Upload
ronald-carroll
View
225
Download
3
Embed Size (px)
Citation preview
IPv6 Basics – Notation, Address Types
IPv6 Workshop ManchesterSeptember 2013
Contents
IPv6 Basics
Notation
Address Types
Autoconfiguration
So How Big Is The IPv6 Address Space?
340,282,366,920,938,463,374,607,432,768,211,456
(IPv6 Address Space - 340 Trillion Trillion Trillion)
vs
4,294,967,296
(IPv4 Address Space - 4 Billion)
IPv4/IPv6 Technology Comparison
Service IPv4 IPv6
Addressing Range 32-bit, NAT 128-bit, Multiple Scopes
IP Provisioning DHCP SLAAC, Renumbering, DHCP
Security IPSec IPSec
Mobility Mobile IP Mobile IP with Direct Routing
Quality-of-Service Differentiated Service, Integrated Service
Differentiated Service, Integrated Service
Multicast IGMP/PIM/MBGP MLD/PIM/MBGP, Scope Identifier
Notation
The 8 groups of hexits are separated by colonsAddresses are conventionally written in lower case
IPv6 address = 128 bits(1 or 0)
IPv6 address = 32 hexits(0 - 9, a , b , c , d , e , f)
IPv6 address = 8 groups of 4 hexits 2001 : db8 : c001 : face : b00c : dead : 1cee : f001
Handling IPv6 Addresses
gggg:gggg:gggg: xxxx:xxxx:xxxx:xxxx
Global Routing Prefixn <= 48 bits
Subnet ID64 – n bits
Host
ssss:
2001:0000:0000:00A1: 0000:0000:0000:1E2A00A1:
Network Portion Interface ID
Global Unicast Identifier Example
2001:0:0:: ::1E2AA1
Full Format
Abbreviated Format
• Omit leading ZEROs in the HEX group
• Replace “empty” HEX groups by “0”
• Replace consecutive groups of ZEROs with “::”:: can be used only once in an address to avoid ambiguity
IPv6 Addressing Scheme
There is no broadcast nor network address
Global Unicast IPv6 addresses format defined in RFC 3587
CIDR principles usage:Prefix / Prefix length (or mask)
2001:660:3003::/482001:660:3003:2:a00:20ff:fe18:964c/64
Aggregation reduces routing table size
IPv6 Address TypesUnicast addresses
• Identifies an interface of an IPv6 node• Can be used as source and destination of a
packet• An interface can have multiple valid IPv6
addresses
Multicast addresses• Identifies a group of IPv6 addresses• Can only be used as the destination of a
transmission• An interface can belong to multiple multicast
addresses
Anycast addresses• Same address on multiple nodes• Packet to anycast address is delivered only to
nearest one• Packets are never sourced from an anycast
address
IPv6 Address Type Prefixes
Global Unicast assigments actually use 2000::/3 (001 prefix)Anycast addresses allocated from unicast prefixes
Address Type Binary Prefix IPv6 Notation
Unspecified 00…0 (128 bits) ::/128
Loopback 00…1 (128 bits) ::1/128
Multicast 1111 1111 FF00::/8
Link-Local Unicast 1111 1110 10 FE80::/10
ULA 1111 110 FC00::/7
Global Unicast (everything else)
IPv4-mapped 00…0:1111 1111:IPv4
::FFFF:IPv4/128
Site-Local Unicast (deprecated)
1111 1110 11 FEC0::/10
IPv4-compatible (deprecated)
00…0 (96 bits) ::IPv4/128
Current: n = 48: result: 16 bit subnet IDFixed high order bits of “001” => prefix of 2000::/3Example: 2001:db8:dead:beef:c001:babe:0000:aaaf
Global unicast addressesGlobal unicast addresses
001
64 Bitsn Bits 64-n Bits
Provider Site Host
Global Routing Prefix Subnet Interface ID
• First 10 bits are 1111 1110 10 thus prefix fe80::/10 • Scope is link local thus not forwarded off-link by routers• One per interface is always automatically configured when
IPv6 is enabled• Used for:
• Automatic address configuration• Default gateway on hosts and next-hops to routes• Routing protocol updates• Neighbor discovery
Link local unicast addressesLink local unicast addresses
“If you ping fe80::212:6bff:fe54:f99a (N1), what egress interface will router R use?” – see solution next slide
Link local reachability problemLink local reachability problem
ZoneID (or scopeID) Provides the extra routing information required Automatically assigned by the operating system Only locally significant
A full link-local address is written as : address%zoneID Examples of some full link-local addresses with zoneIDs:
[Windows] ping fe80::245:bcff:fe47:1530%11 [Linux] ping6 fe80::245:bcff:fe47:1530%eth0
ZoneIDs (scopeIDs) – solving Link ambiguityZoneIDs (scopeIDs) – solving Link ambiguity
IPv6 over Ethernet
IPv6 uses Ethernet Protocol ID (0x86DD)
IPv4 uses Ethernet Protocol ID (0x0800)
0x0800
0x86DD IPv6 Header and PayloadDest MAC Source MAC
IPv6 Header and PayloadDest MAC Source MAC
IPv6 Interface Identifier (EUI-64 format)
FF FE
00 90 27 17 FC 0F
000000U0 where U=1 = Unique
0 = Not UniqueU = 1
00 90 27 17 FC 0F
FF FE00 90 27 17 FC 0F
FF FE02 90 27 17 FC 0F
MAC Address
• EUI-64 format is used by stateless auto-configuration• To make sure that the chosen address is from a unique Ethernet MAC address, the
universal/local (“u” bit) is set to 1 for global scope and 0 for local scope• Cisco devices ‘bit-flip’ the 7th bit (RFC 3513)
U bit in a MAC address (U=0: globally unique, U=1:locally administered) and EUI address have opposite meaning
IPv6 Multicast Address Format (RFC 4291)
An IPv6 multicast address has the prefix FF00::/8 (1111 1111)• Second octet defines lifetime and scope
Flags
R = 0R = 1
No embedded RPEmbedded RP
P = 0P = 1
Not based on unicastBased on unicast
T = 0T = 1
Permanent address (IANA assigned)Temporary address (local assigned)
Scope
1 Node
2 Link
3 Subnet
4 Admin
5 Site
8 Organisation
E Global
112 Bits8Bits 4 Bits
0 R P T Group ID (Variable Format)1111 1111 Scope
4 Bits
Well Known Multicast Addresses
Address Scope Meaning
FF01::1 Node-Local All Nodes
FF01::2 Node-Local All Routers
FF02::1 Link-Local All Nodes
FF02::2 Link-Local All Routers
FF02::5 Link-Local OSPFv3 Routers
FF02::6 Link-Local OSPFv3 DR Routers
FF02::1:FFXX:XXXX Link-Local Solicited-Node
“02” means that this is a permanent address (t = 0) and has link scope (2)
http://www.iana.org/assignments/ipv6-multicast-addresses
IPv4 and IPv6 Header Comparison
Fragment Offset
Flags
Total LengthType of ServiceIHL
PaddingOptions
Destination Address
Source Address
Header ChecksumProtocolTime to Live
Identification
Version
IPv4 Header
Next Header
Hop Limit
Flow LabelTraffic Class
Destination Address
Source Address
Payload Length
IPv6 Header
Field’s Name Kept from IPv4 to IPv6
Fields Not Kept in IPv6
Name and Position Changed in IPv6
New Field in IPv6
Leg
end
Version
20 b
ytes
40 b
ytes
Extension Headers
Extension Headers Are Daisy Chained
Class Flow6 Hop
Destination
VLen
Source
Upper Layer TCP Header
Payload
Class Flow43 Hop
Destination
VLen
Source
Upper Layer UDP Header
Payload
Routing Header17
Class Flow43 Hop
Destination
VLen
Source
Upper Layer TCP Header
Payload
Routing Header60
Destination Options6
IPv6 Extension Headers – order is important
IPv6
Hop by hop (0)
Destination
Routing (43)
Fragmentation (44)
Authentication (51)
Security
Destination (60)
Upper Layer
Processed by every router
Processed by routers listed in Routing extension
List of routers to cross
Processed by the destination
After reassembling the packet
Cipher the content of the remaining information
Processed only by the destination
RFC 2460
IPv6 ext. header processing
IPv6 extensions (except Hop-by-Hop) are processed only by the destination.
A
B
A -> R1
B
A -> B
R1R1
R1
Fragmentation in IPv6
• Fragmentation is left to end devices in IPv6• Routers do not perform fragmentation
• Fragment header used when an end node has to send a packet larger than the path MTU
• Minimum MTU for IPv6 is 1280 bytes• All links MUST support it
Next Header Reserved
Fragment Data
Fragment Offset M
44
IPv6 basic header
Fragment Header (44)
Identification
00
Next Header
Fundamentals on Neighbor Discovery RFC 4861
Defined in RFC 4861, “Neighbor Discovery for IP Version 6 (IPv6)” and RFC 4862 (“IPv6 Stateless Address Autoconfiguration”)
Used for:• Router discovery • Autoconfiguration of addresses (SLAAC)• IPv6 address resolution (replaces ARP)• Neighbor Reachability (NUD)• Duplicate Address Detection (DAD)• Redirection
Operates above ICMPv6• Rely heavily on multicast (including L2-multicast)
Works with icmp messages and messages “options”
36
Neighbor Discovery Messages (ND) RFC 4861ND uses ICMPv6 messages
• Originated from node on link local with a hop limit of 255• Receivers checks hop limit is still 255 (has not passed a router)
Consists of IPv6 header, ICMPv6 header, neighbor discovery header, and neighbor discovery options
Five neighbor discovery messages
Message Purpose ICMP Code
Sender Target
Router Solicitation (RS)
Prompt routers to send RA 133 Nodes All routers
Router Advertisement (RA)
Advertise default router, prefixesOperational parameters
134 Routers Sender of RSAll routers
Neighbor Solicitation (NS)
Request link-layer of target 135 Node Solicited NodeTarget Node
Neighbor Advertisement (NA)
Response to NS (solicited)Advertise link-layer address change (Unsolicited)
136 Nodes
Redirect Inform hosts of a better first hop 137 Routers
37
Router Solicitation and Advertisement(RS & RA) – Stateless Autoconfiguration (aka SLAAC)
Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces
Routers send periodic Router Advertisements (RA) to the all-nodes multicast address. Default is 200 seconds ipv6 nd ra-interval
Solicited RA’s are unicast to the requesting client
RouterSolicitation
ICMP Type 133
IPv6 Source Link Local of A(FE80::)
IPv6 Destination All Routers Multicast (FF02::2)
Query Please send me RA
RouterAdvertisement
ICMP Type 134
IPv6 Source Link Local of R(FE80::)
IPv6 Destination All Nodes Multicast (FF02::1)
Data Options, subnet prefix, lifetime, autoconfig-flag, MTU
RS RA
A R
38
IPv6 Neighbor Solicitation & Advertisement
A B
NeighbourSolicitation
ICMP Type 135
IPv6 Source A Unicast
IPv6 Destination
B Solicited Node Multicast
Data FE80:: address of A
Query What is B link layer address?
NeighbourAdvertisement
ICMP Type 136
IPv6 Source B Unicast
IPv6 Destination A Unicast
Data FE80:: address of B
NS NA
Security Implications ??
ND Guard, DAD, DHCPv6 and ICMPv6 guards
Similar function toARP in IPv4 without
broadcasts
39
Conclusion• New packets headers in IPv6
• Different notation, compacting makes life easier
• Several types of IPv6 addresses to be considered
Questions