Valid” • Host can receive unicast packets sent to that address

  23. Router Advertisement ICMPv6 Options Type: 134 MAC Src: Dest. IPv6: Src: Dest: Target: Option: ROUTER DISCOVERYThis way out… BLUE • Router MAC Addr. • Nodes Multicast • Router IPv6 Addr. • Link-Local Nodes Multicast • Router IPv6 Addr. • Router IPv6 Addr., MTU, • Prefixes… • 00-AA-00-CC-CC-CC • 33-33-00-00-00-01 • FE80::2AA:FF:FE33:3333 • FF02::1 • FE80::2AA:FF:FE33:3333 • 00-AA-00-CC-CC-CC, MTU, • Prefixes… ROUTER IPv6: FE80::2AA:FF:FE33:3333 MAC: 00-AA-00-CC-CC-CC

  24. Router Advertisement ICMPv6 Options Type: 134 MAC Src: Dest. IPv6: Src: Dest: Target: Option: ROUTER DISCOVERY (REQUESTED)Get me out of here… BLUE IPv6: FE80::2AA:FF:FE11:1111 MAC: 00-AA-00-AA-AA-AA • 00-AA-00-CC-CC-CC • 00-AA-00-AA-AA-AA • FE80::2AA:FF:FE33:3333 • FE80::2AA:FF:FE11:1111 • FE80::2AA:FF:FE33:3333 • 00-AA-00-CC-CC-CC, MTU, • Prefixes… • Router MAC Addr. • Blue MAC Addr. • Router IPv6 Addr. • Blue IPv6 Addr. • Router IPv6 Addr. • Router IPv6 AddrC, MTU, • Prefixes… Router Solicitation ICMPv6 Options Type: 133 MAC Src: Dest. IPv6: Src: Dest: Target: Option: • Blue MAC Addr. • Router Multicast • Blue IPv6 Addr. • Link-Local Router Multicast • White IPv6 Addr. • Source Link-Layer Address • 00-AA-00-AA-AA-AA • 33-33-00-00-00-02 • FE80::2AA:FF:FE11:1111 • FF02::2 • FE80::2AA:FF:FE22:2222 • Source Link-Layer Address ROUTER IPv6: FE80::2AA:FF:FE33:3333 MAC: 00-AA-00-CC-CC-CC

  25. IPv6 STATEFUL ADDRESS ALLOCATIONManaged configuration • Manual • Just say NO! • DHCPv6 • IPv6 Scope • Additional IP configuration • DNS, etc…

  26. III – Name Resolution • Link-Local Multicast Name Resolution • Peer Name Resolution Protocol • Domain Name Service

  27. NAME RESOLUTIONWhat’s in a name? • Local subnet • Link-Local Multicast Name Resolution • Internet • Peer Name Resolution Protocol • DNSv6 • Stateful naming • AAAA records • Reverse pointer

  28. LINK-LOCAL MULTICAST NAME RESOLUTION (LLMNR)Neighbors’ names • DNS-Like packets sent over multicast • FF02::1:3 destination on IPv6 • 224.0.0.252 for IPv4 • UDP Port 5355(can also use TCP) • Replaces the Browser service 

  29. PEER NAME RESOLUTION PROTOCOL (PRNP)Beyond the neighborhood • Name is hashed • Defines a proximity based on the hash • Each node maintain hashes of neighborhood names: • Distributed cache • Forms the PRNP “Cloud” • Can link with the DNS namespace (PRNP.Net) • Used by EasyConnect in Remote Assistance

  30. PEER NAME RESOLUTION PROTOCOL (PRNP)Functioning BILL670000 Hash STATION-1 ? HOME674000 673456 ? STATION-1673456

  31. DNSv6AAAA Rating • IPv6 records are registered with AAAA records • Reverse records are registered in IP6.IANA namespace • Reverse notation per hexadecimal digit • For example, pointer to 2001:0DB8:DADA::BEEF:1: 1.0.0.0.F.E.E.B.0.0.0.0.0.0.0.0.0.0.0.0.A:D:A:D.8.B:D.0.1.0.0.2.ip6.arpa. IN PTR • Will try to respond with the appropriate record • IPv6 or IPv4

  32. SUMMARYSo, what can I do with this stuff? • Peer-to-Peer Name Resolution (PPNR) • EasyConnect • People Near Me • Meeting Space (snif, snif, Vista ) • HomeGroup • DirectAccess • Etc…

  33. IV – Transition Technologies • Tunneling • ISATAP • 6to4 • Teredo

  34. TUNNELINGJamming an IPv6 packet into IPv4 • IPv6 (including header with addresses) is the IPv4 payload • Packet type set to 41 to indicate an encapsulated IPv6 packet • IPv6Header • IPv6Header • ExtensionHeader • ExtensionHeader • ExtensionHeader • ExtensionHeader • Protocol Data Unit • Protocol Data Unit • IPv4 Protocol Data Unit • IPv4Header

  35. ISATAPIntra-Site Automatic Tunnel Addressing Protocol • Purpose: Provide applications IPv6 support on an IPv4 network • IPv6 addresses for IPv4 hosts • IPv4 intranet seen as one link • Generates: • ::0:5EFE:w.x.y.z (private IPv4 address) • ::200:5EFE:w.x.y.z(public IPv4 address) • With either • FE80::/64 Link-Local • ISATAP Router advertised prefix • Packets from/to that address are transported via IPv4 IPv4 address

  36. ISATAPAddress Allocation 192.168.41.30 192.168.41.30 2001:DB8:0:7:0:5EFE:192.168.41.30 FE80::5EFE:192.168.41.30 Router Advertisement2001:DB8:0:7::/64 IPv6 Network IPv4 Intranet ISATAP Router 10.40.1.29 10.40.1.29 FE80::5EFE:10.40.1.29 2001:DB8:0:7:0:5EFE:10.40.1.29

  37. 6to4Usage and functioning • Purpose: Allow IPv6 networks to communicate through the IPv4 Internet • Entire IPv4 Internet seen as 2002:WWXX:YYZZ:: range • 6to4 Relay offers addresses in the 2002:WWXX:YYZZ::range… • To intranet IPv6 hosts • From the WW.XX.YY.ZZexternal IPv4 address of the 6to4 Relay

  38. 6to4Address Generation 2002:836B:1759:5::1 Router Advertisement2002:836B:1759:5::/64 External address:131.107.23.89 IPv6 Network In hex=836B:1759 6to4 Relay IPv4 Internet 2002:836B:1759:5::2

  39. TEREDOUsage and functioning • Purpose: Allow IPv6 hosts to communicate through (multiple) IPv4 NATs • IPv6 does not like NAT  • Used as a last resort… • Hosts obtain Teredo addresses that contain: • Teredo assigned address range (2001::/32) • Public IPv4 address of their Teredo server • Obscured public IPv4 address and port for Teredo traffic on their NAT • Sends “bubble” packets to port 3544 to derive port mapping for destination: • Through destination host‘s Teredo server when initial packet is blocked by NAT • Then derive valid port mapping from destination host’s response bubble message

  40. TEREDOUsage and functioning NAT NAT Teredo server Teredo server

  41. Track Resources • WWW.Microsoft.Com/IPv6 • “Introduction to IPv6” & “IPv6 Transition Technologies” white papers MSPress “Understanding IPv6, Second Edition”, Joseph Davies • Wikipedia 

  42. FINAL WORDS • IPv6 is meant to be machine-readable… • …not human-readable! • IPv6 is still work in progress… • …things changes with Windows versions • Transition technologies are just that… • Don’t worry, it’s just zeroes and ones…

  43. Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn

  44. Complete an evaluation on CommNet and enter to win!

  45. Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year

  46. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related