Sybex CCNA 640-802

1
Sybex CCNA 640-802 Chapter 13 IPv6
2
Chapter 13 Objectives

• The CCNA Topics Covered in this chapter include
• What is IPv6?
• Why do we need IPv6?
• IPv6 Addressing
• Address types
• Special Addresses
• Autoconfiguration
• Configuring IPv6
• Tunneling

2
3
What is IPv6? (and why is it good?)

• People refer to IPv6 as the next-generation
  Internet protocol, and it was originally created
  as the answer to IPv4s inevitable, looming
  address-exhaustion crisis.
• Though youve probably heard a thing or two
  about IPv6 already, it has been improved even
  further in the quest to bring us the flexibility,
  efficiency, capability, and optimized
  functionality that can truly meet our
  ever-increasing needs.
• One benefit of using NAT, CIDR and private
  addressing is that they have given us time to
  tweak IPv.6 so that we now have a much-improved
  version of what originally a protocol with
  compatibility a performance issues. Now that we
  have IPv6, however, NAT should just go away, or
  to paraphrase the Philadelphia sports fans, Go
  NAT, and take PAT with you!

3
4
What is IPv6? (continued)

• Why does NAT suck? First because its a
  chokepoint on a network, through which every
  packet must pass and be altered. This is a lot
  of overhead and it slows down the network.
  Second, its a security nightmare. It
  complicates every service on your network and
  forces them all to install kluges, hacks and
  workarounds.
• Another IPv6 benefit is the form of the IP header
  (next page). The required items are moved to the
  front of the header and all the options are put
  into an extension header (next page). The IPv4
  header is something of a jumble (below) with 10
  fields and a number of flags.

5
What is IPv6? (continued)

• The IPv6 header has only six fields and no flags.
  
• This is one example of an extension header.

0
8
16
31
next header
offset
reserved
reserved
M
ident
6
What is IPv6? (continued)

• Three other examples of extension headers.

0
8
16
31
next header
of addresses
0
next address
strict/loose routing bitmap
1 24 addresses
7
IPsec Architecture with IPv.6
Transport Mode
Router
Router
Tunnel Mode

• With NAT, your end-to-end connection ended at the
  router but with IPv6, NAT goes away because you
  no longer need to translate from public to
  private addresses and vice-versa. So, the tunnel
  can now go from one end device all the way to the
  other. What IPSec has always called transport
  mode.

8
Why do we need IPv6?

• Because we need to communicate, and our current
  system isnt really cutting it anymorekind of
  like how the Pony Express cant compete with
  airmail. Just look at how much time and effort
  weve invested in coming up with slick new ways
  to conserve bandwidth and IP addresses.
• The amount of people and devices that connect to
  networks increases each and every day.
• With more addresses in existence every day, we
  need to organize them better. The structure of
  the IPv6 address allows them to be easily placed
  into a hierarchy and to be aggregated more
  efficiently. With IPv4 this was handled by using
  CIDR and by supernetting addresses. With IPv6
  everything you need to place an address into a
  routing table is contained in the address itself
  no need to borrow bits or to treat the address
  as something different just for the purpose of
  creating a routing table.

8
9
IPv6 Addressing
IPv6 addresses are 128 bits

• IPv.6 gives us 3.4 x 1038 addresses, or
  340,000,000,000,000,000,000,000,000,000,000,000,00
  0 more or less.
• For those of you keeping track, this is either
  340 undecillion (the American version), or 340
  sextillion (British version), or a sload (my
  first impression).

9
10
Shortened Expression

• You can actually leave out parts of the address
  to abbreviate it, but to get away with doing that
  you have to follow a couple of rules.
• First, you can drop any leading zeros in each of
  the individual blocks.
• After you do that, the sample address from
  earlier would then look like this
• 2001db83c4d1200123456ab
• Okay, thats a definite improvementat least we
  dont have to write all of those extra zeros! But
  what about whole blocks that dont have anything
  in them except zeros? Well, we can kind of lose
  those tooat least some of them. Again referring
  to our sample address, we can
• remove the two blocks of zeros by replacing them
  with double colons, like this
• 2001db83c4d12123456ab
• (Each number separated by double colon represents
  2 bytes, 4 Hex chars.)

10
11
Address Types

• Unicast 1-1
• Global Unicast
• Link-local private address
• This is the equivalent of our 10.x.x.x or
  192.168.x.x addresses. Their scope is local.
  One step up from this are Site-local addresses
  They have a broader scope than link-local (they
  have one extra bit) and are intended to cover an
  entire site, or a company, for example. These
  have been largely replaced, however, by Unique
  Local addresses, below, because of confusion
  over what made up a Site.
• Unique Local globally unique (the IETF allocated
  a block of addresses as a non-routable subnet for
  use as private addresses. Not exactly like IPv4
  addresses, they can be seen by other routers, but
  only a very small chance that they might overlap.
  A Registry exists to ensure no overlap.
• Multicast 1-many
• Anycast 1-one of many

11
12
Special Addresses
00000000 Equals . This is the
equivalent of IPv4s 0.0.0.0, and is typically
the source address of a host when youre using
stateful configuration. 00000001
Loopback test Equals 1. The equivalent of
127.0.0.1 in IPv4. 000000192.168.100.1 This
is how an IPv4 address would be written in a
mixed IPv6/IPv4 network environment. 2000/3 Th
e global unicast address range. (Like any IPv4
address) FC00/7 The unique local unicast
range. (Like the IPv4 private addresses
10.x.x.x, etc.) FE80/10 The link-local
unicast range. (Also meant for private
addressing, but with the addition of being unique
imagine if you used the 192.168.x.x range for
your company, and no other company used that
range).
12
13
Special Addresses Cont.
FF00/8 The multicast range. (a one-to-many
packet, just as with the 224 to 239 range in
IPv4) 3FFFFFFF/32 Reserved for examples and
documentation. (like Class E in
IPv4) 20010DB8/32 Also reserved for examples
and documentation. (also like Class E in
IPv4) 2002/16 Used with 6to4, which is the
transition systemthe structure that allows IPv6
packets to be transmitted over an IPv4 network
without the need to configure explicit tunnels.
13
14
Autoconfiguration
RS Router Solicitation RA Router Advertisement
Autoconfiguration simplifies address assignment
and network renumbering when you change your
internet connection.
14
15
Stateless Address Autoconfiguration (from another
PPt)

• 3 ways to configure network interfaces Manually,
  Stateful, Stateless
• IPSAA? IPv6 addr. Separated into 2 2 parts
  network and interface id.
• Link- local addresses prefix FE800 interface
  identifier (EUI-64 format)
• Obtain network id through Router solicitation (RS)

16
Configuring IPv6
In order to enable IPv6 on a router, you have to
use the ipv6 unicast-routing global configuration
command Corp(config)ipv6 unicast-routing IPv6
isnt enabled by default on any interfaces
either, so we have to go to each interface
individually and enable it. You use the interface
configuration command ipv6 address
ltipv6prefixgt/ltprefix-lengthgt eui-64 to get
this done. Heres an example Corp(config-if)ipv
6 address 2001db83c4d10260.d6FF.FE73.1987/64
You can specify the entire 128-bit global IPv6
address or you can use the eui-64 option.
Remember, the eui-64 format allows the device to
use its MAC address and pad it to make the
interface ID. Corp(config-if)ipv6 address
2001db83c4d1/64 eui-64
16
17
Tunneling 6to4
17