Scribd
Upload
10 views

Lecture 3

This document provides an overview of IPv6 including: 1) Current deployment status showing increasing adoption globally and testing in New Zealand. 2) Mechanisms for IPv6 address configuration including Stateless Address AutoConfiguration (SLAAC) and Stateful address autoconfiguration using DHCPv6. 3) Tunnelling technologies like 6to4 that allow IPv6 connectivity over IPv4 infrastructure.

Uploaded by

Hạnh Hoàng Đình
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

Lecture 3

This document provides an overview of IPv6 including: 1) Current deployment status showing increasing adoption globally and testing in New Zealand. 2) Mechanisms for IPv6 address configuration including Stateless Address AutoConfiguration (SLAAC) and Stateful address autoconfiguration using DHCPv6. 3) Tunnelling technologies like 6to4 that allow IPv6 connectivity over IPv4 infrastructure.

Uploaded by

Hạnh Hoàng Đình
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

COSC301 Network Management

Lecture 3: IPv6 Bootcamp

Zhiyi Huang <[email protected]>


University of Otago
Overview
l Brief look at current deployment status
l Recap common IPv6 addresses
l Basic mechanisms of IPv6
l StateLess Address AutoConfiguration (SLAAC)
l Stateful address autoconfiguration (DHCPv6)
l Tunnelling (SIT, 6to4, Toredo)
l Security issues
March 2014 IPv6 status
l IANA ran out of IPv4 /8 address blocks, Feb’11
l RIRs running out of theirs, e.g. APNIC (Apr’11)
l The world is feeling the IPv4 pressure
l Double-layer NAT common in India and China
l Large telcos rolling out IPv6 to cell-phones
l March 31st: DHCPv6 will give leases to any
registered device at CERN
l Difficulties remain:
l IOS6 and Android don't have a DHCPv6 client
March 2013 IPv6 status (cont)
l Some NZ service providers rolling out IPv6
infrastructure in test environment.
l Govt websites are available over IPv6

l World IPv6 Day 8th June 2011


l Focused on web servers
l The world didn’t end

l World IPv6 Launch 6th June 2012


l Provision turned on, and stayed on!
l (IPv4 provision is unlikely to stop any time soon)
IPv6 Brief Recap
l Much enlarged address space
l smaller routing tables, many more network IDs
l more addresses (no NAT needed)
l now everyone in the world could be online (directly)
l Autoconfiguration
l Easier to have more devices (in-car networks, etc.)
l Streamlined packet header (easier routing)
l Advanced topics
l QoS, Mobility, (optional) IPSec
Address Notation
l 8 groups of 16 bits in hex, can be compressed
l fe80:0000:0000:0000:0226:5eff:fe00:8242
l fe80:0:0:0:226:5eff:fe00:8242
l fe80::226:5eff:fe00:8242
l fe80::226:5eff:fe00:8242%6 (or %eth0) zone index
l Some addresses have embedded IPv4
l ::ffff:192.168.0.2 ≡ ::ffff:c0a8:2
l What about addresses with ports? (colon use)
l [fe80::226:5eff:fe00:8242]:8081
l http://[fe80::226:5eff:fe00:8242]:8081/
Prefix Notation
l Functionally equivalent to network mask or IPv4
Classless Inter-Domain Routing (CIDR) prefix
l but much easier to work with because IPv6 uses
hex notation, which is easier to convert to binary
l Trailing /n means that the network ID ends after
the nth bit
l e.g. fe80::/10 or 2002::/3
l Exercise: is fd6b:4104:35ce:0:a00:fed9 in fc00::/7 ?
Address Formulation
l 128 bits: 64-bit prefix & 64-bit interface identifier
l I’face IDs can be formed by hosts themselves
l e.g. may base on their EUI-64 interface identifier.
l For Ethernet, this is based on MAC address

00-26-5E-00-82-42 → 0226:5eff:fe00:8242
insert ff:fe and swap universal/local bit (a MAC like
this that is universal will be manufacturer-assigned)
l This interface identifier is added to the prefix of the

network.
l “Privacy extensions”: random temporary
interface IDs generated for outgoing traffic
IPv6 common unicast addresses
l See RFC4291 (obsoletes RFC3513)
l ::1 and :: Loopback and Unspecified
l fe80::/10 Link-local
l append %zone index: %eth0 (Linux) or %6 (MS)
l fec0::/10 Site-local (deprecated)
l Like RFC1918 (192.168.0.0/16 or 10.0.0.0/8)
l fc00::/7 Unique-local RFC4193
l Like site-local, but with fewer problems, e.g. since
RFC4193 addresses require good pseudo-random
parts, organisations can most likely aggregate
without conflict in their unique-local addresses.
IPv6 common unicast addresses
(cont.d)
l 2000::/3 Global unicast RFC3513 RFC4291
l 2001:0000::/32 Teredo RFC4380
l 2002::/16 6to4 tunnelling RFC3056
l 2001:db8::/32 Documentation only RFC3849
l 3ffe::/16 6Bone (removed) RFC2471
l Others …
l These allocations are made by Internet Assigned
Numbers Authority (IANA)
http://www.iana.org/numbers/
Common IPv6 multicast addresses
l ff00::/8 is multicast, but we also encode scope:
l ff + 4 bits of flags + 4 bits of scope + 112 bits of
group ID
l There is no broadcast: special case of multicast
l ff02::1 Link local ‘all-nodes’
l ff02::2 Link local ‘all-routers’

These are generally never used by applications


l Scopes: e.g. 1 = node-local, 2 = link-local, 5 = site-

local, 8 = organisation-local, E = global scope.


ff05::1 ‘Site’ local ‘all-nodes’
Lots of addresses
l Unicast addresses have a particular scope
l Node-local, Link-local, Global (Universal)
l Hosts have multiple addresses
l must have link-local
l plus any number of advertised prefixes (e.g. unique-
local + global)
l plus any static addresses
l addresses have a lifetime (preferred, deprecated)
l addresses can be temporary (privacy addresses)
l plus multicast addresses (solicited node and all-
nodes + ...)
Default Address Selection
l Choice of source address
l varying in version, scope, state
l Choice of destination address
l varying in version, scope, state
l could get multiple results during name lookup
l How to choose appropriate pairing?
l source: global v4 or link-local v6
destination: global v4 or global v6
l Not simple, so RFC3484 defines algorithm
What your IPv6 ISP should give you
l Smallest practical subnet size is /64
l RFC3177 contains recommendations
l Home network subscribers /48
l In reality, some ISPs will give a /56, but a /64 is too
small. You might give a /64 to a mobile network
when you know no subnets are needed.
l Remember that a /48 allows for 264-48=216 subnets.
l Small and large enterprises /48
l Very large /47 or many /48s
How interfaces get configured
l Link-local address formulated and tested
l StateLess Address AutoConfiguration (SLAAC)
l Nodes send out a Router Solicitation
l Routers send out Router Advertisements informing
nodes on the link of prefixes and lifetimes.
l DHCPv6 (either stateful or stateless)
l Stateful: gives out static addresses that you might
give to a server, for example (think DHCP for IPv4)
l Stateless: augments SLAAC with extra info
l Manual/Static
l Useful for routers and servers
Neighbour Discovery
l Replaces ARP
l Implemented with ICMPv6
l Includes MTU and reachability information
l Caching Path MTU
l Neighbour Solicitation & neighb’r advertisement
l Sent to the solicited node’s multicast address. This
is formulated based on the queried address to
reduce traffic to all nodes.
l SEcure Neighbour Discovery (SEND)
l See also: IPSec
Solicited Node Multicast Address
l Reduces the amount of traffic sent to the all-
nodes link-local address ff02::1
l for queries regarding a particular address
l used during Neighbour Discovery (incl. Duplicate
Address Detection)
l ff02:0:0:0:0:1:ff00/104 + low 24 bits of IPv6
addr.
l A host will join a solicited node multicast group
for each unicast address it has
l This will typically end up being the same group,
which is good for reducing the amount of such
addresses switches/routers need to track.
SLAAC (Autoconfiguration)
l StateLess Auto-Address Configuration
l Defined in RFC2462 for use with hosts (not routers)
l Can use DHCPv6 for additional info (stateless)
l Makes network client renumbering much easier
l Adds scalability and decreases administration
l Scalability important for explosion in device types
(eg. home automation devices, fridges, cameras,
home entertainment devices, personal devices...)
l But can make it easier to track hosts [privacy], as
the address is composed from host’s MAC address
(for Ethernet)
SLAAC
l Generate link-local address, then “DAD” it
l DAD - Duplicate Address Detection
uses Neighbour Discovery to query if generated
address is used (if it is, abort this address)
l M.cast Router Solicitation, gets Router Advert.
l Advertisement contains routing prefixes
l Advertisements are sent out periodically also
l Generate addrs by adding interface ID & DAD
l to advertised prefixes; also records lifetime, MTU
Router Advertisement
l Multicast ICMPv6 message to ff02::1
l or to the solicited node m’cast address for the addr.
l Contents include at least these bits:
l Managed address config flag
If 0: use stateless autoconfiguration
If 1: use stateful configuration (DHCPv6)
l Other stateful config flag

If 1: use DHCPv6 for other information


l Router lifetime (>0 means default router)
l Contains a list of prefixes advertised on this link
Transition mechanisms–statuses
l 6in4 (Proto-41): statically configured tunnel
l E.g. as used by tunnel brokers
l 6to4–more flexible; support relay routers
l Teredo–even more flexible; can tunnel through
NAT over UDP
l ISATAP–Intra-Site Automatic Tunnel Addr. Prot.
l NAT64 & DNS64–Allow only IPv6 → IPv4
l Ignore: NAT-PT, 6over4 (note, not “6to4”), 

IPv4-compatible IPv6 addresses (not “-
mapped”), 6Bone
Security Threats
l IPv6 might be on by default, and preferred...
l you might not even realise it, or know how to
manage it
l Autoconfiguration and rogue advertisements
l Routing header 0 (“loose source routing”)
l Firewalls for IPv6 generally neglected
l if thought of at all yet ...
l Tunnelling mechanisms hide traffic
l Claims of “IPv6 support”
References
l IPv6 Essentials, Second Edition,

by Silvia Hagan. 2006. Published by O'Reilly,
also available from Apple's AppStore
l http://rfc-editor.org/
l Great for checking if particular RFCs have been
deprecated (useful when checking book content!)
l http://www.iana.org/
l Wikipedia
l Useful for checking up-to-date status and
references
Experimentation
On MacOS/Linux
$ ifconfig
$ netstat -rn
$ ping6, etc
http://test-ipv6.com/
host -a www.cs.otago.ac.nz ipv6.test-ipv6.com
Note: use the IP address of ipv6.test-ipv6.com
telnet ipv4.test-ipv6.com 79
telnet ipv6.test-ipv6.com 79
telnet ds.test-ipv6.com 79 24
2001:0db8:0123:4567:89ab:cdef:1234:5678
|||| |||| |||| |||| |||| |||| |||| ||||
|||| |||| |||| |||| |||| |||| |||| |||128 /128 Single end-points and loopback
|||| |||| |||| |||| |||| |||| |||| ||124
|||| |||| |||| |||| |||| |||| |||| |120
|||| |||| |||| |||| |||| |||| |||| 116
|||| |||| |||| |||| |||| |||| |||112
|||| |||| |||| |||| |||| |||| ||108
|||| |||| |||| |||| |||| |||| |104
|||| |||| |||| |||| |||| |||| 100
|||| |||| |||| |||| |||| |||96
|||| |||| |||| |||| |||| ||92
|||| |||| |||| |||| |||| |88
|||| |||| |||| |||| |||| 84
|||| |||| |||| |||| |||80
|||| |||| |||| |||| ||76
|||| |||| |||| |||| |72
|||| |||| |||| |||| 68
|||| |||| |||| |||64 /64 Single end-user LAN subnet (required prefix size for SLAAC)
|||| |||| |||| ||60 /60 Some (very limited) 6rd deployments
|||| |||| |||| |56 /56 recommended Minimal end-site assignment
|||| |||| |||| 52 /
|||| |||| |||48 /48 recommended Typical assignment for home sites
|||| |||| ||44 /
|||| |||| |40 /
|||| |||| 36 /36 possible future local Internet registry (LIR) extra-small allocation
|||| |||32 /32 LIR minimum allocation
|||| ||28 /28 LIR medium allocation
|||| |24 /24 LIR large allocation
|||| 20 /20 LIR extra large allocation
|||16 /
||12 /12 Allocation to regional Internet registry by IANA[12] 25
|8 /
4 /

You might also like