210 likes | 458 Views
Sybex CCNA 640-802 Chapter 13: IPv6. Chapter 13 Objectives. The CCNA Topics Covered in this chapter include: What is IPv6? Why do we need IPv6? IPv6 Addressing Address types Special Addresses Autoconfiguration Configuring IPv6 Tunneling. 2. What is IPv6? (and why is it good?).
E N D
Sybex CCNA 640-802 Chapter 13: IPv6
Chapter 13 Objectives The CCNA Topics Covered in this chapter include: • What is IPv6? • Why do we need IPv6? • IPv6 Addressing • Address types • Special Addresses • Autoconfiguration • Configuring IPv6 • Tunneling 2
What is IPv6? (and why is it good?) People refer to IPv6 as “the next-generation Internet protocol,” and it was originally created as the answer to IPv4’s inevitable, looming address-exhaustion crisis. Though you’ve probably heard a thing or two about IPv6 already, it has been improved even further in the quest to bring us the flexibility, efficiency, capability, and optimized functionality that can truly meet our ever-increasing needs. [One benefit of using NAT, CIDR and private addressing is that they have given us time to tweak IPv.6 so that we now have a much-improved version of what originally a protocol with compatibility a performance issues. Now that we have IPv6, however, NAT should just go away, or to paraphrase the Philadelphia sports fans, “Go NAT, and take PAT with you!] 3
0 8 16 31 version hdr len TOS length ident flags offset TTL protocol checksum source address destination address options (variable) pad (variable) What is IPv6? (continued) • Why does NAT suck? First because it’s a chokepoint on a network, through which every packet must pass and be altered. This is a lot of overhead and it slows down the network. Second, it’s a security nightmare. It complicates every service on your network and forces them all to install kluges, hacks and workarounds. • Another IPv6 benefit is the form of the IP header (next page). The required items are moved to the front of the header and all the options are put into an extension header (next page).The IPv4 header is something of a jumble (below) with 10 fields and a number of flags.
0 8 16 31 version priority flow label payload length next header hop limit source address 4 words destination address 4 words options (variable number, usually fixed length) What is IPv6? (continued) • The IPv6 header has only six fields and no flags. • This is one example of an extension header. 0 8 16 31 next header reserved offset reserved M ident
0 8 16 31 next header length type value 0 8 16 31 next header 0 194 0 Payload length in bytes What is IPv6? (continued) • Three other examples of extension headers. 0 8 16 31 next header 0 # of addresses next address strict/loose routing bitmap 1 – 24 addresses
IPsec Architecture with IPv.6 Transport Mode Router Router Tunnel Mode • With NAT, your end-to-end connection ended at the router; but with IPv6, NAT goes away because you no longer need to translate from public to private addresses and vice-versa. So, the tunnel can now go from one end device all the way to the other. What IPSec has always called “transport mode”.
Why do we need IPv6? • Because we need to communicate, and our current system isn’t really cutting it anymore—kind of like how the Pony Express can’t compete with airmail. Just look at how much time and effort we’ve invested in coming up with slick new ways to conserve bandwidth and IP addresses. • The amount of people and devices that connect to networks increases each and every day. • With more addresses in existence every day, we need to organize them better. The structure of the IPv6 address allows them to be easily placed into a hierarchy and to be aggregated more efficiently. With IPv4 this was handled by using CIDR and by supernetting addresses. With IPv6 everything you need to place an address into a routing table is contained in the address itself – no need to borrow bits or to treat the address as something different just for the purpose of creating a routing table. 8
IPv6 Addressing IPv6 addresses are 128 bits • IPv.6 gives us 3.4 x 10^38 addresses, or 340,000,000,000,000,000,000,000,000,000,000,000,000 – more or less. • For those of you keeping track, this is either 340 undecillion (the American version), or 340 sextillion (British version), or a s***load (my first impression). 9
Shortened Expression • You can actually leave out parts of the address to abbreviate it, but to get away with doing that you have to follow a couple of rules. • First, you can drop any leading zeros in each of the individual blocks. • After you do that, the sample address from earlier would then look like this: • 2001:db8:3c4d:12:0:0:1234:56ab • Okay, that’s a definite improvement—at least we don’t have to write all of those extra zeros! But what about whole blocks that don’t have anything in them except zeros? Well, we can kind of lose those too—at least some of them. Again referring to our sample address, we can: • remove the two blocksof zeros by replacing them with double colons, like this: • 2001:db8:3c4d:12::1234:56ab • (Each number separated by double colon represents 2 bytes, 4 Hex chars.) 10
Address Types • Unicast: 1-1 • Global Unicast • Link-local: private address • This is the equivalent of our 10.x.x.x or 192.168.x.x addresses. Their “scope” is “local”. One step up from this are Site-local addresses: They have a broader scope than link-local (they have one extra bit) and are intended to cover an entire “site”, or a company, for example. These have been largely replaced, however, by “Unique Local” addresses, below, because of confusion over what made up a “Site”. • Unique Local: globally unique (the IETF allocated a block of addresses as a non-routable subnet for use as private addresses. Not exactly like IPv4 addresses, they can be seen by other routers, but only a very small chance that they might overlap. A Registry exists to ensure no overlap. • Multicast: 1-many • Anycast: 1-one of many 11
Special Addresses 0:0:0:0:0:0:0:0 Equals ::. This is the equivalent of IPv4’s 0.0.0.0, and is typically the source address of a host when you’re using stateful configuration. 0:0:0:0:0:0:0:1 Loopback test Equals ::1. The equivalent of 127.0.0.1 in IPv4. 0:0:0:0:0:0:192.168.100.1 This is how an IPv4 address would be written in a mixed IPv6/IPv4 network environment. 2000::/3 The global unicast address range. (Like any IPv4 address) FC00::/7 The unique local unicast range. (Like the IPv4 private addresses: 10.x.x.x, etc.) FE80::/10 The link-local unicast range. (Also meant for private addressing, but with the addition of being unique – imagine if you used the 192.168.x.x range for your company, and no other company used that range). 12
Special Addresses Cont. FF00::/8 The multicast range. (a one-to-many packet, just as with the 224 to 239 range in IPv4) 3FFF:FFFF::/32 Reserved for examples and documentation. (like Class E in IPv4) 2001:0DB8::/32 Also reserved for examples and documentation. (also like Class E in IPv4) 2002::/16 Used with 6to4, which is the transition system—the structure that allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels. 13
Autoconfiguration RS: Router Solicitation RA: Router Advertisement Autoconfiguration simplifies address assignment and network renumbering when you change your internet connection. 14
Stateless Address Autoconfiguration (from another PPt) • 3 ways to configure network interfaces: Manually, Stateful, Stateless • IPSAA IPv6 addr. Separated into 2 2 parts: network and interface id. • Link- local addresses: prefix FE80::0 + interface identifier (EUI-64 format) • Obtain network id through Router solicitation (RS)
Configuring IPv6 In order to enable IPv6 on a router, you have to use the ipv6 unicast-routingglobal configuration command: Corp(config)#ipv6 unicast-routing IPv6 isn’t enabled by default on any interfaces either, so we have to go to each interface individually and enable it. You use the interface configuration command ipv6 address <ipv6prefix>/<prefix-length> [eui-64] to get this done. Here’s an example: Corp(config-if)#ipv6 address 2001:db8:3c4d:1:0260.d6FF.FE73.1987/64 You can specify the entire 128-bit global IPv6 address or you can use the eui-64 option. Remember, the eui-64 format allows the device to use its MAC address and pad it to make the interface ID. Corp(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64 16