b u i l d i n g i p v 6 i n t o y o u r s c h o o l s n e
play

B u i l d i n g I P v 6 i n t o y o u r s c h - PowerPoint PPT Presentation

Sep 09, 2022 •425 likes •1.39k views

B u i l d i n g I P v 6 i n t o y o u r s c h o o l ' s n e t w o r k A I S I C T M a n a g e m e n t a n d L e a d e r s h i p C o n f e r e n c e C a n b e r r a 2

  1. B u i l d i n g I P v 6 i n t o y o u r s c h o o l ' s n e t w o r k A I S I C T M a n a g e m e n t a n d L e a d e r s h i p C o n f e r e n c e C a n b e r r a 2 0 1 5 - 0 5 - 0 6 G l e n T u r n e r aar net Australia's Academic and Research Network

  2. T h i s w o r k s h o p 1)The technology of IPv6 2)The process of IPv6 deployment 3)A discussion about managing the building of IPv6 in schools 4)Q&A

  3. T h e t e c h n o l o g y o f I P v 6 IPv4

  4. I P v 4 f o r m a t

  5. L o n g e s t - m a t c h f o r w a r d i n g ● Take the destination address from the packet ● Look up the address in a forwarding table of (prefix, prefix length, next hop address, next hop interface) ● Taking the matching prefix with the longest prefix-length

  6. I P f o r w a r d i n g

  7. L e t ' s l o o k a t t h e f o r w a r d i n g t a b l e ● Router> show ip route Router> show ip cef linux$ route -n linux$ ip route show C:\> route print C:\> netsh interface ipv6 show route PS C:\> Get-NetRoute ● Windows has three ways of networking commands – BSD commands – netsh commands – PowerShell cmdlets in Windows 2012R2, 8.1 ● No one command works on all platforms

  8. L i n k - l a y e r a l s o h a s a n e x t - h o p ● ARP request Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) Source: e0:f8:47:42:79:c2 (e0:f8:47:42:79:c2) Type: ARP (0x0806) Address Resolution Protocol (request) Hardware type: Ethernet (1) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (1) Sender MAC address: e0:f8:47:42:79:c2 Sender IP address: 192.168.255.69 Target MAC address: 00:00:00:00:00:00 Target IP address: 192.168.255.254 ● ARP request Destination: e0:f8:47:42:79:c2 (e0:f8:47:42:79:c2) Source: b8:27:eb:f1:71:fc (b8:27:eb:f1:71:fc) Type: ARP (0x0806) Address Resolution Protocol (reply) Hardware type: Ethernet (1) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (2) Sender MAC address: b8:27:eb:f1:71:fc Sender IP address: 192.168.255.254 Target MAC address: e0:f8:47:42:79:c2 Target IP address: 192.168.255.69

  9. L e t ' s l o o k a t t h e A R P t a b l e ● Router> show arp linux$ arp -s linux$ ip neigh show C:\> arp -a C:\> netsh interface ipv4 show neighbors PS C:\> Get-NetNeighbor

  10. W h y t h i s d e s i g n ? ● Stateless – No records are kept: if we forward one packet or one million packets the same amount of memory is used for forwarding: one record per route ● ARP is soft-state, we can re-do it any time ● The forwarding table allows forwarding and routing to be done independently – Forwarding is moving packets from a ingress to egress interface – Routing is placing entries in the forwarding table – In IP routers are just ordinary user-space programs – Compare with ethernet transparent bridging

  11. T h e t e c h n o l o g y o f I P v 6 IPv4 in 2015

  12. N A T – o u t g o i n g t r a ffjc ● Inspect outgoing traffic – Collect ( src_addr , src_port , dst_addr , dst_port ) ● Re-write src_addr to my exterior interface, find an unused source port on my exterior interface and re-write src_port to that ● Record these addresses and ports in the expectation table (150.101.30.33, 20000, (10.1.1.1, 10000, 202.158.201.38, 80) 202.158.201.38, 80) (150.101.30.33, 20000, 10.1.1.1, 10000, 202.158.201.38, 80)

  13. N A T i n c o m i n g t r a ffjc ● Inspect incoming traffic ● Is the incoming ( src_addr , src_port , dst_addr , dst_port ) in the expectation table? ● Re-write the dst_addr and dst_port to the original values in the table (202.158.201.33, 80 (202.158.201.38, 80 150.101.30.33, 20000) 10.1.1.1, 10000) (150.101.30.33, 20000, 10.1.1.1, 10000, 202.158.201.38, 80)

  14. N A T h a s b e n e fj t s ● Deep packet inspection – A necessary part of NAT – But a DPI firewall can also work without altering the data passing through it, and is more robust when doing so ● Address re-numbering – The disconnect between exterior and interior address allows easy change of exterior address

  15. N A T i s s t a t e f u l ● One record per connection, aka “state” – Router memory is proportional to usage ● about 6,000 flows per gigabit – Except when the traffic has lots of flows ● Port scanning ● DNS ● “Unused” records are timed out – Internet of Things device has to turn on the WLAN interface to send a “keepalive packet” – Over 50% of battery use for small embedded devices ● Rebooting the device flushes all state – Arrgh, all my web banking just broke

  16. N A T r o u t e s c a n ' t b e a s y m m e t r i c FAIL ● Fully redundant network, but no traffic :-(

  17. W h o m e v e r c o n t r o l s t h e N A T , w i n s ● Carrier-grade NAT is NAT by a ISP ● This can lead to anti-competitive market – The ISP chooses who can run a server – The ISP can choose not to take action, and thus block some traffic which might disadvantage the ISPm such as SIP ● How do new services get developed in the first place? ● How do we teach students how to write services

  18. N A T i s i n s a n e l y c o m p l e x ● From Introduction to iptables

  19. L e t ' s l o o k a t t h e N A T t a b l e ● Router> show nat translation linux$ conntrack -L C:\> netsh routing ip nat show PS C:\> Get-NetNATSession ● conntrack is in the conntrack-tools package ● NAT is often bundled only in “value-added” product lines

  20. T h e t e c h n o l o g y o f I P v 6

  21. I P v 6 r e t u r n s I P t o t h e 1 9 8 0 ' s I P ● Plenty of addressing – Cheap, easy ● End-to-end visibility of addresses – No address shortage, so let's IP forward rather than NAT '80s hair optional

  22. I n t h e ' 8 0 s h a i r I P h a d p r o b l e m s ● Not enough addresses – 252 hosts a subnet – 255 subnets per university – One address per interface ● No automatic configuration – Even Novell's IPX and Apple's EtherTalk had that! ● No privacy ● No QoS model which scaled ● No resource discovery – Even Banyan VINES and EtherTalk...

  23. I P v 6 = I P v 4 + b u g fj x e s ● Lots of addressing – Address more networks and hosts ● Can address every host ever made ● A school can have 64000 subnets, a home 16. – But also to trade off address space for features ● Stateless automatic address configuration ● IPsec for secure communication ● DiffServ for QoS ● Link-local addresses and mDNS for local resource discovery

  24. T h i n k i n g a b o u t p r o t o c o l s ● Formats – On the wire: drawings are best – Textual representations ● Procedures – State diagrams ● Look at real traffic using a sniffing and pretty- printing tool like Wireshark ● Look at the data structures your computer has from this real traffic – Interfaces, tables, log messages

  25. F o r m a t s o f a d d r e s s e s T h e t e c h n o l o g y o f I P v 6

  26. F o r m a t s – a d d r e s s e s a r e l a r g e r ● 128 bits ● Divided into network , subnet and host portions, via a prefix-length, exactly as for IPv4 ● Schools will most commonly be allocated a /48

  27. A d d r e s s f o r m a t – t e x t u a l ● IPv6 addresses are written in hexadecimal, base 16 (0, 1, …, 9, a, b, …, f) 20010388000100000000000000000003 ● Add a colon between each 16-bit word 2001:0388:0001:0000:0000:0000:0000:0003 ● Remove leading zeros from each word 2001:0388:1:0:0:0:0:3 ● Replace longest run of zero words with :: 2001:388:1::3 ● It is conventional to add the prefix length 2001:388:1::3/128 ● For link-local addresses, add the related interface so they become unique fe80::e2f8:47ff:fe42:79c2%eth0

  28. T h a t ' s i m p r e s s i v e , s o r t o f ● A lot of work has been done to make the addresses convenient to type ● Especially for lots of zeros, so there's a hint for numbering your network infrastructure ● The cost is that IPv4 addresses are not regular – Write a regular expression which captures all IPv6 addresses. Compare with [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ ● Modifying programs isn't just a matter of increasing sizes – IPv6 addresses are unique in not being regular, so lots of programs won't handle them

  29. A p p l i c a t i o n s a n d t e x t u a l a d d r e s s e s ● URLs containing IPv6 addresses http://[2001:388:4000:4001:ba27:ebff:fed3:9fa1]/ ● Some commands have a -6 flag ssh -6 2001:388:4000:4001:ba27:ebff:fed3:9fa1 ● Some commands have 6 variants ping6 2001:388:4000:4001:ba27:ebff:fed3:9fa1 ● Sometimes you just can't win - URLs containing IPv6 addresses [http://\[2001\:388\:4000\:4001\:ba27\:ebff\:fed3\:9fa1\]/] ● And your phone's autocorrect will helpfully change ba27 to back

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Authorization: Firewalls Prof. Tom Austin San Jos State University Networking Basics Network

Authorization: Firewalls Prof. Tom Austin San Jos State University Networking Basics Network

CS 166: Information Security Authorization: Firewalls Prof. Tom Austin San Jos State University Networking Basics Network Includes Computers Servers Routers Wireless devices Etc. Purpose is to transmit data

839 views • 64 slides
Address Resolution ARP, RARP, Proxy ARP (C) Herbert Haas 2005/03/11 Agenda IP Forwarding

Address Resolution ARP, RARP, Proxy ARP (C) Herbert Haas 2005/03/11 Agenda IP Forwarding

Address Resolution ARP, RARP, Proxy ARP (C) Herbert Haas 2005/03/11 Agenda IP Forwarding Principle Address Resolution Protocol (ARP) IP Routing Basics IP Forwarding and ARP RARP Proxy ARP ICMP IP Forwarding and

1.03k views • 74 slides
The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same

The Network Network Security Secure against what/whom Security goals Attacker model Same hub `trusted LAN Internet Eavesdrop / block messages / insert messages / ... Typical attacker model security protocol analysis: Attacker

780 views • 63 slides
Joint Agencies Vehicle-Grid Integration (VGI) Working Group Two WO WORKSHOP #2 10 AM 5 PM

Joint Agencies Vehicle-Grid Integration (VGI) Working Group Two WO WORKSHOP #2 10 AM 5 PM

Joint Agencies Vehicle-Grid Integration (VGI) Working Group Two WO WORKSHOP #2 10 AM 5 PM SEPTEMBER 26, 2019 SAN FRANCISCO, CA https://gridworks.org/initiatives/rule-21-working-group-3/ Agenda 10:00-10:15 Participant Introductions and

273 views • 24 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
MAC Addresses and ARP 32-bit IP address: network-layer address Mac Addressing, Ethernet,

MAC Addresses and ARP 32-bit IP address: network-layer address Mac Addressing, Ethernet,

MAC Addresses and ARP 32-bit IP address: network-layer address Mac Addressing, Ethernet, and used to get datagram to destination IP subnet MAC (or LAN or physical or Ethernet) Interconnections address: used to get datagram

424 views • 6 slides
Medium Access Protocols Summary of MAC protocols What do you do with a shared media?

Medium Access Protocols Summary of MAC protocols What do you do with a shared media?

Medium Access Protocols Summary of MAC protocols What do you do with a shared media? Channel Partitioning, by time, frequency or code Time Division,Code Division, Frequency Division Random partitioning (dynamic), ALOHA,

754 views • 40 slides
Computer Communication Networks Link ICEN/ICSI 416 Fall 2017 Prof. Dola Saha 1 Link layer

Computer Communication Networks Link ICEN/ICSI 416 Fall 2017 Prof. Dola Saha 1 Link layer

Computer Communication Networks Link ICEN/ICSI 416 Fall 2017 Prof. Dola Saha 1 Link layer and LANs our goals: understand principles behind link layer services: error detection, correction sharing a broadcast channel: multiple

1.06k views • 89 slides
freeRTOS & lwIP for ZYNQ (and Zedboard) Dr. Heinz Rongen Forschungszentrum Jlich GmbH

freeRTOS & lwIP for ZYNQ (and Zedboard) Dr. Heinz Rongen Forschungszentrum Jlich GmbH

freeRTOS & lwIP for ZYNQ (and Zedboard) Dr. Heinz Rongen Forschungszentrum Jlich GmbH Zentralinstitut Systeme der Elektronik (ZEA-2) H.Rongen@fz-juelich.de Controller (The small ones ) - Single Chip Solutions / Applications -

715 views • 34 slides
Computer Networks - Xarxes de Computadors Outline Course Syllabus Unit 1: Introduction Unit 2.

Computer Networks - Xarxes de Computadors Outline Course Syllabus Unit 1: Introduction Unit 2.

Grau en enginyeria informtica - Xarxes de Computadors (XC-grau) Computer Networks - Xarxes de Computadors Outline Course Syllabus Unit 1: Introduction Unit 2. IP Networks Unit 3. TCP Unit 4. LANs Unit 5. Network applications 1 Lloren

1.11k views • 64 slides
Chapter 5: The Data Link Layer Chapter 5 Link Layer and LANs Our goals: understand

Chapter 5: The Data Link Layer Chapter 5 Link Layer and LANs Our goals: understand

Chapter 5: The Data Link Layer Chapter 5 Link Layer and LANs Our goals: understand principles behind data link layer services: error detection, correction sharing a broadcast channel: multiple access link layer addressing link

591 views • 18 slides
A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Author: Wei-Lin Chen

A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Author: Wei-Lin Chen

A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Author: Wei-Lin Chen Po-Kang Chen Quincy Wu Outline Introduction Motivation Related Works Authentication of Public WLAN Implementation &

426 views • 30 slides
Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7

Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7

Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7 R3 H8 Network 4 (point-to-point) R1 R2 Kameswari Chebrolu H4 Network 3 (FDDI) Router Dept. of Electrical Engineering, IIT Kanpur H6 H5

543 views • 4 slides
CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens

CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

578 views • 55 slides
Agenda Introduction to ARP ARP functionality Proxy ARP RARP Applied

Agenda Introduction to ARP ARP functionality Proxy ARP RARP Applied

1/13 ARP: Address Resolution Protocol Surasak Sanguanpong nguan@ku.ac.th http://www.cpe.ku.ac.th/~nguan Last updated: July 3, 2002 Applied Network Research Group Department of Computer Engineering, Kasetsart

510 views • 7 slides
Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9 ISO/OSI+DoD model wireshark +4fd9 T opics for our workshop Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4:

812 views • 44 slides
Guide to Networking Essentials Fifth Edition Chapter 6 Network Communications and Protocols

Guide to Networking Essentials Fifth Edition Chapter 6 Network Communications and Protocols

Guide to Networking Essentials Fifth Edition Chapter 6 Network Communications and Protocols Objectives Explain the function of protocols in a network Describe common protocol suites Guide to Networking Essentials, Fifth Edition 2

916 views • 47 slides
Were glad youre here! Find a seat Begin the self-assessment you will find at the

Were glad youre here! Find a seat Begin the self-assessment you will find at the

Were glad youre here! Find a seat Begin the self-assessment you will find at the tables Learn as much about agile as you Learn as much about agile as you want and then try to apply it want and then try to apply it

554 views • 26 slides
Particle Pa ticle Ph Physi ysics cs Co Coll llid ide Jamie Dorey, Open University Richard

Particle Pa ticle Ph Physi ysics cs Co Coll llid ide Jamie Dorey, Open University Richard

Wh When n Pu Publ blic ic Re Rela lati tions ons an and d Particle Pa ticle Ph Physi ysics cs Co Coll llid ide Jamie Dorey, Open University Richard Holliman, Open University Eileen Scanlon, Open University James Gillies, CERN

427 views • 8 slides
Lars Groth Master in Dr. oecon., NHH organizational Norwegian School sociology, UiO of

Lars Groth Master in Dr. oecon., NHH organizational Norwegian School sociology, UiO of

Lars Groth Master in Dr. oecon., NHH organizational Norwegian School sociology, UiO of Economics 1970 1980 1990 2000 2010 2020 Prof. II Nylands Morgen- Media Avenir Verksted bladet Vision NTNU UiO Department of Department

1.67k views • 42 slides
Understanding and managing information system conflicts Prof. Albert Boonstra

Understanding and managing information system conflicts Prof. Albert Boonstra

10th IADIS International Conference on Information Systems 2017 10 - 12 april Budapest, Hungary Key Note Understanding and managing information system conflicts Prof. Albert Boonstra albert.boonstra@rug.nl University of Groningen, The

933 views • 39 slides
Random Stuff I Find Interesting Random Stuff I Find Interesting Matthew Dockrey

Random Stuff I Find Interesting Random Stuff I Find Interesting Matthew Dockrey

Random Stuff I Find Interesting Random Stuff I Find Interesting Matthew Dockrey May 8, 2009 Matthew Dockrey May 8, 2009 24-Hour Time 24-Hour Time Adhocracies Adhocracies

985 views • 30 slides
Social Architecture 101 by Pieter Hintjens 2012-12-04 #TechMesh S o f t w a r e A n d S i l i c

Social Architecture 101 by Pieter Hintjens 2012-12-04 #TechMesh S o f t w a r e A n d S i l i c

Social Architecture 101 by Pieter Hintjens 2012-12-04 #TechMesh S o f t w a r e A n d S i l i c o n . c o m Questions How can we be so stupid (for smart apes)? How come the same people, organized differently, can be 1000x more or less

1.13k views • 14 slides
ICITI ICITI I t I ntegrated C ommunication & t d C i ti & IT I nfrastructure for the

ICITI ICITI I t I ntegrated C ommunication & t d C i ti & IT I nfrastructure for the

ICITI ICITI I t I ntegrated C ommunication & t d C i ti & IT I nfrastructure for the Socio-Economic IT I nfrastructure for the Socio Economic Development of Auroville Bioregion C Capt JV Avadhanulu VSM Indian Navy (Retd.) t JV A dh

722 views • 34 slides

More recommend