IPv6

1
IPv6

• Hosts Implementation with Cisco

2
Internetworking MS-Windows with IPv6
3
Windows OS Products Support for IPv6

• 1998
• Support for Windows NT and Windows 2000 available
  since 1998 for research and experiment
• Users can download and install Ipv6 code
• In 2000
• MS released IPv6 Technology Preview for Windows
  2000 and distributed it to the internet
  community.
• 2001
• Support for Windows XP Professional, XP Home
  Edition, XP Pro and XP Home Edition SP1

4
IPv6 Support and Windows OSs

• Support for Internet Protocol version 6 (IPv6), a
  new suite of standard protocols for the Network
  layer of the Internet, is built into the latest
  versions of Microsoft Windows, which include
• Windows Vista,
• Windows Server 2008 (now in beta testing),
• Windows Server 2003,
• Windows XP with Service Pack 2,
• Windows XP with Service Pack 1,
• Windows XP Embedded SP1, and
• Windows CE .NET.

5
IPv6 and Windows XP 2003 SRV.

• The implementation of IPv6 in Windows XP and
  Windows Server 2003 is a dual stack architecture.
  
• For IPv6 support, install a separate protocol
  through the Network Connections folder.
• This separate IPv6 protocol stack had its own
  Transport layer that include TCP and UDP and its
  own Framing layer.
• Changes to protocols in either the Transport or
  Framing layers had to be done to two Windows
  drivers
• Tcpip.sys for the IPv4 protocol stack
• Tcpip6.sys for the IPv6 protocol stack

6
IPv6 Configuration

• The main elements of IPv6 configuration
• Assign IPv6 addresses for each interface
• Default router (known in IPv4 as the default
  gateway)
• Domain Name System (DNS) settings such as DNS
  servers and name registration behaviour
• Unlike typical IPv4 nodes, typical IPv6 nodes
  have multiple interfaces (both LAN and tunnel
  interfaces) and multiple addresses assigned to
  each interface.
• Note IPv6 does not use Network basic
  input/output system (NetBIOS). Therefore, an IPv6
  configuration does not need NetBIOS settings or
  the addresses of Windows Internet Name Service
  (WINS) servers.

7
States of an IPv6 Address

• IPv6 hosts typically automatically configure IPv6
  addresses by interacting with a router and
  performing stateless IPv6 address
  autoconfiguration.
• After being verified as unique, autoconfigured
  addresses are in one or more of the following
  states
• Valid
• An address for which uniqueness has been verified
  and from which unicast traffic can be sent and
  received.
• Autoconfigured addresses have a valid lifetime
  assigned by the router.
• Preferred
• A valid address that can be used for new
  communications.
• Autoconfigured addresses also have a preferred
  lifetime assigned by the router.
• Deprecated
• A valid address that cannot be used for new
  communications.
• Existing communication sessions can still use a
  deprecated address.
• Invalid
• An address for which a node can no longer send or
  receive traffic.
• An address enters the invalid state after the
  valid lifetime expires.

8
IPv6 Default Router

• Just like an IPv4 host, an IPv6 host is typically
  configured with the address of one or more
  routers on its subnet to which all remote traffic
  is sent.
• In IPv6, the default routers are automatically
  configured through router discovery and the
  address of a default router is the link-local
  address of the IPv6 router's interface on the
  local subnet.
• Configuration of a default router also creates a
  default route in the IPv6 routing table.
• For an IPv6 node that performs router discovery
  over multiple interfaces, such as an IPv6 host
  using both a LAN connection and Intra-Site
  Automatic Tunnel Addressing Protocol (ISATAP),
  there will be multiple default routers and
  multiple default routes in the routing table.

9
IPv6 DNS Settings

• Windows-based hosts can send DNS queries to DNS
  servers over either IPv4 or IPv6, depending on
  the configuration of the host and the DNS and
  routing infrastructure.
• By default, Windows-based hosts send their DNS
  queries over IPv4 using the IPv4 address of the
  DNS server as configured by the DHCP.
• Computers running XP, Server 2003, Vista, or
  Server 2008 can send DNS queries over IPv6 using
  one of the following
• Locally configured unicast addresses of DNS
  servers
• Use the netsh interface ipv6 add dns command to
  configure hosts with the IPv6 addresses of your
  DNS server.
• (For computers running Windows Vista or Windows
  Server 2008, you can configure IPv6-addressed DNS
  servers through the properties of the Internet
  Protocol version 6 (TCP/IPv6) component in the
  Connections and Adapters folder.)

10
IPv6 DNS Settings

• Well-known unicast addresses of DNS servers
  (fec000ffff1, fec000ffff2, and
  fec000ffff3)
• Manually configure DNS servers with the
  well-known unicast addresses and add host routes
  to routing infrastructure so that the DNS servers
  are reachable from IPv6 hosts running Windows XP,
  Windows Server 2003, Windows Vista, or Windows
  Server 2008.

11
Enabling IPv6
12
Ipconfig.exe for Windows XP with SP2
temporary addresses
public address
Global addresses
link-local
13
IPv6 For Windows Vista

• IPv6 Address A public IPv6 address. Unlike
  Windows XP with SP2, Windows Vista by default
  uses randomly derived interface IDs for public
  and link-local IPv6 addresses.
• Temporary IPv6 Address A global address with a
  randomly derived interface ID that has a short
  valid lifetime.
• Link-local IPv6 Address A link-local address with
  its corresponding zone ID (the interface index).
• Site-local IPv6 Address A site-local address with
  its corresponding zone ID (the site ID).

14
Ipconfig.exe for Windows Vista
Ipconfig.exe now displays the IPv6 addresses
before the IPv4 addresses and indicates the type
of IPv6 address using the following labels
15
Route.exe Tool

• In Windows Server 2003, Windows Vista, and
  Windows Server 2008, Route.exe tool to display
  the IPv6 route table.

16
Migrating IPv6.exe Commands to Netsh

• IPv6 for XP and XP with Service Pack 1 (SP1)
  includes the Ipv6.exe tool, which is used to
  configure the IPv6 protocol.
• Ipv6.exe commands are being replaced with
  commands in the netsh interface ipv6 and netsh
  interface ipv6 isatap contexts.
• Because the Ipv6.exe tool will not be included in
  the Windows Server 2003 family, scripts that
  contain Ipv6.exe commands should be updated with
  the appropriate Netsh commands.

17
Migrating IPv6.exe Commands to Netsh
Ipv6.exe Command Netsh Equivalent
ipv6 install netsh interface ipv6 install
ipv6 uninstall netsh interface ipv6 uninstall
pv6 -v if IfIndex netsh interface ipv6 show interface interfaceString levelnormal verbose storeactive persistent
ipv6 ifcr 6over4 V4Src netsh interface ipv6 add 6over4tunnel interfaceStringlocaladdressIPv4Address storeactive persistent
For complete Table of commands, refer to
http//technet.microsoft.com/en-us/library/bb72695
0.aspx
18
Manual Configuration for IPv6

• In most cases, an IPv6 host running Windows
  Vista, Windows XP, or a member of the Windows
  Server 2003 family does not have to be manually
  configured.
• However, there are some cases in which the
  computer must be manually configured with IPv6
  addresses. Additionally, there are times when a
  computer has a special role on the network.
• Manually configure IPv6 for
• Manual IPv6 addresses
• An IPv6 router
• A 6to4 router
• An Intra-Site Automatic Tunnel Addressing
  Protocol (ISATAP) router
• A 6over4 router

19
Manual IPv6 addresses

• Windows Vista, Windows XP, and the Windows Server
  2003 family supports stateless address
  autoconfiguration.
• Addresses, routes, and other configuration
  parameters are automatically configured on the
  basis of the receipt of Router Advertisement
  messages.
• netsh interface ipv6 add address
  interfaceInterfaceNameOrIndex
  addressIPv6Address typeunicastanycast
  validlifetimeMinutesinfinite
  preferredlifetimeMinutesinfinite
  storeactivepersistent
• By default, the address type is unicast, the
  valid and preferred lifetimes are infinite, and
  the address is persistent.
• To obtain the interface name or its index, use
  the display of the netsh interface ipv6 show
  interface command.
• netsh interface ipv6 add address "Local Area
  Connection" 2001db81a492aafffe34ca8f

20
IPv6 Configuration Information with the Netsh.exe
Tool

• netsh interface ipv6 show address
• netsh interface ipv6 show interface
• netsh interface ipv6 show route

21
netsh interface ipv6 show address
22
netsh interface ipv6 show interface

• It displays the list of IPv6 interfaces, their
  interface index, interface metric, maximum
  transmission unit (MTU), state, and name.
• netsh interface ipv6 show interface on Windows
  Vista

23
netsh interface ipv6 show route

• It displays the IPv6 route table and includes
  information about whether the routes are
  published (if the computer is acting as an
  advertising router) and the route type.
• netsh interface ipv6 show route on a Windows
  Vista

24
Ping6 on Windows

• The new ping6 command on Microsoft sends ICMPv6
  echo request messages to the specified
  destination to display the reachability of a
  destination IPv6 node

25
Internetworking Linux with IPv6
26
IPv6-ready kernel

• Modern Linux distributions already contain
  IPv6-ready kernels, the IPv6 capability is
  generally compiled as a module, but it's possible
  that this module is not loaded automatically on
  startup.
• Check for IPv6 support in the current running
  kernel
• /proc/net/if_inet6
• A short automatical test looks like
• test -f /proc/net/if_inet6 echo "Running
  kernel is IPv6 ready"

27
Try to load IPv6 module

• modprobe ipv6
• If this is successful, this module should be
  listed, testable with following auto-magically
  line
• lsmod grep -w 'ipv6' echo "IPv6 module
  successfully loaded"
• And the check shown above should now run
  successfully.

28
Compile kernel with IPv6 capabilities

• If both above shown results were negative and
  your kernel has no IP6 support, than you have the
  following options
• Update your distribution to a current one which
  supports IPv6 out-of-the-box (recommended for
  newbies)
• Compile a new vanilla kernel (easy, if you know
  which options you needed)
• Recompile kernel sources given by your Linux
  distribution (sometimes not so easy)
• Compile a kernel with USAGI extensions

29
Displaying existing IPv6 addresses

• First check, whether and which IPv6 addresses are
  already configured (perhaps auto-magically during
  stateless auto-configuration).
• Using "ip"
• A host which is auto-configured
• /sbin/ip -6 addr show dev ltinterfacegt
• /sbin/ip -6 addr show dev eth0 2 eth0
• ltBROADCAST,MULTICAST,UPgt mtu 1500 qdisc pfifo_
  fast qlen 100
• inet6 fe80210a4fffee39566/10 scope link
• inet6 20010db80f1011/64 scope global
• inet6 fec000f1011/64 scope site

30
Displaying existing IPv6 addresses

• Using "ifconfig"
• /sbin/ifconfig ltinterfacegt
• (output filtered with grep to display only IPv6
  addresses). Here you see different IPv6 addresses
  with different scopes.
• /sbin/ifconfig eth0 grep "inet6 addr"
• inet6 addr fe80210a4fffee39566/10
  ScopeLink
• inet6 addr 20010db80f1011/64 ScopeGlobal
• inet6 addr fec000f1011/64 ScopeSite

31
Add an IPv6 address

• Command
• /sbin/ip -6 addr add ltipv6addressgt/ltprefixlength
  gt dev ltinterfacegt
• Example
• /sbin/ip -6 addr add 20010db80f1011/64 dev
  eth0
• Command
• /sbin/ifconfig ltinterfacegt inet6 add
  ltipv6addressgt/ltprefixlengthgt
• Example
• /sbin/ifconfig eth0 inet6 add
  20010db80f1011/64

32
Removing an IPv6 address

• Command
• /sbin/ip -6 addr del ltipv6addressgt/ltprefixlength
  gt dev ltinterfacegt
• Example
• /sbin/ip -6 addr del 20010db80f1011/64 dev
  eth0
• Command
• /sbin/ifconfig ltinterfacegt inet6 del
  ltipv6addressgt/ltprefixlengthgt
• Example
• /sbin/ifconfig eth0 inet6 del
  20010db80f1011/64

33
IPv6-ready network configuration tools

• You wont get very far, if you are running an
  IPv6-ready kernel, but have no tools to configure
  IPv6.
• There are several packages in existence which can
  configure IPv6.
• net-tools package
• iproute package

34
net-tools package

• The net-tool package includes some tools like
  ifconfig and route, which helps to configure IPv6
  on an interface.
• Look at the output of ifconfig -? or route -?, if
  something is shown like IPv6 or inet6, then the
  tool is IPv6-ready.
• Auto-magically check
• /sbin/ifconfig -? 2gt 1grep -qw 'inet6'
  echo "utility 'ifconfig' is IPv6-ready
• Same check can be done for route
• /sbin/route -? 2gt 1grep -qw 'inet6' echo
  "utility 'route' is IPv6-ready"

35
iproute package

• Alexey N. Kuznetsov (current a maintainer of the
  Linux networking code) created a tool-set which
  configures networks through the netlink device.
• Using this tool-set you have more functionality
  than net-tools provides, but its not very well
  documented and isn't for the faint of heart.
• /sbin/ip 2gt1 grep -qw 'inet6' echo
  "utility 'ip' is IPv6-ready"
• If the program /sbin/ip isn't found, then I
  strongly recommend you install the iproute
  package.
• You can get it from your Linux distribution (if
  contained)
• You can download the tar-ball and recompile it
  Original FTP source and mirror (missing)
• You're able to look for a proper RPM package at
  RPMfind/iproute (sometimes rebuilding of a SRPMS
  package is recommended)

36
IPv6-ready test/debug programs

• After you have prepared your system for IPv6, you
  now want to use IPv6 for network communications.
• First you should learn how to examine IPv6
  packets with a sniffer program.
• This is strongly recommended because for
  debugging/troubleshooting issues this can aide in
  providing a diagnosis very quickly.
• IPv6 ping
• IPv6 traceroute6
• IPv6 tracepath6
• IPv6 tcpdump

37
IPv6 ping

• This program is normally included in package
  iputils.
• It is designed for simple transport tests sending
  ICMPv6 echo-request packets and wait for ICMPv6
  echo-reply packets.
• Usage
• ping6 lthostwithipv6addressgt
• ping6 ltipv6addressgt
• ping6 -I ltdevicegt ltlink-local-ipv6addressgt
• Example
• ping6 -c 1 1
• PING 1(1) from 1 56 data bytes
• 64 bytes from 1 icmp_seq0 hops64 time292
  usec
• --- 1 ping statistics --- 1
• packets transmitted, 1 packets received, 0
  packet loss
• round-trip min/avg/max/mdev 0.292/0.292/0.292/0.
  000 ms

38
IPv6 ping

• ping6 needs raw access to socket and therefore
  root permissions.
• So if non-root users cannot use ping6 then there
  are two possible problems
• ping6 is not in users path (probably, because
  ping6 is generally stored in /usr/sbin -gt add
  path (not really recommended)
• ping6 doesn't execute properly, generally because
  of missing root permissions -gt chmod us
  /usr/sbin/ping6

39
Specifying interface for IPv6 ping

• Using link-local addresses for an IPv6 ping, the
  kernel does not know through which (physically or
  virtual) device it must send the packet - each
  device has a link-local address.
• A try will result in following error message
• ping6 fe8021234fffe123456
• connect Invalid argument
• Specify the interface additionally like shown
  here
• ping6 -I eth0 -c 1 fe802e018fffe909205
• PING fe8021223fffe123456(fe8021223fffe12
  3456) from
• fe8021234fffe123478 eth0 56 data bytes
• 64 bytes from fe8021223fffe123456
  icmp_seq0 hops64 time445 usec
• --- fe802e018fffe909205 ping statistics ---
  1
• packets transmitted, 1 packets received, 0
  packet loss round-trip
• min/avg/max/mdev 0.445/0.445/0.445/0.000 ms

40
IPv6 traceroute6

• It's a program similar to IPv4 traceroute.
• traceroute6 www.6bone.net
• traceroute to 6bone.net (3ffeb00c18110) from
  20010db80000f1012, 30
• hops max, 16 byte packets
• 1 localipv6gateway (20010db80000f1011) 1.354
  ms 1.566 ms 0.407 ms
• 2 swi6T1-T0.ipv6.switch.ch (3ffe200004001)
  90.431 ms 91.956 ms 92.377 ms
• 3 3ffe200001132 (3ffe200001132) 118.945
  ms 107.982 ms 114.557 ms
• 4 3ffec0080232b2 (3ffec0080232b2)
  968.468 ms 993.392 ms 973.441 ms
• 5 3ffe2e00ec3 (3ffe2e00ec3) 507.784 ms
  505.549 ms 508.928 ms
• 6 www.6bone.net (3ffeb00c18110) 1265.85 ms
  1304.74 ms

41
IPv6 tracepath6

• It's a program like traceroute6 and traces the
  path to a given destination discovering the MTU
  along this path.
• tracepath6 www.6bone.net
• 1 ? LOCALHOST pmtu 1480
• 1 3ffe4012c033fffe0214 150.705ms
• 2 3ffeb00c185 267.864ms
• 3 3ffeb00c185 asymm 2 266.145ms pmtu 1280 3
  3ffe390052 asymm
• 4 346.632ms 4 3ffe28ffffff43 asymm 5
  365.965ms
• 5 3ffe1cff0ee2 asymm 4 534.704ms
• 6 3ffe380011 asymm 4 578.126ms !N
• Resume pmtu 1280

42
IPv6 tcpdump

• On Linux, tcpdump is the major tool for packet
  capturing.
• IPv6 support is normally built-in in current
  releases of version 3.6.
• tcpdump uses expressions for filtering packets to
  minimize the noise
• icmp6 filters native ICMPv6 traffic
• ip6 filters native IPv6 traffic (including
  ICMPv6)
• proto ipv6 filters tunneled IPv6-in-IPv4 traffic
• not port ssh to suppress displaying SSH packets
  for running tcpdump in a remote SSH session
• Also some command line options are very useful to
  catch and print more information in a packet,
  mostly interesting for digging into ICMPv6
  packets
• -s 512 increase the snap length during
  capturing of a packet to 512 bytes
• -vv really verbose output
• -n don't resolve addresses to names, useful if
  reverse DNS resolving isn't working proper

43
IPv6 ping to 20010db8100f1011 native over a
local link
44
IPv6 ping to 20010db81001 routed through an
IPv6-in-IPv4-tunnel
1.2.3.4 and 5.6.7.8 are tunnel endpoints (all
addresses are examples)
45
Lab Exercise

• Case-Study Internetworking IPv6 Hosts with Cisco

46
Q A