Introduction to IPv6 - II Building your IPv6 network Alvaro Vives | - - PowerPoint PPT Presentation

introduction to ipv6 ii
SMART_READER_LITE
LIVE PREVIEW

Introduction to IPv6 - II Building your IPv6 network Alvaro Vives | - - PowerPoint PPT Presentation

May 06, 2023 550 likes •886 views

Introduction to IPv6 - II Building your IPv6 network Alvaro Vives | 27 June 2017 | Workshop on Open Source Solutions for the IoT Contents IPv6 Protocols and Autoconfiguration - ICMPv6 - Path MTU Discovery (PMTU-D) - NDP -

slide-1
SLIDE 1

Alvaro Vives | 27 June 2017 | Workshop on Open Source Solutions for the IoT

Building your IPv6 network

Introduction to IPv6 - II

slide-2
SLIDE 2

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

2

Contents

  • IPv6 Protocols and Autoconfiguration
  • ICMPv6
  • Path MTU Discovery (PMTU-D)
  • NDP
  • Autoconfiguration: DHCPv6 vs. SLAAC
  • Use of IP on WSN/IoT
  • Connecting our IPv6 Network to the Internet
slide-3
SLIDE 3

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

3

IPv6 Protocols: ICMPv6 (1)

  • ICMPv6 fundamental part of IPv6

Multicast Link Layer IPv6 ICMPv6 MLD NDP MIPv6 Multicast Link Layer IPv4 ARP ICMP IGMP Broadcast

slide-4
SLIDE 4

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

4

IPv6 Protocols: ICMPv6 (2)

  • It’s used for several things, both:
  • Locally on the LAN: NDP, MLD
  • On the Internet: Fragmentation, detect other errors
  • You should be careful when filtering

Message Body 8 bits Checksum Type 16 bits Code 8 bits

  • Two type of messages:
  • Error: Destination unreachable, packet too big, time

exceeded, parameter problem (type = 0 … 127)

  • Informative: echo request, echo reply (type = 128 … 255)
slide-5
SLIDE 5

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

5

IPv6 Protocols: ICMPv6 (3)

ICMPv6 Error Messages

  • Destination Unreachable (type = 1, parameter = 0)
  • No route to destination (code = 0)
  • Communication with destination administratively prohibited (code = 1)
  • Beyond scope of source address (code = 2)
  • Address Unreachable (code = 3)
  • Port Unreachable (code = 4)
  • Source address failed ingress/egress policy (code = 5)
  • Reject route to destination (code = 6)
  • Packet Too Big (type = 2, code = 0, parameter = next hop MTU)
  • Time Exceeded (type = 3, parameter = 0)
  • Hop Limit Exceeded in Transit (code = 0)
  • Fragment Reassembly Time Exceeded (code = 1)
  • Parameter Problem (type = 4, parameter = offset to error)
  • Erroneous Header Field (code = 0)
  • Unrecognised Next Header Type (code = 1)
  • Unrecognised IPv6 Option (code = 2)
slide-6
SLIDE 6

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

6

Path MTU Discovery (1)

  • MTU: Maximum Transmission Units
  • Link MTU: maximum number of bytes of IP packet
  • Path MTU: minimum link MTU from source to destination
  • In IPv6 the minimum link MTU is 1280 bytes

(v4 68 bytes)

  • In IPv6 this is important because:
  • Fragmentation process changes: extension header
  • Encapsulation frequently used: overhead reduces available

MTU

slide-7
SLIDE 7

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

7

Path MTU Discovery (2)

  • Path MTU Discovery sends packets bigger

than 1280 bytes

  • For each destination, starts assuming MTU of first hop
  • If packet reaches a link MTU smaller than its size, ICMPv6

“packet too big” packet is sent to source, with info of link MTU (that MTU value is saved for that destination)

  • Eventually, saved MTU values are discarded to detect

possible changes on the MTU values

  • Constrained implementations: PMTU-D could

be omitted, if detected that 1280 bytes packets could reach a destination

slide-8
SLIDE 8

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

8

Path MTU Discovery (3)

  • IPv6 fragmentation done in the source node

R1 S

MTU = 1500

Source

R2 R3 R4 D

Destination

MTU = 1500 MTU = 1280 MTU = 1500 MTU = 1500 IPv6 | DATA 1500 bytes IPv6 | DATA 1500 bytes

X

ICMPv6 | Packet Too Big (MTU 1280) IPv6 | Frag. H | DATA 1400 bytes IPv6 | Frag. H | DATA 1400 bytes

slide-9
SLIDE 9

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

9

Autoconfiguration (1)

ICMPv6 Informative Messages

  • Echo Request (type =128, code = 0)
  • Echo Reply (type =129, code = 0)
  • MLD (Multicast Listener Discovery) Messages:
  • Query, Report, Done (Like IGMP for IPv4)
  • NDP Messages:
  • NS (Neighbor Solicitation)
  • NA (Neighbor Advertisement)
  • RS (Router Solicitation)
  • RA (Router Advertisement)
  • Redirect
slide-10
SLIDE 10

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

10

Autoconfiguration (2)

  • NDP: Neighbor Discovery Protocol
  • Used for hosts-hosts and routers-hosts

communication

  • It offers several services on a LAN:
  • Discovery of routers, network prefixes, network parameters
  • Autoconfiguration
  • Address Resolution
  • DAD (Duplicate Address Detection)
  • NUD (Neighbor Unreachability Detection)
  • It only uses 5 type of ICMPv6 packets:
  • NS, NA, RS, RA, Redirect
slide-11
SLIDE 11

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

11

NS / NA

  • A Host will send NS:
  • 1. To determine the MAC address associated with an IPv6

address: Dest. Addr. Multicast Solicited Node (Address Resolution = ARP IPv4)

  • 2. To check reachability: Dest. Addr. Unicast
  • A Host will send NA:
  • 1. Answer to NS
  • 2. To quickly send new information (Unsolicited)
slide-12
SLIDE 12

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

12

Neighbor Solicitation Format

  • NS to determine MAC. Own MAC address is

sent

  • Target Address: IPv6 address that generated the
  • request. Could not be a multicast address.
  • Possible Options: Source Link-Layer Address

Reserved = 0 8 bits Checksum Type = 135 16 bits Code = 0 8 bits Target Address Options …

slide-13
SLIDE 13

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

13

Neighbor Advertisement Format

  • Flags:
  • R: Router Flag=1 sending node is a router
  • S: Solicited Flag=1 sent as an answer to a NS
  • O: Override Flag=1 indicating caches should be updated
  • Target Address (can’t be a multicast address):
  • Solicited NAs = “Target Address” of NS
  • Unsolicited NA: IP address which MAC address has changed
  • Possible Options: Target Link-Layer Address (MAC of Tx)

Reserved = 0 8 bits Checksum Type = 136 16 bits Code = 0 8 bits Target Address Options … R | S | O

slide-14
SLIDE 14

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

14

RS / RA

  • A Host will send RS
  • 1. When bring up an interface: Dest. Addr = Well known

multicast address of all routers

  • A Router will send RA:
  • 1. As an answer to RS
  • 2. Periodically to inform about network parameters
slide-15
SLIDE 15

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

15

Router Solicitation Format

  • Possible Options: Source Link-Layer Address

Reserved = 0 8 bits Checksum Type = 133 16 bits Code = 0 8 bits Options …

slide-16
SLIDE 16

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

16

Router Advertisement Format (1)

  • Cur Hop Limit: default value to be used as Hop Limit in IPv6 header

for packets sent

  • M: 1-bit "Managed address configuration" flag
  • O: 1-bit "Other configuration" flag
  • Router Lifetime: time the router could be used as default router
  • Reachable Time: time node assumes a neighbour is reachable after

having received a reachability confirmation (used in NUD)

  • Retrans Timer: time (ms) between retransmitted NS (u in NUD, AR)
  • Possible Options: Source LinkLayer Address, MTU, Prefix

Information, RDNSS, Flags Expansion

Retrains Timer 8 bits Checksum Type = 134 16 bits Code = 0 8 bits Options … Router Lifetime Cur Hop Lim M|O|Reserved Reachable Timer

slide-17
SLIDE 17

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

17

Router Advertisement Format (2)

  • Options: TLV (Type-Lenght-Value)
  • Example: Prefix Information
  • L(1bit): on-link flag=1 indicates if prefix could be used for “on-link determination”
  • A(1bit): autonomous address-configuration flag=1 indicates if prefix could be

used for stateless address autoconfiguration.

  • Valid Lifetime: Time in secs. Prefix is valid for on-link determination. Used for

stateless address autoconfiguration as well.

  • Preferred Lifetime: Time in secs. that addresses generated with this prefix using

SLAAC are in preferred state

  • Prefix (128 bits): IPv6 Address or prefix

Reserved = 0 8 bits Type = 3 Length = 4 8 bits Prefix Prefix Length L|A|Reserved Preferred Lifetime 8 bits 8 bits Valid Lifetime

slide-18
SLIDE 18

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

18

Autoconfiguration (3)

  • Autoconfiguration: automatically configure network

parameters, not manually

  • In IPv4 we only have DHCP
  • In IPv6 there are more options
  • Two scenarios: router or non-router
  • Router:
  • Sends RAs -> M and O Flags -> four combinations
  • Hosts should look at M and O flags and then start to

autoconfigure

  • M is about IPv6 address, O is about other parameters (DNS, etc.)
  • We have two “tools” SLAAC (0) and DHCPv6 (1)
slide-19
SLIDE 19

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

19

Autoconfiguration (4)

  • SLAAC vs. DHCPv6
  • NOTE: Default gateway is learnt from the RA(s) (or manually)

IP / Other M O Comments SLAAC / SLAAC If dual-stack, could use IPv4 for DNS SLAAC / DHCPv6 1 DHCPv6 Stateless DHCPv6 / SLAAC 1 If dual-stack, could use IPv4 for DNS DHCPv6 / DHCPv6 1 1 Gateway is learnt from RA

slide-20
SLIDE 20

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

20

Autoconfiguration (5)

  • Host A attaches to a network with a Router

R

FF02::2 (all routers)

RS | Dest FF02::2

A

Internet

MAC address 00:0E:0C:31:C8:1F EUI-64 IID is 20E:0CFF:FE31:C81F

  • 1. Create Link-local Address
  • 2. Duplicate Address Detection
  • 3. Send Router Solicitation
  • 4. Create global address
  • 5. Do a DAD
  • 6. Set Default Router
  • 7. Set DNS Server

FE80::20F:23FF:FEF0:551A

FE80::20E:0CFF:FE31:C81F

RA | Prefix 2001:db8:1:1::/64 M = 0 | O = 0 | DNS = 2001:db8::53

2001:db8:1:1:20E:0CFF:FE31:C81F ::/0 FE80::20F:23FF:FEF0:551A DNS 2001:db8::53

slide-21
SLIDE 21

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

21

Autoconfiguration (6)

  • In practice SLAAC for DNS is not yet available. Use IPv4 for

DNS resolution (dual-stack) or DHCPv6 (O = 1)

R

FF02::2 (all routers)

RS | Dest FF02::2

A

Internet

MAC address 00:0E:0C:31:C8:1F EUI-64 IID is 20E:0CFF:FE31:C81F

  • 1. Create Link-local Address
  • 2. Duplicate Address Detection
  • 3. Send Router Solicitation
  • 4. Create global address
  • 5. Do a DAD
  • 6. Set Default Router
  • 7. Send DHCPv6 Request for DNS

FE80::20F:23FF:FEF0:551A

FE80::20E:0CFF:FE31:C81F

RA | Prefix 2001:db8:1:1::/64 M = 0 | O = 1

2001:db8:1:1:20E:0CFF:FE31:C81F ::/0 FE80::20F:23FF:FEF0:551A

slide-22
SLIDE 22

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

22

DHCPv6 (1)

  • DHCPv6 works as DHCPv4
  • Client-server
  • UDP
  • Use of relay
  • DIFFERENCE: Does not provide default gateway
  • Messages names change: SOLICIT, ADVERTISE,

REQUEST,REPLY

  • Servers/Relays listen on well-known multicast

addresses (FF02::1:2)

  • DHCPv6 stateless: only provides “other” info, not IP

Client Server SOLICIT REQUEST ADVERTISE REPLY

slide-23
SLIDE 23

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

23

DHCPv6 (2)

  • DHCPv6-PD (Prefix Delegation)
  • In IPv6 no private IP + NAT. A GUA prefix is needed
  • DHCPv6-PD allows scalable configuration of IPv6

prefixes in routers

  • Same as for IP addresses: client-server, etc.
  • Only changes the requested object: a prefix (IA-PD)
  • Example: CPE connected to an ISP

H Internet

CPE CPE CPE

D

DHCPv6 Server

ISP End-User

slide-24
SLIDE 24

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

24

DHCPv6 (3)

  • Host A connected to network with Router and DHCPv6 relay
  • M = O = 1

R

FF02::2 (all routers)

RS | Dest FF02::2

A

MAC address 00:0E:0C:31:C8:1F EUI-64 IID is 20E:0CFF:FE31:C81F

  • 1. Create Link-local Address
  • 2. Duplicate Address Detection
  • 3. Send Router Solicitation
  • 4. Set Default Router
  • 7. Do a DAD
  • 5. SOLICIT/ADVERTISE/REQUEST/REPLY
  • 6. Configure global address

FE80::20F:23FF:FEF0:551A

FE80::20E:0CFF:FE31:C81F

RA | M = 1 | O = 1

2001:db8:1:1:20E:0CFF:FE31:C81F ::/0 FE80::20F:23FF:FEF0:551A

S

DHCPv6 Server FF02::1:2 (DHCPv6 Relay)

  • 8. Configure DNS

DNS 2001:db8:FF::5:3 REQUEST REPLY SOLICIT ADVERTISE

slide-25
SLIDE 25

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

25

Use of IP on WSN/IoT (1)

  • IP has benefits for WSN/IoT:
  • Pervasive nature of IP allows use of existing infrastructure
  • IP-based technologies exist, are well-known, mature and

widely available. Allowing easier and cheaper adoption, good interoperability and easier application layer development

  • Open/free specifications: easier understood by wider audience

than proprietary solutions

  • Tools for IP networks already exist
  • IP devices can easily connect to IP networks. No need for

protocol translation gateways or proxies

slide-26
SLIDE 26

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

26

Use of IP on WSN/IoT (2)

  • IPv6 in particular has benefits for WSN/IoT:
  • Gives huge amount of addresses
  • No (real) limit of hosts in a local link
  • Provides for easy network parameters autoconfiguration

(SLAAC)

  • (Possible) end-to-end bi-directional communication
  • Could save battery:
  • 1. No NAT and keepalives
  • 2. No need to periodically pull information (PUSH model)
slide-27
SLIDE 27

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

27

Connecting to IPv6 Internet (1)

  • Objective: Connect our network to the IPv6

Internet

IPv6 Internet

Our IoT devices Network Collecting Servers People IoT devices Networks

  • Bidirectional, allows:
  • Management
  • Control
  • Communication
slide-28
SLIDE 28

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

28

Connecting to IPv6 Internet (2)

  • Scenario 1: Native IPv6 and IPv6 Router

IPv6 Internet

Cloud of IoT devices

R2 R1

LAN2 LAN1 RA

slide-29
SLIDE 29

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

29

Connecting to IPv6 Internet (3)

  • Scenario 2: Without native IPv6 and IPv6 Router

IPv6 Internet

Cloud of IoT devices

R2 R1

LAN2 LAN1 RA

IPv4 Internet

R

Tunnel End

IPv6 | DATA IPv4

slide-30
SLIDE 30

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

30

Connecting to IPv6 Internet (4)

  • Scenario 3: Without native IPv6 or IPv6 Router

IPv6 Internet

Cloud of IoT devices

R2 R1

LAN2 LAN1 RA

IPv4 Internet

R

IPv6 | DATA IPv4

R3

Tunnel End

slide-31
SLIDE 31

Alvaro Vives | Workshop on Open Source Solutions for the IoT | 27 June 2017

31

Connecting to IPv6 Internet (5)

  • Simplified Scenarios

a) Native IPv6

IPv6 Internet

Cloud of IoT devices

R1

LAN1

IPv6 | DATA

b) Encapsulated IPv6

IPv6 Internet

Cloud of IoT devices

R1

LAN1

IPv4 Internet

R

Tunnel End

IPv6 | DATA IPv4

slide-32
SLIDE 32

Questions

avives@ripe.net @TrainingRIPENCC