Module 7 IPV6-2022 ada(1).pptx
Transcript
IPV6 INTRODUCTION • Problems with IPv4 • IPv6 features • IPv6 packets over local area network (LAN) media • IPv6 implementations from Microsoft PROBLEMS WITH IPV4 • Public address space is exhausted • Large routing tables for Internet backbone routers • Configuration could be simpler • IP-layer...
IPV6 INTRODUCTION • Problems with IPv4 • IPv6 features • IPv6 packets over local area network (LAN) media • IPv6 implementations from Microsoft PROBLEMS WITH IPV4 • Public address space is exhausted • Large routing tables for Internet backbone routers • Configuration could be simpler • IP-layer security is not required • IPv4, with its 32-bit address space, provides for 4,294,967,296, WHAT’S CHANGED NOW? • We’re out of IPv4 addresses. The need for IP addresses is real. It is predicted that the Internet of Things add about another 45 billion devices by 2023. • Cloud services now support IPv6. About half of the world’s population is yet to get Internet access. • Already about 5.5 billion mobile phones in the world require Internet connectivity; and remember that IPv4 allows for only 4.29 billion addresses. We don’t have the IPv4 address space to accommodate current needs CLASSLESS ADDRESSING REPLACES CLASSFUL ADDRESSING Problems with IPv4 addressing: • – Early address allocation was not efficient. • – Addresses were not reclaimed after they were no longer in use. CIDR solution (1994): • – CIDR converted the classful address space into a classless space. IPV6 FEATURES • New header format • Large address space • Efficient and hierarchical addressing and routing infrastructure • Stateless and stateful address configuration IPV6 FEATURES (2) • Built-in security • Better support for prioritized delivery • New protocol for neighboring node interaction • Extensibility BETTER PERFORMANCE • Increased performance can be another benefit of transitioning to IPv6. • Many content providers are seeing substantial increases in performance with IPv6. Facebook sees 20% to 40% better performance of news feeds with IPv6. Tests at Spectrum (TWC) show about a 15% performance increase with IPv6. Asia-Pacific Network Information Centre (APNIC) says that IPv6 traffic is faster over trans-Pacific links due to better routing aggregation. EVOLUTION NOT REVOLUTION • IPv4 has been an integral part of the genesis and growth of the Internet for 30 years. • IPv6 follows the key design principles of this proven protocol. • But to address modern networking needs, IPv6 has been modified in the following areas: • Address length: from 32 to 128 bits • NAT: No longer necessary • Options in header: From fixed and size limited to extensible • Configuration: From manual or DHCP to self-configurable or DHCP • Security: From IPsec optional to IPsec mandatory • Better QOS IPV6 AND THE REFERENCE MODELS TCP/IP OSI Applicatio n Presentation Application Layer FTP RIP HTTP SMTP DNS Session Transport Transport Network Internet Layer Link Physical Network Access Layer UDP TCP IPv6 Ethernet NDP WIFI ICMPv6 FDDI IMPORTANT NEW FEATURES (1) • An IPv6 address includes a Subnet ID field that can be defined by the organization so there is no need to borrow bits from the host portion of the address to create subnets. • The IPv6 header has been significantly modified to include one new field and the removal of others. IMPORTANT NEW FEATURES (2) • A new ICMPv6 Neighbor Discovery Protocol (NDP) has four new message types. ICMPv6 NDP is used instead of ARP for resolving Layer 2 to Layer 3 addresses. • A non-routable IPv6 link-local address has multiple uses in IPv6, including self-configuration • A new solicited-node multicast address is used instead of a broadcast address to make neighbor discovery more efficient. IMPORTANT NEW FEATURES (3) • IPv6 includes Stateless Address Autoconfiguration (SLAAC), which allows devices to obtain unique and globally routable addresses without the services of a DHCPv6 server, using Router Advertisements (RA) • Stateless and stateful DHCPv6 provides several options for a device to obtain some or all of its addressing information. IPV6 AND IPV4 ADDRESS SPACE By expanding the address space to 128 bits, IPv6: • Solves the IPv4 address shortage • Enables many more levels of hierarchical addressing to simplify routing and renumbering • Renders NAT expendable • The network is transparent again, easing the administrative burden. Version Number of IP addresses IPv4 2**32 = 4,294,967,296 IPv6 2**128 = 340,282,366,290,938,463,463,374,607,431,770,000,000 340 UNDECILLION HEXADECIMAL NUMBERING SYSTEM • Base n numbering systems have n digits • All numbering systems begin with 0 • Base 16 has 16 digits, starting with 0: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F • Each hexadecimal digit can be represented by 4 binary digits. IPV6 ADDRESS REPRESENTATION (1) •IPv6 addresses often contain a long sequence of bits set to 0. In this case, a compact notation has been defined. With this notation, :: is used to indicate one or more groups of 16 bits blocks containing only bits set to 0. For example, • 2001:DB8:0:0:8:800:200C:417A is represented as 2001:DB8::8:800:200C:417A • FF01:0:0:0:0:0:0:101 is represented as FF01::101 • 0:0:0:0:0:0:0:1 is represented as ::1 • 0:0:0:0:0:0:0:0 is represented as :: • Leading 0s in each group of 4 can be omitted • A contiguous sequence of groups, containing all 0s can be represented with “::” (no quotes) IPV6 ADDRESS REPRESENTATION (2) Every four bits translates into one hexadecimal character, and every four hexadecimal characters are separated by a colon instead of a period, making eight groups of four hexadecimal characters for a complete IPv6 address. For example the address 2001:0000:0000:0C21:0000:0000:0000:4C22 can be represented as 2001::C21:0:0:0:4C22 Or: 2001:0:0:C21::4C22 The "::” can only appear once in an IPv6 address IPV6 ADDRESS REPRESENTATION (3) • IPv6 addresses are 128 bits in length and written as a string of hexadecimal digits. Every 4 bits can be represented by a single hexadecimal digit, for a total of 32 hexadecimal values The alphanumeric characters used in hexadecimal are not case sensitive. Although IPv6 address can be written in lowercase or uppercase, RFC 5952, A Recommendation for IPv6 Address Text Representation, recommends that IPv6 addresses be represented in lowercase. ADDRESS CATEGORIES 1 • Unicast • Multicast • Anycast ADDRESS CATEGORIES 2 • Unicast • Multicast • Anycast ADDRESS CATEGORIES 3 • Unicast • Multicast • Anycast IPV4 AND IPV6 HEADERS IP version 6 packet Images courtesy of Commons Wikimedia IP packet by Nicolargo (CC BY-SA 3.0 and IPv6 header by Ere and the Norwegian Wikipedia IPV6 ADDRESS TYPES • Global Unicast Address (GUA) • Link-Local Unicast Address • Unspecified Address • Solicited-Node Multicast Address • Anycast IPV6 ADDRESS STRUCTURE The highest 3 bits are assigned by IANA Global Routing Prefix. The prefix assigned to an organization’s site the higher 3 bits and the GRP are used to create the 48 bit site prefix. Assigned to an organization Subnet ID. It can be used within an organization to identify subnets. There can be up to 65536 subnets within an organization Interface ID. Identifies the interface on a specific subnet. It can be either an EUI-64 or randomly assigned 64 bit number GLOBAL UNICAST ADDRESS (GUA) • An IPv6 global unicast address (GUA) is a globally unique and routable IPv6 address. It is equivalent to a public IPv4 address. A GUA begins with either a hexadecimal 2 or 3. • A GUA can be either a source or destination IPv6 address. • 2001:db8:cafe:1::100 UNICAST • The most basic address type in IPv6 is the unicast address, but unlike IPv4 nodes, a single IPv6 interface can have multiple unicast addresses. • “Unicast” refers to a packet that originates with one interface and is destined for only one other interface. MULTICAST • Multicast permits network administrators to put nodes into logical groups that need to receive the same messages, such as a group of servers that need a particular kind of update, or to provide content over the Internet to multiple nodes at the same time. ANYCAST Anycast addresses are meant for the first node in a group of nodes. The purpose of anycast is to permit a node to communicate with one of a set of routers or service providing hosts without adding excess traffic to the network and without the need for repeated configuration of the nodes. ADDRESS TERMINOLOGY • Prefix • Prefix length • Interface ID • Node (device) • Scope SPECIAL IP ADDRESSES COMPARISON Address type IPv4 IPv6 IPv6 compressed Unspecified address 0.0.0.0 0.0.0.0.0.0.0.0 ::/128 Loopback 127.x.x.x 0.0.0.0.0.0.0.1 ::1/128 IPv4 mapped 192.168.1. 1 0.0.0.0.0.FFFF.192.168 .1.1 ::FFF:192.168.1.1/128 Note: The IPv4 address used in the IPv4 mapped row is just an example. It can be any IPv4 address. In some implementations the dotted decimal notation used for the IPv4 part is converted in hexadecimal SCOPES • An IPv6 “scope” is the range for which an address type is valid. • The smallest scope is the link-local scope, which is a collision domain on an Ethernet network. • The largest scope is the global scope, which comprises all the interfaces that have a connection to the Internet. LINK-LOCAL UNICAST SCOPE • a link-local address is limited to its collision domain only. IPv6 routers never forward a packet that has an FE80::/10 prefix in its destination or source address, a rule that is preconfigured on IPv6-enabled routers. PREFIX • The prefix is the network portion of an IPv6 address. In an IPv4 address, we sometimes call this the network portion of the address, or the network prefix. • The network prefix represents the upper half (64 bits) of an IPv6 address PREFIX LENGTH • The prefix length is the number of most-significant or leftmost bits that define the prefix, the network portion of the address. This is equivalent to the subnet mask in IPv4. Refer to slide 63 for an explanation of the terms on the right side INTERFACE ID • The Interface ID is equivalent to the host portion of an IPv4 address. IPv6 uses the term Interface ID because any type of device can have an IP address, not just a host computer. The interface ID is represented by the lower half of the IPv6 address LINK-LOCAL UNICAST ADDRESS • A link-local address is a unicast address that is local only on that link. The term link refers to a logical network segment or subnet. Link-local addresses are limited to the particular link and are not routable beyond the local subnet • An IPv6 device doesn’t have to have a global unicast address but it must have a link-local address. • Link-local addresses commonly begin with fe80 LINK-LOCAL ADDRESSES GENERATION • Link-local addresses are typically created automatically by the host operating system, which is why you see these addresses already configured on devices with Windows, Mac OS, and Linux operating systems. A link-local address can be either a source or destination IPv6 address UNSPECIFIED ADDRESS • An IPv6 unspecified address is an all-0s address that indicates either the absence or anonymity of an IPv6 address. Unspecified addresses are used only as source addresses and never forwarded by an IPv6 router. • 0:0:0:0:0:0:0:0:/128 or ::/128 SOLICITED-NODE MULTICAST ADDRESS • A Solicited-Node multicast address is an IPv6 multicast address valid within the local-link • A Solicited-Node multicast address is created by taking the last 24 bits of a unicast or anycast address and appending them to the prefix ff02::1:ff00:0/104 • A host is required to join a Solicited-Node multicast group for each of its configured unicast or anycast addresses. ICMPV6 NEIGHBOR DISCOVERY PROTOCOL (NDP) • NDP includes five message types: Router Solicitation, Router Advertisement, Neighbor Solicitation, Neighbor Advertisement, and Redirect messages. The first four messages are new with ICMPv6. The Redirect message is also part of ICMPv4 but contains additional functionality. NEIGHBOR DISCOVERY PROTOCOL (NDP) ROUTER SOLICITATION (RS) AND ROUTER ADVERTISEMENT (RA) MESSAGES • The Router Solicitation and Router Advertisement messages are used for messaging between a device and a router on the same link (subnet). • The Router Advertisement message is sent by a router as a suggestion to devices about how to dynamically obtain their IPv6 addressing information. • The Router Solicitation message is sent by a device to request a Router Advertisement message from the router ROUTER SOLICITATION (RS) AND ROUTER ADVERTISING (RA) DYNAMIC ADDRESS ALLOCATION • With IPv4 there were two ways to do address allocation: • Static or manual • Dynamically, Using DHCPv4 • IPv6 has the same two fundamental ways to do address allocation • Static • Dynamic, using RA and RS or using DHCP DYNAMIC ADDRESSING (1) • An IPv6 router sends a Router Advertisement message periodically or when it receives a Router Solicitation request from a device. The RA message is typically sent to the all-IPv6 devices multicast address (ff02::1), so every IPv6 device on the link (network) receives it. (It can also be sent as a unicast message.) Other routers do not forward RA messages. DYNAMIC ADDRESSING (2) • RA contains: • Network prefix • Address of default gateway • Optional information such as DNS • Flags • Unlike an IPv4 device, an IPv6 device can determine all of its addressing dynamically without the services of a DHCP server. AUTOCONFIGURATION METHODS • Stateless Address Autoconfiguration (SLAAC) • SLAAC and stateless DHCPv6 server • Stateful DHCPv6 server DHCP V6 DHCP v6 is an adaptation of DHCP v4 DHCP v6 is a stateful configuration method because it keeps track of the association between IP addresses and hosts. DHCP will send out a DHCP Solicit multicast message with the address FF02::1:2. This message will be sent using the link-local scope. If a DHCP server exists on the local network it will respond with the IP information and additional information configured by the administrator (DNS, default gateway, etc.). The DHCP information exchange is the same as in IPv4 NOTE: DHCP v6 can be used in a stateless configuration. In this instance the DHCP server will NOT assign IPv6 addresses, this will be done via other methods. Instea the DHCP server is used to provide information that the address configuration method did not provide, such as DNS, default gateway) AUTOCONFIGURATION METHODS (2) • SLAAC suggest that the client device create its own IPv6 global unicast address. The client uses the prefix in the Router Advertisement message and then creates a 64-bit Interface ID, which can be generated in one of two ways • Random • EUI-64 STATELESS ADDRESS AUTOCONFIGURATION (SLAAC) IPv6 Stateless Address Autoconfiguration or SLAAC allows devices on a network to automatically configure IPv6 addresses on its interface without managing a DHCP server. The SLAAC process has five steps: 1. The IPv6 devices give itself an IPv6link-local address. 2. The IPv6 device checks if it is a duplicate IPv6 address 3. The IPv6 device sends a Router Solicitation (RS) message 4. A router responds to RS with a Router Advertisement (RA) message 5. The IPv6 device configures a Global Unicast Address (GUA) SLAAC (2) The generation of a link-local address The Link local address can be generated by combining the local prefix (FE80::/64) and the EUI-64 interface identifier obtained from the MAC address with the additional FFFE padding. For example, the MAC address 0800.2B12.3456 will result in the following EUI-64: 0800.2BFF.FE12.3456 And the IPv6 link-local address: FE80::0800:2BFF:FE12:3456 NOTE: Most modern operating system will not use the EUI-64 format, instead will generate a random 64-bit interface identifier. This is done due to security and privacy considerations SLAAC (3) DAD Once the link-local address us assigned, the IPv6 device will send three Duplicate Address Detection (DAD) ICMPv6 messages. This is done by using a solicited node multicast (IPv6 prefix FF02::1:0/104 Example from Wikipedia fe80::2aa:ff:fe28:9c5a IPv6 unicast/anycast address (compressed notation) fe80:0000:0000:0000:02aa:00ff:fe28:9c5a IPv6 unicast/anycast address (uncompressed notation) ff02::1:ff00:0/104 Solicited-Node multicast address prefix ff02:0000:0000:0000:0000:0001:ff00:0000/104 (uncompressed) ff02:0000:0000:0000:0000:0001:ff28:9c5a notation) ff02::1:ff28:9c5a Solicited-Node multicast address (uncompressed Solicited-Node multicast address (compressed notation) SLAAC (4) DAD • DAD uses the Network Discovery protocol (NDP). https://www.ietf.org/rfc/rfc2461.txt • Each interface will join a solicited node multicast group. An IPv6 node always joins the solicited-node multicast for every IPv6 address it has configured on the ethernet interface including the link-local. • DAD is equivalent to the gratuitous ARP used in IPv4 SLAAC (5) Router Solicitation message The IPv6 device, after having configured the link-local address, and ensuring the address is unique, sends out a Router Solicitation message (RS). The goal of the RS is to ask every router on this segment, what is the global unicast prefix for the segment. (The global unicast prefix is similar to the network field in IPv4 addressing) I need the IPv6 unicast prefix for this segment Here is the IPv6 information you requested SIMILARITIES BETWEEN IPV4 AND IPV6 • Functions of addressing: • Network interface identification • Routing through address structure • Addresses assigned to interfaces • Prefix-length metric (subnet mask) • Multicast • Unicast DIFFERENCES BETWEEN IPV4 AND IPV6 • Multiple addresses per interface • No broadcast • IP address size increased from 32 to 128 bits • 3.4 × 1038 possible addresses • Hierarchical addressing scheme • No need for NAT or other workarounds • Every IP device can have a public address REPRESENTATION OF IPV6 ADDRESSES • IPv6 addresses are 128 bits in length and written as a string of hexadecimal digits. Every 4 bits can be represented by a single hexadecimal digit, for a total of 32 hexadecimal values The alphanumeric characters used in hexadecimal are not case sensitive. Although IPv6 address can be written in lowercase or uppercase, RFC 5952, A Recommendation for IPv6 Address Text Representation, recommends that IPv6 addresses be represented in lowercase. INTERFACE ID • With IPv4, the IP address for a particular interface is either manually configured or it is generated by Dynamic Host Configuration Protocol version 4 (DHCPv4). With IPv6, the IP address for a particular interface—called the interface identifier or interface ID—can be derived using one of five methods. Each method must yield an address in modified Institute of Electrical and Electronics Engineers (IEEE) ExtendedUnique Identifier (EUI)-64 format. • See https://standards.ieee.org/content/dam/ieee-standards/stand ards/web/documents/tutorials/eui.pdf FIVE METHODS OF CREATING AN INTERFACE ID 1. As with IPv4, you can assign an interface ID with DHCP, only you use DHCPv6. 2. You can also configure the IPv6 address manually, just as with IPv4. 3. RFC 3972, Cryptographically Generated Addresses (CGAs), describes a method for deriving a CGA using a public key. 4. RFC 4941, Privacy Extensions for Stateless Address Autoconfiguration in IPv6, describes a method of autogenerating temporary IPv6 addresses for use on the public Internet, similar to a temporary NAT address that shields the exact identity of the node from the rest of the Internet. 5. The fifth method involves the interface’s IEEE 48-bit MAC address and a simple transformation, which is performed automatically by an IPv6-enabled node. This method is deprecated PREFIXES As mentioned earlier, the large IPv6 address space provides benefits above and beyond accommodating a virtually limitless number of devices. IPv6 allows for many kinds of specialized prefixes of varying lengths and functions. • IPv6 specifies routing prefixes that can be used globally or that are limited to smaller network segments, depending on how you want to partition your network. Routers are therefore able to determine how—or if—some packets are to be forwarded, according to rules that are already configured on an IPv6 router. • As with classless IPv4 networks, you can define the network portion of an address as any number of bits. IPv6 also retains the CIDR convention of indicating the network portion of an address with a forward slash (/) and a number that indicates the number of bits that constitute the network address. This number is called the “prefix-length metric.” HIERARCHICAL ADDRESSING RIR PREFIX ALLOCATION See: https://www.iana.org/numbers SPECIAL ADDRESSES Address type IPv4 IPv6 IPv6 abbreviated unspecified 0.0.0.0 O:0:0:0:0:0:0:0 ::/128 loopback 127.0.0.1 0:0:0:0:0:0:0:1 ::/128 0:0:0:0:FFFF:IPv4 address ::FFFF:IPv4 address IPv6 Mapped to IPv4 IPv4 address Example: IPv4 address: 192.168.1.1 IPv4-Mapped: 0000:0000:0000:0000:0000:FFFF:192.168.1.1/128 Or: abbreviated: ::FFFF:192.168.1.1 Or: ::FFFF:C0A8:0101/128 IPV6 PREFIXES https://www.iana.org/assignments/ ipv6-address-space/ipv6-address-s pace.xhtml IPV6 ADDRESS SUMMARY • Unicast Addresses: A packet is delivered to one interface. This is the same concept as in IPv4. • Multicast Addresses: A packet is delivered to multiple interfaces. This is the same concept as in • Anycast Addresses: A packet is delivered to the nearest of multiple interfaces (in terms of routing distance). This is unique to IPv6 and allows an IPv6 address to be applied to multiple interfaces, with the packet going to the interface that is closest.
