Embed Size (px)
Citation preview
Module 4
Configuring and Troubleshooting IPv6
TCP/IP
Module Overview
•Overview of IPv6
• IPv6 Addressing
•Coexistence with IPv6
• IPv6 Transition Technologies
• Transitioning from IPv4 to IPv6
• Troubleshooting IPv6
Lesson 1: Overview of IPv6
•Benefits of IPv6
•Differences Between IPv4 and IPv6
• IPv6 Address Space
• Practice: Converting from Binary to Hexadecimal
Benefits of IPv6
Benefits of IPv6 include:
• Large address space
• Hierarchical addressing and routing infrastructure
• Stateless and Stateful address configuration
• Required support for IPsec
• Restores end-to-end communication
• Prioritized delivery
• New protocol for neighboring node interaction
• Extensibility
Differences Between IPv4 and IPv6
IPv4 IPv6
Source and destination addresses
32 bits (4 bytes) in length 128 bits (16 bytes) in length
IPsec support Optional Required
Address Resolution Protocol
Broadcast ARP Request frames resolve IPv4 address to link layer address
ARP Request frames replaced with multicast Neighbor Solicitation messages
Internet Group Management Protocol
Manages local subnet group membership
IGMP replaced with MLD messages
ICMP Router Discovery
Determines IPv4 address of default gateway
Replaced with ICMPv6 Router Solicitation and Router Advertisement messages
Broadcast addresses Sends traffic to all nodes on a subnet
Uses a link-local scope, all-nodes multicast address instead of an IPv6 broadcast address
ConfigurationConfigured manually or through DHCP
Does not require manual configuration or DHCP
Resource recordsUses A resource records in DNS to map host names to IPv4 addresses
Uses AAAA resource records in DNS to map host names to IPv6 addresses
IPv6 Address Space
Address Syntax:
• 128-bit address in binary:
• 128-bit address divided into 16-bit boundaries:
• Each 16-bit block converted to HEX (base 16):
• Further simplify by removing leading zeros:
0010000000000001000011011011100000000000000000000010111100111011 0000001010101010000000001111111111111110001010001001110001011010
0010000000000001 0000110110111000 0000000000000000 0010111100111011 0000001010101010 0000000011111111 1111111000101000 1001110001011010
2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A
2001:DB8:0:2F3B:2AA:FF:FE28:9C5A
Converting from Binary to Hexadecimal
[0010][1111][0011][1011]
8 4 2 1
[0 0 1 0] 0+0+2+0=2
[1 1 1 1] 8+4+2+1=F
[0 0 1 1] 0+0+2+1=3
[1 0 1 1] 8+0+2+1=B
= 2F3B
• 128-bit address in binary:
• 128-bit address divided into 16-bit boundaries:
• Each 16-bit block converted to HEX (base 16):
• Further simplify by removing leading zeros:
00100000000000010000110110111000000000000000000000101111001110110000001010101010000000001111111111111110001010001001110001011010
0010000000000001 0000110110111000 00000000000000000010111100111011 0000001010101010 0000000011111111 1111111000101000 1001110001011010
2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A
2001:DB8:0:2F3B:2AA:FF:FE28:9C5A
Lesson 2: IPv6 Addressing
• IPv6 Prefixes
•Unicast IPv6 Address Types
•Zone IDs
•Address Autoconfiguration for IPv6
•Demonstration: How to Configure IPv6 Client Settings
IPv6 Prefixes
AllocationFormat prefix binary value
Format prefix hexadecimal value
Fraction of the address space
Reserved 0000 0000 - 1/256
Aggregatable global unicast addresses
001 2 or 3 1/8
Link-local unicast addresses
1111 1110 10 FE8 1/1024
Site-local unicast addresses
1111 1110 FD00 1/256
Multicast addresses 1111 1111 FF 1/256
Unicast IPv6 Address Types
• Global unicast addresses
• Local-use unicast addresses
• Unique local IPv6 unicast addresses
Zone IDs
Zone IDs
• fe80::2b0:d0ff:fee9:4143%3
• fec0::f282:2b0:d0ff:fee9:4143%2
Address Autoconfiguration for IPv6
Preferred Deprecated InvalidTentative
Valid
Time
Valid Lifetime
Preferred Lifetime
Autoconfigured IP Timeline
If managed flag set,use DHCPv66 Add prefixes5Check the router for prefixes4Check for a router on the network3Check for address conflicts using neighbor solicitation2 Derive Link-Local Address1
fe80::d593:e1e:e612:53e4%10
Router configuration information
Additional router prefixes
DHCPv6 information received
IPv6 Client
IPv6 DHCP Server configured with SiteLocal Scope
IPv6 Router
Demonstration: How to Configure IPv6 Client Settings
This demonstration shows how to:
•Configure a DHCP Scope for IPv6 Clients
•Configure the client computer
Lesson 3: Coexistence with IPv6
•What Are Node Types?
• IPv4 and IPv6 Coexistence
•What Is a Dual Layer Architecture?
•What Is a Dual Stack Architecture?
•How DNS Supports IPv6
•Demonstration: How to Configure DNS to Support IPv6
•What Is IPv6 Over IPv4 Tunneling?
What Are Node Types?
IPv4 Network
IPv6 Network
IPv4/IPv6 Node
IPv4 Only Node
IPv6 Only Node
IPv4 and IPv6 Coexistence
Methods for providing coexistence of IPv4 and IPv6:
• Dual IP layer architecture (Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2)
• Dual stack architecture(Windows Server 2003 and Windows XP)
• DNS Infrastructure requirements
• IPv6 over IPv4 tunneling
What Is a Dual-Layer Architecture?
Dual layer can create:
• IPv4 packets
• IPv6 packets
• IPv6 over IPv4 packets
Transport Layer (TCP/UDP)
IPv6
Network Interface Layer
IPv4
Application Layer
IPv6 IPv4
IPv6 over IPv4
What Is a Dual-Stack Architecture?
Dual stack can create:
• IPv4 packets
• IPv6 packets
• IPv6 over IPv4 packets
TCP/UDP
IPv6
Network Interface Layer
IPv4
IPv6 IPv4
IPv6 over IPv4
TCP/UDP
Application Layer
How DNS Supports IPv6
DNS support for IPv6:
• DNS Host records are classified as AAAA records
• Pointer Records are configured in the IP6.ARPA zone
• DNS tries to return the appropriate address (either IP 4 or IP 6 depending on the Address Selection rules)
Demonstration: How to Configure DNS to Support IPv6
This demonstration shows how to:
•Configure the bindings for the DNS service
•Verify the presence of AAAA records in Contoso.com
What Is IPv6 Over IPv4 Tunneling?
IPv4 Packet
IPv6 Packet
IPv4
IPv6
IPv6 over IPv4 tunneling allows IPv6 to communicate through an IPv4 network
IPv4 header
Upper layer protocol data unit
Extension headers
IPv6 header
Upper layer protocol data unit
Extension headers
IPv6 header
IPv4 Packet
IPv6 Packet
Lesson 4: IPv6 Transition Technologies
• IPv6 Transition Technologies Use
•What Is ISATAP?
•What Is 6to4?
•What Is Teredo?
•What Is PortProxy?
IPv6 Transition Technologies Use
Tunneling Technology
Usage
ISATAP
• Local intranets
• Autoconfiguration on host
• Allows IPv6 nodes to communicate over an IPv4 subnet
• Enabled by default
6to4
• IPv6 to IPv6 networks over the IPv4 Internet
• Autoconfiguration on host
• Enabled by default
Teredo• IPv6 to IPv6 through IPv4 NAT
• Disabled by default
What Is ISATAP?
DNS query for “ISATAP”1
IPv6-capablenetwork
IPv4-onlyintranet
ISATAP Host
ISATAP Host
ISATAP Router
DNS Server
1 2
3
IPv4-encapsulated routersolicitation2
IPv4-encapsulated routeradvertisement3
IPv4 traffic
IPv6 tunneledwith IPv4
How ISATAP Tunneling Works
ISATAP Router
• Forwards packets between ISATAP hosts and hosts on other IPv6 subnets (optional)
• Advertises subnet prefixes assigned to the logical ISATAP subnet on which ISATAP hosts are located
• ISATAP hosts use the advertised subnet prefixes to configure global ISATAP addresses
• The other subnets can be subnets in an IPv6-capable portion of the organization's network or the IPv6 Internet
• ISATAP addresses:
• [64-bit unicast prefix]:0:5EFE:w.x.y.z
• w.x.y.z is a public or private IPv4 address
• Example: FE80::5EFE:157.59.137.133
• Address assignment and automatic tunneling technology for unicast IPv6 traffic between IPv6/IPv4 nodes across an IPv4 intranet
• ISATAP treats an IPv4 infrastructure as a single link
What Is 6to4?
IPv6 host BIPv6/IPv4
6to4 relayIPv6/IPv4
6to4 routerIPv6/IPv4
6to4 routerIPv6/IPv4
IPv6 host CIPv6/IPv4
IPv6 Internet
IPv6 host DIPv6-only
IPv6 host AIPv6/IPv4
Site 1
Site 2
IPv4 Internet
Field Value
IPv6 Source Address 2002:9D3C:5B7B:1::1
IPv6 Destination Address 2002:836B:D231:2::3
IPv4 Source Address 157.60.91.123
IPv4 Destination Address 131.107.210.49
• 6to4 address:
2002:WWXX:YYZZ:Subnet_ID:Interface_ID
• Address assignment and automatic tunneling technology for unicast traffic between IPv6/IPv4 nodes across the IPv4 Internet
• 6to4 treats the IPv4 Internet as a single link
What Is Teredo?
When Teredo is behind a restricted NAT, initial communication involves several additional steps
Teredo Server 2Teredo Server 1
TeredoClient A
Teredo Client B
Restricted NAT
Restricted NAT
XIPv4 Internet
X
1
2
3
5
4
Bubble packet to Teredo Client B1
Bubble packet to Teredo Server 22
Forwarded bubble packet to Teredo Client B3
Bubble packet to Teredo Client A4
Direct packet to Teredo Client B5
Teredo: Restricted NAT
Establish a Teredo server1
Establish communications between Teredo clients3
Discover the kind of NAT running at a given host2
How Teredo works:
IPv6-onlyhost
Teredo relay
NAT
Teredo client
IPv6 traffic
IPv6 over IPv4 traffic
X
NAT
IPv6 InternetIPv4 Internet
X
Teredo server
Teredo host-specificrelay
IPv6 or IPv6 over IPv4 traffic
Components of Teredo Tunneling
• Address-assignment and automatic tunneling technology for unicast traffic between IPv6/IPv4 nodes located behind one or more IPv4 NATs on the IPv4 Internet
• 6to4 relies on public IPv4 address and IPv6 router functionality in an edge device
• Automatically adjusts behavior based on the type of the local NAT
What Is PortProxy?
PortProxy is a component that allows the proxying of the following traffic:
• IPv4 to IPv4: TCP traffic to an IPv4 address is proxied to TCP traffic to another IPv4 address
• IPv4 to IPv6: TCP traffic to an IPv4 address is proxied to TCP traffic to an IPv6 address
• IPv6 to IPv6: TCP traffic to an IPv6 address is proxied to TCP traffic to another IPv6 address
• IPv6 to IPv4: TCP traffic to an IPv6 address is proxied to TCP traffic to an IPv4 address
Lab A: Configuring an ISATAP Router
• Exercise 1: Configuring a New IPv6 Network and Client
• Exercise 2: Configuring an ISATAP Router to Enable Communication Between an IPv4 Network and an IPv6 Network
Estimated time: 30 minutes
Logon information
Virtual machines6421B-NYC-DC16421B-NYC-RTR6421B-NYC-CL2
User name Contoso\Administrator
Password Pa$$w0rd
Lab Scenario
Contoso has decided to begin the process of migrating their network to IPv6. Your initial task is to prove the principle of the migration by configuring a single client computer for IPv6.
Lab Review
•What does an ISATAP router allow an IPv6/IPv4 hybrid node to do?
•What do you need to define on the DNS server for an ISATAP router to function properly?
•What does advertising a prefix do when you are defining a prefix in the IPv6 router?
Lesson 5: Transitioning from IPv4 to IPv6
•Discussion: Considerations for Migrating from IPv4 to IPv6
• Process for Transitioning to Native IPv6
Discussion: Considerations for Migrating from IPv4 to IPv6
How might applications be affected?What kind of network infrastructure and network services need to be in place?What devices need to be upgraded?
15 minutes
Process for Transitioning to Native IPv6
Applications1
Upgrade hosts to IPv6/IPv4 nodes3
DNS infrastructure 2
Convert IPv6/IPv4 nodes to IPv6-only nodes5
Upgrade routing infrastructure for native IPv6 routing4
Lesson 6: Troubleshooting IPv6
•Methods Used to Troubleshoot IPv6
•Verifying IPv6 Connectivity
•Verifying DNS Name Resolution for IPv6 Addresses
•Verifying IPv6-based TCP Connections
Methods Used to Troubleshoot IPv6
Verify IPv6 connectivity
Verify IPv6-based TCP connections
Verify DNS name resolution for IPv6 addresses
Verifying IPv6 Connectivity
Verify configuration (IPconfig and netsh)
Verify reachability
Manage configuration (netsh)
Check packet filtering
View and manage the IPv6 routing table (route print)
Verify router reliability (pathping)
Verifying DNS Name Resolution for IPv6 Addresses
Verify DNS configuration
Test DNS name resolution with the Ping tool
Display and flush the DNS client resolver cache
Use the Nslookup tool to view DNS server responses
Verifying IPv6-based TCP Connections
Check for packet filtering
Verify TCP connection establishment
Lab B: Converting the Network to Native IPv6
• Exercise 1: Transitioning to a native IPv6 network
Estimated time: 30 minutes
Logon information
Virtual machines6421B-NYC-DC16421B-NYC-RTR6421B-NYC-CL2
User name Contoso\Administrator
Password Pa$$w0rd
Lab Scenario
The pilot went well. Your manager has asked you to convert the network to IPv6. Your task is to disable ISATAP and enable native IPv6 routing. For this project, you must transition to a native IPv6 Network.
Lab Review
•Why must you disable the ISATAP router when transitioning to IPv6?
Module Review and Takeaways
•Review Questions
• Tools
