Scribd
Upload
12 views

Chapter 10 IP Version 6

IPv6 is the next generation internet protocol that replaces IPv4. It features a much larger 128-bit address space to avoid exhaustion. IPv6 addresses are written in hexadecimal with eight groups separated by colons. IPv6 uses neighbor discovery to determine MAC addresses instead of ARP broadcasts. When a new host is enabled, it autoconfigures a link-local address via its MAC and performs duplicate address detection to ensure uniqueness on the link.

Uploaded by

nuhono
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
12 views

Chapter 10 IP Version 6

IPv6 is the next generation internet protocol that replaces IPv4. It features a much larger 128-bit address space to avoid exhaustion. IPv6 addresses are written in hexadecimal with eight groups separated by colons. IPv6 uses neighbor discovery to determine MAC addresses instead of ARP broadcasts. When a new host is enabled, it autoconfigures a link-local address via its MAC and performs duplicate address detection to ensure uniqueness on the link.

Uploaded by

nuhono
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 60

Chapter 10:

IP Version 6
CISCO CERTIFIED NETWORK ASSOCIATE (CCNA)
TRAINING
Agenda
IPv6 Fundamental
IPv6 Addressing
IPv6 Address Types
IPv6 Subnetting
How IPv6 Works in an Internetwork
Implementing IPv6 Addressing
Implementing IPv6 Routing
IPv6 Transition
IPv6 Access Control List (ACL)
IPv6 Fundamental
What is IPv6?
IPv6 is called IPng (the next-generation Internet protocol)
Current version IPv4 (initially deployed on January 1st 1983)
New Version IPv6 (began to deploy in 1999)
IPv6 addresses have much benefit than in IPv4
IPv6 Benefits
IPv6 has a larger IP address space than IPv4 (IPv4 address exhaustion)
Eliminates the need for Network Address Translation (NAT)
IPv6 has fixed header size that makes processing more efficient
IPv6 has optional security headers
Has increased mobility and multicast capabilities (no more broadcast)
Capability to enable packet labeling to belong to particular traffic (the sender can request
special handling)
IPv6 Header
IPv4 Header vs. IPv6 Header

 IPv4 header has 20 octets containing 14 field (12 basic header)


 IPv6 header has 40 octets containing 8 field (6 basic header)
Source: http://www.apnic.net/
IPv4 Fragmentation
IPv4 routers performs fragmentation which cause variety of processing performance issues
IPv6 routers no longer perform fragmentation
◦ IPv6 host use a discovery process [Path MTU Discovery] to determine most optimum MTU size before
creating end to end session
◦ The source IPv6 device attempts to send a packet at the size specified by the upper IP layers [i.e
TCP/Application].
◦ If the device receives an Internet Control Message Protocol (ICMP) “packet too big” message, it
retransmits the MTU discover packet with a smaller MTU; this process is repeated until the device
receives a response that the discover packet arrived intact.

Each source device needs to track the MTU size for each session
IPv6 MTU Size
Minimum MTU:
◦ IPv4  68 octets
◦ IPv6  1280 octets

Most efficient MTU:


◦ IPv4  576 octets
◦ IPv6 1500 octets

IPv6 Maximum datagram size: 64k octets


If we use IPv6 in IPv4 tunnel, we will need 1560 octets
IPv6 Addressing
IPv6 Addressing
IPv4
◦ 32 bits
◦ 4.29 x 109 (4.2 billion) possible addressable devices were exhausted in February 2011

IPv6
◦ 128 bits
◦ 3.4 x 1038 (340 trillion trillion trillion) possible addressable devices
IPv6 Notation
Hexadecimal values of 8 colons consist of 16 bit fields each
◦ X:X:X:X:X:X:X:X (X=16 bit number, ex: A2FE)
◦ 16 bit number is converted to a 4 digit hexadecimal number

Example:
◦ FE80:DCE3:124C:C1A2:BA03:6735:EF1C:683D

Abbreviated form of address


◦ 2001:0DB8:0000:0000:0000:036E:1250:2B00
◦ 2001:DB8:0:0:0:36E:1250:2B00
◦ 2001:DB8::36E:1250:2B00 ( :: can only be used once)
IPv6 Prefix
IPv6 Subnet Prefix
◦ IPv6 address consists of two parts:
◦ Subnet Prefix representing the network to which the interface is connected
◦ Interface ID, sometimes called a local identified or a token

For example:
fec0:0:0:1::1234/64
is really
fec0:0000:0000:0001:0000:0000:0000:1234/64
◦ The first 64-bits (fec0:0000:0000:0001) forms the address prefix.
◦ The last 64-bits (0000:0000:0000:1234) forms the Interface ID.
IPv6 Addressing Structure

Source: http://www.apnic.net/
IPv6 Prefix Assignment
Prefix Assignment with IANA, RIRs, and ISPs
◦ IANA gives ARIN prefix 2001::/16: ARIN
◦ ARIN gives NA-ISP1 prefix 2001:0DB8::/32
◦ NA-ISP1 gives Company-1 2002:0DB8:1111::/48
IPv6 Special Addressing
IPv6 Address Description
::/0 Specifying a default static route
::/128 Unspecified address and is initially assigned to a host when it first
resolves its local link address
::1/128 Loopback address of local host
::ffff/96 IPv4-mapped IPv6 address
::/96 IPv4-compatible IPv6 address
IPv6 Address Types
IPv6 Link Local Address
A special address used to communicate within the local link of an interface
i.e. anyone on the link as host or router
This address in packet destination that packet would never pass through a router
fe80::/10

Source: http://tools.ietf.org/html/rfc4291
IPv6 Site Local IPv6 Address
Site/Unique Local IPv6 Unicast Address – Deprecated in standard
Addresses similar to the RFC 1918 / private address like in IPv4 but will ensure uniqueness
A part of the prefix (40 bits) are generated using a pseudo-random algorithm and it's improbable that
two generated ones are equal
fc00::/7

Source: http://tools.ietf.org/html/rfc4291
IPV6 Global Unicast Address
Global Unicast Range
◦ 0010  2000::/3
◦ 0011  3000::/3

All five RIRs are given a /12 from the /3 to further distribute within the RIR region
◦ APNIC: 2400:0000::/12
◦ ARIN: 2600:0000::/12
◦ AfriNIC: 2C00:0000::/12
◦ LACNIC: 2800:0000::/12
◦ Ripe NCC: 2A00:0000::/12
IPv6 Example & Documentation
Address
Two address ranges are reserved for examples and documentation purpose by RFC 3849
◦ For example  3fff:ffff::/32
◦ For documentation  2001:0DB8::/32
IPv6 Subnetting
IPv6 Subnetting Overview
Deciding Where IPv6 Subnets Are Needed
◦ IPv6 and IPv4 both use the same concepts about where a subnet is needed
◦ One for each VLAN
◦ One for each point-to-point WAN connection
IPv6 Subnetting Mechanism
The Mechanism of Subnetting IPv6 Global Unicast Addresses
◦ The structure shows three major parts, beginning with the global routing prefix, which is the initial value that
must be the same in all IPv6 addresses inside the enterprise
◦ The address ends with the interface ID, which acts like the IPv4 host field
◦ The subnet field sits between the two other fields, used as a way to number and identify subnets, much like the
subnet field in IPv4 addresses
IPv6 Subnetting Mechanism
Next, consider the structure of a specific global unicast IPv6 address
◦ 2001:0DB8:1111:0001:0000:0000:0000:0001
◦ The company was assigned prefix 2001:0DB8:1111, with prefix length /48
◦ The company uses the usual 64-bit interface ID
◦ The company has a subnet field of 16 bits, allowing for 216 IPv6 subnets
IPv6 Subnetting Mechanism
First 22 Possible Subnets with a 16-bit Subnet Field in This Example
IPv6 Assign Subnets
Assign Subnets to the Internetwork Topology
IPv6 Assign Subnets
Assigning Addresses to Hosts in a Subnet
Interface ID
The lowest-order 64-bit field addresses may be assigned in several different ways:
◦ auto-configured from a 48-bit MAC address expanded into a 64-bit EUI-64
◦ assigned via DHCP
◦ manually configured
◦ auto-generated pseudo-random number
◦ possibly other methods in the future
EUI-64 to IPv6 Interface Identifier
Create Interface ID from original MAC Address

Source: http://www.apnic.net/
Zone IDs for Local-use Addresses
In Windows XP for example:
◦ Host A:
◦ fe80::2abc:d0ff:fee9:4121%4
◦ Host B:
◦ fe80::3123:e0ff:fe12:3001%3

Ping from Host A to Host B


◦ ping fe80::3123:e0ff:fe12:3001%4 (not %3)
◦ identifies the interface zone ID on the host which is connected to that segment.
IPv6 Autoconfiguration
Stateless mechanism
◦ For a site not concerned with the exact addresses
◦ No manual configuration required
◦ Minimal configuration of routers
◦ No additional servers

Stateful mechanism
◦ For a site that requires tighter control over exact address assignments
◦ Needs a DHCP server
Plug and Play
IPv6 link local address
◦ Even if no servers/routers exist to assign an IP address to a device, the device can still auto-generate an
IP address
◦ Allows interfaces on the same link to communicate with each other

Stateless
◦ No control over information belongs to the interface with an assigned IP address
◦ Possible security issues

Stateful
◦ Remember information about interfaces that are assigned IP addresses
How IPv6 Works in an Internetwork
IPv6 Neighbor Discovery (ND)
IPv6 use multicast (L2) instead of broadcast to find out target host MAC address
It increases network efficiency by eliminating broadcast from L2 network
IPv6 ND use ICMP6 as transport
◦ Compared to IPv4 ARP no need to write different ARP for different L2 protocol i.e. Ethernet etc.
IPv6 Solicited Node Multicast Address
Solicited Node Multicast Address
◦ Start with FF02:0:0:0:0:1:ff::/104
◦ Last 24 bit from the interface IPV6 address

Example Solicited Node Multicast Address


◦ IPV6 Address 2406:6400:0:0:0:0:0000:0010
◦ Solicited Node Multicast Address is FF02:0:0:0:0:1:ff00:0010
◦ All host listen to its solicited node multicast address corresponding to its unicast and anycast address (If
defined)
IPv6 Neighbor Discovery (ND) Example
Host A would like to communicate with Host B
Host A MAC address 00:26:BB:06:FF:81
Host A IPv6 global address 2406:6400::10
Host A IPv6 link local address FE80::226:BBFF:FE06:FF81
Host B IPv6 global address 2406:6400::20
Host B Link local UNKNOWN [Gateway if outside the link]
Host B MAC address UNKNOWN
How Host A will create L2 frame for Host B?
IPv6 Neighbor Discovery (ND) Example
Host A Solicited Node Multicast Address
◦ Solicited Node Multicast Unicast Address: FF02::1:FF00:0010
◦ Solicited Node Multicast Link Local Address: FF02::1:FF06:FF81

Host B Solicited Node Multicast Address


◦ Solicited Node Multicast Unicast Address: FF02::1:FF00:0020
◦ Solicited Node Multicast Link Local Address: ?
IPv6 Neighbor Discovery (ND) Example

Source: http://www.apnic.net/
IPv6 Autoconfiguration Example
A new host is turned on.
Tentative address will be assigned to the new host.
Duplicate Address Detection (DAD) is performed. First the host transmit a Neighbor Solicitation (NS) message to
the solicited node multicast address (FF02::1:FFFE:641D) corresponding to its to be used address
If no Neighbor Advertisement (NA) message comes back then the address is unique.
FE80::310:BAFF:FE64:1D will be assigned to the new host.

Source: http://www.apnic.net/
IPv6 Autoconfiguration Example
The new host will send Router Solicitation (RS) request to the all-routers multicast group (FF02::2).
The router will reply Routing Advertisement (RA).
The new host will learn the network prefix. E.g, 2001:1234:1:1/64
The new host will assigned a new address Network prefix+Interface ID E.g,
2001:1234:1:1:310:BAFF:FE64:1D

Source: http://www.apnic.net/
Implementing IPv6 Addressing
Configuring Static IPv6 Addresses
Verifying Static IPv6 Addresses
Verifying Static IPv6 Routes
Configuring IPv6 Interfaces Using EUI-
64
Dynamic Unicast Address Configuration
Cisco routers support two ways for the router interface to dynamically learn an IPv6 address to
use:
◦ Stateful DHCP
◦ Stateless Address Autoconfiguration (SLAAC)
Link-Local Addresses vs EUI-64
Comparing Link-Local Addresses with EUI-Generated Unicast Addresses
Implementing IPv6 Routing
Implementing IPv6 Static Route
Static Route Example
◦ Static IPv6 Routes on Router R1

◦ Static IPv6 Routes on Router R2


Implementing IPv6 Default Route
Using Static Default Routes at Branches to Forward Back to the Core
Implementing IPv6 Dynamic Route
RIPng
Router(config)#ipv6 router rip 1
Router(config-if)#ipv6 enable
Router(config-if)#ipv6 rip 1 enable

EIGRPv6
Router(config)#ipv6 router eigrp 10
Router(config-rtr)#router-id 1.1.1.1
Router(config-rtr)#no shutdown
Router(config-if)#ipv6 enable
Router(config-if)#ipv6 eigrp 10

OSPFv3
Router(config)#ipv6 router osfp 10
Router(config-rtr)#router-id 1.1.1.1
Router(config-if)#ipv6 enable
Router(config-if)#ipv6 ospf 10 area 0.0.0.0
IPv6 Transition
Dual Stacking
Dual stacking lets you upgrade your devices and applications on the network one at a time.
As more and more hosts and devices on the network are upgraded, more of your communication will
happen over IPv6, and after you’ve arrived—everything’s running on IPv6, and you get to remove all the
old IPv4 protocol stacks you no longer need.

Corp(config)#ipv6 unicast-routing
Corp(config)#interface fastethernet 0/0
Corp(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64
Corp(config-if)#ip address 192.168.255.1 255.255.255.0
6to4 Tunneling
6to4 tunneling is really useful for carrying IPv6 data over a network that’s still IPv4
possible that you’ll have IPv6 subnets or other portions of your network that are all IPv6, and those
networks will have to communicate with each other.

Router1(config)#int tunnel 0
Router1(config-if)#ipv6 address 2001:db8:1:1::1/64
Router1(config-if)#tunnel source 192.168.30.1
Router1(config-if)#tunnel destination 192.168.40.1
Router1(config-if)#tunnel mode ipv6ip
Router2(config)#int tunnel 0
Router2(config-if)#ipv6 address 2001:db8:2:2::1/64
Router2(config-if)#tunnel source 192.168.40.1
Router2(config-if)#tunnel destination 192.168.30.1
Router2(config-if)#tunnel mode ipv6ip
IPv6 Transition Sample Topology
NAT-PT
A transition strategy known as NAT protocol translation (NAT-PT)
With NAT-PT there is no encapsulation—the data of the source packet is removed from one IP
type and repackaged as the new destination IP type.
Static NAT-PT provides a one-to-one mapping of a single IPv4 address to a single IPv6 address
(sounds like static NAT).
Dynamic NAT-PT, which uses a pool of IPv4 addresses to provide a one-to-one mapping with an
IPv6 address
Network Address Port Translation (NAPT-PT), which provides a many-to-one mapping of multiple
IPv6 addresses to one IPv4 address and a port number
IPv6 Access Control List (ACL)
ACL for IPv6 Traffic Filtering
The standard ACL functionality in IPv6 is similar to standard ACLs in IPv4
Access lists determine what traffic is blocked and what traffic is forwarded at device interfaces
and allow filtering based on source and destination addresses, inbound and outbound to a
specific interface
◦ Each access list has an implicit deny statement at the end

IPv6 ACLs are defined and their deny and permit conditions are set using the ipv6 access-list
command with the deny and permit keywords in global configuration mode.
IPv6 extended ACLs augments standard IPv6 ACL functionality to support traffic filtering based
on IPv6 option headers and optional, upper-layer protocol type information for finer granularity
of control (functionality similar to extended ACLs in IPv4).
Implementing IPv6 ACLs as Packet
Filters
R1 is directly connected to the two IPv6 networks in the diagram. R1 knows that any packets
coming in on G0/3 (which would be from R3, and possibly any networks that R3 is also
connected to) should never have an inbound packet there with a source address of 2001:12::/64
because that network lives off of the G0/1 interface (it is directly connected). To filter any IPv6
packets that contain bogus source address, we can create a filter and apply it inbound on G0/3I
Implementing IPv6 ACLs as Packet
Filters
Creating an IPv6 Access List and Applying It as a Filter

R1(config)# ipv6 access-list BOGUS_SOURCE_FILTER


R1(config-ipv6-acl)# deny 2001:12::/64 any
R1(config-ipv6-acl)# permit any any
R1(config)# int g0/3
R1(config-if)# ipv6 traffic-filter BOGUS_SOURCE_FILTER in

R1(config-if)# do show ipv6 int g0/3


R1# show ipv6 access-list

You might also like