SLIDE 1
iLabX
Internet Protocol version 6 Erkin Kirdan
Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München
March 02, 2020
Based on slides of Lukas Schwaighofer and Stefan Liebald
iLabX Internet Protocol version 6 Erkin Kirdan Lehrstuhl fr - - PowerPoint PPT Presentation
iLabX Internet Protocol version 6 Erkin Kirdan Lehrstuhl fr - - PowerPoint PPT Presentation
iLabX Internet Protocol version 6 Erkin Kirdan Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen March 02, 2020 Based on slides of Lukas Schwaighofer and Stefan Liebald 1 Outline
SLIDE 2
SLIDE 3
Motivation
Figure: IPv6 exhaustion (source: https://xkcd.com/865)
3
SLIDE 4
Outline
Motivation IPv6 vs IPv4 IPv6 Addressing ICMPv6 Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) Transition Mechanisms IPv6 Lab overview
4
SLIDE 5
IPv4 and IPv6 Header
5
SLIDE 6
IPv6 Differences
◮ 128 bit addresses compared to 32 bit in IPv4 ◮ Fragmentation only on end-hosts ◮ Header:
◮ Fixed header length (40 byte) + extension headers ◮ Fewer fields (no checksum, fragmentation)
◮ Integrated IPsec via extension header ◮ No more broadcast → multicast ◮ NDP instead of ARP ◮ more efficient routing ◮ . . .
6
SLIDE 7
IPv4 Train
Source: https://www.reddit.com/r/ipv6/comments/b2upap/make_ sure_you_get_a_ticket_for_the_right_ip_train
7
SLIDE 8
Outline
Motivation IPv6 vs IPv4 IPv6 Addressing ICMPv6 Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) Transition Mechanisms IPv6 Lab overview
8
SLIDE 9
IPv6 Address notation
◮ 8 blocks of 2 bytes, colon separated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304
9
SLIDE 10
IPv6 Address notation
◮ 8 blocks of 2 bytes, colon separated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened:
9
SLIDE 11
IPv6 Address notation
◮ 8 blocks of 2 bytes, colon separated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened:
◮ replace longest sequence of blocks of zeros with :: ◮ omit leading zeros ◮ e.g. 2001:db8::102:0:304
9
SLIDE 12
IPv6 Address notation
◮ 8 blocks of 2 bytes, colon separated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened:
◮ replace longest sequence of blocks of zeros with :: ◮ omit leading zeros ◮ e.g. 2001:db8::102:0:304
◮ What about ports?
9
SLIDE 13
IPv6 Address notation
◮ 8 blocks of 2 bytes, colon separated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened:
◮ replace longest sequence of blocks of zeros with :: ◮ omit leading zeros ◮ e.g. 2001:db8::102:0:304
◮ What about ports?
◮ use [IPv6-address]:port ◮ e.g.: [2001:db8::102:0:304]:80
9
SLIDE 14
IPv6 Prefix and Interface Identifier
◮ 128 bit IPv6 address can be split in two parts:
◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface
10
SLIDE 15
IPv6 Prefix and Interface Identifier
◮ 128 bit IPv6 address can be split in two parts:
◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface
◮ example 2001:db8::102:0:304
10
SLIDE 16
IPv6 Prefix and Interface Identifier
◮ 128 bit IPv6 address can be split in two parts:
◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface
◮ example 2001:db8::102:0:304
◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304
10
SLIDE 17
IPv6 Prefix and Interface Identifier
◮ 128 bit IPv6 address can be split in two parts:
◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface
◮ example 2001:db8::102:0:304
◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304
◮ ISP could also assign you a /56 or other prefix
10
SLIDE 18
IPv6 Prefix and Interface Identifier
◮ 128 bit IPv6 address can be split in two parts:
◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface
◮ example 2001:db8::102:0:304
◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304
◮ ISP could also assign you a /56 or other prefix
◮ → You can create 28 = 256 /64 subnets from that
10
SLIDE 19
Subnetting in IPv6
Figure: Subnetting in IPv6
11
SLIDE 20
IPv6: Important well defined address prefixes
source: https://xkcd.com/742
12
SLIDE 21
IPv6: Important well defined address prefixes
Address (prefix) Type ::1/128 fe80::/10 fc00::/7 2001:db8::/32 ff00::/8
13
SLIDE 22
IPv6: Important well defined address prefixes
Address (prefix) Type ::1/128 Loopback fe80::/10 fc00::/7 2001:db8::/32 ff00::/8
13
SLIDE 23
IPv6: Important well defined address prefixes
Address (prefix) Type ::1/128 Loopback fe80::/10 Link-local unicast fc00::/7 2001:db8::/32 ff00::/8
13
SLIDE 24
IPv6: Important well defined address prefixes
Address (prefix) Type ::1/128 Loopback fe80::/10 Link-local unicast fc00::/7 Unique Local unicast 2001:db8::/32 ff00::/8
13
SLIDE 25
IPv6: Important well defined address prefixes
Address (prefix) Type ::1/128 Loopback fe80::/10 Link-local unicast fc00::/7 Unique Local unicast 2001:db8::/32 Documentation ff00::/8
13
SLIDE 26
IPv6: Important well defined address prefixes
Address (prefix) Type ::1/128 Loopback fe80::/10 Link-local unicast fc00::/7 Unique Local unicast 2001:db8::/32 Documentation ff00::/8 Multicast
13
SLIDE 27
Unicast Address Types
Figure: Relevant IPv6 unicast Types
14
SLIDE 28
Unicast Address Types
Figure: Relevant IPv6 unicast Types Bonus: Prefix assignmets to continents https://jacquev6.github.io/IpMap
14
SLIDE 29
IPv6: Important multicast addresses
◮ Multicast prefix: ff00::/8
15
SLIDE 30
IPv6: Important multicast addresses
◮ Multicast prefix: ff00::/8 Address Definition ff02::1 All nodes on local network segment ff02::2 All routers on local network segment ff02::1:2 All DHCPv6 servers on local network segment ff02::1:ff00:0/104 Solicited-node multicast prefix
15
SLIDE 31
Outline
Motivation IPv6 vs IPv4 IPv6 Addressing ICMPv6 Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) Transition Mechanisms IPv6 Lab overview
16
SLIDE 32
ICMPv6
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Type Code Checksum Message body ◮ Error reporting and other things for IPv6 ◮ Relevant types:
◮ Echo request/reply ◮ Time exceeded ◮ Packet too big ◮ Destination unreachable
17
SLIDE 33
Outline
Motivation IPv6 vs IPv4 IPv6 Addressing ICMPv6 Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) Transition Mechanisms IPv6 Lab overview
18
SLIDE 34
Neighbor Discovery Protocol (NDP)
19
SLIDE 35
Neighbor Discovery Protocol (NDP)
◮ Resolves MAC address of given IPv6 address to send packet
- ver ethernet:
◮ Sender sends Neighbour Solicitation to target:
◮ IP dest: Solicited Node Multicast IPv6 Address of target (prefix + last 3 octets of address) ◮ MAC dest: IPv6 multicast over ethernet address (33:33: + last 4 octets of v6 multicast address) ◮ Full IPv6 address of target as payload
◮ Target returns Neighbour Advertisement with MAC as payload
19
SLIDE 36
Outline
Motivation IPv6 vs IPv4 IPv6 Addressing ICMPv6 Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) Transition Mechanisms IPv6 Lab overview
20
SLIDE 37
Stateless Address Auto Configuration (SLAAC)
21
SLIDE 38
Stateless Address Auto Configuration (SLAAC)
- 1. Generate Link Local (LL) address
21
SLIDE 39
Stateless Address Auto Configuration (SLAAC)
- 1. Generate Link Local (LL) address
- 2. Perform Duplicate Address Detection (DAD)
◮ Send Neighbour Solicitation for own LL address ◮ No response → assign address
21
SLIDE 40
Stateless Address Auto Configuration (SLAAC)
- 1. Generate Link Local (LL) address
- 2. Perform Duplicate Address Detection (DAD)
◮ Send Neighbour Solicitation for own LL address ◮ No response → assign address
- 3. Send Router Solicitation (RS) to all routers
21
SLIDE 41
Stateless Address Auto Configuration (SLAAC)
- 1. Generate Link Local (LL) address
- 2. Perform Duplicate Address Detection (DAD)
◮ Send Neighbour Solicitation for own LL address ◮ No response → assign address
- 3. Send Router Solicitation (RS) to all routers
- 4. Take information (prefix) from response (Router Advertisement
(RA)) and configure global IP address
21
SLIDE 42
Address Autogeneration
Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64:
22
SLIDE 43
Address Autogeneration
Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64:
◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405
22
SLIDE 44
Address Autogeneration
Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64:
◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405
◮ Stable privacy:
◮ Replacement for EUI-64 ◮ Add secret + subnet identifier to IPv6 address generation ◮ → stable IPv6 address per subnet, can’t be mapped to MAC
22
SLIDE 45
Address Autogeneration
Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64:
◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405
◮ Stable privacy:
◮ Replacement for EUI-64 ◮ Add secret + subnet identifier to IPv6 address generation ◮ → stable IPv6 address per subnet, can’t be mapped to MAC
◮ Privacy extension as addition to one of the above methods:
◮ Use a randomized IPv6 address for communication ◮ Change Address regularly
22
SLIDE 46
Outline
Motivation IPv6 vs IPv4 IPv6 Addressing ICMPv6 Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) Transition Mechanisms IPv6 Lab overview
23
SLIDE 47
Need for Transistion Mechanisms
◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers needed ◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?
24
SLIDE 48
Need for Transistion Mechanisms
◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers needed ◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?
◮ Tunneling mechanisms (6in4, 4in6)
24
SLIDE 49
Need for Transistion Mechanisms
◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers needed ◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?
◮ Tunneling mechanisms (6in4, 4in6)
◮ Send IPv4 packets over IPv6 only networks and vice versa ◮ Encapsulate packets
24
SLIDE 50
Need for Transistion Mechanisms
◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers needed ◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?
◮ Tunneling mechanisms (6in4, 4in6)
◮ Send IPv4 packets over IPv6 only networks and vice versa ◮ Encapsulate packets
◮ Translation Mechanisms (DNS64, NAT64)
24
SLIDE 51
Need for Transistion Mechanisms
◮ Transition IPv4 to IPv6 slow, protocols co-exist ◮ Compatibility/handling between IPv4 and IPv6 hosts/routers needed ◮ Easiest: Dual Stack ◮ What to do if we have IPv4/IPv6 only networks?
◮ Tunneling mechanisms (6in4, 4in6)
◮ Send IPv4 packets over IPv6 only networks and vice versa ◮ Encapsulate packets
◮ Translation Mechanisms (DNS64, NAT64) ◮ . . .
24
SLIDE 52
NAT64 and DNS64
Figure: DNS64 and NAT64 with NAT64 prefix 64:ff9b::/96
25
SLIDE 53
NAT64 and DNS64
- 1. IPv6 only client performs DNS query for hostname of IPv4 only
server.
- 2. DNS64 synthesizes AAAA record from IPv4 address of the
server
◮ Predefined prefix, e.g. 64:ff9b::/96 (RFC6052) ◮ 32 bit left, append IPv4, e.g. 10.0.0.1: 64:ff9b::a00:1
- 3. DNS64 sends synthesized AAAA record to client
- 4. Client sends packet to given IPv6 address, routers reroute
packet to NAT64
- 5. NAT64 extracts IPv4 address
- 6. NAT64 sends the packet to the IPv4 webserver, remembering
the mapping and using its IPv4 address as source
- 7. Response is sent to the NAT64 which replaces the v4 with the
correct v6 destination IP of the v6 only client
26
SLIDE 54
Outline
Motivation IPv6 vs IPv4 IPv6 Addressing ICMPv6 Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) Transition Mechanisms IPv6 Lab overview
27
SLIDE 55
Lab overview
IPv6-only ISP ISP client(s) Internet
Cisco A Cisco B PC3 eth0: 10.0.1.3/24 Webserver PC5 eth0: fd52:fdee:a532:b00::/64 eui-64 User PC2 eth0: 10.0.1.2/24 fd52:fdee:a532:a00::/64 eui-64 Webserver PC1 eth0: fd52:fdee:a532:d00::1/64 fd52:fdee:a532:a53::2/64 DNS Server PC4 eth0: fd52:fdee:a532:d00::1/64 fd52:fdee:a532:b53::2/64 DNS Server IPv4 & IPv6 eth0/vlan 10: 10.0.0.1/24 link-local IPv6 eth0/vlan 10: 10.0.0.2/24 link-local IPv6 eth1/vlan 11: fd52:fdee:a532:b00::/64 eui-64 fd52:fdee:a532:b53::1/64 eth1/vlan 11: 10.0.1.1/24 fd52:fdee:a532:a00::/64 eui-64 OSPF IPv6 area 0 PC6 eth0: 10.0.2.2/24 fd52:fdee:a532:b64::2/64 eth1: monitor port Probe & NAT64 eth2/vlan 12: 10.0.2.1/24 fd52:fdee:a532:b64::1/64 eth3: monitor eth0 eth2/vlan 12: fd52:fdee:a532:a53::1/64
Figure: IPv6 lab setup
28
SLIDE 56