IPv6 Addressing
Which Windows OSes used EUI-64 and which ones randomly generate the interface ID?
- Beginning with Windows Vista, Windows uses a randomly generated interface ID instead of one created with EUI-64. - Windows XP and previous Windows operating systems used EUI-64.
Method 2: SLAAC and Stateless DHCPv6
-A router interface can be configured to send a router advertisement using SLAAC and stateless DHCPv6. As shown in the figure, with this method, the RA message suggests devices use the following: 1. SLAAC to create its own IPv6 GUA 2. The router LLA, which is the RA source IPv6 address, as the default gateway address 3. A stateless DHCPv6 server to obtain other information such as a DNS server address and a domain name A stateless DHCPv6 server distributes DNS server addresses and domain names. It does not allocate GUAs. --- Figure: 1. The PC sends an RS to all IPv6 routers, "I need addressing information." 2. The router sends an RA message to all IPv6 nodes with Method 2 (SLAAC and DHCPv6) specified. "Here is your prefix, prefix-length, and default gateway information. But you will need to get DNS information from a DHCPv6 server." 3. The PC sends a DHCPv6 Solicit message to all DHCPv6 servers. "I used SLAAC to create my IPv6 address and get my default gateway address, but I need other information from a stateless DHCPv6 server."
Method 3: Stateful DHCPv6
-A router interface can be configured to send an RA using stateful DHCPv6 only. -Stateful DHCPv6 is similar to DHCP for IPv4. -A device can automatically receive its addressing information including a GUA, prefix length, and the addresses of DNS servers from a stateful DHCPv6 server. As shown in the figure, with this method, the RA message suggests devices use the following: - The router LLA, which is the RA source IPv6 address, for the default gateway address. - A stateful DHCPv6 server to obtain a GUA, DNS server address, domain name and other necessary information. ------------- Figure: 1. The PCsends an RS to all IPv6 routers, "I need addressing information." 2. The Router sends an RA message to all IPv6 nodes with Method 3 (Stateful DHCPv6) specified, "I am your default gateway, but you need to ask a stateful DHCPv6 server for your IPv6 address and other addressing information." 3. The PC sends a DHCPv6 Solicit message to all DHCPv6 servers, "I Received my default gateway address from RA message, but I need an IPv6 address and all other address information from a stateful DHCPv6 server." ------------ term-36 A stateful DHCPv6 server allocates and maintains a list of which device receives which IPv6 address. DHCP for IPv4 is stateful. The default gateway address can only be obtained dynamically from the RA message. The stateless or stateful DHCPv6 server does not provide the default gateway address.
IPv6 Prefix Length
-AKA Network Portion -Like IPv4, the prefix length is represented in slash notation and is used to indicate the network portion of an IPv6 address. -Prefix length can range from 0 to 128 -The recommended IPv6 prefix length for LANs and most other types of networks is /64, as shown in the figure. This is because stateless address autoconfiguration (SLAAC) uses 64 bits for the Interface ID. It also makes subnetting easier to create and manage.
Well-Known IPv6 Multicast Addresses
-An assigned multicast address is a single address used to reach a group of devices running a common protocol or service. Assigned multicast addresses are used in context with specific protocols such as DHCPv6. 2 Common IPv6 assigned multicast groups: 1. ff02::1 All-nodes multicast group - This is a multicast group that all IPv6-enabled devices join. A packet sent to this group is received and processed by all IPv6 interfaces on the link or network. This has the same effect as a broadcast address in IPv4. The figure shows an example of communication using the all-nodes multicast address. An IPv6 router sends ICMPv6 RA messages to the all-node multicast group. 2. ff02::2 All-routers multicast group - This is a multicast group that all IPv6 routers join. A router becomes a member of this group when it is enabled as an IPv6 router with the ipv6 unicast-routing global configuration command. A packet sent to this group is received and processed by all IPv6 routers on the link or network.
Dual Stack (IPv4 to IPv6 Migration Techniques)
-Dual stack allows IPv4 and IPv6 to coexist on the same network segment. -Dual stack devices run both IPv4 and IPv6 protocol stacks simultaneously. -Known as native IPv6, this means the customer network has an IPv6 connection to their ISP and is able to access content found on the internet over IPv6. -Uses native IPv6 connectivity
RS (Router Solicitation) and RA (Router Advertisement) Messages
-For the GUA, a device obtains the address dynamically through Internet Control Message Protocol version 6 (ICMPv6) messages. -IPv6 routers periodically send out ICMPv6 RA messages, every 200 seconds, to all IPv6-enabled devices on the network. -An RA message will also be sent in response to a host sending an ICMPv6 RS message, which is a request for an RA message. ------------ Both messages are shown in the figure. 1. RS messages are sent to all IPv6 routers by hosts requesting addressing information. 2. RA messages are sent to all IPv6 nodes. If Method 1 (SLAAC only) is used, the RA includes the network prefix, prefix-length, and default-gateway information.
Translation (IPv4 to IPv6 Migration Techniques)
-Network Address Translation 64 (NAT64) allows IPv6-enabled devices to communicate with IPv4-enabled devices using a translation technique similar to NAT for IPv4. -An IPv6 packet is translated to an IPv4 packet and an IPv4 packet is translated to an IPv6 packet.
Dynamic LLAs on Windows
-Operating systems, such as Windows, will typically use the same method for both a SLAAC-created GUA and a dynamically assigned LLA. -See the highlighted areas in the following examples that were shown previously.
Method 1: SLAAC
-SLAAC is a method that allows a device to create its own GUA without the services of DHCPv6. -Using SLAAC, devices rely on the ICMPv6 RA messages of the local router to obtain the necessary information. -By default, the RA message suggests that the receiving device use the information in the RA message to create its own IPv6 GUA and all other necessary information. The services of a DHCPv6 server are not required. -SLAAC is stateless, which means there is no central server (for example, a stateful DHCPv6 server) allocating GUAs and keeping a list of devices and their addresses. -With SLAAC, the client device uses the information in the RA message to create its own GUA. As shown in the figure, the two parts of the address are created as follows: 1. Prefix - This is advertised by the RA message 2. Interface ID - This uses the EUI-64 process or by generating a random 64-bit number, depending on the device operating system.
3. Interface ID (GUA)
-The IPv6 interface ID is equivalent to the host portion of an IPv4 address. -The term Interface ID is used because a single host may have multiple interfaces, each having one or more IPv6 addresses. -The figure shows an example of the structure of an IPv6 GUA. -It is strongly recommended that in most cases /64 subnets should be used, which creates a 64-bit interface ID. -A 64-bit interface ID allows for 4.3 billion subnets and 18 quintillion devices or hosts per subnet. A /64 subnet or prefix (Global Routing Prefix + Subnet ID) leaves 64 bits for the interface ID. This is recommended to allow SLAAC-enabled devices to create their own 64-bit interface ID. It also makes developing an IPv6 addressing plan simple and effective.
2. Subnet ID (GUA)
-The Subnet ID field is the area between the Global Routing Prefix and the Interface ID. -Unlike IPv4 where you must borrow bits from the host portion to create subnets, IPv6 was designed with subnetting in mind. -The Subnet ID is used by an organization to identify subnets within its site. -The larger the subnet ID, the more subnets available. -The IPv6 address in the figure has a /48 Global Routing Prefix, which is common among many enterprise networks. -This makes it especially easy to examine the different parts of the address. -Using a typical /64 prefix length, the first four hextets are for the network portion of the address, with the fourth hextet indicating the Subnet ID. The remaining four hextets are for the Interface ID.
Rule 2- Double Colon
-The second rule to help reduce the notation of IPv6 addresses is that a double colon (::) can replace any single, contiguous string of one or more 16-bit hextets consisting of all zeros. -For example, 2001:db8:cafe:1:0:0:0:1 (leading 0s omitted) could be represented as 2001:db8:cafe:1::1. The double colon (::) is used in place of the three all-0 hextets (0:0:0). -The double colon (::) can only be used once within an address, otherwise there would be more than one possible resulting address. -When used with the omitting leading 0s technique, the notation of IPv6 address can often be greatly reduced. This is commonly known as the compressed format. If an address has more than one contiguous string of all-0 hextets, best practice is to use the double colon (::) on the longest string. If the strings are equal, the first string should use the double colon (::).
Link-Local Address (LLA)
-This is required for every IPv6-enabled device. Range: -IPv6 LLAs are in the fe80::/10 range. The /10 indicates that the first 10 bits are 1111 1110 10xx xxxx. -The first hextet has a range of 1111 1110 1000 0000 (fe80) to 1111 1110 1011 1111 (febf). -LLAs are used to communicate with other devices on the same local link (Subnet). -LLAs are confined to a single link. Their uniqueness must only be confirmed on that link because they are not routable beyond the link. -In other words, routers will not forward packets with a link-local source or destination address. -EVERY IPv6-enabled network interface must have an LLA. -Having a GUA is not a requirement -If an LLA is not configured manually on an interface, the device will automatically create its own without communicating with a DHCP server. IPv6-enabled hosts create an IPv6 LLA even if the device has not been assigned a global unicast IPv6 address. This allows IPv6-enabled devices to communicate with other IPv6-enabled devices on the same subnet. This includes communication with the default gateway (router).
Global Unique Address (GUA)
-This is similar to a public IPv4 address. -These are globally unique, internet-routable addresses. -GUAs can be configured statically or assigned dynamically. -The Internet Committee for Assigned Names and Numbers (ICANN), the operator for IANA, allocates IPv6 address blocks to the five RIRs. -Currently, only GUAs with the first three bits of 001 or 2000::/3 are being assigned, as shown in the figure. The figure shows the range of values for the first hextet where the first hexadecimal digit for currently available GUAs begins with a 2 or a 3. This is only 1/8th of the total available IPv6 address space, excluding only a very small portion for other types of unicast and multicast addresses.
IMPROTAN INFO ABOUT IPv6!!!
-Unlike IPv4, in IPv6, the all-0s and all-1s host addresses can be assigned to a device. -The all-1s address can be used because broadcast addresses are not used within IPv6. -The all-0s address can also be used, but is reserved as a Subnet-Router anycast address, and should be assigned only to routers.
IPv6 Subnet Allocation
-With over 65,536 subnets to choose from in the /64 mask, the task of the network administrator becomes one of designing a logical scheme to address the network. As shown in the figure, the example topology requires five subnets, one for each LAN as well as for the serial link between R1 and R2. Unlike the example for IPv4, with IPv6 the serial link subnet will have the same prefix length as the LANs. Although this may seem to "waste" addresses, address conservation is not a concern when using IPv6.
Rule 1 - Omit Leading Zeros
-omit any leading 0s (zeros) in any hextet Here are four examples of ways to omit leading zeros: 1. 01ab can be represented as 1ab 2. 09f0 can be represented as 9f0 3. 0a00 can be represented as a00 4. 00ab can be represented as ab This rule only applies to leading 0s, NOT to trailing 0s, otherwise the address would be ambiguous. For example, the hextet "abc" could be either "0abc" or "abc0", but these do not represent the same value.
EUI-64 Process
-process that use's a client's 48 bit Ethernet MAC address, and inserts another 16 bits in the middle of the 48 bit MAC address to create a 64 bit Interface ID An EUI-64 Interface ID is represented in binary and is made up of three parts: 1. 24-bit OUI from the client MAC address, but the 7th bit (the Universally/Locally (U/L) bit) is reversed. This means that if the 7th bit is a 0, it becomes a 1, and vice versa. 2. The inserted 16-bit value fffe (in hexadecimal). 3. 24-bit Device Identifier from the client MAC address. ---------- An easy way to identify that an address was probably created using EUI-64 is the fffe located in the middle of the interface ID. The advantage of EUI-64 is that the Ethernet MAC address can be used to determine the interface ID. It also allows network administrators to easily track an IPv6 address to an end-device using the unique MAC address. However, this has caused privacy concerns among many users who worried that their packets could be traced to the actual physical computer. Due to these concerns, a randomly generated interface ID may be used instead.
Unique local addresses (ULA)
-range fc00::/7 to fdff::/7 -not yet commonly implemented -unique local addresses may eventually be used to address devices that should not be accessible from the outside, such as internal servers and printers. The IPv6 unique local addresses have some similarity to RFC 1918 private addresses for IPv4, but there are significant differences: 1. Unique local addresses are used for local addressing within a site or between a limited number of sites. 2. Unique local addresses can be used for devices that will never need to access another network. 3. Unique local addresses are not globally routed or translated to a global IPv6 address. ------------ Many sites also use the private nature of RFC 1918 addresses to attempt to secure or hide their network from potential security risks. However, this was never the intended use of these technologies, and the IETF has always recommended that sites take the proper security precautions on their internet-facing router.
show ipv6 route Command
-show ipv6 route command can be used to verify that IPv6 networks and specific IPv6 interface addresses have been installed in the IPv6 routing table. -C next to a route indicates that this is a directly connected network. -When the router interface is configured with a GUA and is in the "up/up" state, the IPv6 prefix and prefix length is added to the IPv6 routing table as a connected route. -L indicates a Local route, the specific IPv6 address assigned to the interface. This is not an LLA. LLAs are not included in the routing table of the router because they are not routable addresses. The IPv6 GUA configured on the interface is also installed in the routing table as a local route. -The local route has a /128 prefix. -Local routes are used by the routing table to efficiently process packets with a destination address of the router interface address.
IPv6 Migration Techniques
1. Dual Stack 2. Tunneling 3. Translation
The ICMPv6 RA message includes
1. Network prefix and prefix length - This tells the device which network it belongs to. 2. Default gateway address - This is an IPv6 LLA, the source IPv6 address of the RA message. 3. DNS addresses and domain name - These are the addresses of DNS servers and a domain name. -The ICMPv6 RA message is a suggestion to a device on how to obtain an IPv6 GUA. -The ultimate decision is up to the device operating system.
What are the 2 rules for reducing digits in an IPv6 address?
1. Omit Leading Zeros 2. Double Colon
What are 2 parts of a MAC address?
1. Organizationally Unique Identifier (OUI) - The OUI is a 24-bit (6 hexadecimal digits) vendor code assigned by IEEE. 2. Device Identifier - The device identifier is a unique 24-bit (6 hexadecimal digits) value within a common OUI.
2 Ways a device can obtain IPv6 GUA automatically
1. Stateless Address Autoconfiguration (SLAAC) 2. Stateful DHCPv6
3 broad categories of IPv6 Addresses
1. Unicast 2. Multicast 3. Anycast
What are 2 types of IPv6 Multicast addresses?
1. Well-known multicast addresses 2. Solicited node multicast addresses
How large is an IPv6 Address?
128 bits, or 32 hexidecimal values -Every 4 bits is represented by a single hexadecimal digit. IE x:x:x:x:x:x:x:x - with each x being 4 hexadecimal values
Subnetting IPv6
16-bit subnet ID - Creates up to 65,536 subnets. 64-bit interface ID - Supports up to 18 quintillion host IPv6 addresses per subnet (i.e., 18,000,000,000,000,000,000). -Subnetting into the 64-bit interface ID (or host portion) is also possible but it is rarely required. -To determine the next available subnet, just count up in hexadecimal. -For example, assume an organization has been assigned the 2001:db8:acad::/48 global routing prefix with a 16 bit subnet ID. This would allow the organization to create 65,536 /64 subnets, as shown in the figure. Notice how the global routing prefix is the same for all subnets. Only the subnet ID hextet is incremented in hexadecimal for each subnet.
What are 2 ways a device can obtain an LLA?
2. Statically - This means the device has been manually configured. 1. Dynamically - This means the device creates its own interface ID by using randomly generated values or using the Extended Unique Identifier (EUI) method, which uses the client MAC address along with additional bits.
Solicited-Node IPv6 Multicast Addresses
A solicited-node multicast address is similar to the all-nodes multicast address. -The advantage of a solicited-node multicast address is that it is mapped to a special Ethernet multicast address. This allows the Ethernet NIC to filter the frame by examining the destination MAC address without sending it to the IPv6 process to see if the device is the intended target of the IPv6 packet. -The graphic shows three PCs receiving a message from a router. Each PC has the following informational text: My Ethernet NIC determined this multicast is not for me. Above the graphic is indicated that the Destination MAC address is a multicast and the Destination IPv6 address is a Solicited-Node multicast.
Which part of a GUA is assigned by the ISP? A: Global Routing Prefix B: Global Routing Prefix and Subnet ID C: Prefix C: RIR Prefix
A: Global Routing Prefix
Anycast IPv6 Address
An IPv6 anycast address is any IPv6 unicast address that can be assigned to multiple devices. A packet sent to an anycast address is routed to the nearest device having that address.
Multicast IPv6 Address
An IPv6 multicast address is used to send a single IPv6 packet to multiple destinations.
Unicast IPv6 Address
An IPv6 unicast address uniquely identifies an interface on an IPv6-enabled device. A packet sent to a unicast address is received by the interface which is assigned that address. -Similar to IPv4, a source IPv6 address must be a unicast address. -The destination IPv6 address can be either a unicast or a multicast address. The figure shows the different types of IPv6 unicast addresses. IPv6 typically have 2 unicast addresses: 1. Global Unique Address (GUA) 2. Link-Local Address
Every 16 bits is called ___________ in an IPv6 Address?
Hextet (kind of like octet for IPv4)
3 Methods for RA messages
Method 1: SLAAC - "I have everything you need including the prefix, prefix length, and default gateway address." Method 2: SLAAC with a stateless DHCPv6 server - "Here is my information but you need to get other information such as DNS addresses from a stateless DHCPv6 server." Method 3: Stateful DHCPv6 (no SLAAC) - "I can give you your default gateway address. You need to ask a stateful DHCPv6 server for all your other information."
Are IPv6 addresses case sensitive?
NO
Does configuring static addresses on clients scale to larger enviroments?
NO - For this reason, most network administrators in an IPv6 network will enable dynamic assignment of IPv6 addresses.
Global Unique Address (GUA) Range and Structure
Pv6 Address with a /48 Global Routing Prefix and /64 Prefix (Figure) GUA has 3 parts: 1. Global Routing Prefix 2. Subnet ID 3. Interface ID
Link-Local Address (LLA) (FIgure 1)
The figure shows an example of communication using IPv6 LLAs. The PC is able to communicate directly with the printer using the LLAs.
1. Global Routing Prefix (GUA)
The global routing prefix is the prefix, or network, portion of the address that is assigned by the provider, such as an ISP, to a customer or site. -For example, it is common for ISPs to assign a /48 global routing prefix to its customers. -The global routing prefix will usually vary depending on the policies of the ISP. -the IPv6 address 2001:db8:acad::/48 has a global routing prefix that indicates that the first 48 bits (3 hextets) (2001:db8:acad) is how the ISP knows of this prefix (network). -The double colon (::) following the /48 prefix length means the rest of the address contains all 0s. -The size of the global routing prefix determines the size of the subnet ID.
How does a device ensure its IPv6 address is unique?
To ensure the uniqueness of any IPv6 unicast address, the client may use a process known as Duplicate Address Detection (DAD). This is similar to an ARP request for its own address. If there is no reply, then the address is unique.
Tunneling (IPv4 to IPv6 Migration Techniques)
Tunneling is a method of transporting an IPv6 packet over an IPv4 network. The IPv6 packet is encapsulated inside an IPv4 packet, similar to other types of data.
Link-Local Address (LLA) (FIgure 2)
figure shows some of the uses for IPv6 LLAs. -Typically, it is the LLA of the router, and not the GUA, that is used as the default gateway for other devices on the link.
What prefix must IPv6 multicast address have?
prefix ff00::/8 Multicast addresses can only be destination addresses and not source addresses.