IPv6: Hype or Reality?

Tim HelmingDirector of Product Management

Corey, Nachreiner, CISSP, Sr. Network Security Strategist,

Welcome!

You’re here because v6 matters to you

Come On In: The Water’s Fine!

IPv4 is dead…long live IPv4!

IPv6 is Everywhere….sort of…

Source: Elise Gerich, IANA/ICANN

Sometimes “unofficial” data is the most interesting…

Graphic: Geoff Huston, APNIC

OK….Pencils and Binoculars Ready?

IPv6 Technical Brief

What’s the problem with IPv4?

Simply put, it doesn’t offer enough addresses…

World Population: Around 6.8 billion

Number of IPv4 addresses: Around 4.3 billion

It Gets Worse…

People (personal computers) aren’t the only thing online…

IPv6 Technical Benefits

Quick IPv4 Address Recap

• Developed in 80s• 232

• 4.3 billion possible addresses (4,294,967,296)• Generally represented in decimal• NAT allows more (1000s of devices can hide behind one IPv4 address)

• Developed in 80s• 232

• 4.3 billion possible addresses (4,294,967,296)• Generally represented in decimal• NAT allows more (1000s of devices can hide behind one IPv4 address)

208.132.96.2532-bit (four bytes) long

One byte = 0 - 255

1101000.10000100.01100000.00011001

Dissecting an IPv6 Address

• Developed in 1998 (RFC 2460)•2128

• 3.4 x 1038 or 340 Undecillion (what?) possible addresses•Generally represented in hexadecimal (HEX)•Who needs NAT!

• Developed in 1998 (RFC 2460)•2128

• 3.4 x 1038 or 340 Undecillion (what?) possible addresses•Generally represented in hexadecimal (HEX)•Who needs NAT!

2560:1900:4545:0003:0200:F8FF:FE21:67CF

128-bits (16 bytes) longTwo bytes = 0 – FFFF (65535)

0010000111011010000000001101001100000000000000000010111100111011 0000001010101010000000001111111111111110001010001001110001011010

340 282 366 920 938 463 463 374 607 431 768 211 456

2001:19:545:3:200::67CF

Shortening IPv6 Addresses

2001:0019:0545:0003:0200:0000:0000:67CF

2001:19:545:3:200:0:0:67CF

Remove preceding zeros

Remove groups of zeros

2001:19:545:3:200:::67CF

Reading HEX Primer

Hexadecimal (base 16) is a numeral system with sixteen symbols • 0-9 = well… zero through nine (duh)• A-F = 10 – 15•10,11,12,13 = 16, 17, 18. 19

Converting HEX to decimal: 4D5F

(4 x 163) + (13 x 162) +(5 x 161 ) + (15 x 160)

(16384) + (3328)+(80)+(15)

19807 or (0100110101011111)

Types of IPv6 Addresses

•Unicast Address – a one-to-one address:• Global – publicly routable address assigned by IANA (2000::/3)• Link local – Local address assigned for auto configuration or

neighbor discovery, etc… not routed. (FE80::/10)• Unique local – like private addresses. Just used at local site

(FC00 or FD00::/8)• Special – special addresses like loopback or default gateway• Compatible – used for IPv4 to IPv6 migration

•Multicast Address – an address intended for one-to-many communication:

• Multicast – sent to members in a multicast group• Broadcast – sent to all address on a network (technically, now

a all-nodes multicast)•Anycast Address – a new address used to send to the first receipient of a group

IPv6 Hierarchical Addressing

2561:1900:4545:0003:0200:F8FF:FE21:67CF

Interface IDSLA IDGlobal Routing Prefix

TLA ID NLA ID

Prefix

IPv6 Subnetting

•CIDR only (slash notation)•No concept of subnet masks•/ followed by prefix size (decimal number 1-128)

•CIDR only (slash notation)•No concept of subnet masks•/ followed by prefix size (decimal number 1-128)

2001:1900:4545:0003:0200:F8FF:FE21:67CF

2001:1900:4545::/48 =2001:1900:4545:0000:0000:0000:0000:0000 -

2001:1900:4545:FFFF:FFFF:FFFF:FFFF:FFFF

/16 /32 /48

CIDR to range tool: http://www.ultratools.com/tools/ipv6CIDRToRange

What about MAC?

•Hosts generate a unique “Interface Identifier”• Called 64-bit Extended Unique Identifier or EUI-64• 48-bit MAC addresses converted by adding FFFE to the middle

1. MAC Address: 90-3A-2B-06-2C-D12. Split in half: 90-3A-2B 06-2C-D13. Insert FFFE: 90:3A:2B:FF:FE:06:2C:D14. Change 7th bit to 1: 92:3A:2B:FF:FE:06:2C:D1

What about ARP?

IPv6 replaces ARP with the Neighborhood Discovery Protocol. This new protocol combines many functions:

Simplified Headers Mean Faster Traffic

Version IHL Type ofService Total Length

Identification FlagsFragment

Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Options Padding

IPv4 Header (20 bytes)

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

IPv6 Header (40 bytes)

IPv6 OS Support

Field Guide to Common IPv6 Addresses

Common Address Field Guide (1)

•Loopback address (was 127.0.0.1)

•Link-local address (was 169.254.0.0/16)

0000:0000:0000:0000:0000:0000:0000:0001or::1

FE80::/10

FE80::28BB:0ACB:3F57:D837

Common Address Field Guide (2)

•Default route (was 0.0.0.0/0)

•Unique Local Address or ULA (Also called Site Local. Similar to private networks)

0000:0000:0000:0000:0000:0000:0000:0000/0or

::/0

FC00::/7

FC00::28BB:0ACB:3F57:D837

Common Address Field Guide (3)

•Multicast address (was 224.0.0.0/4)

•Anycast address (new – send to the nearest node in a group)

FF00::/8

FF02::1

Looks like a unicast address

Common Address Field Guide (4)

•6to4 addresses

2002::/1616 bits 32 bit 16 bits 64 bits

2002 IPv4 address (hex)

SLA ID Interface ID

207.134.42.111 =2002:CF86:2A6F::/48

Common Address Field Guide (5)

•Unique Global (public IP address)

2000::/3

2260:F3A4:32CB:715D:5D11:D837

Common Address Field Guide (6)

Other addresses/ranges of lesser note:

• 42::/16 - The Retiolum Prefix• 2001::/32 -Teredo tunneling (transition mechanism)• 2001:2::/48 -Assigned to BMWG• 2001:10::/28 - ORCHID (Overlay Routable

Cryptographic Hash Identifiers)• 3FFE::/16 – 6Bone IPv6 Testbed addresses (legacy)

IPv6 Technical Summary

Glossary

•IP address: Internet protocol address. An address network devices use to identify one another•NAT: Network address translation. A standard to hide many special IPs behind one real IP•Hexadecimal: A base-16 numbering system consisting of 0-F•Routing Prefix: The first 64-bits of an IPv6 address, which identifies routing info•Interface ID: The last 64-bits of an IPv6 address, which identifies a single host•CIDR: Classless Inter-Domain Routing. A scalable method for assigning IPs and routing packets•MAC: Media Access Control address. A unique address for specific network hardware•ARP: Address resolution protocol. A standard for IPv4 devices to find one another locally•EUI-64: A unique 64-bit identifier of IPv6, based on MAC•Network Discovery (ND) Protocol: IPv6 replacement for ARP and more…

Glossary (cont.)

•Addresses• Unicast Address: Specific One-to-one address• Multicast Address: An address to communicate from one-to-

many• Anycast Address: A new type of address to communicate

from one to the first in a group to receive.• Loopback: Address that represents the local host• Local Link: Required, non-routable address that connects to

local network, and is used for autoconfiguration• Default Route: Address that represents where to send non-

local traffic• Unique Local: Non-global address similar to IPv4 private

networks• 6to4: One of many IPv6 transition mechanisms• Unique Global: A specific, publicly routable IPv6 host address

Things We Haven’t Covered (Lots)

Extra Reading Material for Geeks

IPv6 Request For Comments (RFCs):

• RFC 1752 (1995):The Recommendation for IP Next Generation (IPng) Protocol

• RFC 2460 (1998):Internet Protocol Version 6 (IPv6) Specification

• RFC 2462: IPv6 Stateless Address Autoconfiguration

• RFC 3775: Mobility Support in IPv6

• RFC 2893: Transition Mechanisms for IPv6 Hosts and Routers

• RFC 2373: IP Version 6 Addressing Architecture

And many more (over 70 RFCs related to IPv6): http://oversteer.bl.echidna.id.au/IPv6/RFC/

Wrapping Up

You Have Some New IPv6 Knowledge….Now What?

Thank You!