Internet2 IPv6 Workshop Honolulu, HI January 2004

About This Presentation

Title:

Internet2 IPv6 Workshop Honolulu, HI January 2004

Description:

Multicast addresses of all other groups to which the node belongs. Interface Identifiers ... ip address 192.168.1.254 255.255.255.0. ipv6 address 2001:468:123:1: ... – PowerPoint PPT presentation

Number of Views:50

Avg rating:3.0/5.0

Slides: 277

Provided by: benchi

Category:

Tags: address | an | belongs | do | find | honolulu | how | internet2 | ip | ipv6 | january | out | to | who | workshop

more less

Transcript and Presenter's Notes

Title: Internet2 IPv6 Workshop Honolulu, HI January 2004

1
Internet2 IPv6 WorkshopHonolulu, HIJanuary
2004
2
Acknowledgements

Grover Browning
Bill Cerveny
Dale Finkelson
Michael Lambert
Bill Manning
Bill Owens
Rick Summerhill

3
IPv6 Addressing
4
Overview of Addressing

Historical aspects
Types of IPv6 addresses
Work-in-progress
Abilene IPv6 addressing

5
Historical Aspects of IPv6

IPv4 address space not big enough
Cant get needed addresses (particularly outside
Americas)
Routing table issues
Resort to private (RFC1918) addresses
Competing plans to address problem
Some 64-bit, some 128-bit
Current scheme unveiled at Toronto IETF (July
1994)

6
Private Address Space

Led to the development of NAT.
Increased use of NAT has had an effect on the
uses the Internet may be put to.
Due to the loss of transparency
Increasingly could lead to a bifurcation of the
Internet.
Application rich
Application poor
Affects our ability to manage and diagnose the
network.

7
Types of IPv6 Addresses

Like IPv4
Unicast
An identifier for a single interface. A packet
sent to a unicast address is delivered to the
interface identified by that address.
Multicast
An identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to
a multicast address is delivered to all
interfaces identified by that address.
Anycast
An identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to
an anycast address is delivered to one of the
interfaces identified by that address (the
"nearest" one, according to the routing
protocols' measure of distance).
Specified in the v6 address architecture RFC 3513.

8
What is not in IPv6

Broadcast
There is no broadcast in IPv6.
This functionality is taken over by multicast.
A consequence of this is that the all 0s and all
1s addresses are legal.
There are others also, as we will see later.

9
Interface Identifiers

64-bit field
Guaranteed unique on subnet
Essentially same as EUI-64
Formula for mapping IEEE 802 MAC address into
interface identifier
Used in many forms of unicast address

10
Interface Identifiers

IPv6 addresses of all types are assigned to
interfaces, not nodes.
An IPv6 unicast address refers to a single
interface. Since each interface belongs to a
single node, any of that node's interfaces'
unicast addresses may be used as an identifier
for the node.
The same interface identifier may be used on
multiple interfaces on a single node.

11
Interface Identifiers

EUI-64 from Mac addresses
00-02-2D-02-82-34
02022dfffe028234
The Rules are
Insert fffe after the first 3 octets
Last 3 octets remain the same
Invert the 2nd to the last low order bit of the
first octet.
Universal/local bit

12
Interface Identifiers

Privacy addresses
Some concern was expressed about having ones MAC
address be public.
The response was to standardize privacy addresses
(RFC 3041).
These are random 64-bit numbers.
May change for different connections
Right now can be seen in Windows XP and 2000.

13
Interface Identifiers

A host is required to recognize the following
addresses as identifying itself
Its link-local address for each interface
Assigned unicast and anycast addresses
Loopback address
All-nodes multicast addresses
Solicited-node multicast address for each of its
unicast and anycast addresses
Multicast addresses of all other groups to which
the node belongs.

14
Interface Identifiers

A router is required to recognize
All addresses it must recognize as a host, plus
The subnet-router anycast addresses for the
interfaces it is configured to act as a router on
All other anycast addresses with which the router
has been configured
All-routers multicast addresses

15
Representation of Addresses

All addresses are 128 bits
Write as sequence of eight groups of four hex
digits (16 bits each) separated by colons
Leading zeros in group may be omitted
A contiguous all-zero group may be replaced by
Only one such group can be replaced

16
Examples of Writing Addresses

Consider
3ffe3700020000ff0000000000000001
This can be written as
3ffe3700200ff0001 or
3ffe3700200ff1
All three reduction methods are used here.

17
Types of Unicast Addresses

Unspecified address
All zeros ()
Used as source address during initialization
Also used in representing default
Loopback address
Low-order one bit (1)
Same as 127.0.0.1 in IPv4

18
Types of Unicast Addresses

Link-local address
Unique on a subnet
Auto configured
High-order FE80/10
Low-order interface identifier
Routers must not forward any packets with
link-local source or destination addresses.

19
Types of Unicast Addresses

Site-local address
Unique to a site
High-order FEC0/10
Low-order subnet and interface identifiers
Used when a network is isolated and no global
address is available
Subject of much debate in the IETF have been
deprecated (subject of IESG/IAB appeal)

20
Types of Unicast Addresses

Mapped IPv4 addresses
Of form FFFFa.b.c.d
Used by dual-stack machines to communicate over
IPv4 using IPv6 addressing in system calls
Compatible IPv4 addresses
Of form a.b.c.d
Used by IPv6 hosts to communicate over automatic
tunnels

21
Address Deployment

There have been many discussions of how to make
use of the immense IPv6 address space.
Suggestions included
Provider-Independent (PI)
Provider-Assigned (PA)
Geographical
At least for now, PA addressing was selected.
It is important to understand the difference
between allocation and assignment.

22
Provider-Assigned Unicast Addresses

Aggregatable global unicast address

23
Types of Unicast Addresses

Aggregatable global unicast address
Used in production IPv6 networks
Goal minimize global routing table size
From range 2000/3
Three fields in /64 prefix (old usage)
16-bit Top Level Aggregator (TLA)
8-bit reserved
24-bit Next Level Aggregator (NLA)
16-bit Site Level Aggregator (SLA)

24
Unicast Address Terminology

TLA, NLA, SLA no longer used in RFCs
Instead we have
Global routing prefix
Subnet identifier
Doesnt affect basic ideas

25
Top-Level Aggregators

Allocated by RIRs to transit providers
They in turn allocate to customers.
In practice, RIRs have adopted a slow-start
strategy
Start by allocating /32s
Expand to /29s when sufficient use in /32
Eventually move to /16s

26
Abilene Allocation

Allocated 2001468/32
The bit-level representation of this is
0010 0000 0000 0001 0000 0010 0110 1000
This leaves 32 bits of network space available.
We will see later how this is to be used.

27
NLAs and SLAs

NLAs used by providers for subnetting
Allocate blocks to customers
Can be multiple levels of hierarchy
SLAs used by customers for subnetting
Analogous to campus subnets
Also can be hierarchical
Minimum size is /48

28
Current Practice and Aggregation

The overarching goal of the PA addressing scheme
is aggregation.
As you move up the provider chain all addresses
are aggregated into larger blocks.
If implemented completely the result would be a
default-free zone with a very small number of
prefixes only those assigned by the RIRs.

29
Other Unicast Addresses

Original provider-based
Original geographically-based
GSE (88)
Tony Hains Internet Draft for provider-independen
t (geographically-based) addressing

30
Anycast Address

Interfaces (I gt 1) can have the same address.
The low-order bits (typically 64 or more) are
zero.
A packet sent to that address will be delivered
to the topologically-closest instance of the set
of hosts having that address.

31
Multicast Address

From FF00/8
1111 1111 flgs (4) scop (4) group id (112)
Flags
000t
t0 means this is a well-known address
t1 means this is a transitory address
Low-order 112 bits are group identifier, not
interface identifier
Scope and Flags are independent of each other
Well-known and local is different from well-known
and global

32
Multicast address scope

0 reserved
1 interface-local scope
2 link-local scope
3 reserved
4 admin-local scope
5 site-local scope
6 (unassigned)
7 (unassigned)

8 organization-local scope
9 (unassigned)
A (unassigned)
B (unassigned)
C (unassigned)
D (unassigned)
E global scope
F reserved

33
Abilene IPv6 Addressing

Two prefixes allocated
3ffe3700/24 on 6bone (deprecated)
2001468/32
6bone addressing is not in use any more
Being phased out globally
Current addressing allocation scheme was built on
the assumption of /35 being available.
This is being reviewed (Were lying. We havent
thought about it at all!)

34
Allocation Procedures

GigaPoPs allocated /40s
Expected to delegate to participants
The minimum allocation is a /48
No BCP (yet) for gigaPoP allocation procedures
Direct connectors allocated /48s
Will (for now) provide addresses to participants
behind gigaPoPs which havent received IPv6
addresses
See http//ipv6.internet2.edu/faq.shtml for
details

35
Registration Procedures

Providers allocated address space must register
suballocations
ARIN allows rwhois or SWIP
For now, Abilene will use SWIP
Will eventually adopt rwhois
GigaPoPs must also maintain registries
Will probably have central Abilene registry

36
Obtaining Addresses

If you are a gigaPoP or a direct connect send a
note to the Abilene NOC (noc_at_abilene.iu.edu) with
a request.
Will set the wheels in motion
If you connect to a gigaPoP you should obtain
your address block from that gigaPoP talk to
them first
Remember the minimum you should receive is a
/48.
More is OK if you can negotiate for a larger
block.

37
Allocation Schemes

CIDR representation and IPv6 allocations

38
IPv4 Subnet Masking

Originally the network size was based on the
first few bits (classful addressing)
Getting rid of address classes was painful!
routing protocols, stacks, applications
Modern IPv4 allows subnet boundaries anywhere
within the address (classless addressing)
But decimal addresses still make figuring out
subnets unnecessarily difficult. . .

39
CIDR

In IPv4 you would see representations like
129.93.0.0/16
129.93.0.0 255.255.240.0
129.93.0.0/20
At the bit level this is
10000001.01011101.11110000.00000000

40
Reasons for CIDR

To try to preserve the address space.
To control the growth of the routing table.

41
IPv6 Notation

In IPv6 every address is written
IPv6 address / prefix length
For example
20010468/35
20010468/32
At the bit level
0010 0000 0000 0001 0000 0100 0110 1000 000
0/35
0010 0000 0000 0001 0000 0100 0110 1000
0/32

42
Allocation Strategies Example

We wish to allocate /48s out of the /35.
Which are available
200104680000 through
200104681fff
Recall that the bit structure is
0010 0000 0000 0001 0000 0100 0110 1000 000
0000000000000
0010 0000 0000 0001 0000 0100 0110 1000 000
1111111111111
So there are 8192 /48s in a /35

43
Why Allocation?

To try to control the growth of the routing table
in the default-free zone.
It is a necessary consequence of using a
provider-based aggregatable address scheme.
It makes the address space more manageable.

44
How would allocations work?

Suppose you wish to give out /40s in the /35.
20010468000 0 0000 or 20010468/40
20010468000 1 1111 or 200104681f00/40
Thus there are 32 /40s in the /35, each of which
has 256 /48s.
5 bits
8 bits

45
How would allocations work?

The same idea holds for /41s or /42s.
20010468000 000000 or 20010468/41
20010468000 111111 or 200104681f80/41
20010468000 0000000 - 000 1111111
20010468/42 200104681fd0/42

46
Mixed Allocations

The interesting case is how to handle mixed
allocations.
Some sites need a /40, others a /42. How can you
handle this case?
See
RFC 3531 (Marc Blanchet)
A flexible method for managing the assignment of
bits of an IPv6 address block
A perl script is included.

47
Example

A provider has been assigned the 3ffe0b00/24
prefix and wants to assign prefixes to its
connected networks. Assume 8 bits for NLAs.
NLA2 will use 10 bits for subNLAs.
TLA assigning to NLAs using leftmost bits
10000000 assigned to NLA1
01000000 assigned to NLA2
NLA2 assigning to its subNLAs using centermost
bits
0000010000 assigned to subNLA1
0000100000 assigned to subNLA2
subNLAs use centermost bits and site nets
assigned using rightmost bits.
Putting all bits together for subNLA3
TLA
NLA2 subNLA3
0011 1111 1111 1110 0000 1011 0100 0000 0000
1100 00
lt-------gt lt------gt

48
Mixed Allocations

Here is the assignment
Take 3ffe3700/32. Out of that allocate
34 2
37 3
38 5

49
Router Configuration
50
Cisco Router Configuration

Rule 1 What would v4 do?
Enable routing
ipv6 unicast-routing
Configure interfaces
ipv6 address
Configure routing protocols

51
Cisco Configs

LAN Interface
interface Ethernet0/0
ip address 192.168.1.254 255.255.255.0
ipv6 address 200146812312/64

52
Cisco Configs

Tunnel Interface
interface Tunnel1
description IPv6 to Abilene
no ip address
no ip redirects
no ip proxy-arp
ipv6 address 3FFE3700FF1052/64
tunnel source ATM2/0.1
tunnel destination 192.168.193.14
tunnel mode gre

53
Cisco Configs

ATM PVC
interface ATM2/0.3 point-to-point
description My GigaPoP
no ip redirects
no ip proxy-arp
pvc MyGigaPoP 3/66
ubr 155000
encapsulation aal5snap
!
ipv6 address 2001468FF5551/64

54
Cisco Configs

IGP - most sites will use RIPng for now, but
IS-IS is also available. OSPFv3 is available in
IOS 12.3.
ipv6 router rip ipsix
redistribute connected
interface Ethernet1/0
ipv6 rip ipsix enable
ipv6 rip ipsix default-information orig
Static
ipv6 route ltprefixgt ltnexthopgt

55
Cisco Configs

BGP - added to your existing IPv4 BGP config
router bgp 64555
bgp router-id 192.168.2.1
neighbor Abilene-v6 peer-group
neighbor Abilene-v6 remote-as 11537

56
Cisco Configs

BGP continued. . .
address-family ipv6 unicast
neighbor Abilene-v6 activate
neighbor Abilene-v6 soft-reconfiguration in
neighbor Abilene-v6 prefix-list to-Abilene-v6
out
neighbor 20014685552006 peer-group
Abilene-v6
network 20014684ff/48
aggregate-address 20014684ff/48 summary-only
exit-address-family

57
Cisco Configs

BGP continued. . .
ipv6 route 20014684ff/48 Null0
!
ipv6 prefix-list to-Abilene-v6 seq 10 permit
20014684ff/48

58
Cisco Configs

Securing Console Access
ipv6 access-list V6VTY permit 20014684ff/48
any
. . .
!
line vty 0 4
ipv6 access-class V6VTY in

59
Juniper Router Configuration

Rule 1 What would v4 do?
Enable routing already there. . .
Configure interfaces
family inet6 address
Configure routing protocols and RIBs

60
Juniper Configs

Interface (physical)
interfaces
fe-0/1/0
unit 0
family inet6
address 20014681231/64

61
Juniper Configs

Interface (tunnel)
interfaces
gr-0/3/0
unit 0
tunnel
source 192.168.2.2
destination 192.168.45.2
family inet6
mtu 1514 / note Cisco vs.
Juniper
address 20014681231/64

62
Juniper Configs

Router Advertisement - not enabled by default
protocols
router-advertisement
interface fe-0/3/0.0
prefix 2001468123/64

63
Juniper Configs

Routing setup
routing-options
interface-routes
rib-group
inet6 ifrg6
rib inet6.0
aggregate
route 20014684ff/48

64
Juniper Configs

Routing setup continued. . .
rib-groups
ifrg6
import-rib inet6.0 inet6.2
router-id 192.168.2.1

65
Juniper Configs

IGP RIPng, IS-IS, and OSPFv3 are available
protocols
ripng
group local
export redist-direct
neighbor fe-0/1/0.0
policy-options
policy-statement redist-direct
from protocol direct
then accept

66
Juniper Configs

BGP
protocols
bgp
group Abilene-v6
type external
family inet6
unicast
export to-Abilene-v6
peer-as 11537
neighbor 20014685552006

67
Juniper Configs

BGP continued. . .
policy-options
policy-statement to-Abilene-v6
term accept-aggregate
from
route-filter 20014684ff/48
exact
then accept
term reject
then reject

68
Cisco Show Commands

show bgp
show bgp summary
show bgp ipv6 unicast neighbor ltaddrgt routes
show bgp ipv6 unicast neighbor ltaddrgt advertised
show ipv6 route
show ipv6 interface
show ipv6 neighbors

69
Juniper Show Commands

show bgp summary
show route advert bgp ltaddrgt
show route rece bgp ltaddrgt
show route table inet6.0 (terse)
show interfaces
show ipv6 neighbors

70
Lab Basic IPv6 Functionality
71
Enable IPv6 functionality on each router using
addresses allocated by Internet2 or your lab
router's "upstream" IPv6 provider. Send and
receive BGP IPv6 routes.

Ensure your router interfaces are configured with
IPv6 addresses
Ping a neighboring router using IPv6 ICMP.
Verify that you are sending IPv6 BGP routes to
neighboring routers, where appropriate.
Verify you are receiving IPv6 BGP routes.
Verify connectivity around the workshop lab.
If your workshop lab is connected to the global
IPv6 Internet, verify you can ping and traceroute
to a host on the global IPv6 Internet.
Verify lab client computer (laptop) is receiving
router advertisements.

72
Multihoming

A Discussion

73
Multihoming Issues

Many sites are multihomed in the current Internet
reliability
stability which provider will stay in business?
competition
AUP commodity vs. RE
In IPv4 we can use provider-independent
addresses, or poke holes in the aggregation
But all IPv6 addresses are provider-assigned!

74
Multihoming
2001897/35
2001468/35
ISP1 (UUNET)
ISP2 (Abilene)
University of Smallville
20014681210/48
20018970456/48
75
Problems With Multiple Addresses

If the host or app chooses from several global
addresses, that choice overrides policy, may
conflict with routing intentions and can break
connectivity
Address selection rules are complex and
controversial see RFC 3484

76
Problems With PI Addressing

Current protocols can only control routing table
growth if routes are aggregated.
Only about 12,000 sites are multihomed today, but
that number is constantly increasing.
The address space is so large that routing table
growth could easily exceed the capability of the
hardware and protocols.

77
What To Do?

IPv6 cant be deployed on a large scale without
multihoming support nobody is disputing this.
It seems likely that there will be short-term
fixes to allow v6 deployment, and long-term
solutions.
IETF multi6 working group
One RFC (3582) specifying goals
Lots of hot air on list
For now, we have some options. . .

78
Get PI Space

The RIRs have revised their rules for allocating
PI space the key is that you must plan to assign
200 /48s within 2 years.
This isnt as hard as it sounds, but it is
probably something only gigaPoPs or large
university systems can do (exercise in
creativity).
This breaks when commodity providers start
offering IPv6 (unless the gigaPoP aggregates all
the commodity providers as well as RE).

79
Poke Holes

The standard practice in IPv4 is to get addresses
from one ISP, and advertise that space to all of
our providers, effectively making it a PI
address.
In the v6 world, most providers probably wont
advertise a foreign prefix to their peers, but
will carry it within their own network.
Requires that one ISP be designated as the
transit provider, and others are effectively
peers.

80
Poke Holes
2001897/35
2001468/35
ISP1 (Transit)
ISP2...N (Peers)
20018970456/48
20018970456/48
University of Smallville
81
IPv6 Under the Hood
82
Basic Headers

IPv6

IPv4

83
Basic Headers

Fields
Version (4 bits) only field to keep same
position and name
Class (8 bits) was Type of Service (TOS),
renamed
Flow Label (20 bits) new field
Payload Length (16 bits) length of data,
slightly different from total length
Next Header (8 bits) type of the next header,
new idea
Hop Limit (8 bits) was time-to-live, renamed
Source address (128 bits)
Destination address (128 bits)

84
Basic Headers

Simplifications
Fixed length of all fields, not like old options
field IHL, or header length irrelevant
Remove Header Checksum rely on checksums at
other layers
No hop-by-hop fragmentation fragment offset
irrelevant MTU discovery
Add extension headers next header type (sort of
a protocol type, or replacement for options)
Basic principle Routers along the way should do
minimal processing

85
Extension Headers

Extension Header Types
Routing Header
Fragmentation Header
Hop-by-Hop Options Header
Destinations Options Header
Authentication Header
Encrypted Security Payload Header

86
Extension Headers

Routing Header

87
Extension Headers

General Routing Header

88
Extension Headers

Fragmentation Header
I thought we dont fragment?
Can do at the sending host
Insert fragment headers

89
Extension Headers

Options Headers in General
The usual next header and length
Any options that might be defined

90
Extension Headers

Destinations Options Header
Act The Action to take if unknown option
00 Skip Over
01 Discard, no ICMP report
10 Discard, send ICMP report even if multicast
11 Discard, send ICMP report only if unicast
C Can change in route
Number is the option number itself

91
Extension Headers

Hop-by-Hop Extension Header
The usual format of an options header
An example is the jumbo packet
Payload length encoded
Cant be less than 65,535
Cant be used with fragmentation header

92
Extension Headers

Extension Header Order
Hop-by-Hop options Header
Destination options Header (1)
Routing Header
Fragment Header
Authentication Header
Destination Options Header (2)
Upper Layer Header, e.g. TCP, UDP
How do we know whether or not we have an upper
layer header, or an extension header?
Both are combined into header types

93
Header Types

Look in packet for next header
Can be Extension Header
Can be something like ICMP, TCP, UDP, or other
normal types

94
Header Types
95
Header Types
96
Header Types
97
ICMP

Completely Changed note new header type
Now includes IGMP
Types organized as follows
1 4 Error messages
128 129 Ping
130 132 Group membership
133 137 Neighbor discovery
General Format

98
ICMP
99
ICMP

Error Messages (Types 1 4) Some Examples
Destination Unreachable
Code 0 No route to destination
Code 1 Cant get to destination for
administrative reasons
Code 2 Not Assigned
Code 3 - Address unreachable
Code 3 Port Unreachable
Packet Too Big
Code 0, Parameter is set to MTU of next hop
Allows for MTU determination
General Format

100
ICMP

Ping
Similar to IPv4
Echo Request, set code to 0
Echo Reply sent back
General Format

101
Multicast

Multicast (and Anycast) built in from the
beginning
Scope more well-defined 4 bit integer
Doesnt influence well-defined groups

102
Multicast

A Few Well-Defined Groups
Note all begin with ff, the multicast addresses
Much of IGMP is from IPv4, but is in ICMP now

103
Changes from IPv4 to IPv6

Expanded addressing capabilities
Header format simplification
Improved support for extensions and options
Flow labeling capability
Authentication and privacy capabilities

104
Stateless Autoconfiguration
105
Why does this matter?

Manual configuration of individual machines
before connecting them to the network should not
be required.
Address autoconfiguration assumes that each
interface can provide a unique identifier for
that interface (i.e., an "interface token")
Plug-and-play communication is achieved through
the use of link-local addresses
Small sites should not need stateful servers
A large site with multiple networks and routers
should not require the presence of a stateful
address configuration server.
Address configuration should facilitate the
graceful renumbering of a site's machines

106
Stateless Autoconfiguration
Generate a link local address
Verify this tentative address is OK. Use a
neighbor solicitation with the tentative address
as the target. ICMP type 135
If the address is in use a neighbor advertisement
message will be returned. ICMP type 136
If no response, assign the address to the
interface. At this point the node can
communicate on-link.
Fail and go to manual configuration or choose a
different interface token.
107
Stateless Autoconfiguration
Assign address to interface.
Node joins the All Routers multicast group.
FF021
Sends out a router solicitation message to that
group. ICMP type 133
Router responds with a router advertisement. ICMP
type 134
108
Stateless Autoconfiguration
Look at the managed address configuration"
flag
If M 1 stop and do stateful config
If M 0 proceed with stateless configuration
If O 1 use stateful configuration for other
information
Look at "other stateful configuration" flag
If O 0 finish
109
Router Solicitation
Type 133
Code 0
Checksum
Reserved
Possible optionSource Link Layer Address
110
Router Advertisement
Type 134
Code 0
Checksum
Cur. Hop Limit
M O Reserved
Router Lifetime
Reachable Time
Retransmission Timer

Possible options
-Source Link Layer Address
MTU
Prefix Information

111
Neighbor Solicitation
Type 135
Code 0
Checksum
Reserved
Target Address
Possible option Source Link Layer Address
112
Neighbor Advertisment
Type 136
Code 0
Checksum
R S O
Reserved
Target Address
Possible option Source Link Layer Address
113
Prefix Option
Type
Length
Prefix Length
L A Reserved
Valid Lifetime
Preferred Lifetime
Reserved
Prefix List
114
Router Solicitation OptionsPrefix Information

This should include all prefixes the router is
aware of
Flag bits
On-link 1
Prefix is specific to the local site
Autonomous Configuration bit 1
Use the prefix to create an autonomous address

115
Router Solicitation OptionsPrefix Information

Valid Lifetime
32-bit unsigned integer. The length of time in
seconds before an address is invalidated.
Preferred Lifetime
32-bit unsigned integer. The length of time in
seconds before an address is depreciated.

116
Stateless Autoconfig

Routers are to send out router advertisements at
regular intervals to the all-hosts address.
This should update lifetimes.
Note that stateless autoconfig will only
configure addresses.
It will not do all the host configuration you may
well want to do.

117
Stateful Configuration

When you do not wish to have stateless
configuration done you will need to provide a
configuration server (DHCP most likely) to
provide configuration information to the hosts as
they come up.

118
Neighbor Solicitation
119
Neighbor Solicitation

This protocol solves a set of problems related to
the interaction between nodes attached to the
same link. It defines mechanisms for solving each
of the following problems...

120
Problems Solved by Neighbor Solicitation

Router Discovery How hosts locate routers that
reside on an attached link.
Prefix Discovery How hosts discover the set of
address prefixes that define which destinations
are on-link for an attached link. (Nodes use
prefixes to distinguish destinations that reside
on-link from those only reachable through a
router.)
Parameter Discovery How a node learns such link
parameters as the link MTU or such Internet
parameters as the hop limit value to place in
outgoing packets.

121
Problems Solved by Neighbor Solicitation

Address Autoconfiguration How nodes
automatically configure an address for an
interface.
Address resolution How nodes determine the
link-layer address of an on-link destination
(e.g., a neighbor) given only the destination's
IP address.
Next-hop determination The algorithm for mapping
an IP destination address into the IP address of
the neighbor to which traffic for the destination
should be sent. The next hop can be a router or
the destination itself.

122
Problems Solved by Neighbor Solicitation

Neighbor Unreachability Detection How nodes
determine that a neighbor is no longer reachable.
For neighbors used as routers, alternate default
routers can be tried. For both routers and hosts,
address resolution can be performed again.
Duplicate Address Detection How a node
determines that an address it wishes to use is
not already in use by another node.
Redirect How a router informs a host of a better
first-hop node to reach a particular destination.

123
ICMP Packet Types

Neighbor Discovery defines five different ICMP
packet types a pair of Router Solicitation and
Router Advertisement messages, a pair of Neighbor
Solicitation and Neighbor Advertisement messages,
and a Redirect message. The messages serve the
following purposes...

124
ICMP Packet Types

Router Solicitation When an interface becomes
enabled, hosts may send out Router Solicitations
that request routers to generate Router
Advertisements immediately rather than at their
next scheduled time.
Router Advertisement Routers advertise their
presence together with various link and Internet
parameters either periodically, or in response to
a Router Solicitation message. Router
Advertisements contain prefixes that are used for
on-link determination and/or address
configuration, a suggested hop limit value, etc.

125
ICMP Packet Types

Neighbor Solicitation Sent by a node to
determine the link-layer address of a neighbor,
or to verify that a neighbor is still reachable
via a cached link-layer address. Neighbor
Solicitations are also used for Duplicate Address
Detection.
Neighbor Advertisement A response to a Neighbor
Solicitation message. A node may also send
unsolicited Neighbor Advertisements to announce a
link-layer address change.
Redirect Used by routers to inform hosts of a
better first hop for a destination.

126
Whats missing?

Need MTU discovery
Need host requirements (see Neighbor Discovery)

127
Transition and Tunnels
128
Transition

There are really two types of cases that need to
be addressed.
Network layer
How can we get v6/v4 packets across v4/v6
networks?
Host layer
How can a v6/v4 host access content on a v4/v6
host?

129
Network layer transition

Tunnels
Dual Stack

130
Tunnels

Information from one protocol is encapsulated
inside the frame of another protocol.
This enables the original data to be carried over
a second non-native architecture.
3 steps in creating a tunnel
Encapsulation
Decapsulation
Management

131
Tunnels

There are at least 4 tunnel configurations
Router to router
Host to router
Host to host
Router to host
Required information
v4 address of the tunnel endpoints
Note that private addresses will not work here.

132
Tunnels

How the addresses are known determines the type
of tunnel.
Configured tunnel
Automatic tunnel
Multicast tunnel

133
Configured tunnel

These can be unidirectional or bidirectional.
Bidirectional looks like a point-to-point link
The administrator configures the tunnel.
Examples of this would be the pre-native Abilene
backbone and some types of tunnel brokers.

134
Automatic Tunnel

A tunnel is created without the intervention of a
network administrator.
Typically this involves the v4 address of the
endpoint being contained within the v6 address.
ISATAP and 6to4 are examples
6to4 uses 2002/16 plus the 32 bit v4 address to
form a /48.
ISATAP treats the v4 network as layer 2
transport.
v4 address is in the interface identifier

135
Dual Stack

Obvious.
This is likely to be the predominant
network-layer transition tool.
It appears that when all the tools using tunnel
mechanisms were being developed, no one thought
viable dual-stack routers would show up as
quickly as they in fact have.
Most backbones could be dual-stack very easily,
and will be when there is a demand.

136
Transition

Tunnels will remain useful as a tool for
connecting isolated hosts in home networks to v6
nets.

137
Host level transition

This is where transition could bog down.
How do you make web and other servers
transparently accessible to either v6 or v4
hosts?
There are several approaches.
Dual stack
Bump-in-the-stack
NAT-like devices
Translators

138
Translators

Within Linux variants there is a tool called
Faithd.
This is a transport layer translator.
There are also header translators out there
SIIT
Nat-PT
Socks
Various application specific translators

139
Summary

This is neither as hard as it was once thought
nor as easy as we might like to make it.
Dual Stack will be viable much sooner then was
thought.
It is merely an act of faith and will to convert
existing servers to v6-capable versions.

140
Automatic Tunnels and Relays
141
Outline

Reasons for IPv6 in IPv4 Tunnels
Tunnel Types
6to4 Tunnel Implementation Scenarios
6to4 Security Issues
Recommendations

142
Possible Reasons for IPv6 in IPv4 Tunnels

Networks in the path between an IPv6-capable host
and WAN dont support IPv4/IPv6 dual-stack
environment
Local network support organizations dont support
dual-stack environment

143
Configured Tunnels

Configured tunnels connect IPv4/IPv6 dual-stack
hosts or networks to larger IPv6 networks.
Local network administrators arrange for a tunnel
between IPv6 networks across IPv4-only networks.
This was default dual-stack architecture on
Abilene until 2002 there are still some
configured tunnels supported by the Abilene NOC.

144
Automatic IPv6-in-IPv4 tunnel

A dual-stack host or network automatically
creates a tunnel across an IPv4-only network
Tunnel Types
6to4 Most commonly deployed automatic tunnel
format
ISATAP Intranet automatic tunnel format not
designed for public networks
Teredo Promising, but still in early discussions
in IETF

145
6to4 Tunnel IPv4 Packet Format

0 1 2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2 3 4 5 6 7 8 9 0 1
----------------------
----------
Version IHL Type of Service
Total Length
----------------------
----------
Identification Flags
Fragment Offset
----------------------
----------
Time to Live Protocol 41
Header Checksum
----------------------
----------
Source Address
----------------------
----------
Destination Address
----------------------
----------
Options
Padding
----------------------
----------
IPv6 header and payload ...
/
---------------------------------------
--------
Source RFC 3056, Connection of IPv6 Domains via
IPv4 Clouds

146
IPv6 Address Format in 6to4
For example, a Windows XP system with IPv4
address 207.75.164.119 would have a 6to4 IPv6
address of 2002cf4ba477cf4ba477
147
6to4 Implementation Scenarios (1 of 2)

Both host A and host B are on IPv4-only networks
and both are capable of IPv6 6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
IPv6
IPv4-only LAN
IPv4-only LAN
Host A 192.168.15.1/24 2002c0a80f011
Host B 192.168.17.1/24 2002c0a811011
148
6to4 Implementation Scenarios (1 of 2)

Both host A and host B are on IPv4-only networks
and both are capable of IPv6 6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
IPv6
Host A creates IPv6 packet with destination
address 2002c0a811011 and encapsulates it in
IPv4 packet with destination address 192.168.17.1
IPv4-only LAN
IPv4-only LAN
Host A 192.168.15.1/24 2002c0a80f011
Host B 192.168.17.1/24 2002c0a811011
149
6to4 Implementation Scenarios (1 of 2)

Both host A and host B are on IPv4-only networks
and both are capable of IPv6 6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
IPv6
IPv4-only LAN
IPv4-only LAN
Host A 192.168.15.1/24 2002c0a80f011
Host B 192.168.17.1/24 2002c0a811011
150
6to4 Implementation Scenarios (1 of 2)

Both host A and host B are on IPv4-only networks
and both are capable of IPv6 6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
IPv6
IPv4-only LAN
IPv4-only LAN
Host A 192.168.15.1/24 2002c0a80f011
Host B 192.168.17.1/24 2002c0a811011
151
6to4 Implementation Scenarios (1 of 2)

Both host A and host B are on IPv4-only networks
and both are capable of IPv6 6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
IPv6
IPv4-only LAN
IPv4-only LAN
Host A 192.168.15.1/24 2002c0a80f011
Host B 192.168.17.1/24 2002c0a811011
152
6to4 Implementation Scenarios (1 of 2)

Both host A and host B are on IPv4-only networks
and both are capable of IPv6 6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
IPv6
IPv4-only LAN
IPv4-only LAN
Host A 192.168.15.1/24 2002c0a80f011
Host B 192.168.17.1/24 2002c0a811011
153
6to4 Implementation Scenarios (1 of 2)

Both host A and host B are on IPv4-only networks
and both are capable of IPv6 6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
IPv6
IPv4-only LAN
IPv4-only LAN
Host B decapsulates IPv6 packet from IPv4 packet
and processes IPv6 packet
Host A 192.168.15.1/24 2002c0a80f011
Host B 192.168.17.1/24 2002c0a811011
154
6to4 Implementation Scenarios (1 of
2)Observations

Encapsulated IPv6 packets travel IPv4 routing
path.
No tunneling equipment or IPv6 infrastructure
required between hosts

155
6to4 Implementation Scenarios (2 of 2)

Host A is on a native IPv6 network and host B is
on an IPv4-only network, but is itself capable of
IPv6 6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
6to4 Relay Router
IPv6
IPv4/IPv6 dual-stack LAN
IPv4-only LAN
Host A 192.168.15.1/24 2001468142025/64
Host B 192.168.17.1/24 2002c0a811011
156
6to4 Implementation Scenarios (2 of 2)

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
6to4 Relay Router
IPv6
IPv4/IPv6 dual-stack LAN
IPv4-only LAN
Host A creates IPv6 packet to 2002c0a811011
Host A 192.168.15.1/24 2001468142025/64
Host B 192.168.17.1/24 2002c0a811011
157
6to4 Implementation Scenarios (2 of 2)

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
6to4 Relay Router
IPv6
Relay router advertises IPv6 route 2002/16
IPv4/IPv6 dual-stack LAN
IPv4-only LAN
Host A 192.168.15.1/24 2001468142025/64
Host B 192.168.17.1/24 2002c0a811011
158
6to4 Implementation Scenarios (2 of 2)

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
6to4 Relay Router
IPv6
IPv4/IPv6 dual-stack LAN
IPv4-only LAN
Relay router encapsulates IPv6 packet in IPv4
packet and sends IPv4 packet to dest. address
192.168.17.1
Host A 192.168.15.1/24 2001468142025/64
Host B 192.168.17.1/24 2002c0a811011
162
6to4 Implementation Scenarios (2 of 2)

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
6to4 Relay Router
IPv6
IPv4/IPv6 dual-stack LAN
IPv4-only LAN
Host B decapsulates IPv6 packet from IPv4 packet
and processes IPv6 packet
Host A 192.168.15.1/24 2001468142025/64
Host B 192.168.17.1/24 2002c0a811011
166
6to4 Implementation Scenarios (2 of 2)Reverse
Direction

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
6to4 Relay Router
IPv6
Host B creates IPv6 packet with dest. addr.
2001468142025 and encapsulates it in IPv4
packet with dest. addr. 192.88.99.1
IPv4/IPv6 dual-stack LAN
IPv4-only LAN
Host A 192.168.15.1/24 2001468142025/64
Host B 192.168.17.1/24 2002c0a811011
168
6to4 Implementation Scenarios (2 of 2)Reverse
Direction

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
6to4 Relay Router
IPv6
Relay router advertises anycast IPv4 route
192.88.99.0/24
IPv4/IPv6 dual-stack LAN
IPv4-only LAN
Host A 192.168.15.1/24 2001468142025/64
Host B 192.168.17.1/24 2002c0a811011
169
6to4 Implementation Scenarios (2 of 2)Reverse
Direction

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

Host A is on native IPv6 network, host B is on
IPv4-only network, but is itself capable of IPv6
6to4 tunneling

IPv4/IPv6 dual-stack Internet
IPv4
6to4 Relay Router
IPv6
Relay router decapsulates IPv6 packet and
forwards packet to IPv6 destination address
IPv4/IPv6 dual-stack LAN
IPv4-only LAN
Host A 192.168.15.1/24 2001468142025/64
Host B 192.168.17.1/24 2002c0a811011
173
6to4 Implementation Scenarios (2 of 2)Reverse
Direction