iLab 2 Internet Protocol version 6 Stefan Liebald - - PowerPoint PPT Presentation

ilab 2
SMART_READER_LITE
LIVE PREVIEW

iLab 2 Internet Protocol version 6 Stefan Liebald - - PowerPoint PPT Presentation

Apr 26, 2023 216 likes •682 views

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen October 18, 2017 Based on slides of Lukas Schwaighofer 1

slide-1
SLIDE 1

iLab 2

Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München

October 18, 2017

Based on slides of Lukas Schwaighofer

1

slide-2
SLIDE 2

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

2

slide-3
SLIDE 3

Motivation

Figure: IPv6 exhaustion (source: https://xkcd.com/865)

3

slide-4
SLIDE 4

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

4

slide-5
SLIDE 5

Lab overview

IPv6-only ISP ISP client(s) Internet

Cisco A Cisco B PC3 eth0: 10.0.1.3/24 Webserver PC5 eth0: fd52:fdee:a532:b00::/64 eui-64 User PC2 eth0: 10.0.1.2/24 fd52:fdee:a532:a00::/64 eui-64 Webserver PC1 eth0: fd52:fdee:a532:d00::1/64 fd52:fdee:a532:a53::2/64 DNS Server PC4 eth0: fd52:fdee:a532:d00::1/64 fd52:fdee:a532:b53::2/64 DNS Server IPv4 & IPv6 eth0/vlan 10: 10.0.0.1/24 link-local IPv6 eth0/vlan 10: 10.0.0.2/24 link-local IPv6 eth1/vlan 11: fd52:fdee:a532:b00::/64 eui-64 fd52:fdee:a532:b53::1/64 eth1/vlan 11: 10.0.1.1/24 fd52:fdee:a532:a00::/64 eui-64 OSPF IPv6 area 0 PC6 eth0: 10.0.2.2/24 fd52:fdee:a532:b64::2/64 eth1: monitor port Probe & NAT64 eth2/vlan 12: 10.0.2.1/24 fd52:fdee:a532:b64::1/64 eth3: monitor eth0 eth2/vlan 12: fd52:fdee:a532:a53::1/64

Figure: IPv6 lab setup

5

slide-6
SLIDE 6

Lab overview

What will you do during the lab?

◮ SLAAC (Stateless Address Auto Configuration) ◮ DHCPv6 (Dynamic Host Configuration Protocol) ◮ OSPF (Open Shortest Path First) ◮ DNS (Domain Name System) 6

slide-7
SLIDE 7

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

7

slide-8
SLIDE 8

IPv4 and IPv6 Header

8

slide-9
SLIDE 9

IPv6 Differences

◮ 128 bit addresses compared to 32 bit in IPv4 ◮ Fragmentation only on endhosts ◮ Header:

◮ Fixed header length (40 byte) + extension headers ◮ Fewer fields (no checksum, fragmentation)

◮ Integrated IPsec via extension header ◮ No more broadcast → multicast ◮ NDP instead of ARP 9

slide-10
SLIDE 10

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

10

slide-11
SLIDE 11

IPv6 Address notation

◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 11

slide-12
SLIDE 12

IPv6 Address notation

◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened:

◮ replace longest sequence of blocks of zeros with :: ◮ ommit leading zeros ◮ e.g. 2001:db8::102:0:304

11

slide-13
SLIDE 13

IPv6 Address notation

◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened:

◮ replace longest sequence of blocks of zeros with :: ◮ ommit leading zeros ◮ e.g. 2001:db8::102:0:304

◮ What about ports?

◮ use [IPv6-address]:port ◮ e.g.: [2001:db8::102:0:304]:80

11

slide-14
SLIDE 14

IPv6 Prefix and Interface Identifier

◮ 128 bit IPv6 address can be split in two parts:

◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface

12

slide-15
SLIDE 15

IPv6 Prefix and Interface Identifier

◮ 128 bit IPv6 address can be split in two parts:

◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface

◮ example 2001:db8::102:0:304 12

slide-16
SLIDE 16

IPv6 Prefix and Interface Identifier

◮ 128 bit IPv6 address can be split in two parts:

◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface

◮ example 2001:db8::102:0:304

◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304

12

slide-17
SLIDE 17

IPv6 Prefix and Interface Identifier

◮ 128 bit IPv6 address can be split in two parts:

◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface

◮ example 2001:db8::102:0:304

◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304

◮ ISP could also assign you a /56 or other prefix

◮ → You can create 28 = 256 /64 subnets from that

12

slide-18
SLIDE 18

IPv6: Important well defined address prefixes

Address (prefix) Type ::1/128 Loopback fe80::/10 Link-local unicast fc00::/7 Unique Local unicast 2001:db8::/32 Documentation ff00::/8 Multicast

13

slide-19
SLIDE 19

IPv6: Important multicast addresses

◮ Multicast prefix: ff00::/8 14

slide-20
SLIDE 20

IPv6: Important multicast addresses

◮ Multicast prefix: ff00::/8

Address Definition ff02::1 All nodes on local network segment ff02::2 All routers on local network segment ff02::1:2 All DHCPv6 servers on local network segment ff02::1:ff00:0/104 Solicited-node multicast prefix

14

slide-21
SLIDE 21

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

15

slide-22
SLIDE 22

Neighbor Discovery Protocol (NDP)

16

slide-23
SLIDE 23

Neighbor Discovery Protocol (NDP)

◮ Resolves MAC address of given IPv6 address to send packet

  • ver ethernet:

◮ Sender sends Neighbour Solicitation to target: ◮ IP dest: Solicitated Node Multicast IPv6 Address of target

(prefix + last 3 octets of address)

◮ MAC dest: IPv6 multicast over ethernet address (33:33: + last

4 octets of v6 multicast address)

◮ Full IPv6 address of target as payload ◮ Target returns Neighbour Advertisment with MAC as payload

16

slide-24
SLIDE 24

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

17

slide-25
SLIDE 25

Stateless Address Auto Configuration (SLAAC)

18

slide-26
SLIDE 26

Stateless Address Auto Configuration (SLAAC)

  • 1. Generate Link Local (LL) address

18

slide-27
SLIDE 27

Stateless Address Auto Configuration (SLAAC)

  • 1. Generate Link Local (LL) address
  • 2. Perform Duplicate Address Detection (DAD)

◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address

18

slide-28
SLIDE 28

Stateless Address Auto Configuration (SLAAC)

  • 1. Generate Link Local (LL) address
  • 2. Perform Duplicate Address Detection (DAD)

◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address

  • 3. Send Router Solicitation (RS) to all routers

18

slide-29
SLIDE 29

Stateless Address Auto Configuration (SLAAC)

  • 1. Generate Link Local (LL) address
  • 2. Perform Duplicate Address Detection (DAD)

◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address

  • 3. Send Router Solicitation (RS) to all routers
  • 4. Take information (prefix) from response (Router Advertisment

(RA)) and configure global IP address

18

slide-30
SLIDE 30

Address Autogeneration

Each host must have an Link Local address. Multiple Ways to generate host part:

◮ (Extended) EUI-64: 19

slide-31
SLIDE 31

Address Autogeneration

Each host must have an Link Local address. Multiple Ways to generate host part:

◮ (Extended) EUI-64:

◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405

19

slide-32
SLIDE 32

Address Autogeneration

Each host must have an Link Local address. Multiple Ways to generate host part:

◮ (Extended) EUI-64:

◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405

◮ Stable privacy:

◮ Replacement for EUI-64 ◮ Add secret + subnet identifier to IPv6 address generation ◮ → stable IPv6 address per subnet, can’t be mapped to MAC

19

slide-33
SLIDE 33

Address Autogeneration

Each host must have an Link Local address. Multiple Ways to generate host part:

◮ (Extended) EUI-64:

◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405

◮ Stable privacy:

◮ Replacement for EUI-64 ◮ Add secret + subnet identifier to IPv6 address generation ◮ → stable IPv6 address per subnet, can’t be mapped to MAC

◮ Privacy extension as addition to one of the above methods:

◮ Use a randomized IPv6 address for communication ◮ Change Address regularly

19

slide-34
SLIDE 34

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

20

slide-35
SLIDE 35

ICMPv6

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Type Code Checksum Message body

◮ Relevant types:

◮ Echo request/reply ◮ Time exceeded ◮ Packet too big ◮ Destination unreachable

21

slide-36
SLIDE 36

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

22

slide-37
SLIDE 37

Lab overview

IPv6-only ISP ISP client(s) Internet

Cisco A Cisco B PC3 eth0: 10.0.1.3/24 Webserver PC5 eth0: fd52:fdee:a532:b00::/64 eui-64 User PC2 eth0: 10.0.1.2/24 fd52:fdee:a532:a00::/64 eui-64 Webserver PC4 eth0: fd52:fdee:a532:b53::2/64 DNS Server IPv4 & IPv6 eth0/vlan 10: 10.0.0.1/24 link-local IPv6 eth0/vlan 10: 10.0.0.2/24 link-local IPv6 eth1/vlan 11: fd52:fdee:a532:b00::/64 eui-64 fd52:fdee:a532:b53::1/64 eth1/vlan 11: 10.0.1.1/24 fd52:fdee:a532:a00::/64 eui-64 OSPF IPv6 area 0 PC6 eth0: 10.0.2.2/24 fd52:fdee:a532:b64::2/64 eth1: monitor port Probe & NAT64 eth2/vlan 12: 10.0.2.1/24 fd52:fdee:a532:b64::1/64 eth3: monitor eth0

Figure: IPv6 lab setup

23

slide-38
SLIDE 38

Lab overview

What will you do during the lab?

◮ Fragmentation Handling in IPv4/6 ◮ Transition Mechanism DNS64/NAT64 ◮ Application Transition 24

slide-39
SLIDE 39

Outline

Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms

25

slide-40
SLIDE 40

Need for Transistion Mechanisms

◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers

needed

◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks? 26

slide-41
SLIDE 41

Need for Transistion Mechanisms

◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers

needed

◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?

◮ Tunneling mechanisms (6in4, 4in6)

26

slide-42
SLIDE 42

Need for Transistion Mechanisms

◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers

needed

◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?

◮ Tunneling mechanisms (6in4, 4in6) ◮ Send IPv4 packets over IPv6 only networks and vice versa ◮ Encapsulate packets

26

slide-43
SLIDE 43

Need for Transistion Mechanisms

◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers

needed

◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?

◮ Tunneling mechanisms (6in4, 4in6) ◮ Send IPv4 packets over IPv6 only networks and vice versa ◮ Encapsulate packets ◮ Translation Mechansisms (DNS64, NAT64)

26

slide-44
SLIDE 44

Need for Transistion Mechanisms

◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers

needed

◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?

◮ Tunneling mechanisms (6in4, 4in6) ◮ Send IPv4 packets over IPv6 only networks and vice versa ◮ Encapsulate packets ◮ Translation Mechansisms (DNS64, NAT64) ◮ . . .

26

slide-45
SLIDE 45

NAT64 and DNS64

Figure: DNS64 and NAT64 with NAT64 prefix 64:ff9b::/96

27

slide-46
SLIDE 46

NAT64 and DNS64

  • 1. IPv6 only client performs DNS query for hostname of IPv4 only

server.

  • 2. DNS64 synthesizes AAAA record from IPv4 address of the

server

◮ Predefined prefix, e.g. 64:ff9b::/96 (RFC6052) ◮ 32 bit left, append IPv4, e.g. 10.0.0.1: 64:ff9b::a00:1

  • 3. DNS64 sends synthesized AAAA record to client
  • 4. Client sends packet to given IPv6 address, routers reroute

packet to NAT64

  • 5. NAT64 extracts IPv4 address
  • 6. NAT64 sends the packet to the IPv4 webserver, remembering

the mapping and using its IPv4 address as source

  • 7. Response is sent to the NAT64 which replaces the v4 with the

correct v6 destination IP of the v6 only client

28