Embed Size (px)
Citation preview
P.2
Introduction IPv4 ChallengesIPv4 Challenges IPv6 Solutions
Internet address depletion – Limits growth for existing users
– Hinders new users
– Internet routing can be inefficient
– Often requires translation (NAT)
• Expanded address space
• Hierarchical address structure• Less header fields• More flexible Options• Route aggregation
System management costs– Labor-intensive, complex, error-prone
– Inconsistent level of DHCP support
– Network renumbering
• Neighbor discovery
• Autoconfiguration
• Automatic renumbering
• Transition mechanisms
Security– Disparate, often retrofitted solutions
• SSL, SHTTP, IPSECv4, etc.
– Security features are optional
• IPSec
• Filters
•Traffic Class and Flow Labels
The FutureMore than just people connected to the Internet…
• Expanded address space
• IP Mobility
• Traffic Class and Flow Labels
P.3
Introduction
Possible Solution: New Address Scheme • 32 bits for IPv4 addressing
– 232 or 4,294,967,296 IPv4 addresses available – 50% of IPv4 address space is still unallocated – 2 billion addresses exhausted for DNS-documented 51
million systems – 70% of Fortune 1000 are using NAT
• 128 bits for IPv6 addressing – 340,282,266,920,938,463,463,374,607,431,768,211,46
5 (or 3.4 x 1038) addresses available– 16-bit ‘colon hexadecimal’ notation
P.4
0 bits 31
Ver IHL Total Length
Identifier Flags Fragment Offset
32 bit Source Address
32 bit Destination Address
4 8 2416
Service Type
Options and Padding
Header ChecksumProtocol
Removed
Changed
20 octets + options : 13 fields, including 3 flag bits
Time to Live
IPv6 Features & BenefitsChanges from IPv4
P.5
0 31
Version TrafficClass
Flow Label
Payload Length Next Header Hop Limit
128-bit Source Address
128-bit Destination Address
4 12 2416
IPv6 Features & BenefitsHeader: 40 Bytes, 8 Fields
P.6
IPv6 Header
Next = TCP
TCP Header
IPv6 Header
Next = Routing
TCP HeaderRouting HdrNext = TCP
IPv6 Header
Next = Security
TCP HeaderSecurity HdrNext = Frag
Application Data
Application Data
Fragment HdrNext = TCP
DataFrag
• IP options become optional Extension Headers• Extension Headers are chained together• Enables greater IP service potential
IPv6 Features & BenefitsHeader & Extensions
P.7
Benefits of IPv6 extension headers
IPv4 options drawbacks• IPv4 options required special treatment in routers• Options had negative impact on forwarding performance• Rarely used
Benefits of IPv6 extension headers• Extension headers are external to IPv6 header• Routers do not look at these options except for Hop-by-hop options• No negative impact on routers forwarding performance• Easy to extend with new headers and option
P.8
• Fixed size IPv6 header– Options not limited to 40 bytes as in IPv4– Fewer fields in basic header = faster processing of basic packets– 64-bit alignment header/Options
• Efficient Option processing– Fields processed only when present– Most Options processed only at destination
• Checksum removed from Network Layer– Data links now more reliable – Performed at Upper Layers (e.g. TCP, UDP, ICMPv6)
• No Fragmentation in the network– More router cycles available for forwarding– Easier to implement in silicon– Easy for Layer 3 Switching of IP
IPv6 Features & BenefitsHeader Improves Processing Performance
P.9
IPv6 extension header orders
RFC 2460 recommends following order:1. IPv6 header2. Hop-by-hop options header3. Destination options header4. Routing header5. Fragment header6. Authentication header7. ESP header8. Destination options header9. Upper-layer header
P.10
Currently available IPv6 options
• Hop-by-hop– Must be processed by every node on the packet‘s path– Must always appear immediately after IPv6 header– Two Hop-by-hop options already defined:
Router alert option Jumbo payload option
• Destination– Meant to carry information intended to be examined by the
destination node– Only options currently defined are padding options to fill
out header on a 64-bit boundary if (future) options require it
P.11
IPv6 Features & Benefits Addressing Model
• Addresses are assigned to interfaces– No change from IPv4 Model
• Interface can have multiple addresses• Addresses have scope
– Link Local – specifies subnet– Site Local – specifies private address (like 10.x in v4)– Global – specifies global (advertised) significance
• Addresses have lifetime– Valid – timer for address life– Preferred – new address; may supersede existing, valid address
• Neighbor Discovery– Replaces ARP, ICMP Router Discovery, and ICMP Redirect IPv4 fun
ctionality– Used by hosts to:
• Discover neighboring routers, addresses, configuration parameters– Used by routers to:
• Advertise presence, host configuration parameters, next-hop
Link-LocalSite-LocalGlobal
P.12
3FFE:0301:DEC1::
Prefix
0A00:2BFF:FE36:701E
Interface ID
Prefix Representation 3FFE:0301:DEC1::/64
• An IPv6 Address formed by two entities:
• Separates “who you are” from “who you are connected to”– Routing Prefix - Routing Topology– Node Identification - Interface Identifier– Prefix & Interface ID sections not fixed sizes
• Example: Ethernet MAC address mapped to Interface ID
IPv6 Features & Benefits Address Structure
P.13
IPv6 Address Representation
• 128 bits• Represented by 8 colon-separated segments• Each 16-bit segment written in hexadecimal
Example:
3ffe:3700:1100:0001:d9e6:0b9d:14c6:45ee
P.14
IPv6 Address Compaction
• Leading zeroes in a 16-bit segment can be compacted Example:
fe80:0210:1100:0006:0030:a4ff:000c:0097
Becomes:
fe80:210:1100:6:30:a4ff:c:97
P.15
IPv6 Address Compaction
• All zeroes in one or more contiguous 16-bit segments can be represented with a double colon (::) Example:
ff02:0000:0000:0000:0000:0000:0000:0001
Becomes:
ff02::1
BUT…
P.16
IPv6 Address Compaction• Double colons can only be used once
Example:
2001:0000:0000:0013:0000:0000:0b0c:3701
Can be:
2001::13:0:0:b0c:3701
Or:
2001:0:0:13::b0c:3701
But not:
2001::13::b0c:3701
P.17
Imbedded IPv4 Addresses
• Some transition mechanisms imbed IPv4 addresses in IPv6 addresses
• Imbedded IPv4 addresses are represented with dotted decimal
Examples:
::13.1.68.3
::ffff:129.144.52.38
fe08::5efe:172.24.240.30
P.18
IPv6 Prefix Representation
• CIDR-like notation used to specify prefix length
Examples:
3ffe:0:0:2300:ce21:233:fea0:bc94/60
201:468:1102:1::1/64
P.19
IPv6 Prefix Compaction
2002:0000:0000:18d0:0000:0000:0000:0000/60
Can be represented as:
2002::18d0:0:0:0:0/60 2002:0:0:18d0::/60
P.20
IPv6 Address Types• Unicast
– Identifies a single interface– Packet sent to a unicast address is delivered to the interface identified
by that address• Anycast
– Identifies a set of interfaces– Packet sent to an anycast address is delivered to the nearest interface
identified by that address (as defined by the routing protocol)• Multicast
– Identifies a set of interfaces– Packet sent to a multicast address is delivered to all interfaces identified
by that address• IPv6 has no broadcast addresses
– IPv6 uses "all-nodes" multicast instead
P.21
IPv6 Address Scope
• Link-Local– Used on a single link– Packets with link-local source or destination addresses are not
forwarded to other links• Site-Local
– Used for a single site– Packets with site-local source or destination addresses are not
forwarded to other sites• Global
– A globally unique address– Packets with global addresses can be forwarded to any part of
the global network
P.22
Identifying Address TypesType IPv6 Prefix
Unspecified ::/128
Loopback ::1/128
Multicast ff00::/8
Link-Local Unicast fe80::/10
Site-Local Unicast fec0::/10
Global Unicast/Anycast everything else
P.23
Global Unicast Addresses:TLA/NLA Format (Being Obsoleted)
FP = Format Prefix (= 001 for globally aggregated unicast addresses)TLA-ID = Top-level aggreation identifierRES = Reserverd for future useNLA = Next-level aggregation identifierSLA-ID = Site-level aggregation identifierInterface ID = Interface identifier
Interface-IDFP TLA-ID Res NLA-ID SLA-ID
≥3 ≤13 8 24 16 64
128 bits
Public TopologySite
Topology Interface Identifier
Network Portion Node Portion
P.24
Global Unicast Addresses:New Format
Interface-ID001 Global Routing Prefix Subnet
3 45 16 64
128 bits
Public TopologySite
Topology Interface Identifier
Network Portion Node Portion
• Global Routing Prefix uses CIDR-like hierarchy• Everyone (from corporations to residences) gets 48-bit prefix• Everyone gets 16-bit subnet space• There are some exceptions (very large subscribers, mobile nodes)
P.25
Global Unicast Addresses:Why Fixed Prefix and Subnet Lengths?
• Changing ISPs becomes simpler• Eliminates need to justify address space• Plenty of room to grow
– 001 is only 1/8th of total address space
– 16-bit subnet field sufficient for most subscribers
• Can simplify multihoming
• See RFC 3177 for more information
P.26
Interface ID
• Unique to the link• Identifies interface on a specific link• Can be automatically derived
– IEEE addresses use MAC-to-EUI-64 conversion
– Other addresses use other automatic means
• Can be used to form link-local address• Can be used to form global address with
stateless autoconfiguration
P.27
EUI-64
1. ipconfig /all
MAC : 00-02-3F-75-68-83
2. 00000000-00000010-00111111-01110101-01101000-10000011
3. 00000000-00000010-00111111+1111111111111110+01110101-01101000-10000011
4. 00000010-00000010-00111111+1111111111111110+01110101-01101000-10000011
5. 0000001000000010 : 0011111111111111 : 1111111001110101 :
0110100010000011
6. 202:3FFF:FE75:6883
77 fe80::202:3FFF:FE75:6883
P.28
Multicast Address Format
Group-ID11111111 flgs
8 4 112
128 bit
scop
4
First 3 bits set to 0Last bit defines address type:0 = Permanent (or well-known)1 = Locally assigned (or transient)
Defines address scope0 Reserved1 Node-local scope2 Link-local scope5 Site-local scope8 Organization local scopeE Global scopeF Reserved
P.29
A Few Well-known Multicast AddressesIPv6 Well-known multicast
addressIPv4 Well-known multicast
addressMulticast Group
Node-local scope
FF01::1 224.0.0.1 All-nodes address
FF01::2 224.0.0.2 All-routers address
Link-local scope
FF02::1 224.0.0.1 All-nodes address
FF02::2 224.0.0.2 All-routers address
FF02::5 224.0.0.5 OSPFIGP
FF02::6 224.0.0.6 OSPFIGP-DR‘s
FF02::9 224.0.0.9 RIP routers
FF02::D 224.0.0.13 All PIM routers
Site-local scope
FF05::2 224.0.0.2 All-routers address
Any valid scope
FF0X::101 224.0.1.1 Network time protocol NTP
P.30
Configuration Example:IOS Router Interface
interface Ethernet2 ip address 206.196.180.113 255.255.255.240 ipv6 address 3FFE:3700:1102:1::1/64 ipv6 address 201:468:1102:1::1/64
P.31
Configuration Example:JUNOS Router Interface
[edit]lab@Juniper5# show interfaces fe-0/1/1unit 0 { family inet { address 206.196.180.113/28; } family inet6 { address 3FFE:3700:1102:1::1/64; address 201:468:1102:1::1/64; }}
P.32
ICMPv6
• Many of the same functions as ICMPv4– ICMPv4 Protocol Number = 1– ICMPv6 Next Header Number = 58
• Adds new messages and functions– Neighbor discovery– Stateless autoconfiguration– Mobile IPv6
P.33
ICMPv6 Message Types
Type Message
1 Destination Unreachable
2 Packet Too Big
3 Time Exceeded
4 Parameter Problem
128 Echo Request
129 Echo Reply
• Defined in RFC 2463
P.34
ICMPv6 New Message Types
Type Message
133 Router Solicitation (RS)
134 Router Advertisement (RA)
135 Neighbor Solicitation (NS)
136 Neighbor Advertisement (NA)
137 Redirect
• Defined in RFC 2461• Used for Neighbor Discovery protocol
P.35
IPv6 Neighbor Discovery• RFC 2461• Neighbor can be router or host• Performs several functions
– Link-layer address resolution– Router discovery– Local prefix discovery– Address autoconfiguration– Parameter discovery– Next-hop determination– Tracks neighbor and router reachability– Duplicate address detection– Redirects
P.36
Comparison to IPv4 Functions
• Similar IPv4 functions– ARP– ICMP Router Discovery– ICMP Redirect
• IPv4 has no agreed-upon mechanism for neighbor unreachability detection– Detects failing routers and links– Detects nodes that change their link-layer address– Unlike ARP, detects half-link failures
P.37
Improvements over IPv4• Router discovery part of base protocol
– Hosts do not need to “snoop” routing protocols• RAs and redirects carry link-layer addresses
– No additional packet exchange needed• RAs carry link prefixes
– No separate mechanism to configure “netmasks”– Enables address autoconfiguration– Multiple prefixes can be associated with same link
• RAs can advertise link MTUs– Ensures all nodes on link use same MTU value
• Immune to reception of off-link ND messages– Hop limit always set to 255– IPv4 ICMP Redirects and Router Discovery messages can be sent from off-link
P.38
• Improves Plug-and-Play, operational simplicity– Eases renumbering– Eases address management– Enables local mobility
• Types– Stateful- uses DHCPv6
• Clients obtain address and / or configuration from a DHCP server• DHCP server provides tight control over addresses
– Stateless - uses Neighbor Discovery• Routers advertise prefixes• Hosts generate an "interface token" • Address is formed by combining the two
IPv6 Features & Benefits Autoconfiguration
Router Solicitation via ND
Router Advertisement via NDHost IP
information configured dynamically
IPv6 Infrastructure
P.39
Address Autoconfiguration
• Stateless autoconfiguration– Requires only a router– Key advantage for applications such as Mobile IP
• Stateful autoconfiguration– When more control is desired– DHCPv6
• Stateless and stateful can be combined– “M” and “O” flags in RA
• M flag: Stateless Address Autoconfiguration Y/N• O flag: Stateless Autoconfigure Other Parameters Y/N
P.40
Stateless Autoconfiguration
1. Interface ID automatically derived IEEE addresses use MAC-to-EUI-64 conversion Other addresses use other means, such as random number generat
ion
2. Host creates a link-local address3. Host performs duplicate address check4. Host sends RS to the all-routers multicast address (ff01::2)5. Router unicasts RA with prefix information6. Host adds prefix to Interface ID to form global unicast addr
ess
P.41
MAC-to-EUI-64 Conversion
1. First three octets of MAC becomes Company-ID
2. Last three octets of MAC becomes Node-ID
3. 0xfffe inserted between Company-ID and Node-ID
4. Universal/Local-Bit (U/L-bit) is set to 1 for global scope
P.42
MAC-to-EUI-64 Conversion Example
MAC Address: 0000:0b0a:2d51• In binary:
00000000 00000000 00001011 00001010 00101101 01010001U/L Bit
Company-ID Individual Node-ID
Insert fffe between Company-ID and Node-ID00000000 00000000 00001011 11111111 11111110 00001010 00101101 01010001
Set U/L bit to 100000010 00000000 00001011 11111111 11111110 00001010 00101101 01010001
Resulting EUI-64 Address: 0200:0bff:fe0a:2d51
U/L Bit
= fffe
P.43
Using the EUI-64 Interface ID
EUI-64 Address:
200:bff:fe0a:2d51
Link-Local Address:
fe80::200:bff:fe0a:2d51
Global Unicast Address:
3ffe:3700:1100:1:200:bff:fe0a:2d51
P.44
Stateful Autoconfiguration:DHCPv6
• Currently in Internet-draft• Many changes from DHCPv4:
– Configuration of dynamic updates to DNS– Address deprecation for dynamic renumbering– Authentication– Clients can ask for multiple IP addresses– Addresses can be reclaimed– Integration between stateful and stateless autoconfiguration
• Uses multicasting– All_DHCP_Agents: ff02::1:2– All_DHCP_Servers: ff05::1:3
P.45
Configuration Example:Router Discovery
[edit]lab@Juniper5# show interfaces fe-2/1/0unit 0 { family inet6 { address 2001:468:1100:1::1/64; address 3ffe:3700:1100:1::1/64; }}
[edit]lab@Juniper5# show protocols router-advertisementinterface fe-2/1/1.0 { other-stateful-configuration; prefix 3ffe:3700:1100:1::/128; prefix 2001:468:1100:1::/128;}
P.46
Configuration Example:Windows XP Host
C:\Documents and Settings\Jeff Doyle>ipv6 if 4Interface 4: Ethernet: Local Area Connection 2 uses Neighbor Discovery uses Router Discovery link-layer address: 00-10-a4-a0-bc-97 preferred global 2001:468:1100:1:d9e6:b9d:14c6:45ee, life 6d21h14m26s/21h12m4s (anonymous) preferred global 2001:468:1100:1:210:a4ff:fea0:bc97, life 29d23h59m25s/6d23h59m25s (public) preferred global 3ffe:3700:1100:1:d9e6:b9d:14c6:45ee, life 6d21h14m26s/21h12m4s (anonymous) preferred global 3ffe:3700:1100:1:210:a4ff:fea0:bc97, life 29d23h59m25s/6d23h59m25s (public) preferred link-local fe80::210:a4ff:fea0:bc97, life infinite multicast interface-local ff01::1, 1 refs, not reportable multicast link-local ff02::1, 1 refs, not reportable multicast link-local ff02::1:ffa0:bc97, 3 refs, last reporter multicast link-local ff02::1:ffc6:45ee, 2 refs, last reporter link MTU 1500 (true link MTU 1500) current hop limit 64 reachable time 22000ms (base 30000ms) retransmission interval 1000ms DAD transmits 1
P.47
亞太地區 IPv6 核發 (Allocated) 統計亞太地區 IPv6 總計: 103
資料更新日期: 2003/05/19
次序 國家或地區 國家代碼 IPv6 數量 ( 單位:/32 或 /35)
1 JAPAN JP 542 KOREA, REPUBLIC OF KR 153 TAIWAN TW 104 AUSTRALIA AU 45 CHINA CN 46 SINGAPORE SG 47 MALAYSIA MY 38 THAILAND TH 39 HONG KONG HK 2
10 INDIA IN 111 INDONESIA ID 112 PAPUA NEW GUINEA PG 113 PHILIPPINES PH 1
P.48
TAIWAN IPv6 所有網段列表次序 IPv6 網段名稱 IPv6 網址範圍 核發日期
1 HINET-TW-20000208 2001:0238::/32 2000/02/082 TANET-TWNIC-TW-20001006 2001:0288::/32 2000/10/063 ASNET-TWNIC-TW-20020711 2001:0C08::/32 2002/07/114 TTN-TWNIC-TW-20020812 2001:0C50::/32 2002/08/125 SIXREN-TWNIC-TW-20020827 2001:0C58::/32 2002/08/276 CHTTL-TW-20021002 2001:0CA0::/32 2002/10/027 SEEDNET-IPv6-TWNIC-TW-20021209 2001:0CD8::/32 2002/12/098 TFN-TWNIC-TW-20030313 2001:0D20::/32 2003/03/139 TWNIC-TW-v6-20030331 2001:0DC1::/32 2003/03/31
10 NTT TW (Code name unknown) 2001:0D40::/32 2003/05/19
