Diapositiva 1

About This Presentation

Title:

Diapositiva 1

Description:

IPv6 tutorial RedIRIS Miguel Angel Sotos miguel.sotos_at_rediris.es * * * * * Dependencia total tipo luz o electricidad Como de 110 a 220 voltios, durante un tiempo ... – PowerPoint PPT presentation

Number of Views:45

Avg rating:3.0/5.0

Slides: 60

Provided by: garrIteve9

Category:

more less

Transcript and Presenter's Notes

Title: Diapositiva 1

1
IPv6 tutorial
RedIRIS Miguel Angel Sotos miguel.sotos_at_rediris.
es
2
Agenda

History
Why IPv6
IPv6 addresses
Autoconfiguration
DNS
Transition mechanisms
Security in IPv6
IPv6 in Windows and Linux
IPv6 now

3
History

70s
TCP/IP developed in 1973, part of a project of
the Department of Defense (ARPA agency, USA)
ARPAnet network
Universities and Research centers computers
networks connection

4
History

80s
1983, ARPAnet starts using TCP/IP
1986, NSF (National Science Foundation) begins
the development of NFSnet, it will be the ARPAnet
substitute, being the base of the Internet

5
History

90s
1993, first previsions of exhaustion of IPv4
addresses
IETF (Internet Engineegin Task Force) develops
IPv6 specifications
Initially it was IPng
What happens with IPv5?
Packets were marked with the version number 5,
when the packets carried an experimental
protocol, called ST, real time streaming.

6
Agenda

History
Why IPv6
IPv6 addresses
Autoconfiguration
DNS
Transition mechanisms
Security in IPv6
IPv6 in Windows and Linux
IPv6 now

7
Why IPv6

The main reason, more addresses
But, what happens if I dont need more addresses?
IPv6 is in fashion
Dont loose the oportunity
Simplify end to end connections
No more NATs for security
Tecnically
All in one
Security in network layer
Autoconfiguration
More efficient and jerarquical routing
We start again
Headers are more simple

8
Why IPv6

And now we have a lot of devices connected to a
network, even TVs, cameras, fridgeseverything!

9
Why IPv6

Countries with lack of IPv4 addresses
Increasing demand
Companies adopting and introducing IPv6
IPv6 support will be necessary to not be
disconnected of part of the network and internet
IPv6 is robust, no patches
Anywaymaybe IPv4 will not disappear

10
Agenda

History
Why IPv6
IPv6 addresses
Autoconfiguration
DNS
Transition mechanisms
Security in IPv6
IPv6 in Windows and Linux
IPv6 now

11
IPv6 header

Its more simple

12
IPv6 header

CLASS is the Type of Service in IPv4
HOP LIMIT is the TTL of IPv4
FLOW LABEL is used in QoS
PAYLOAD LENGTH is the data length carried by the
packet
NEXT HEADER
If I have more info, I use more headers
No checksum
No fragmentation, only end to end
MTU discovery

13
IPv6 header

Types of header extensions
Routing
Fragmentation
Hop-by-hop options
Destiny options
Atuthentication
ICMP
Completely new
Including IGMP

14
IPv6 addresses

IPv4 4000 million of addresses
Allocation without control
Fragmentation
IPv6 3.4x1038 addresses
Clean slate, we start from scratch. Control,
order.
128 bits to addres the world

15
IPv6 addresses

4 times bigger
32 to 128 bits
Sintax
aaaabbbbccccddddeeeeffff00001111
Hexadecimal digits in groups of 4
You can substitute a group of 0s by
No masks, instead we have /number_of_bits (like
CIDR notation in IPv4)

16
IPv6 addresses

Addres format
Unicast, multicast, anycast
Global unicast addresses start with 001 (binary)
so we have addresses starting with 2 or 3
2001 or 3ffe
No broadcast (instead, multicast)

17
IPv6 addresses

Interface-id
Last 64 bits of the address
Unique in a local network
The IPv6 address is asociated with the interface,
not the host
MAC address is mapped

18
IPv6 addresses

Hosts addresses
When I have IPv6 configured or enabled in a host,
I automatically have a link-local address
Starts with fe80
Not routeable
Is unique in the local network
That address is configured automatially using the
interface-id
Used for autoconfiguration

19
IPv6 addresses

Multicast addresses
Start with FF00
First 0 is Flags (0,1 permanent, not
permanent)
Second 0 is scope
1 node
2 link
5 site
8 organization
E global
FF021 all the nodes of a network
FF022 all the routers of a network

20
IPv6 addresses

Anycast addresses
Used for a group of interfaces with the same
address
One packet sent to that address goes to the
nearest host with that address

21
IPv6 addresses

Example of global addresses
IPv4 130.206.1.159
IPv6 200107200418cafecccc1111abebb0b0
We can summarize
2001720000000000000000000009876 is
20019876
2001720000000000000000000000000 is
2001720
What will be /0 ?

22
IPv6 addresses

How we can distribute my prefix in my network?
To each one of the centers I can assign a /48
First 48 bits are fixed
A network is a /64
Interface ID
I have 16 bits to distribute the addresses in my
center
Network ID

23
IPv6 addresses

Example, RedIRIS have 20010720/32 for all the
Universities and Research centers

Company/Building
Department
Department
24
IPv6 addresses

Special addresses
Loopback (127.0.0.1) is 1
Default(0.0.0.0/0) is /0
IPv6 compatible with IPv4 (for tunnels)
130.206.1.159
IPv6 mapped over IPv4
FFFF130.206.1.159
Link-local address, starts with fe80

25
Agenda

History
WhyIPv6
IPv6 addresses
Autoconfiguration
DNS
Transition mechanisms
Security in IPv6
IPv6 in Windows and Linux
IPv6 now

26
Autoconfiguration

New IPv6 feature (similar to IPv6 DHCP)
Network administration is easier plug and play
The user connects the host to the network and is
automatically configured
Advantage over DHCP
Its not necessary an additional server

27
Autoconfiguration

Protocol used here is neighbor discovery
Hosts and network equipment exchange multicast
IPv6 packets to check the host IPv6 address
Duplicate IPv6 addresses detection
Two types
Stateful and stateless
Different mechanisms that can be used in a
complementary way

28
Autoconfiguration

Stateful
Manual configuration, or using DHCP
Like IPv4
Stateless
Completely automatic configuration
Its not necessary the manual config of hosts
and servers. In some cases, we need minimal
network equipment configuration (routers)

29
Autoconfiguration

Neighbour advertisement
The host send a router request message
ICMP type 133
The router sends a router advertisement message
ICMP type 134
Include the prefix announced by the router with
the TTL

30
Autoconfiguration

The host sends the neighbour request message to
check the IPv6 address of the neighbour
ICMP type 135
A neighbour advertisement message is sent
A router can send a change or redirection
message to find the best hop for a destiny

31
Agenda

History
Why IPv6
IPv6 addresses
Autoconfiguration
DNS
Transition mechanisms
Security in IPv6
IPv6 in Windows and Linux
IPv6 now

32
DNS

Now, applications behave in a different way
First, they request the IPv6 addres
(timeout)
If its coded correctly, it will ask for IPv4
You have to be very careful when putting an IPv6
service in production
Good connectivity
You have to be very careful when configuring an
IPv6 address in the DNS
Deny of service!

33
DNS
www.ipv6.elmundo.es
20018004001071
Access to the web server (port 80)
Port 80 not reachable
34
DNS

I have configured all the hosts in my network,
Also my router
DNS is a must, due to the length of the
addresses
Bind v9 support IPv6 addresses
IPv6 requests over IPv6
options
listen-on-v6 any
IPv6 requests over IPv4

35
DNS

Its better not to create an special zone for
IPv6 (like ipv6.my_center.com)
But, it can be dangerous for production services
During tests, its better ftp.ipv6.my_center.com
than ftp.my_center.com
Anyway, we should go for the same direct zone
Direct zone
We use the same config files as with IPv4 (AAAA
instead of A)

36
DNS

Reverse zone
nibble-bit notation with .arpa
0.2.7.0.1.0.0.2.ip6.arpa
Root servers are configured to support this
format
Recommended and the zone which is delegated with
the Registries (like RIPE)
Latests versions of glibc support this format

37
Agenda

History
Why IPv6
IPv6 addresses
Autoconfiguration
DNS
Transition mechanisms
Security in IPv6
IPv6 in Windows and Linux
IPv6 now

38
Transition

We cannot switch off the Internet and then switch
on with IPv6
There are several mechanisms
IPv4 and IPv6 can live together
BUT IPv4 and IPv6 are not compatible
Three types of transition mechanisms
Dual-stack
Based on tunnels
Based on address translation

39
Transition

Dual-stack
We depend on vendors implementations
My equipment support native IPv4 and native
IPv6, at the the same time, parallel.
More operational effort
I can plan a periodic migration, step by step
Network
Servers
Applications and services
Hosts
The best one
Its recommended a testing period

40
Transition

Tunnels
IPv6 traffic is encapsulated in IPv4 packets
I connect two IPv6 worlds separated by an IPv4
domain
Automatic tunnels
The host has an IPv4 compatible IPv6 address
6to4 IPv4 address of the tunnel endpoints are
identified in the IPv6 prefix
We use 2002/16
Manual tunnels
Explicit configuration
IPv4 tunnel endpoints
IPv6 address of the tunnel interface
Tunnel brokers
Automatic configuration to have basic IPv6
connectivity if my network is only IPv4

41
Transition

6to4
I connect two IPv6 worlds isolated (IPv4 between
them)
The router to the Internet creates a 6to4 tunnel
to the other domain
The IPv4 addresses of the tunnel endpoints are
included in the IPv6 prefix
Used 2002/16
Teredo
Provides IPv6 connectivity behind a NAT
Encapsulates IPv6 packets into UDP IPv4
They can go through the NAT and the Internet

42
Transition

To migrate all my network to IPv6 Ill have the
following problems
My hardware doesnt support IPv6
Upgrade it
Use a Linux router
Use an alternate router, with a tunnel to a
provider
I have a firewall
Not a lot of solutions
Upgrade is important

43
Transition
Level 2 migration, integrating an IPv6 router in
the same vlan
Small IPv6 router
44
Transition
More natural migration, including dual-stack
45
Transition
Migration using Level 3
46
Agenda

History
Why IPv6
IPv6 addresses
Autoconfiguration
DNS
Transition mechanisms
Security in IPv6
IPv6 in Windows and Linux
IPv6 now

47
Security

Support for IPv6firewallstunnels is not widely
deployed
But IPv6 has IPsec
The same as with IPv4, but in that case is part
of the protocol (security header), less problems
Security is included, as part of the IPv6
specifications
Authentication
Encryption

48
Security

With the right security policies, its not a
problem to have public addresses for everyone.
Its easier the network administration
NAT is not necessary
Problems with multimedia applications
Problems with IPsec
Problems with multicast
Problems with end to end, peer to peer and point
to point applications

49
Agenda

History
Why IPv6
IPv6 addresses
Autoconfiguration
DNS
Transition mechanisms
Security in IPv6
IPv6 in Windows and Linux
IPv6 now

50
IPv6 Windows

www.microsoft.com/ipv6
You can create an IPv6 tunnel against Micrsoft
Good for testing
With windos 2000 you have to install SP2
With Windows XP
With SP1 or higher
Its part of the system
To install it
Form properties of my network places
Using CLI
Netsh interface ipv6 install
Without SP1
You cannot do DNS queries using IPv6
Install it using CLI
Ipv6 install

51
IPv6 Windows

www.microsoft.com/ipv6
With windows Vista With MAC (live show)
Installed by default
You can deactivate it

52
IPv6 Linux

In the latests versions, kernel has complete IPv6
support
If my host has IPv6 activated
In my loopback address Ill see
1/128 Scope Host
In the interfaces Ill see a link-local address
eth0 Link encapEthernet HWaddr 0060083A9EB7
inet addr130.206.1.157 Bcast130.206.1.255
Mask255.255.255.128
inet6 addr fe802608fffe3a9eb7/10
ScopeLink
My host will be configured using the prefix that
the router announces, having complete IPv6
connectivity
eth0 Link encapEthernet HWaddr 0060083A9EB7
inet addr130.206.1.157 Bcast130.206.1.255
Mask255.255.255.128
inet6 addr 3ffe3328512608fffe3a9eb7/64
ScopeGlobal
inet6 addr fe802608fffe3a9eb7/10
ScopeLink