|
|
IPV6 ADDRESSING
IPv6
Basics:
Ø In response to the address shortage, IPv6 was developed.
Ø IPv6 increases the address size to 128 bits, providing a nearly
unlimited supply of addresses (340,282,366,920,938,463,463,374,607,431,768,211,456
to be exact).
Ø This provides roughly 50 octillion addresses per person
alive on Earth today, or roughly 3.7 x 1021 addresses per square inch of
the Earth’s surface.
IPv6 offers the following
features:
Ø Increased Address Space and Scalability – providing the absurd number of possible addresses stated
previously.
Ø Simplified Configuration – allows
hosts to auto-configure their IPv6 addresses, based on network prefixes
advertised by routers.
Ø Integrated Security – provides
built-in authentication and encryption into the IPv6 network header
Ø Compatibility with IPv4 – simplifies
address migration, as IPv6 is backward-compatible with IPv4
The
IPv6 Address:
Ø The IPv6 address is 128 bits, as opposed to the 32-bit IPv4
address. Also unlike IPv4, the IPv6 address is represented in hexadecimal
notation, separate by colons.
Ø Each “grouping” of hexadecimal digits is 16 bits, with a total of
eight fields. The hexadecimal values of an IPv6 address are not
case-sensitive.
Ø We can drop any leading zeros in each field of an IPv6 address.
Example:
1423:0021:0C13:CC1E:3142:0001:2222:3333
Ø We can condense that address to: 1423:21:C13:CC1E:3142:1:2222:3333
Ø we can further compact the following address:
F12F:0000:0000:CC1E:2412:1111:2222:3333
Ø The condensed address would be:
F12F::CC1E:2412:1111:2222:3333
Ø Notice the double colons.
The
IPv6 Prefix:
Ø IPv4 utilizes a subnet
mask to define the network “prefix” and “host”portions of an address.
This subnet mask can also be represented in Classless Inter-Domain Routing
(CIDR) format.
Ø IPv6 always use CIDR notation
to determine what bits notate the
prefix of an address:
Ø Full Address: 1254:1532:26B1:CC14:123:1111:2222:3333/64
Ø Prefix ID: 1254:1532:26B1:CC14:
Ø Host ID: 123:1111:2222:3333
Ø The /64 indicates
that the first 64 bits of this address identify the prefix.
The
IPv6 Interface ID and EUI-64 Format:
Ø The host portion of an IPv4 address is not based on the hardware
address of an interface.
Ø IPv4 relies on Address Resolution Protocol (ARP) to
mapbetween the logical IP address and the 48-bit hardware MAC address.
Ø IPv6 unicasts generally allocate the first 64 bits of the address
to identify thenetwork (prefix), and the last 64 bits to identify the
host (referred to as the interface ID).
Ø The interface ID is based on the interface’s hardware
address.
Ø This interface ID adheres to the IEEE 64-bit Extended Unique
Identifier (EUI-64) format. Since most interfaces still use the
48-bit MAC address, theMAC must be converted into the EUI-64 format.
Ø Consider the following MAC address: 1111.2222.3333. The first 24
bits, the Organizationally Unique Identifier (OUI), identify the manufacturer.
The last 24 bits uniquely
identify the host. To convert this to EUI-64 format:
1. The first 24 bits of
the MAC (the OUI), become the first 24 bits of the EUI-64
formatted
interface
ID.
2. The seventh bit
of the OUI is changed from a “0” to a “1”.
3. The next 16 bits of the
interface ID are FFFE.
4. The last 24 bits of
the MAC (the host ID), become the last 24 bits of the interface ID.
Ø Thus, the MAC address 1111.2222.3333 in EUI-64 format would become
1311:22FF:FE22:3333, which becomes the interface ID.
|
|
Ø IPv4 separated its address space into specific classes. The
class of an IPv4 address was identified by the high-order bits of the first
octet:
Class
A - (00000001 – 01111111, or 1 - 127)
Class
B - (10000000 – 10111111, or 128 - 191)
Class
C - (11000000 – 11011111, or 192 - 223)
Class
D - (11100000 – 11101111, or 224 - 239)
Ø IPv6’s addressing structure is far more scalable.
Ø Less than 20% of the IPv6address space has been designated for
use, currently. The potential for growth is enormous.
Ø The address space that has been allocated is organized into
several types, determined by the high-order bits of the first field:
• Special Addresses – addresses
begin 00xx:
• Link Local – addresses
begin FE8x:
• Site Local – addresses
begin FECx:
• Aggregate Global – addresses
begin 2xxx: or 3xxx:
• Multicasts – addresses
begin FFxx:
• Anycasts
There are no broadcast
addresses in IPv6. Thus, any IPv6 address that is not a multicast is
a unicast address.
Anycast addresses:
Ø It identify
a group of interfaces on multiple hosts.
Ø Thus, multiple hosts are configured with an identical address.
Packets sent to an anycast address are sent to the nearest (i.e., least
amount of hops) host.
Ø Anycasts are indistinguishable from any other IPv6 unicast
address.
Ø Practical applications of anycast addressing are a bit murky.
Ø One possible application would be a server farm providing an
identical service or function, in which case anycast addressing would allow
clients to connect to the nearest server.
Special
(Reserved) IPv6 Addresses:
Ø The first field of a reserved or special IPv6
address will always begin 00xx.
Ø Reserved addresses represent 1/256th of the available IPv6 address
space.
Ø Various reserved addresses exist, including:
•
0:0:0:0:0:0:0:0 (or ::) – is an unspecified or unknown address.
Ø It is the equivalent of the IPv4 0.0.0.0 address, which indicates the
absence of a configured or assigned address.
Ø In routing tables, the unspecified address is used to identify all
or any possible hosts or networks.
•
0:0:0:0:0:0:0:1 (or ::1) – is the loopback or localhost address.
Ø It is the equivalent of the IPv4 127.0.0.1 address.
Reserved
Addresses - IPv4 and IPv6 Compatibility:
Ø To alleviate the difficulties of immediately migrating from IPv4
to IPv6, specific reserved addresses can be used to embed an IPv4
address into anIPv6 address.
Ø Two types of addresses can be used for IPv4 embedding, IPv4-compatible
IPv6 addresses, and IPv4-mapped IPv6 addresses.
0:0:0:0:0:0:a.b.c.d (or ::a.b.c.d) – is an IPv4-compatible IPv6 address.
Ø This address is used on devices that support both IPv4 and IPv6.
Ø A prefix of /96 is used for IPv4-compatible IPv6 addresses:
::192.168.1.1/96
0:0:0:0:0:FFFF:a.b.c.d
(or ::FFFF:a.b.c.d) – is an IPv4-mapped IPv6
address.
Ø Again, a prefix of /96 is used for IPv4-mapped IPv6 addresses:
::FFFF:192.168.1.1/96
Link-Local
IPv6 Addresses:
Ø Link-local IPv6 addresses are used only on a single link (subnet).
Ø Any packet that contains a link-local source or destination
address is never routed
Ø to another link.
Ø Every IPv6-enabled interface on a host (or router) is assigned a link-local
address. This address can be manually assigned, or auto-configured.
Ø The first field of a link-local IPv6 address will always
begin FE8x (11111110 10).
Ø Link-local addresses are unicasts, and represent 1/1024th
of the available IPv6 address space.
Ø A prefix of /10 is used for link-local addresses.
FE80::1311:22FF:FE22:3333/10
There is no hierarchy to a
link-local address:
• The first 10 bits are
fixed (FE8), known as the Format Prefix (FP).
• The next 54 bits are set
to 0.
• The final 64 bits are used
as the interface ID.
Aggregate
Global IPv6 Addresses:
Ø Aggregate Global IPv6 addresses are the equivalent of “public” IPv4 addresses.
Ø Aggregate global addresses can be routed publicly on the Internet.
Ø Any device or site that wishes to traverse the Internet must be
uniquely identified with an aggregate global address.
Ø Currently, the first field of an aggregate global IPv6
address will always begin 2xxx (001). Aggregate global addresses
are unicasts, and represent 1/8th of the available IPv6 address space.
2000::2731:E2FF:FE96:C283/64
Aggregate global addresses
adhere to a very strict hierarchy:
• The first 3 bits are the
fixed FP.
• The next 13 bits are the top-level
aggregation identifier (TLA ID).
• The next 8 bits are reserved
for future use.
• The next 24 bits are the next-level
aggregation identifier (NLA ID).
• The next 16 bits are the site-level
aggregation identifier (SLA ID).
• The final 64 bits are used
as the interface ID.
By have multiple levels,
a consistent, organized, and scalable hierarchy is maintained.
Multicast
IPv6 Addresses:
Ø Multicast IPv6 addresses are the equivalent of IPv4 multicast addresses.
Ø Interfaces can belong to one or more multicast groups.
Interfaces will accept a multicast packet only if they belong to that group.
Ø Multicasting provides a much
more efficient mechanism than broadcasting, which requires that every
host on a link accept and process each broadcast packet.
Ø The first field of a multicast IPv6 address will always
begin FFxx (11111111).
Ø The full multicast range is FF00 through FFFF. Multicasts
represent 1/256th of the available IPv6 address space.
FF01:0:0:0:0:0:0:1
Multicast addresses follow a
specific format:
• The first 8 bits identify
the address as a multicast (1111 1111)
|
|
The multicast address is
considered well-known.
• The next 4 bits are a scope
value:
0000 (0) = Reserved
0001 (1) = Node Local Scope
0010 (2) = Link Local Scope
0101 (5) = Site Local Scope
1000 (8) = Organization
Local Scope
1110 (e) = Global Scope
1111 (f) = Reserved
Ø The final 112 bits identify the actual multicast group.
Ø IPv4 multicast addresses had no mechanism to support multiple “scopes.”
Common
IPv6 Multicast Addresses:
The following is a list of
common, well-known IPv6 multicast addresses:
Node-Local Scope Multicast
Addresses
• FF01::1 – All-nodes
address
• FF01::2 – All-routers
address
Link-Local Scope Multicast Addresses
• FF02::1 – All-nodes
address
• FF02::2 – All-routers
address
• FF02::5 – OSPFv3 (OSPF
IPv6) All SPF Routers
• FF02::6 – OSPFv3
Designated Routers
• FF02::9 – RIPng Routers
• FF02::13 – PIM Routers
Site-Local Scope Multicast
Addresses
• FF05::2 – All-routers
address
Ø Thus, if you have a site-local address of:
FEC0::1111:2731:E2FF:FE96:C283
Ø The corresponding solicited-node multicast address would be:
FF02::1:FF96:C283
Ø Solicited-node multicast addresses are most often used for
neighbor discovery (covered in an upcoming section in this guide).
IPv6
Addresses and URLs:
Ø IPv6 addresses can also be referenced in URLs (Uniform
Resource Locator).
Ø Because IPv6 fields are separated by colons, the IPv6 address must
be placed in brackets, to conform to the URL standard:
The
IPv6 Header:
Ø The IPv6 header has 8 fields and is 320 bits long.
It has been considerably streamlined compared to its IPv4 counterpart, which
has 12 fields and is 160 bits long.
Field
Length Description
Version
4 bits Version of IP
(in this case, IPv6)
Traffic
Class 8 bit Classifies
traffic for QoS
Flow
Label 20 bits Identifies a
flow between a source and destination
Payload Length 16 bits Length of data in packet
Next
Header 8 bits Specifies the
next upper-layer or extension header
Hop
Limit 8 bits Decremented by
each router traversed
Source Address 128 bits Source IPv6 address
Destination Address 128 bits Destination IPv6 address
The Next Header field is of some importance.
Several such extension
headers exist, and are usually processed in the following order:
• Hop-by-Hop Options –
specifies options that should be
processed by every router in the path. Directly follows the IPv6 header.
• Destination Options – specifies options that should be processed
by the destination device.
• Routing Header – specifies each router the packet must
traverse to reach the destination (source routing)
• Fragment Header – used when a packet is larger than the MTU
for the path
• Authentication Header –
used to integrate IPSEC
Authentication Header (AH) into the IPv6 packet
• ESP Header – used to integrate IPSEC Encapsulating
Security Payload (ESP) into the IPv6 packet
ICMPv6:
Ø ICMP Version 6 (ICMPv6) is a core component of IPv6. All
devices employing IPv6 must also integrate ICMPv6.
ICMPv6 provides many
services, including (but not limited to):
• Error Messages
• Informational messages
(such as echo replies for IPv6 ping)
• MTU Path Discovery
• Neighbor Discovery
There are four key ICMPv6
error messages:
|
|
The node sending thismessage includes an
explanatory code:
0 - No route to destination
1 - Access is administratively prohibited
3 - Address unreachable
4 - Port unreachable
• Packet Too Big (ICMP
packet type 2) – indicates the
packet is larger than the MTU of the link. IPv6 routers do not fragment packets.
Instead,
the Packet Too Big message is sent to the source (sending) device, which then
reduces (or fragments) the size of the packet to the reported MTU.
This
message is used for Path MTU Discovery (PMTUD).
• Time Exceeded (ICMP
packet type 3) – indicates that
the hop count limit has been reached, usually
indicating a routing loop
• Parameter Problem (ICMP
packet type 4) – indicates an
error in the IPv6 header, or an IPv6 extension header.
The node sending this message includes an
explanatory code:
0 - Erroneous header field
1 - Unrecognized next-header type
2 - Unrecognized IPv6 option
Neighbor
Discovery Protocol (NDP) and ICMPv6
The neighbor discovery
protocol (NDP) provides a multitude of services for IPv6 enabled devices,
including:
• Automatic address
configuration, and prefix discovery
• Duplicate address
detection
• MTU discovery
• Router discovery
• Address resolution
Ø NDP replaces many IPv4 specific protocols, such as DHCP and ARP.
Ø NDP utilizes ICMPv6 to provide the above services.
Ø Periodically, IPv6 routers send out Router Advertisements
(RA’s) to both announce their presence on a link, and to provide
auto-configuration information for hosts.
Ø This RA (ICMP packet type 134) is sourced from the link-local
address of the sending router, and sent to the link-scope all-nodes multicast
group.
Ø A host can request an RA by sending out a Router Solicitation
(RS, ICMP packet type 133) to the link-local all-routers multicast
address.
Ø A RS is usually sent when a host is not currently configured
with an IP address.
The RA messages contain the
following information for hosts:
• The router’s link-layer
address (to be added to the host’s default router list)
• One or more network
prefixes
• A lifetime (measured
in seconds) for the prefix (es)
• The link MTU to the
sending host.
Neighbor Solicitations (NS’s, ICMP packet type 135)
Ø A NS message’s source address is the link-local address of the
sending host,and the destination is the solicited-node multicast address
of the destination host.
Ø A neighbor will reply to a NS with a Neighbor Advertisement
(NA, ICMP packet type 136). This process replaces the Address Resolution
Protocol (ARP) used by IPv4, and provides a far more efficient means to learn neighbor
address information.
Ø Hosts additionally use the NS messages to detect duplicate
addresses.
Ø Before a host assigns itself an IPv6 address, it sends out a NS to
ensure no other host is configured with that address.
Autoconfiguration
of Hosts
Ø Hosts can be assigned IPv6 addresses one of two ways: manually, or
using autoconfiguration. Hosts learn how to autoconfigure themselves from Router
Advertisements (RA’s).
Ø Two types of autoconfiguration exist, stateless and stateful.
Stateless Autoconfiguration
Ø A host first assigns itself a linklocal IPv6 address. It
accomplishes this by combining the link-local prefix (FE8) with its interface
ID (MAC address in EUI-64 format).
Ø The host then sends a Router Solicitation multicast to the
all-routers multicast address, which provides one or more network prefixes.
Ø The host combines these prefixes with its interface ID to create
its site-local (or
aggregate global) IPv6 addresses.
Stateful Autoconfiguration:
Ø It is
used in conjunction with stateless auto configuration. Stateful Auto
configuration utilizes DHCPv6 to provide additional information to the host,
such as DNS servers.
Ø DHCPv6 can also be used in the event that there is no router on
the link, to provide stateless auto configuration.
ADVANTAGES OF IPV6:
Ø Ipv6 reduces the size of routing
tables and makes routing more efficient
Ø Ipv6's simplified packet header
makes packet processing more efficient
Ø Ipv6 supports multicast rather than
broadcast.
Ø Multicast allows bandwidth-intensive
packet flows to be sent to multiple destinations simultaneously, saving network
bandwidth
Ø Address auto-configuration (address
assignment) is built in to ipv6
Ø IPsec, which provides
confidentiality, authentication and data integrity, is baked into in ipv6.
|
|
IPv6
Basics:
Ø In response to the address shortage, IPv6 was developed.
Ø IPv6 increases the address size to 128 bits, providing a nearly
unlimited supply of addresses (340,282,366,920,938,463,463,374,607,431,768,211,456
to be exact).
Ø This provides roughly 50 octillion addresses per person
alive on Earth today, or roughly 3.7 x 1021 addresses per square inch of
the Earth’s surface.
IPv6 offers the following
features:
Ø Increased Address Space and Scalability – providing the absurd number of possible addresses stated
previously.
Ø Simplified Configuration – allows
hosts to auto-configure their IPv6 addresses, based on network prefixes
advertised by routers.
Ø Integrated Security – provides
built-in authentication and encryption into the IPv6 network header
Ø Compatibility with IPv4 – simplifies
address migration, as IPv6 is backward-compatible with IPv4
The
IPv6 Address:
Ø The IPv6 address is 128 bits, as opposed to the 32-bit IPv4
address. Also unlike IPv4, the IPv6 address is represented in hexadecimal
notation, separate by colons.
Ø Each “grouping” of hexadecimal digits is 16 bits, with a total of
eight fields. The hexadecimal values of an IPv6 address are not
case-sensitive.
Ø We can drop any leading zeros in each field of an IPv6 address.
Example:
1423:0021:0C13:CC1E:3142:0001:2222:3333
Ø We can condense that address to: 1423:21:C13:CC1E:3142:1:2222:3333
Ø we can further compact the following address:
F12F:0000:0000:CC1E:2412:1111:2222:3333
Ø The condensed address would be:
F12F::CC1E:2412:1111:2222:3333
Ø Notice the double colons.
The
IPv6 Prefix:
Ø IPv4 utilizes a subnet
mask to define the network “prefix” and “host”portions of an address.
This subnet mask can also be represented in Classless Inter-Domain Routing
(CIDR) format.
Ø IPv6 always use CIDR notation
to determine what bits notate the
prefix of an address:
Ø Full Address: 1254:1532:26B1:CC14:123:1111:2222:3333/64
Ø Prefix ID: 1254:1532:26B1:CC14:
Ø Host ID: 123:1111:2222:3333
Ø The /64 indicates
that the first 64 bits of this address identify the prefix.
The
IPv6 Interface ID and EUI-64 Format:
Ø The host portion of an IPv4 address is not based on the hardware
address of an interface.
Ø IPv4 relies on Address Resolution Protocol (ARP) to
mapbetween the logical IP address and the 48-bit hardware MAC address.
Ø IPv6 unicasts generally allocate the first 64 bits of the address
to identify thenetwork (prefix), and the last 64 bits to identify the
host (referred to as the interface ID).
Ø The interface ID is based on the interface’s hardware
address.
Ø This interface ID adheres to the IEEE 64-bit Extended Unique
Identifier (EUI-64) format. Since most interfaces still use the
48-bit MAC address, theMAC must be converted into the EUI-64 format.
Ø Consider the following MAC address: 1111.2222.3333. The first 24
bits, the Organizationally Unique Identifier (OUI), identify the manufacturer.
The last 24 bits uniquely
identify the host. To convert this to EUI-64 format:
1. The first 24 bits of
the MAC (the OUI), become the first 24 bits of the EUI-64
formatted
interface
ID.
2. The seventh bit
of the OUI is changed from a “0” to a “1”.
3. The next 16 bits of the
interface ID are FFFE.
4. The last 24 bits of
the MAC (the host ID), become the last 24 bits of the interface ID.
Ø Thus, the MAC address 1111.2222.3333 in EUI-64 format would become
1311:22FF:FE22:3333, which becomes the interface ID.
|
|
Ø IPv4 separated its address space into specific classes. The
class of an IPv4 address was identified by the high-order bits of the first
octet:
Class
A - (00000001 – 01111111, or 1 - 127)
Class
B - (10000000 – 10111111, or 128 - 191)
Class
C - (11000000 – 11011111, or 192 - 223)
Class
D - (11100000 – 11101111, or 224 - 239)
Ø IPv6’s addressing structure is far more scalable.
Ø Less than 20% of the IPv6address space has been designated for
use, currently. The potential for growth is enormous.
Ø The address space that has been allocated is organized into
several types, determined by the high-order bits of the first field:
• Special Addresses – addresses
begin 00xx:
• Link Local – addresses
begin FE8x:
• Site Local – addresses
begin FECx:
• Aggregate Global – addresses
begin 2xxx: or 3xxx:
• Multicasts – addresses
begin FFxx:
• Anycasts
There are no broadcast
addresses in IPv6. Thus, any IPv6 address that is not a multicast is
a unicast address.
Anycast addresses:
Ø It identify
a group of interfaces on multiple hosts.
Ø Thus, multiple hosts are configured with an identical address.
Packets sent to an anycast address are sent to the nearest (i.e., least
amount of hops) host.
Ø Anycasts are indistinguishable from any other IPv6 unicast
address.
Ø Practical applications of anycast addressing are a bit murky.
Ø One possible application would be a server farm providing an
identical service or function, in which case anycast addressing would allow
clients to connect to the nearest server.
Special
(Reserved) IPv6 Addresses:
Ø The first field of a reserved or special IPv6
address will always begin 00xx.
Ø Reserved addresses represent 1/256th of the available IPv6 address
space.
Ø Various reserved addresses exist, including:
•
0:0:0:0:0:0:0:0 (or ::) – is an unspecified or unknown address.
Ø It is the equivalent of the IPv4 0.0.0.0 address, which indicates the
absence of a configured or assigned address.
Ø In routing tables, the unspecified address is used to identify all
or any possible hosts or networks.
•
0:0:0:0:0:0:0:1 (or ::1) – is the loopback or localhost address.
Ø It is the equivalent of the IPv4 127.0.0.1 address.
Reserved
Addresses - IPv4 and IPv6 Compatibility:
Ø To alleviate the difficulties of immediately migrating from IPv4
to IPv6, specific reserved addresses can be used to embed an IPv4
address into anIPv6 address.
Ø Two types of addresses can be used for IPv4 embedding, IPv4-compatible
IPv6 addresses, and IPv4-mapped IPv6 addresses.
0:0:0:0:0:0:a.b.c.d (or ::a.b.c.d) – is an IPv4-compatible IPv6 address.
Ø This address is used on devices that support both IPv4 and IPv6.
Ø A prefix of /96 is used for IPv4-compatible IPv6 addresses:
::192.168.1.1/96
0:0:0:0:0:FFFF:a.b.c.d
(or ::FFFF:a.b.c.d) – is an IPv4-mapped IPv6
address.
Ø Again, a prefix of /96 is used for IPv4-mapped IPv6 addresses:
::FFFF:192.168.1.1/96
Link-Local
IPv6 Addresses:
Ø Link-local IPv6 addresses are used only on a single link (subnet).
Ø Any packet that contains a link-local source or destination
address is never routed
Ø to another link.
Ø Every IPv6-enabled interface on a host (or router) is assigned a link-local
address. This address can be manually assigned, or auto-configured.
Ø The first field of a link-local IPv6 address will always
begin FE8x (11111110 10).
Ø Link-local addresses are unicasts, and represent 1/1024th
of the available IPv6 address space.
Ø A prefix of /10 is used for link-local addresses.
FE80::1311:22FF:FE22:3333/10
There is no hierarchy to a
link-local address:
• The first 10 bits are
fixed (FE8), known as the Format Prefix (FP).
• The next 54 bits are set
to 0.
• The final 64 bits are used
as the interface ID.
Aggregate
Global IPv6 Addresses:
Ø Aggregate Global IPv6 addresses are the equivalent of “public” IPv4 addresses.
Ø Aggregate global addresses can be routed publicly on the Internet.
Ø Any device or site that wishes to traverse the Internet must be
uniquely identified with an aggregate global address.
Ø Currently, the first field of an aggregate global IPv6
address will always begin 2xxx (001). Aggregate global addresses
are unicasts, and represent 1/8th of the available IPv6 address space.
2000::2731:E2FF:FE96:C283/64
Aggregate global addresses
adhere to a very strict hierarchy:
• The first 3 bits are the
fixed FP.
• The next 13 bits are the top-level
aggregation identifier (TLA ID).
• The next 8 bits are reserved
for future use.
• The next 24 bits are the next-level
aggregation identifier (NLA ID).
• The next 16 bits are the site-level
aggregation identifier (SLA ID).
• The final 64 bits are used
as the interface ID.
By have multiple levels,
a consistent, organized, and scalable hierarchy is maintained.
Multicast
IPv6 Addresses:
Ø Multicast IPv6 addresses are the equivalent of IPv4 multicast addresses.
Ø Interfaces can belong to one or more multicast groups.
Interfaces will accept a multicast packet only if they belong to that group.
Ø Multicasting provides a much
more efficient mechanism than broadcasting, which requires that every
host on a link accept and process each broadcast packet.
Ø The first field of a multicast IPv6 address will always
begin FFxx (11111111).
Ø The full multicast range is FF00 through FFFF. Multicasts
represent 1/256th of the available IPv6 address space.
FF01:0:0:0:0:0:0:1
Multicast addresses follow a
specific format:
• The first 8 bits identify
the address as a multicast (1111 1111)
|
|
The multicast address is
considered well-known.
• The next 4 bits are a scope
value:
0000 (0) = Reserved
0001 (1) = Node Local Scope
0010 (2) = Link Local Scope
0101 (5) = Site Local Scope
1000 (8) = Organization
Local Scope
1110 (e) = Global Scope
1111 (f) = Reserved
Ø The final 112 bits identify the actual multicast group.
Ø IPv4 multicast addresses had no mechanism to support multiple “scopes.”
Common
IPv6 Multicast Addresses:
The following is a list of
common, well-known IPv6 multicast addresses:
Node-Local Scope Multicast
Addresses
• FF01::1 – All-nodes
address
• FF01::2 – All-routers
address
Link-Local Scope Multicast Addresses
• FF02::1 – All-nodes
address
• FF02::2 – All-routers
address
• FF02::5 – OSPFv3 (OSPF
IPv6) All SPF Routers
• FF02::6 – OSPFv3
Designated Routers
• FF02::9 – RIPng Routers
• FF02::13 – PIM Routers
Site-Local Scope Multicast
Addresses
• FF05::2 – All-routers
address
Ø Thus, if you have a site-local address of:
FEC0::1111:2731:E2FF:FE96:C283
Ø The corresponding solicited-node multicast address would be:
FF02::1:FF96:C283
Ø Solicited-node multicast addresses are most often used for
neighbor discovery (covered in an upcoming section in this guide).
IPv6
Addresses and URLs:
Ø IPv6 addresses can also be referenced in URLs (Uniform
Resource Locator).
Ø Because IPv6 fields are separated by colons, the IPv6 address must
be placed in brackets, to conform to the URL standard:
The
IPv6 Header:
Ø The IPv6 header has 8 fields and is 320 bits long.
It has been considerably streamlined compared to its IPv4 counterpart, which
has 12 fields and is 160 bits long.
Field
Length Description
Version
4 bits Version of IP
(in this case, IPv6)
Traffic
Class 8 bit Classifies
traffic for QoS
Flow
Label 20 bits Identifies a
flow between a source and destination
Payload Length 16 bits Length of data in packet
Next
Header 8 bits Specifies the
next upper-layer or extension header
Hop
Limit 8 bits Decremented by
each router traversed
Source Address 128 bits Source IPv6 address
Destination Address 128 bits Destination IPv6 address
The Next Header field is of some importance.
Several such extension
headers exist, and are usually processed in the following order:
• Hop-by-Hop Options –
specifies options that should be
processed by every router in the path. Directly follows the IPv6 header.
• Destination Options – specifies options that should be processed
by the destination device.
• Routing Header – specifies each router the packet must
traverse to reach the destination (source routing)
• Fragment Header – used when a packet is larger than the MTU
for the path
• Authentication Header –
used to integrate IPSEC
Authentication Header (AH) into the IPv6 packet
• ESP Header – used to integrate IPSEC Encapsulating
Security Payload (ESP) into the IPv6 packet
ICMPv6:
Ø ICMP Version 6 (ICMPv6) is a core component of IPv6. All
devices employing IPv6 must also integrate ICMPv6.
ICMPv6 provides many
services, including (but not limited to):
• Error Messages
• Informational messages
(such as echo replies for IPv6 ping)
• MTU Path Discovery
• Neighbor Discovery
There are four key ICMPv6
error messages:
|
|
The node sending thismessage includes an
explanatory code:
0 - No route to destination
1 - Access is administratively prohibited
3 - Address unreachable
4 - Port unreachable
• Packet Too Big (ICMP
packet type 2) – indicates the
packet is larger than the MTU of the link. IPv6 routers do not fragment packets.
Instead,
the Packet Too Big message is sent to the source (sending) device, which then
reduces (or fragments) the size of the packet to the reported MTU.
This
message is used for Path MTU Discovery (PMTUD).
• Time Exceeded (ICMP
packet type 3) – indicates that
the hop count limit has been reached, usually
indicating a routing loop
• Parameter Problem (ICMP
packet type 4) – indicates an
error in the IPv6 header, or an IPv6 extension header.
The node sending this message includes an
explanatory code:
0 - Erroneous header field
1 - Unrecognized next-header type
2 - Unrecognized IPv6 option
Neighbor
Discovery Protocol (NDP) and ICMPv6
The neighbor discovery
protocol (NDP) provides a multitude of services for IPv6 enabled devices,
including:
• Automatic address
configuration, and prefix discovery
• Duplicate address
detection
• MTU discovery
• Router discovery
• Address resolution
Ø NDP replaces many IPv4 specific protocols, such as DHCP and ARP.
Ø NDP utilizes ICMPv6 to provide the above services.
Ø Periodically, IPv6 routers send out Router Advertisements
(RA’s) to both announce their presence on a link, and to provide
auto-configuration information for hosts.
Ø This RA (ICMP packet type 134) is sourced from the link-local
address of the sending router, and sent to the link-scope all-nodes multicast
group.
Ø A host can request an RA by sending out a Router Solicitation
(RS, ICMP packet type 133) to the link-local all-routers multicast
address.
Ø A RS is usually sent when a host is not currently configured
with an IP address.
The RA messages contain the
following information for hosts:
• The router’s link-layer
address (to be added to the host’s default router list)
• One or more network
prefixes
• A lifetime (measured
in seconds) for the prefix (es)
• The link MTU to the
sending host.
Neighbor Solicitations (NS’s, ICMP packet type 135)
Ø A NS message’s source address is the link-local address of the
sending host,and the destination is the solicited-node multicast address
of the destination host.
Ø A neighbor will reply to a NS with a Neighbor Advertisement
(NA, ICMP packet type 136). This process replaces the Address Resolution
Protocol (ARP) used by IPv4, and provides a far more efficient means to learn neighbor
address information.
Ø Hosts additionally use the NS messages to detect duplicate
addresses.
Ø Before a host assigns itself an IPv6 address, it sends out a NS to
ensure no other host is configured with that address.
Autoconfiguration
of Hosts
Ø Hosts can be assigned IPv6 addresses one of two ways: manually, or
using autoconfiguration. Hosts learn how to autoconfigure themselves from Router
Advertisements (RA’s).
Ø Two types of autoconfiguration exist, stateless and stateful.
Stateless
|
|
IPv6
Basics:
Ø In response to the address shortage, IPv6 was developed.
Ø IPv6 increases the address size to 128 bits, providing a nearly
unlimited supply of addresses (340,282,366,920,938,463,463,374,607,431,768,211,456
to be exact).
Ø This provides roughly 50 octillion addresses per person
alive on Earth today, or roughly 3.7 x 1021 addresses per square inch of
the Earth’s surface.
IPv6 offers the following
features:
Ø Increased Address Space and Scalability – providing the absurd number of possible addresses stated
previously.
Ø Simplified Configuration – allows
hosts to auto-configure their IPv6 addresses, based on network prefixes
advertised by routers.
Ø Integrated Security – provides
built-in authentication and encryption into the IPv6 network header
Ø Compatibility with IPv4 – simplifies
address migration, as IPv6 is backward-compatible with IPv4
The
IPv6 Address:
Ø The IPv6 address is 128 bits, as opposed to the 32-bit IPv4
address. Also unlike IPv4, the IPv6 address is represented in hexadecimal
notation, separate by colons.
Ø Each “grouping” of hexadecimal digits is 16 bits, with a total of
eight fields. The hexadecimal values of an IPv6 address are not
case-sensitive.
Ø We can drop any leading zeros in each field of an IPv6 address.
Example:
1423:0021:0C13:CC1E:3142:0001:2222:3333
Ø We can condense that address to: 1423:21:C13:CC1E:3142:1:2222:3333
Ø we can further compact the following address:
F12F:0000:0000:CC1E:2412:1111:2222:3333
Ø The condensed address would be:
F12F::CC1E:2412:1111:2222:3333
Ø Notice the double colons.
The
IPv6 Prefix:
Ø IPv4 utilizes a subnet
mask to define the network “prefix” and “host”portions of an address.
This subnet mask can also be represented in Classless Inter-Domain Routing
(CIDR) format.
Ø IPv6 always use CIDR notation
to determine what bits notate the
prefix of an address:
Ø Full Address: 1254:1532:26B1:CC14:123:1111:2222:3333/64
Ø Prefix ID: 1254:1532:26B1:CC14:
Ø Host ID: 123:1111:2222:3333
Ø The /64 indicates
that the first 64 bits of this address identify the prefix.
The
IPv6 Interface ID and EUI-64 Format:
Ø The host portion of an IPv4 address is not based on the hardware
address of an interface.
Ø IPv4 relies on Address Resolution Protocol (ARP) to
mapbetween the logical IP address and the 48-bit hardware MAC address.
Ø IPv6 unicasts generally allocate the first 64 bits of the address
to identify thenetwork (prefix), and the last 64 bits to identify the
host (referred to as the interface ID).
Ø The interface ID is based on the interface’s hardware
address.
Ø This interface ID adheres to the IEEE 64-bit Extended Unique
Identifier (EUI-64) format. Since most interfaces still use the
48-bit MAC address, theMAC must be converted into the EUI-64 format.
Ø Consider the following MAC address: 1111.2222.3333. The first 24
bits, the Organizationally Unique Identifier (OUI), identify the manufacturer.
The last 24 bits uniquely
identify the host. To convert this to EUI-64 format:
1. The first 24 bits of
the MAC (the OUI), become the first 24 bits of the EUI-64
formatted
interface
ID.
2. The seventh bit
of the OUI is changed from a “0” to a “1”.
3. The next 16 bits of the
interface ID are FFFE.
4. The last 24 bits of
the MAC (the host ID), become the last 24 bits of the interface ID.
Ø Thus, the MAC address 1111.2222.3333 in EUI-64 format would become
1311:22FF:FE22:3333, which becomes the interface ID.
|
|
Ø IPv4 separated its address space into specific classes. The
class of an IPv4 address was identified by the high-order bits of the first
octet:
Class
A - (00000001 – 01111111, or 1 - 127)
Class
B - (10000000 – 10111111, or 128 - 191)
Class
C - (11000000 – 11011111, or 192 - 223)
Class
D - (11100000 – 11101111, or 224 - 239)
Ø IPv6’s addressing structure is far more scalable.
Ø Less than 20% of the IPv6address space has been designated for
use, currently. The potential for growth is enormous.
Ø The address space that has been allocated is organized into
several types, determined by the high-order bits of the first field:
• Special Addresses – addresses
begin 00xx:
• Link Local – addresses
begin FE8x:
• Site Local – addresses
begin FECx:
• Aggregate Global – addresses
begin 2xxx: or 3xxx:
• Multicasts – addresses
begin FFxx:
• Anycasts
There are no broadcast
addresses in IPv6. Thus, any IPv6 address that is not a multicast is
a unicast address.
Anycast addresses:
Ø It identify
a group of interfaces on multiple hosts.
Ø Thus, multiple hosts are configured with an identical address.
Packets sent to an anycast address are sent to the nearest (i.e., least
amount of hops) host.
Ø Anycasts are indistinguishable from any other IPv6 unicast
address.
Ø Practical applications of anycast addressing are a bit murky.
Ø One possible application would be a server farm providing an
identical service or function, in which case anycast addressing would allow
clients to connect to the nearest server.
Special
(Reserved) IPv6 Addresses:
Ø The first field of a reserved or special IPv6
address will always begin 00xx.
Ø Reserved addresses represent 1/256th of the available IPv6 address
space.
Ø Various reserved addresses exist, including:
•
0:0:0:0:0:0:0:0 (or ::) – is an unspecified or unknown address.
Ø It is the equivalent of the IPv4 0.0.0.0 address, which indicates the
absence of a configured or assigned address.
Ø In routing tables, the unspecified address is used to identify all
or any possible hosts or networks.
•
0:0:0:0:0:0:0:1 (or ::1) – is the loopback or localhost address.
Ø It is the equivalent of the IPv4 127.0.0.1 address.
Reserved
Addresses - IPv4 and IPv6 Compatibility:
Ø To alleviate the difficulties of immediately migrating from IPv4
to IPv6, specific reserved addresses can be used to embed an IPv4
address into anIPv6 address.
Ø Two types of addresses can be used for IPv4 embedding, IPv4-compatible
IPv6 addresses, and IPv4-mapped IPv6 addresses.
0:0:0:0:0:0:a.b.c.d (or ::a.b.c.d) – is an IPv4-compatible IPv6 address.
Ø This address is used on devices that support both IPv4 and IPv6.
Ø A prefix of /96 is used for IPv4-compatible IPv6 addresses:
::192.168.1.1/96
0:0:0:0:0:FFFF:a.b.c.d
(or ::FFFF:a.b.c.d) – is an IPv4-mapped IPv6
address.
Ø Again, a prefix of /96 is used for IPv4-mapped IPv6 addresses:
::FFFF:192.168.1.1/96
Link-Local
IPv6 Addresses:
Ø Link-local IPv6 addresses are used only on a single link (subnet).
Ø Any packet that contains a link-local source or destination
address is never routed
Ø to another link.
Ø Every IPv6-enabled interface on a host (or router) is assigned a link-local
address. This address can be manually assigned, or auto-configured.
Ø The first field of a link-local IPv6 address will always
begin FE8x (11111110 10).
Ø Link-local addresses are unicasts, and represent 1/1024th
of the available IPv6 address space.
Ø A prefix of /10 is used for link-local addresses.
FE80::1311:22FF:FE22:3333/10
There is no hierarchy to a
link-local address:
• The first 10 bits are
fixed (FE8), known as the Format Prefix (FP).
• The next 54 bits are set
to 0.
• The final 64 bits are used
as the interface ID.
Aggregate
Global IPv6 Addresses:
Ø Aggregate Global IPv6 addresses are the equivalent of “public” IPv4 addresses.
Ø Aggregate global addresses can be routed publicly on the Internet.
Ø Any device or site that wishes to traverse the Internet must be
uniquely identified with an aggregate global address.
Ø Currently, the first field of an aggregate global IPv6
address will always begin 2xxx (001). Aggregate global addresses
are unicasts, and represent 1/8th of the available IPv6 address space.
2000::2731:E2FF:FE96:C283/64
Aggregate global addresses
adhere to a very strict hierarchy:
• The first 3 bits are the
fixed FP.
• The next 13 bits are the top-level
aggregation identifier (TLA ID).
• The next 8 bits are reserved
for future use.
• The next 24 bits are the next-level
aggregation identifier (NLA ID).
• The next 16 bits are the site-level
aggregation identifier (SLA ID).
• The final 64 bits are used
as the interface ID.
By have multiple levels,
a consistent, organized, and scalable hierarchy is maintained.
Multicast
IPv6 Addresses:
Ø Multicast IPv6 addresses are the equivalent of IPv4 multicast addresses.
Ø Interfaces can belong to one or more multicast groups.
Interfaces will accept a multicast packet only if they belong to that group.
Ø Multicasting provides a much
more efficient mechanism than broadcasting, which requires that every
host on a link accept and process each broadcast packet.
Ø The first field of a multicast IPv6 address will always
begin FFxx (11111111).
Ø The full multicast range is FF00 through FFFF. Multicasts
represent 1/256th of the available IPv6 address space.
FF01:0:0:0:0:0:0:1
Multicast addresses follow a
specific format:
• The first 8 bits identify
the address as a multicast (1111 1111)
|
|
The multicast address is
considered well-known.
• The next 4 bits are a scope
value:
0000 (0) = Reserved
0001 (1) = Node Local Scope
0010 (2) = Link Local Scope
0101 (5) = Site Local Scope
1000 (8) = Organization
Local Scope
1110 (e) = Global Scope
1111 (f) = Reserved
Ø The final 112 bits identify the actual multicast group.
Ø IPv4 multicast addresses had no mechanism to support multiple “scopes.”
Common
IPv6 Multicast Addresses:
The following is a list of
common, well-known IPv6 multicast addresses:
Node-Local Scope Multicast
Addresses
• FF01::1 – All-nodes
address
• FF01::2 – All-routers
address
Link-Local Scope Multicast Addresses
• FF02::1 – All-nodes
address
• FF02::2 – All-routers
address
• FF02::5 – OSPFv3 (OSPF
IPv6) All SPF Routers
• FF02::6 – OSPFv3
Designated Routers
• FF02::9 – RIPng Routers
• FF02::13 – PIM Routers
Site-Local Scope Multicast
Addresses
• FF05::2 – All-routers
address
Ø Thus, if you have a site-local address of:
FEC0::1111:2731:E2FF:FE96:C283
Ø The corresponding solicited-node multicast address would be:
FF02::1:FF96:C283
Ø Solicited-node multicast addresses are most often used for
neighbor discovery (covered in an upcoming section in this guide).
IPv6
Addresses and URLs:
Ø IPv6 addresses can also be referenced in URLs (Uniform
Resource Locator).
Ø Because IPv6 fields are separated by colons, the IPv6 address must
be placed in brackets, to conform to the URL standard:
The
IPv6 Header:
Ø The IPv6 header has 8 fields and is 320 bits long.
It has been considerably streamlined compared to its IPv4 counterpart, which
has 12 fields and is 160 bits long.
Field
Length Description
Version
4 bits Version of IP
(in this case, IPv6)
Traffic
Class 8 bit Classifies
traffic for QoS
Flow
Label 20 bits Identifies a
flow between a source and destination
Payload Length 16 bits Length of data in packet
Next
Header 8 bits Specifies the
next upper-layer or extension header
Hop
Limit 8 bits Decremented by
each router traversed
Source Address 128 bits Source IPv6 address
Destination Address 128 bits Destination IPv6 address
The Next Header field is of some importance.
Several such extension
headers exist, and are usually processed in the following order:
• Hop-by-Hop Options –
specifies options that should be
processed by every router in the path. Directly follows the IPv6 header.
• Destination Options – specifies options that should be processed
by the destination device.
• Routing Header – specifies each router the packet must
traverse to reach the destination (source routing)
• Fragment Header – used when a packet is larger than the MTU
for the path
• Authentication Header –
used to integrate IPSEC
Authentication Header (AH) into the IPv6 packet
• ESP Header – used to integrate IPSEC Encapsulating
Security Payload (ESP) into the IPv6 packet
ICMPv6:
Ø ICMP Version 6 (ICMPv6) is a core component of IPv6. All
devices employing IPv6 must also integrate ICMPv6.
ICMPv6 provides many
services, including (but not limited to):
• Error Messages
• Informational messages
(such as echo replies for IPv6 ping)
• MTU Path Discovery
• Neighbor Discovery
There are four key ICMPv6
error messages:
|
|
The node sending thismessage includes an
explanatory code:
0 - No route to destination
1 - Access is administratively prohibited
3 - Address unreachable
4 - Port unreachable
• Packet Too Big (ICMP
packet type 2) – indicates the
packet is larger than the MTU of the link. IPv6 routers do not fragment packets.
Instead,
the Packet Too Big message is sent to the source (sending) device, which then
reduces (or fragments) the size of the packet to the reported MTU.
This
message is used for Path MTU Discovery (PMTUD).
• Time Exceeded (ICMP
packet type 3) – indicates that
the hop count limit has been reached, usually
indicating a routing loop
• Parameter Problem (ICMP
packet type 4) – indicates an
error in the IPv6 header, or an IPv6 extension header.
The node sending this message includes an
explanatory code:
0 - Erroneous header field
1 - Unrecognized next-header type
2 - Unrecognized IPv6 option
Neighbor
Discovery Protocol (NDP) and ICMPv6
The neighbor discovery
protocol (NDP) provides a multitude of services for IPv6 enabled devices,
including:
• Automatic address
configuration, and prefix discovery
• Duplicate address
detection
• MTU discovery
• Router discovery
• Address resolution
Ø NDP replaces many IPv4 specific protocols, such as DHCP and ARP.
Ø NDP utilizes ICMPv6 to provide the above services.
Ø Periodically, IPv6 routers send out Router Advertisements
(RA’s) to both announce their presence on a link, and to provide
auto-configuration information for hosts.
Ø This RA (ICMP packet type 134) is sourced from the link-local
address of the sending router, and sent to the link-scope all-nodes multicast
group.
Ø A host can request an RA by sending out a Router Solicitation
(RS, ICMP packet type 133) to the link-local all-routers multicast
address.
Ø A RS is usually sent when a host is not currently configured
with an IP address.
The RA messages contain the
following information for hosts:
• The router’s link-layer
address (to be added to the host’s default router list)
• One or more network
prefixes
• A lifetime (measured
in seconds) for the prefix (es)
• The link MTU to the
sending host.
Neighbor Solicitations (NS’s, ICMP packet type 135)
Ø A NS message’s source address is the link-local address of the
sending host,and the destination is the solicited-node multicast address
of the destination host.
Ø A neighbor will reply to a NS with a Neighbor Advertisement
(NA, ICMP packet type 136). This process replaces the Address Resolution
Protocol (ARP) used by IPv4, and provides a far more efficient means to learn neighbor
address information.
Ø Hosts additionally use the NS messages to detect duplicate
addresses.
Ø Before a host assigns itself an IPv6 address, it sends out a NS to
ensure no other host is configured with that address.
Autoconfiguration
of Hosts
Ø Hosts can be assigned IPv6 addresses one of two ways: manually, or
using autoconfiguration. Hosts learn how to autoconfigure themselves from Router
Advertisements (RA’s).
Ø Two types of autoconfiguration exist, stateless and stateful.
Stateless Autoconfiguration
Ø A host first assigns itself a linklocal IPv6 address. It
accomplishes this by combining the link-local prefix (FE8) with its interface
ID (MAC address in EUI-64 format).
Ø The host then sends a Router Solicitation multicast to the
all-routers multicast address, which provides one or more network prefixes.
Ø The host combines these prefixes with its interface ID to create
its site-local (or
aggregate global) IPv6 addresses.
Stateful Autoconfiguration:
Ø It is
used in conjunction with stateless auto configuration. Stateful Auto
configuration utilizes DHCPv6 to provide additional information to the host,
such as DNS servers.
Ø DHCPv6 can also be used in the event that there is no router on
the link, to provide stateless auto configuration.
ADVANTAGES OF IPV6:
Ø Ipv6 reduces the size of routing
tables and makes routing more efficient
Ø Ipv6's simplified packet header
makes packet processing more efficient
Ø Ipv6 supports multicast rather than
broadcast.
Ø Multicast allows bandwidth-intensive
packet flows to be sent to multiple destinations simultaneously, saving network
bandwidth
Ø Address auto-configuration (address
assignment) is built in to ipv6
Ø IPsec, which provides
confidentiality, authentication and data integrity, is baked into in ipv6.
|
|
IPv6
Basics:
Ø In response to the address shortage, IPv6 was developed.
Ø IPv6 increases the address size to 128 bits, providing a nearly
unlimited supply of addresses (340,282,366,920,938,463,463,374,607,431,768,211,456
to be exact).
Ø This provides roughly 50 octillion addresses per person
alive on Earth today, or roughly 3.7 x 1021 addresses per square inch of
the Earth’s surface.
IPv6 offers the following
features:
Ø Increased Address Space and Scalability – providing the absurd number of possible addresses stated
previously.
Ø Simplified Configuration – allows
hosts to auto-configure their IPv6 addresses, based on network prefixes
advertised by routers.
Ø Integrated Security – provides
built-in authentication and encryption into the IPv6 network header
Ø Compatibility with IPv4 – simplifies
address migration, as IPv6 is backward-compatible with IPv4
The
IPv6 Address:
Ø The IPv6 address is 128 bits, as opposed to the 32-bit IPv4
address. Also unlike IPv4, the IPv6 address is represented in hexadecimal
notation, separate by colons.
Ø Each “grouping” of hexadecimal digits is 16 bits, with a total of
eight fields. The hexadecimal values of an IPv6 address are not
case-sensitive.
Ø We can drop any leading zeros in each field of an IPv6 address.
Example:
1423:0021:0C13:CC1E:3142:0001:2222:3333
Ø We can condense that address to: 1423:21:C13:CC1E:3142:1:2222:3333
Ø we can further compact the following address:
F12F:0000:0000:CC1E:2412:1111:2222:3333
Ø The condensed address would be:
F12F::CC1E:2412:1111:2222:3333
Ø Notice the double colons.
The
IPv6 Prefix:
Ø IPv4 utilizes a subnet
mask to define the network “prefix” and “host”portions of an address.
This subnet mask can also be represented in Classless Inter-Domain Routing
(CIDR) format.
Ø IPv6 always use CIDR notation
to determine what bits notate the
prefix of an address:
Ø Full Address: 1254:1532:26B1:CC14:123:1111:2222:3333/64
Ø Prefix ID: 1254:1532:26B1:CC14:
Ø Host ID: 123:1111:2222:3333
Ø The /64 indicates
that the first 64 bits of this address identify the prefix.
The
IPv6 Interface ID and EUI-64 Format:
Ø The host portion of an IPv4 address is not based on the hardware
address of an interface.
Ø IPv4 relies on Address Resolution Protocol (ARP) to
mapbetween the logical IP address and the 48-bit hardware MAC address.
Ø IPv6 unicasts generally allocate the first 64 bits of the address
to identify thenetwork (prefix), and the last 64 bits to identify the
host (referred to as the interface ID).
Ø The interface ID is based on the interface’s hardware
address.
Ø This interface ID adheres to the IEEE 64-bit Extended Unique
Identifier (EUI-64) format. Since most interfaces still use the
48-bit MAC address, theMAC must be converted into the EUI-64 format.
Ø Consider the following MAC address: 1111.2222.3333. The first 24
bits, the Organizationally Unique Identifier (OUI), identify the manufacturer.
The last 24 bits uniquely
identify the host. To convert this to EUI-64 format:
1. The first 24 bits of
the MAC (the OUI), become the first 24 bits of the EUI-64
formatted
interface
ID.
2. The seventh bit
of the OUI is changed from a “0” to a “1”.
3. The next 16 bits of the
interface ID are FFFE.
4. The last 24 bits of
the MAC (the host ID), become the last 24 bits of the interface ID.
Ø Thus, the MAC address 1111.2222.3333 in EUI-64 format would become
1311:22FF:FE22:3333, which becomes the interface ID.
|
|
Ø IPv4 separated its address space into specific classes. The
class of an IPv4 address was identified by the high-order bits of the first
octet:
Class
A - (00000001 – 01111111, or 1 - 127)
Class
B - (10000000 – 10111111, or 128 - 191)
Class
C - (11000000 – 11011111, or 192 - 223)
Class
D - (11100000 – 11101111, or 224 - 239)
Ø IPv6’s addressing structure is far more scalable.
Ø Less than 20% of the IPv6address space has been designated for
use, currently. The potential for growth is enormous.
Ø The address space that has been allocated is organized into
several types, determined by the high-order bits of the first field:
• Special Addresses – addresses
begin 00xx:
• Link Local – addresses
begin FE8x:
• Site Local – addresses
begin FECx:
• Aggregate Global – addresses
begin 2xxx: or 3xxx:
• Multicasts – addresses
begin FFxx:
• Anycasts
There are no broadcast
addresses in IPv6. Thus, any IPv6 address that is not a multicast is
a unicast address.
Anycast addresses:
Ø It identify
a group of interfaces on multiple hosts.
Ø Thus, multiple hosts are configured with an identical address.
Packets sent to an anycast address are sent to the nearest (i.e., least
amount of hops) host.
Ø Anycasts are indistinguishable from any other IPv6 unicast
address.
Ø Practical applications of anycast addressing are a bit murky.
Ø One possible application would be a server farm providing an
identical service or function, in which case anycast addressing would allow
clients to connect to the nearest server.
Special
(Reserved) IPv6 Addresses:
Ø The first field of a reserved or special IPv6
address will always begin 00xx.
Ø Reserved addresses represent 1/256th of the available IPv6 address
space.
Ø Various reserved addresses exist, including:
•
0:0:0:0:0:0:0:0 (or ::) – is an unspecified or unknown address.
Ø It is the equivalent of the IPv4 0.0.0.0 address, which indicates the
absence of a configured or assigned address.
Ø In routing tables, the unspecified address is used to identify all
or any possible hosts or networks.
•
0:0:0:0:0:0:0:1 (or ::1) – is the loopback or localhost address.
Ø It is the equivalent of the IPv4 127.0.0.1 address.
Reserved
Addresses - IPv4 and IPv6 Compatibility:
Ø To alleviate the difficulties of immediately migrating from IPv4
to IPv6, specific reserved addresses can be used to embed an IPv4
address into anIPv6 address.
Ø Two types of addresses can be used for IPv4 embedding, IPv4-compatible
IPv6 addresses, and IPv4-mapped IPv6 addresses.
0:0:0:0:0:0:a.b.c.d (or ::a.b.c.d) – is an IPv4-compatible IPv6 address.
Ø This address is used on devices that support both IPv4 and IPv6.
Ø A prefix of /96 is used for IPv4-compatible IPv6 addresses:
::192.168.1.1/96
0:0:0:0:0:FFFF:a.b.c.d
(or ::FFFF:a.b.c.d) – is an IPv4-mapped IPv6
address.
Ø Again, a prefix of /96 is used for IPv4-mapped IPv6 addresses:
::FFFF:192.168.1.1/96
Link-Local
IPv6 Addresses:
Ø Link-local IPv6 addresses are used only on a single link (subnet).
Ø Any packet that contains a link-local source or destination
address is never routed
Ø to another link.
Ø Every IPv6-enabled interface on a host (or router) is assigned a link-local
address. This address can be manually assigned, or auto-configured.
Ø The first field of a link-local IPv6 address will always
begin FE8x (11111110 10).
Ø Link-local addresses are unicasts, and represent 1/1024th
of the available IPv6 address space.
Ø A prefix of /10 is used for link-local addresses.
FE80::1311:22FF:FE22:3333/10
There is no hierarchy to a
link-local address:
• The first 10 bits are
fixed (FE8), known as the Format Prefix (FP).
• The next 54 bits are set
to 0.
• The final 64 bits are used
as the interface ID.
Aggregate
Global IPv6 Addresses:
Ø Aggregate Global IPv6 addresses are the equivalent of “public” IPv4 addresses.
Ø Aggregate global addresses can be routed publicly on the Internet.
Ø Any device or site that wishes to traverse the Internet must be
uniquely identified with an aggregate global address.
Ø Currently, the first field of an aggregate global IPv6
address will always begin 2xxx (001). Aggregate global addresses
are unicasts, and represent 1/8th of the available IPv6 address space.
2000::2731:E2FF:FE96:C283/64
Aggregate global addresses
adhere to a very strict hierarchy:
• The first 3 bits are the
fixed FP.
• The next 13 bits are the top-level
aggregation identifier (TLA ID).
• The next 8 bits are reserved
for future use.
• The next 24 bits are the next-level
aggregation identifier (NLA ID).
• The next 16 bits are the site-level
aggregation identifier (SLA ID).
• The final 64 bits are used
as the interface ID.
By have multiple levels,
a consistent, organized, and scalable hierarchy is maintained.
Multicast
IPv6 Addresses:
Ø Multicast IPv6 addresses are the equivalent of IPv4 multicast addresses.
Ø Interfaces can belong to one or more multicast groups.
Interfaces will accept a multicast packet only if they belong to that group.
Ø Multicasting provides a much
more efficient mechanism than broadcasting, which requires that every
host on a link accept and process each broadcast packet.
Ø The first field of a multicast IPv6 address will always
begin FFxx (11111111).
Ø The full multicast range is FF00 through FFFF. Multicasts
represent 1/256th of the available IPv6 address space.
FF01:0:0:0:0:0:0:1
Multicast addresses follow a
specific format:
• The first 8 bits identify
the address as a multicast (1111 1111)
|
|
The multicast address is
considered well-known.
• The next 4 bits are a scope
value:
0000 (0) = Reserved
0001 (1) = Node Local Scope
0010 (2) = Link Local Scope
0101 (5) = Site Local Scope
1000 (8) = Organization
Local Scope
1110 (e) = Global Scope
1111 (f) = Reserved
Ø The final 112 bits identify the actual multicast group.
Ø IPv4 multicast addresses had no mechanism to support multiple “scopes.”
Common
IPv6 Multicast Addresses:
The following is a list of
common, well-known IPv6 multicast addresses:
Node-Local Scope Multicast
Addresses
• FF01::1 – All-nodes
address
• FF01::2 – All-routers
address
Link-Local Scope Multicast Addresses
• FF02::1 – All-nodes
address
• FF02::2 – All-routers
address
• FF02::5 – OSPFv3 (OSPF
IPv6) All SPF Routers
• FF02::6 – OSPFv3
Designated Routers
• FF02::9 – RIPng Routers
• FF02::13 – PIM Routers
Site-Local Scope Multicast
Addresses
• FF05::2 – All-routers
address
Ø Thus, if you have a site-local address of:
FEC0::1111:2731:E2FF:FE96:C283
Ø The corresponding solicited-node multicast address would be:
FF02::1:FF96:C283
Ø Solicited-node multicast addresses are most often used for
neighbor discovery (covered in an upcoming section in this guide).
IPv6
Addresses and URLs:
Ø IPv6 addresses can also be referenced in URLs (Uniform
Resource Locator).
Ø Because IPv6 fields are separated by colons, the IPv6 address must
be placed in brackets, to conform to the URL standard:
The
IPv6 Header:
Ø The IPv6 header has 8 fields and is 320 bits long.
It has been considerably streamlined compared to its IPv4 counterpart, which
has 12 fields and is 160 bits long.
Field
Length Description
Version
4 bits Version of IP
(in this case, IPv6)
Traffic
Class 8 bit Classifies
traffic for QoS
Flow
Label 20 bits Identifies a
flow between a source and destination
Payload Length 16 bits Length of data in packet
Next
Header 8 bits Specifies the
next upper-layer or extension header
Hop
Limit 8 bits Decremented by
each router traversed
Source Address 128 bits Source IPv6 address
Destination Address 128 bits Destination IPv6 address
The Next Header field is of some importance.
Several such extension
headers exist, and are usually processed in the following order:
• Hop-by-Hop Options –
specifies options that should be
processed by every router in the path. Directly follows the IPv6 header.
• Destination Options – specifies options that should be processed
by the destination device.
• Routing Header – specifies each router the packet must
traverse to reach the destination (source routing)
• Fragment Header – used when a packet is larger than the MTU
for the path
• Authentication Header –
used to integrate IPSEC
Authentication Header (AH) into the IPv6 packet
• ESP Header – used to integrate IPSEC Encapsulating
Security Payload (ESP) into the IPv6 packet
ICMPv6:
Ø ICMP Version 6 (ICMPv6) is a core component of IPv6. All
devices employing IPv6 must also integrate ICMPv6.
ICMPv6 provides many
services, including (but not limited to):
• Error Messages
• Informational messages
(such as echo replies for IPv6 ping)
• MTU Path Discovery
• Neighbor Discovery
There are four key ICMPv6
error messages:
|
|
The node sending thismessage includes an
explanatory code:
0 - No route to destination
1 - Access is administratively prohibited
3 - Address unreachable
4 - Port unreachable
• Packet Too Big (ICMP
packet type 2) – indicates the
packet is larger than the MTU of the link. IPv6 routers do not fragment packets.
Instead,
the Packet Too Big message is sent to the source (sending) device, which then
reduces (or fragments) the size of the packet to the reported MTU.
This
message is used for Path MTU Discovery (PMTUD).
• Time Exceeded (ICMP
packet type 3) – indicates that
the hop count limit has been reached, usually
indicating a routing loop
• Parameter Problem (ICMP
packet type 4) – indicates an
error in the IPv6 header, or an IPv6 extension header.
The node sending this message includes an
explanatory code:
0 - Erroneous header field
1 - Unrecognized next-header type
2 - Unrecognized IPv6 option
Neighbor
Discovery Protocol (NDP) and ICMPv6
The neighbor discovery
protocol (NDP) provides a multitude of services for IPv6 enabled devices,
including:
• Automatic address
configuration, and prefix discovery
• Duplicate address
detection
• MTU discovery
• Router discovery
• Address resolution
Ø NDP replaces many IPv4 specific protocols, such as DHCP and ARP.
Ø NDP utilizes ICMPv6 to provide the above services.
Ø Periodically, IPv6 routers send out Router Advertisements
(RA’s) to both announce their presence on a link, and to provide
auto-configuration information for hosts.
Ø This RA (ICMP packet type 134) is sourced from the link-local
address of the sending router, and sent to the link-scope all-nodes multicast
group.
Ø A host can request an RA by sending out a Router Solicitation
(RS, ICMP packet type 133) to the link-local all-routers multicast
address.
Ø A RS is usually sent when a host is not currently configured
with an IP address.
The RA messages contain the
following information for hosts:
• The router’s link-layer
address (to be added to the host’s default router list)
• One or more network
prefixes
• A lifetime (measured
in seconds) for the prefix (es)
• The link MTU to the
sending host.
Neighbor Solicitations (NS’s, ICMP packet type 135)
Ø A NS message’s source address is the link-local address of the
sending host,and the destination is the solicited-node multicast address
of the destination host.
Ø A neighbor will reply to a NS with a Neighbor Advertisement
(NA, ICMP packet type 136). This process replaces the Address Resolution
Protocol (ARP) used by IPv4, and provides a far more efficient means to learn neighbor
address information.
Ø Hosts additionally use the NS messages to detect duplicate
addresses.
Ø Before a host assigns itself an IPv6 address, it sends out a NS to
ensure no other host is configured with that address.
Autoconfiguration
of Hosts
Ø Hosts can be assigned IPv6 addresses one of two ways: manually, or
using autoconfiguration. Hosts learn how to autoconfigure themselves from Router
Advertisements (RA’s).
Ø Two types of autoconfiguration exist, stateless and stateful.
Stateless Autoconfiguration
Ø A host first assigns itself a linklocal IPv6 address. It
accomplishes this by combining the link-local prefix (FE8) with its interface
ID (MAC address in EUI-64 format).
Ø The host then sends a Router Solicitation multicast to the
all-routers multicast address, which provides one or more network prefixes.
Ø The host combines these prefixes with its interface ID to create
its site-local (or
aggregate global) IPv6 addresses.
Stateful Autoconfiguration:
Ø It is
used in conjunction with stateless auto configuration. Stateful Auto
configuration utilizes DHCPv6 to provide additional information to the host,
such as DNS servers.
Ø DHCPv6 can also be used in the event that there is no router on
the link, to provide stateless auto configuration.
ADVANTAGES OF IPV6:
Ø Ipv6 reduces the size of routing
tables and makes routing more efficient
Ø Ipv6's simplified packet header
makes packet processing more efficient
Ø Ipv6 supports multicast rather than
broadcast.
Ø Multicast allows bandwidth-intensive
packet flows to be sent to multiple destinations simultaneously, saving network
bandwidth
Ø Address auto-configuration (address
assignment) is built in to ipv6
Ø IPsec, which provides
confidentiality, authentication and data integrity, is baked into in ipv6.
Autoconfiguration
Ø A host first assigns itself a linklocal IPv6 address. It
accomplishes this by combining the link-local prefix (FE8) with its interface
ID (MAC address in EUI-64 format).
Ø The host then sends a Router Solicitation multicast to the
all-routers multicast address, which provides one or more network prefixes.
Ø The host combines these prefixes with its interface ID to create
its site-local (or
aggregate global) IPv6 addresses.
Stateful Autoconfiguration:
Ø It is
used in conjunction with stateless auto configuration. Stateful Auto
configuration utilizes DHCPv6 to provide additional information to the host,
such as DNS servers.
Ø DHCPv6 can also be used in the event that there is no router on
the link, to provide stateless auto configuration.
ADVANTAGES OF IPV6:
Ø Ipv6 reduces the size of routing
tables and makes routing more efficient
Ø Ipv6's simplified packet header
makes packet processing more efficient
Ø Ipv6 supports multicast rather than
broadcast.
Ø Multicast allows bandwidth-intensive
packet flows to be sent to multiple destinations simultaneously, saving network
bandwidth
Ø Address auto-configuration (address
assignment) is built in to ipv6
Ø IPsec, which provides
confidentiality, authentication and data integrity, is baked into in ipv6.
No comments:
Post a Comment