CCIE L3 Ep.3 ~/8 June 2012/PCK3T.v6
IPv6 IS THE NEW NORMAL
WHY IPv6 ? Better, why IPv6 n o w?
Here there are some motivation to understand, design and deploy IPv6.
- IPv4 address have gone a bit of depletion. The Plan to Internet still running is IPv6;
- Services Providers around the world are adopting IPv6;
- Modern Operations Systems supports IPv6 natively;
- Netflix, Google, Youtube, Yahoo, Linkedin, Facebook and thousands of others supports IPv6;
- IPv6 supported network services during Brazil Olympic games (2016);
- BYOD and IoT Era;
IPv6 Protocol
IPv6 is much more than only more space address than IPv4. IPv6 implemented lesson learned from IPv4. For now, let’s compare Protocols headers:
As we can see, IPv6 header is much more simpler than IPv4:
Version: IPv6 value is 6.
Traffic Class: Uses to DissServ Code Point (DSCP).
Flow Label: Identity the packets in common stream/flow (traffic from SRC to DST). I need to read RFC 6437 :).
Playload Length: Size in bytes of payload or Payload+extension header ( without IPv6 header)
Next Header: This is equal protocol field in IPv4 header. This espacifies protocol on the next layer (6 TCP, 17 UDP, 58 ICMPv6, 88 EIGRP, 89 OSPF…)
Hop Limit: Renamed TTL field
Source and destionations address: Similar to Ipv4 source address and destination addres. But now, IPv6 addresses are 128bits.
IHL: IHL for IPv6 is not needed. IPv6 header is fixed at 40 bytes.
Type of Service: Now is Traffic Class.
Total Length: Size in bytes of IPv4 Header + Data payload.
Identification, Flags and Fragment Offset: Used to Intermediate device IPv4 fragmentation. InIPv6 fragmentation is a end-devices role.
Header Checksum:Not used on IPv6.
Options: used on extesion header in IPv6.
Padding: Not used because Ipv6 is fixed at 40bytes.
Non-broadcast Address
IPv6 remove broadcast address but give us support to some others:
The heart — ICMP for IPv6
ICMP ou ICMP for IPv4 basically send messages about the network diagnostics in two categories: Informational and Error. But another hand, for IPv6 the ICMPv6 is the core for IPv6 Networks.
ICMPv6 Neighbor Discovery
- Router Solicitation Message
- Router Advertisement Message
Used with dynamic address allocation (Router-Device) - Neighbor Solicitation Message
- Neighbor Advertisement Message
Used with address resolution (looks like ARP for IPv4) (device-device) - Redirect Message
Same idea as ICMPv4 redirect message
Migration to IPv6
- Dual-stack: Both IPv4 and IPv6 sharing the same network;
- NAT64: Translating between IPv4 and IPv6
- Native IPv6: All IPv6/ only IPv6
IPv6 and HEXADECIMAL NUMBERS
For more human friendly, 128bits of the IPv6 is represented in hexadecimal like 2001:0db8:0AAA:0011:0000:0000:0000:0000
Notes 1 Hex digit is equal 4 bits. Base 16 digits 0,1,2,3,4,5,6,7,8,9, A(10),B(11),C(12),D(13),E(14),F(15).
Rules for compressing IPv6 addresses
Rule 1 — Omitting zeros
2001:0db8:00AA:0011:0000:0000:0000:0000 before
2001:db8:AA:11:0:0:0:0 after
Rule 2 — Double cotton
2001:0db8:00AA:0011:0000:0000:0000:0000 before
2001:0db8:00AA:0011:: after
Notes: Double cotton must be applied once a time. Some thing like 2001:db8::AAAA:: is incorrect.
Applying two rule makes address more simplest: 2001:db8:AA:11::
Like IPv4 network and host portion using sub-net mask or prefix length, IPv6 defines prefix and Interface ID portion using prefix length.
Prefix network examples:
Prefix 2001:db8::/32 — InterfaceID (host address) 2001:db8::1/32
Prefix 2001:db8:1::/48 — InterfaceID 2001:db8:1::B/48
Prefix 2001:db8:CAFE::/48 — InterfaceID 2001:db8:CAFE::9/48
Prefix 2001:db8:CAFE:1::/64 — InterfaceID 2001:db8:CAFE:1::1234/64
Prefix 2001:db8:FACA:1234::/64 — InterfaceID 2001:db8:FACA:1234::FF/64
TYPES OF IPv6 ADDRESS
In this section, We look at all types of IPv6. That’s include Unicast, multicast, Anycast and its subtypes.
GUA — Global unicast Address
IPv6 Source field always a unicast (either Link-local or GUA) and IPv6 destination field can be unicast, multicast, or anycast.
GUA has the same idea of IPv4 public address. That is, globally unique and routable accross the world/Internet. Its scope address is 2000::/3 to 3FFF::/3. Range 2001:db8::/32 is reserved to documentation by RFC 2839 / RFC 6890. Because that, this scope is used a lot on this doc and many others around the world. by terminology, Prefix is equivalent to the network portion of an IPv4 address, prefix length equivalent to subnet mask in IPv4 and Interface ID equivalent to host portion of an IPv4 address.
keep in mind, It is recommended to NOT subnet into the /64 inferface ID. The exception for network infrastructure (router-to-router, router-to-switcher etc). Why ? It because the slaac will not work properly.
IPv6 allocation — PI vs PA
Provider independent address space: That’s address allocated direct from RIR and doesn’t from ISP. In this case, the costumer can change his ISP and keep with the same ip address range.
Provider Aggragatable Address space: The address is signed by ISP to a costumer.
Configuring a global unicast address
Global unicast address can be set with manual or dynamic settings. Manual includ static ou static + EUI64 and IPv6 unnembered. Dynamic mode can be stateless including SLAAC or SLAAC + DHCPv6. and also can be stafull DHCPv6 and DHCPv6-PD.
Notes: All 0’s and all 1’s are valid IPv6 host IP addresses.
! Static GUA on Cisco IOS
Router-josy(config)#interface eth0
Router-josy(conf-if)#ipv6 address 2001:db8:faca:1::0/64
Router-josy(config-if)#no shutdown! Static GUA + EUI 64 on Cisco IOS
Router-josy(config-if)#interface eth1
Router-josy(config-if)#ipv6 add 2001:db8:faca:2::/64 eui-64
Router-josy(config-if)#no shutodwn!ipv6 unicast-routing command is required to allow router foward IPv6 packets
Router-josy(config)#ipv6 unicast-routing
For router be able to forward packets, sends ICMPv6 RA and enable IPv6 routing ipv6, unicast-routing command must be set. In others words, became a IPv6 router.
Making our life easier using IPv6 General Prefix
Router-josy(config)#ipv6 general-prefix BEEF48 2001:db8:beef::/48
Router-josy(config)#interface eth2
Router-josy(config-if)#ipv6 address Beef48 0:0:0:88:1/64
Router-josy(config-if)#no shutdownGateways can use either link-local or gloabal unicast address of the router. keep in mind, Link-local unicast address is automatically created but static configuration is possible too (see next).
Understand Link Local address
Link local address has an import role inside IPv6 network. For dynamic routing protocol the link local address is used to exchange messages, for end-user link local of the router is used as a gateway and ICMPv6 Router solicitation uses link local address on IPv6 heard source address field.
The name link local means exactly “link” “network segment”. This address cannot be routable and must be unique only by “segment” “link”. Link local range is FE80::/10 thu FEBF::/10.
Link local address is automatically configured when IPv6 global address is set. On many operation systems, link local address utilizes fe80 + EUI 64.
!manual link local address on Cisco IOS
!links local must be unique only on linkRouter-josy(config)#interface ethernet0
Router-josy(config)#ipv6 address fe80::1 link-local
Router-josy(config)#interface ethernet1
Router-josy(config)#ipv6 address fe80::1 link-local
IPv6 Multicast Address
Multicast address is used by a device to send a single packet to multiple destinations simultaneously.
Two types of multicast address are assigned(RFC 2375) and solicited node.
IPv6 multicast address have the prefix ff00::/8.
Scope list:
0 Reserved
1 Interface-Local scope
2 Link-Local scope
5 Site-Local scope
8 Organization-Local scope
E Global scope
Flags
0 Permanent, well-known multicast address assigned by IANA (include assigned and solicited-node)
1 Non-permanetly-assigned.
Assigned multicast address with link-Local scope
!Forward IPv6 Packets
!Enables IPv6 static and dynamic routing
!Sends ICMPv6 Router advertisements
Router-josy(config)#ipv6 unicast-routing! To see multicast groups
Router-josy# show ipv6 interface Ethernet0
Assigned multicast address with Site-local Scope
Used to communicate within a site and could be routed within the site.
!To routed, must have IPv6 routing enabled
Router-josy(config)#ipv6 multicast-routingIPv6 Solicited-Node Multicast Addresses
It has the same ideia of ARP for IPv4, mapping IP address to MAC address. Opposite as occur on ARP, Neighbor solicited doesn’t broadcast based. All IPv6 devices has multicast group to MAC and IPv6 multicast addresses:
Solicited node scope
FF02::01:ff00:0000/104
Multicast L2 scope
33–33–xx–xx–xx–xx
Mapping Multicast address
Ethernet multicast destination address | IPv6 Multicast destination Address
33–33–00–00–00–01| FF02::1
33–33–00–00–00–02 | FF02::2
33–33–00–00–00–0A | FF02::A
SLAAC — Stateless address auto-configuration
SLAAC uses ICMPv6 to auto configure IPv6 address. There are three types or options to auto configuration with SLAAC:
- Options 1 SLAAC — No DHCPv6 ( Default on Cisco routers). Everything will be learning from router (prefix, prefix-length, and default gateway)
.Flags M and O set to zero
- Option 2 SLAAC + stateless DHCPv6. All information learned from DHCPv6 except default gateway address.
.Flag M set to one; Flag O set to zero
- Option 3 Additional information like DNS is learned from DHCPv6 server
.Flag M set to zero; Flag O set to one.
Two types of RA flags that’s RA contains:
- Other configuration Flag (‘O’ Flag): Default is zero. When set to 1 use RA for address and DHCPv6to additional information.
- Managed configuration Flag (‘M’ Flag): Default is zero. When set to 1 use get ALL information from DHCPv6 server, except default gateway.
- Address auto configuration Flag (‘A’ Flag): When set to 1 together flag M, allow multiple global unicast address. One from SLAAC (temporary) another from DHCPv6 server.
Notes: after receive a prefix, prefix-length and gateway an host can configure interface ID portion with EUI-64 or random value.
Duplicate Address Detection (DAD)
After receive information from RA, a host send a neighbor solicitation message to the network. If there isn’t neighbor advertisement the IPv6 is unique.
Not received NA = unique address
Received NA = Duplicate address
DHCPv6 CONFIGURATION
DHCP STATELESS
During IPv6 address configuration stateless + DHCPv6, the host get network information (like Prefix, prefix-length and Gateway) from IPv6 router and other information from DHCPv6 server.
Router-josy(config)#ipv6 unicast-routingRouter-josy(config)#ipv6 dhcp pool SRV-JOSY-DHCP
Router-josy(config-dhcpv6)#dns-server 2001:db8:cafe:9::99
Router-josy(config-dhcpv6)#domain-name josy.router.localRouter-josy(config)#interface eth0
Router-josy(config-if)# ipv6 nd other-config-flag
Router-josy(config)#ip dhcp server SRV-JOSY-DHCP
DHCP STATEFULL
All information will be get from DHCP server.
Router-josy(config)#ipv6 unicast-routingRouter-josy(config)#ipv6 dhcp pool SRV-JOSY-DHCP-STATEFULL
Router-josy(config-dhcpv6)#address prefix 2001:db8:cafe::/64
OU
Router-josy(config-dhcpv6)#address prefix 2001:db8:cafe:AAAA:/80 (all devices include AAAA on its ip addresses)Router-josy(config-dhcpv6)#dns-server 2001:db8:cafe:9::99
Router-josy(config-dhcpv6)#domain-name josy.router.localRouter-josy(config)#interface eth0
Router-josy(config-if)# ipv6 nd managed-config-flag
Router-josy(config-if)#ip dhcp server SRV-JOSY-DHCP-STATEFULL
DHCPv6 RELAY
DHCP relay using global unicast address
Router-josy(config)#ipv6 unicast-routingRouter-josy(config)#interface eth0
Router-josy(config-if)# ipv6 nd managed-config-flag
Router-josy(config-if)#ip dhcp relay destination 2001:db8:cafe:face::9a
DHCP relay using link local address
Router-josy(config)#ipv6 unicast-routingRouter-josy(config)#interface eth0
Router-josy(config-if)# ipv6 nd managed-config-flag
Router-josy(config-if)#ip dhcp relay destination fe80::9a eth1
DHCP relay using multicast
Router-josy(config)#ipv6 unicast-routing
Router-josy(config)#ipv6 multicast-routingRouter-josy(config)#interface eth0
Router-josy(config-if)# ipv6 nd managed-config-flag
Router-josy(config-if)#ip dhcp relay destination ff05::1:3!ff05::1:3 - All DHCPv6 servers
HANDS ON — Native IPv6 gateway redundancy
Tasks
JOSY-SW-1
Must be preferred gateway for the vlan 2000;
Linux host could be capable to detect the failure of the preferred gateway about 2seconds.
Interface vlan 2000 2001:db8:1:100::1/64
Interface vlan 2001 2001:db8:1:101::1/64
JOSY-SW-2
Must be preferred gateway for the vlan 2001;
Linux host could be capable to detect the failure of the preferred gateway about 2seconds.
Interface vlan 2000 2001:db8:1:100::2/64
Interface vlan 2001 2001:db8:1:101::2/64
!JOSY-SW-1interface Vlan2000
ipv6 address FE80::101 link-local
ipv6 address 2001:DB8:1:100::1/64
ipv6 nd router-preference High
ipv6 nd ra lifetime 2
ipv6 nd ra interval msec 1000
!
interface Vlan2001
ipv6 address FE80::101 link-local
ipv6 address 2001:DB8:1:101::1/64
ipv6 nd ra lifetime 2
ipv6 nd ra interval msec 1000
!JOSY-SW-2interface Vlan2000
ipv6 address FE80::102 link-local
ipv6 address 2001:DB8:1:100::2/64
ipv6 nd ra lifetime 2
ipv6 nd ra interval msec 1000
!
interface Vlan2001
ipv6 address FE80::102 link-local
ipv6 address 2001:DB8:1:101::2/64
ipv6 nd router-preference High
ipv6 nd ra lifetime 2
ipv6 nd ra interval msec 1000
Switches config verifications
Linux Host validation
