Title: Sybex CCNA 640-802
1Sybex CCNA 640-802 Chapter 13 IPv6
2Chapter 13 Objectives
- The CCNA Topics Covered in this chapter include
- What is IPv6?
- Why do we need IPv6?
- IPv6 Addressing
- Address types
- Special Addresses
- Autoconfiguration
- Configuring IPv6
- Tunneling
2
3What is IPv6? (and why is it good?)
- People refer to IPv6 as the next-generation
Internet protocol, and it was originally created
as the answer to IPv4s inevitable, looming
address-exhaustion crisis. - Though youve probably heard a thing or two
about IPv6 already, it has been improved even
further in the quest to bring us the flexibility,
efficiency, capability, and optimized
functionality that can truly meet our
ever-increasing needs. - One benefit of using NAT, CIDR and private
addressing is that they have given us time to
tweak IPv.6 so that we now have a much-improved
version of what originally a protocol with
compatibility a performance issues. Now that we
have IPv6, however, NAT should just go away, or
to paraphrase the Philadelphia sports fans, Go
NAT, and take PAT with you!
3
4What is IPv6? (continued)
- Why does NAT suck? First because its a
chokepoint on a network, through which every
packet must pass and be altered. This is a lot
of overhead and it slows down the network.
Second, its a security nightmare. It
complicates every service on your network and
forces them all to install kluges, hacks and
workarounds. - Another IPv6 benefit is the form of the IP header
(next page). The required items are moved to the
front of the header and all the options are put
into an extension header (next page). The IPv4
header is something of a jumble (below) with 10
fields and a number of flags.
5What is IPv6? (continued)
- The IPv6 header has only six fields and no flags.
- This is one example of an extension header.
0
8
16
31
next header
offset
reserved
reserved
M
ident
6What is IPv6? (continued)
- Three other examples of extension headers.
0
8
16
31
next header
of addresses
0
next address
strict/loose routing bitmap
1 24 addresses
7IPsec Architecture with IPv.6
Transport Mode
Router
Router
Tunnel Mode
- With NAT, your end-to-end connection ended at the
router but with IPv6, NAT goes away because you
no longer need to translate from public to
private addresses and vice-versa. So, the tunnel
can now go from one end device all the way to the
other. What IPSec has always called transport
mode.
8Why do we need IPv6?
- Because we need to communicate, and our current
system isnt really cutting it anymorekind of
like how the Pony Express cant compete with
airmail. Just look at how much time and effort
weve invested in coming up with slick new ways
to conserve bandwidth and IP addresses. - The amount of people and devices that connect to
networks increases each and every day. - With more addresses in existence every day, we
need to organize them better. The structure of
the IPv6 address allows them to be easily placed
into a hierarchy and to be aggregated more
efficiently. With IPv4 this was handled by using
CIDR and by supernetting addresses. With IPv6
everything you need to place an address into a
routing table is contained in the address itself
no need to borrow bits or to treat the address
as something different just for the purpose of
creating a routing table.
8
9IPv6 Addressing
IPv6 addresses are 128 bits
- IPv.6 gives us 3.4 x 1038 addresses, or
340,000,000,000,000,000,000,000,000,000,000,000,00
0 more or less. - For those of you keeping track, this is either
340 undecillion (the American version), or 340
sextillion (British version), or a sload (my
first impression).
9
10Shortened Expression
- You can actually leave out parts of the address
to abbreviate it, but to get away with doing that
you have to follow a couple of rules. - First, you can drop any leading zeros in each of
the individual blocks. - After you do that, the sample address from
earlier would then look like this - 2001db83c4d1200123456ab
- Okay, thats a definite improvementat least we
dont have to write all of those extra zeros! But
what about whole blocks that dont have anything
in them except zeros? Well, we can kind of lose
those tooat least some of them. Again referring
to our sample address, we can - remove the two blocks of zeros by replacing them
with double colons, like this - 2001db83c4d12123456ab
- (Each number separated by double colon represents
2 bytes, 4 Hex chars.)
10
11 Address Types
- Unicast 1-1
- Global Unicast
- Link-local private address
- This is the equivalent of our 10.x.x.x or
192.168.x.x addresses. Their scope is local.
One step up from this are Site-local addresses
They have a broader scope than link-local (they
have one extra bit) and are intended to cover an
entire site, or a company, for example. These
have been largely replaced, however, by Unique
Local addresses, below, because of confusion
over what made up a Site. - Unique Local globally unique (the IETF allocated
a block of addresses as a non-routable subnet for
use as private addresses. Not exactly like IPv4
addresses, they can be seen by other routers, but
only a very small chance that they might overlap.
A Registry exists to ensure no overlap. - Multicast 1-many
- Anycast 1-one of many
11
12Special Addresses
00000000 Equals . This is the
equivalent of IPv4s 0.0.0.0, and is typically
the source address of a host when youre using
stateful configuration. 00000001
Loopback test Equals 1. The equivalent of
127.0.0.1 in IPv4. 000000192.168.100.1 This
is how an IPv4 address would be written in a
mixed IPv6/IPv4 network environment. 2000/3 Th
e global unicast address range. (Like any IPv4
address) FC00/7 The unique local unicast
range. (Like the IPv4 private addresses
10.x.x.x, etc.) FE80/10 The link-local
unicast range. (Also meant for private
addressing, but with the addition of being unique
imagine if you used the 192.168.x.x range for
your company, and no other company used that
range).
12
13Special Addresses Cont.
FF00/8 The multicast range. (a one-to-many
packet, just as with the 224 to 239 range in
IPv4) 3FFFFFFF/32 Reserved for examples and
documentation. (like Class E in
IPv4) 20010DB8/32 Also reserved for examples
and documentation. (also like Class E in
IPv4) 2002/16 Used with 6to4, which is the
transition systemthe structure that allows IPv6
packets to be transmitted over an IPv4 network
without the need to configure explicit tunnels.
13
14Autoconfiguration
RS Router Solicitation RA Router Advertisement
Autoconfiguration simplifies address assignment
and network renumbering when you change your
internet connection.
14
15Stateless Address Autoconfiguration (from another
PPt)
- 3 ways to configure network interfaces Manually,
Stateful, Stateless - IPSAA? IPv6 addr. Separated into 2 2 parts
network and interface id. - Link- local addresses prefix FE800 interface
identifier (EUI-64 format) - Obtain network id through Router solicitation (RS)
16Configuring IPv6
In order to enable IPv6 on a router, you have to
use the ipv6 unicast-routing global configuration
command Corp(config)ipv6 unicast-routing IPv6
isnt enabled by default on any interfaces
either, so we have to go to each interface
individually and enable it. You use the interface
configuration command ipv6 address
ltipv6prefixgt/ltprefix-lengthgt eui-64 to get
this done. Heres an example Corp(config-if)ipv
6 address 2001db83c4d10260.d6FF.FE73.1987/64
You can specify the entire 128-bit global IPv6
address or you can use the eui-64 option.
Remember, the eui-64 format allows the device to
use its MAC address and pad it to make the
interface ID. Corp(config-if)ipv6 address
2001db83c4d1/64 eui-64
16
17Tunneling 6to4
17