ilab 2
play

iLab 2 Internet Protocol version 6 Stefan Liebald - PowerPoint PPT Presentation

Apr 26, 2023 •216 likes •678 views

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen October 18, 2017 Based on slides of Lukas Schwaighofer 1

  1. iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München October 18, 2017 Based on slides of Lukas Schwaighofer 1

  2. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 2

  3. Motivation Figure: IPv6 exhaustion (source: https://xkcd.com/865) 3

  4. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 4

  5. Lab overview Internet IPv6-only ISP eth3: monitor eth0 eth2/vlan 12: 10.0.2.1/24 PC6 OSPF IPv6 area 0 fd52:fdee:a532:b64::1/64 eth0: PC3 10.0.2.2/24 eth0: 10.0.1.3/24 fd52:fdee:a532:b64::2/64 eth1: monitor port Webserver Probe & NAT64 eth0/vlan 10: eth0/vlan 10: eth1/vlan 11: 10.0.1.1/24 10.0.0.1/24 10.0.0.2/24 ISP client(s) link-local IPv6 link-local IPv6 fd52:fdee:a532:a00::/64 eui-64 IPv4 & IPv6 Cisco A Cisco B PC2 eth0: eth1/vlan 11: 10.0.1.2/24 fd52:fdee:a532:b00::/64 eui-64 fd52:fdee:a532:a00::/64 eui-64 PC5 fd52:fdee:a532:b53::1/64 eth0: Webserver fd52:fdee:a532:b00::/64 eui-64 eth2/vlan 12: User fd52:fdee:a532:a53::1/64 PC1 eth0: fd52:fdee:a532:d00::1/64 fd52:fdee:a532:a53::2/64 PC4 DNS Server eth0: fd52:fdee:a532:d00::1/64 fd52:fdee:a532:b53::2/64 DNS Server Figure: IPv6 lab setup 5

  6. Lab overview What will you do during the lab? ◮ SLAAC (Stateless Address Auto Configuration) ◮ DHCPv6 (Dynamic Host Configuration Protocol) ◮ OSPF (Open Shortest Path First) ◮ DNS (Domain Name System) 6

  7. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 7

  8. IPv4 and IPv6 Header 8

  9. IPv6 Differences ◮ 128 bit addresses compared to 32 bit in IPv4 ◮ Fragmentation only on endhosts ◮ Header: ◮ Fixed header length (40 byte) + extension headers ◮ Fewer fields (no checksum, fragmentation) ◮ Integrated IPsec via extension header ◮ No more broadcast → multicast ◮ NDP instead of ARP 9

  10. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 10

  11. IPv6 Address notation ◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 11

  12. IPv6 Address notation ◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened: ◮ replace longest sequence of blocks of zeros with :: ◮ ommit leading zeros ◮ e.g. 2001:db8::102:0:304 11

  13. IPv6 Address notation ◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened: ◮ replace longest sequence of blocks of zeros with :: ◮ ommit leading zeros ◮ e.g. 2001:db8::102:0:304 ◮ What about ports? ◮ use [IPv6-address]:port ◮ e.g.: [2001:db8::102:0:304]:80 11

  14. IPv6 Prefix and Interface Identifier ◮ 128 bit IPv6 address can be split in two parts: ◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface 12

  15. IPv6 Prefix and Interface Identifier ◮ 128 bit IPv6 address can be split in two parts: ◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface ◮ example 2001:db8::102:0:304 12

  16. IPv6 Prefix and Interface Identifier ◮ 128 bit IPv6 address can be split in two parts: ◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface ◮ example 2001:db8::102:0:304 ◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304 12

  17. IPv6 Prefix and Interface Identifier ◮ 128 bit IPv6 address can be split in two parts: ◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface ◮ example 2001:db8::102:0:304 ◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304 ◮ ISP could also assign you a /56 or other prefix ◮ → You can create 2 8 = 256 /64 subnets from that 12

  18. IPv6: Important well defined address prefixes Address (prefix) Type ::1/128 Loopback fe80::/10 Link-local unicast fc00::/7 Unique Local unicast 2001:db8::/32 Documentation ff00::/8 Multicast 13

  19. IPv6: Important multicast addresses ◮ Multicast prefix: ff00::/8 14

  20. IPv6: Important multicast addresses ◮ Multicast prefix: ff00::/8 Address Definition ff02::1 All nodes on local network segment ff02::2 All routers on local network segment All DHCPv6 servers on local network ff02::1:2 segment ff02::1:ff00:0/104 Solicited-node multicast prefix 14

  21. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 15

  22. Neighbor Discovery Protocol (NDP) 16

  23. Neighbor Discovery Protocol (NDP) ◮ Resolves MAC address of given IPv6 address to send packet over ethernet: ◮ Sender sends Neighbour Solicitation to target: ◮ IP dest: Solicitated Node Multicast IPv6 Address of target (prefix + last 3 octets of address) ◮ MAC dest: IPv6 multicast over ethernet address (33:33: + last 4 octets of v6 multicast address) ◮ Full IPv6 address of target as payload ◮ Target returns Neighbour Advertisment with MAC as payload 16

  24. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 17

  25. Stateless Address Auto Configuration (SLAAC) 18

  26. Stateless Address Auto Configuration (SLAAC) 1. Generate Link Local (LL) address 18

  27. Stateless Address Auto Configuration (SLAAC) 1. Generate Link Local (LL) address 2. Perform Duplicate Address Detection (DAD) ◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address 18

  28. Stateless Address Auto Configuration (SLAAC) 1. Generate Link Local (LL) address 2. Perform Duplicate Address Detection (DAD) ◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address 3. Send Router Solicitation (RS) to all routers 18

  29. Stateless Address Auto Configuration (SLAAC) 1. Generate Link Local (LL) address 2. Perform Duplicate Address Detection (DAD) ◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address 3. Send Router Solicitation (RS) to all routers 4. Take information (prefix) from response (Router Advertisment (RA)) and configure global IP address 18

  30. Address Autogeneration Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64: 19

  31. Address Autogeneration Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64: ◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405 19

  32. Address Autogeneration Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64: ◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405 ◮ Stable privacy: ◮ Replacement for EUI-64 ◮ Add secret + subnet identifier to IPv6 address generation ◮ → stable IPv6 address per subnet, can’t be mapped to MAC 19

  33. Address Autogeneration Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64: ◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405 ◮ Stable privacy: ◮ Replacement for EUI-64 ◮ Add secret + subnet identifier to IPv6 address generation ◮ → stable IPv6 address per subnet, can’t be mapped to MAC ◮ Privacy extension as addition to one of the above methods: ◮ Use a randomized IPv6 address for communication ◮ Change Address regularly 19

  34. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 20

  35. ICMPv6 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Type Code Checksum Message body ◮ Relevant types: ◮ Echo request/reply ◮ Time exceeded ◮ Packet too big ◮ Destination unreachable 21

  36. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

your exercise iLab 1+2 info event online Tell your friends!

your exercise iLab 1+2 info event online Tell your friends!

The iLab Experience a blended learning hands-on course concept you set the focus Final Lecture Marc-Oliver Pahl, Jul 25, 2017 your exercise iLab 1+2 info event online Tell your friends!

1.81k views • 96 slides
ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network

ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network

ilab 2 - IPSec with IKEv2 and Strongswan Lukas Grillmayer and Linus Lotz Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen June 4, 2014 Lukas Grillmayer and Linus Lotz: ilab 2 -

1.39k views • 51 slides
iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Countersurveillance Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Surveillance and operational security 14ws 1 lecture evaluation oral

916 views • 30 slides
ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 5 DNS and DNSSec History and Motivation of DNS Problem: The Internet needs IP addresses. Human beings do not memorize IP

779 views • 23 slides
ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to

ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to applications application application 4

647 views • 26 slides
iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TLS and packet filters Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 7 17ws 1 / 41 Outline Trust Transport Layer Security Packet filter

1.19k views • 43 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 18ss 1 / 36 Outline Introduction Trust architecture Protocols Attacks

663 views • 45 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 16ss 1 / 38 Outline Introduction Trust architecture Protocols Attacks

879 views • 47 slides
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 6 16ss 1 / 34 Motivation: IPv4 Address Scarcity source:

784 views • 54 slides
course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance,

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance,

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt

986 views • 47 slides
iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab TCP / UDP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 4 14ws 1 Outline Transport Layer UDP TCP MTCP / SCTP 2 Outline

720 views • 32 slides
ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL (Secure Socket Layer) /

812 views • 25 slides
iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen April 25, 2017 Based on slides of Lukas Schwaighofer 1

471 views • 10 slides
iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de

iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de

iLab Static routing Minoo Rouhi rouhi@net.in.tum.de Slides by Benjamin Hof hof@in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 2 17ws 1 / 21 Outline Meta

540 views • 27 slides
The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself

The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself

The iLab Experience a blended learning hands-on course concept you set the focus Do It Yourself - Hardware YE - Topic Outline May 29, 2018 10.4. Kick Off, IPv6 1 IPv6 BGP 17.4. 2 Minilab 1 2 mini labs Advanced Wireless Playground BGP

1.64k views • 125 slides
iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 10 16ss 1 / 32 Oral attestations available dates Friday,

521 views • 33 slides
Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique

Anonymizing your hacktop A brief tour of unique identifiers accessible by software @ Unique Identifiers Who cares? What are we talking about? Where are they? Laptops & Desktops Peripherals Smartphones Why

358 views • 19 slides
10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and

10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and

SwarmCreativity & COINs 10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and organization by knowledge flow Communication flow Business process (Relationships) Org. structure Department Manager +

440 views • 22 slides
CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The

CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The

Assignment #5 CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The only task: Write a complete CD catalog program with editing features, following your design from Assignment 4. You may re-use any

168 views • 6 slides
Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh

Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh

Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh Variational Perspective on Inference o Loss ensures fidelity to observed data o Based on the specific inverse problem one wishes to solve o Regularizer

580 views • 31 slides
802.1 Plenary July 2017 Berlin, Germany Closing Agenda Glenn Parsons IEEE 802.1 WG Chair

802.1 Plenary July 2017 Berlin, Germany Closing Agenda Glenn Parsons IEEE 802.1 WG Chair

802.1 Plenary July 2017 Berlin, Germany Closing Agenda Glenn Parsons IEEE 802.1 WG Chair glenn.parsons@ericsson.com 1 Plenary Agenda Call for Patents Membership Future Meetings 802 reports TG reports Sanity check current

1.35k views • 101 slides
APAN Sensor Network WG APAN Sensor Network WG nd meeting @ Hanoi 2 nd 2 nd nd meeting @ Hanoi

APAN Sensor Network WG APAN Sensor Network WG nd meeting @ Hanoi 2 nd 2 nd nd meeting @ Hanoi

APAN Sensor Network WG APAN Sensor Network WG nd meeting @ Hanoi 2 nd 2 nd nd meeting @ Hanoi i i @ H @ H i i Group Meeting (2010/08/10) (2010/08/10) Chair: Susumu Takeuchi Chair: Susumu Takeuchi (NICT, Japan) Introduction of

867 views • 53 slides
High-order Asymptotic-Preserving schemes for the Boltzmann equation and related problems Lorenzo

High-order Asymptotic-Preserving schemes for the Boltzmann equation and related problems Lorenzo

Introduction IMEX Runge-Kutta Exponential schemes Further developments High-order Asymptotic-Preserving schemes for the Boltzmann equation and related problems Lorenzo Pareschi Department of Mathematics & Computer Science University of

566 views • 41 slides
Ensemble Methods + Recommender Systems Matt Gormley Lecture 21 Nov. 4, 2019 1 Reminders

Ensemble Methods + Recommender Systems Matt Gormley Lecture 21 Nov. 4, 2019 1 Reminders

10-601 Introduction to Machine Learning Machine Learning Department School of Computer Science Carnegie Mellon University Midterm Review + Ensemble Methods + Recommender Systems Matt Gormley Lecture 21 Nov. 4, 2019 1 Reminders

967 views • 79 slides

More recommend