Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

IPv6 For the IT Pro

advertisement 
IPv6 for the IT Pro
1. Overview
This document is written to give you a quick refresher on IPv4 and then build
from that knowledge to give you an good understanding of IPv6. This can be
then used as a building block to design your IPv6 structure and get on the road
to migrating to IPv6 on your network
Feedback is always welcome please send to johm@microsoft.com or on twitter
@mccabej
Page 1 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
2. IPv4 Lets Revise!
2.1 The basic format
Before we start off on our journey to understand IPv6, let’s take a quick history
lesson on IPv4 and what it looks like and define some of the properties around it.
IPv4 addresses are in the format 192.168.0.1
Each block separated by a . represents 8 bits. There are 4 blocks in each IP
address giving us a total of 32bits in an IPv4 address.
If we take our example from above and express it in bits the number looks like
this:
11000000101010000000000000000001
Normally when you receive an IPv4 address you will get assigned a subnet
mask. This defines the network that the IPv4 address belongs to.
2.2 Subnet Masks
Traditionally people used to refer to Class A, B & C networks and sometimes D
& E but more commonly the first 3. They are more common referred to subnet
masks
Class A networks were represented by a subnet mask of 255.0.0.0
Class B networks were represented by a subnet mask of 255.255.0.0
Class C networks were represented by a subnet mask of 255.255.255.0
Each 0 represents the amount of hosts that can exist. Take 255.255.255.0
If we change this to binary it looks like the following
11111111 11111111 11111111 00000000
We know the 11111111 represents 255 so if we take our last block or octet of
00000000 we realize that we can have 256 possible combinations or addresses
between 0 and 255.
Page 2 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
Now take the Class B network of 255.255.0.0
This in binary looks like
11111111 11111111 00000000 00000000
Again applying our method again we have 256 possible combinations in block 3
and 256 combinations in block 4
To work out the amount of possible combinations or addresses we have we
simply multiply 256 * 256 = 65536
If we take the Class A network we now each block of 0 can represent 256 possible
combinations so we simply multiply 256*256*256 = 16777216 possible addresses.
If we take our example of 192.168.0.1 and give it a common subnet mask of
255.255.255.0
Then we know that we have 256 possible addresses we can use in this network
For IPv4 networks we have a rule that 2 addresses in each network are reserved,
these are the network address (usually the first address in the defined range) and
the broadcast address (usually the last address in the defined range)
Using this knowledge we see that we have an IP of 192.168.0.1 and a subnet mask
of 255.255.255.0. We know that 255.255.255.0 represents a possible combination
of 256 addresses; we also know that we have 2 reserved addresses leaving 254
useable IP’s for host assignment. To complete our understanding of this we need
to understand that we actually start counting from 0 in this case as it is a valid
address and go all the way up to 255. Remember from before that the network
address is the first address in the range and the broadcast is the last address in
the range. Therefore if we start counting from 0 and our last address is 255, then
we can define that our network address is 192.168.0.0 and our broadcast address
is 192.168.0.255
Our network address is usually written as follows 192.168.0.0 255.255.255.0 and
defines that particular network with 254 useable addresses. Our broadcast
address represents a simple address that if we send a packet to will be sent to all
hosts on the defined subnet
Page 3 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
2.3 Classless Inter Domain Routing
In more modern documentation IPv4 addresses are usually written in Classless
Inter domain routing (CIDR) format this is represented as a / and a decimal
number (the decimal number represents the amount of bits from the defined
subnet mask)
Taking our 255.255.255.0 subnet and translating back into binary
11111111 11111111 11111111 00000000
We can see that if we count the number of 1’s we have 24 therefore the CIDR
notation of a 255.255.255.0 subnet mask will me /24
If we take 255.255.0.0 subnet mask and translate it into binary, we have
11111111 11111111 00000000 00000000
Again count the number of 1’s in this case 16 and therefore our CIDR notation
looks like /16
2.4 Routing Table & Default Gateways
Computers and Networks keep a record of the networks they are aware of and
how to get to them by the use of a table called the routing table. This is generally
a dynamic table which gets updated frequently.
If a destination network does not exist in the routing table we can define a value
called the Default Gateway. This represents a device which can find our
destination and send the packet to the appropriate destination.
It is commonly written and displayed as follows
0.0.0.0 0.0.0.0 192.168.1.254
0.0.0.0 0.0.0.0 represents ALL possible destinations
192.168.1.254 represents the host which you can send the packet to and it will try
and discover and send your packet to the network you are looking for.
Page 4 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
3. IPv6 – Here we go!
3.1 IPv4 Recap
When looking at IPv6 for the first time people tend to get a bit nervous. They
have this massive 128bit address in HEX staring back at them. Previously in an
IPv4 world they generally knew what IPv4 they had and what subnet they were
located. They were able to easily reference where a client was in the network
based on their IP address.
For example, if I had a building with 8 floors and 200 users per floor, we might
use say a single class C subnet (/24 or 254 possible useable addresses) that means
we would have 8 different subnets.
One other thing in IPv4 is that for a configuration as in our example you would
NEVER receive public routable IP addresses to cover your entire network, so you
would use private IPv4 address space to cover your needs. In this scenario we
might select 192.168.0.0/16 to cover our address needs. Although this gives the
necessary space requirements, this large address space is difficult to manage and
leads to a large broadcast domain. What we normally would do is divide it up
into smaller subnets like the following
Floor
Ground
1st Floor
2nd Floor
3rd Floor
4th Floor
5th Floor
6th Floor
7th Floor
8th Floor
Subnet
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.5.0/24
192.168.6.0/24
192.168.7.0/24
192.168.8.0/24
As we can see if you look at the 3rd octet in the IPv4 space it increases by one and
in this scenario we can actually assign it to the floor number you might be
located on allowing easy tracking of where the computer is.
Page 5 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
We also got used to managing our IPv4 space and being able to remember that
our internal router IP is 192.168.1.254 and our DNS server is 192.168.1.1 and so
on….
3.2 IPv6 a first look
Now we have this rather large IPv6 address, let us take a look at what one is
As you can see from the diagram above this is a pretty long number and difficult
to remember. There is also formatting to the number being done as well with the
:: and the %15 all meaning something but its things you have to remember when
dealing with IPv6.
Let’s take the following IPv6 address and explain some of the basics around how
its put together first.
312A:0:0:46b1:0:0:abc1:123D
The first thing to note is the delimiter in IPv4 this was a . this divided the IP
address into its relevant octet, in IPv6 this is : and we don’t reference octets
anymore as in IPv6 each block represents a 16bit address, where in IPv4 it only
represented 8bits hence octet.
If we take the first block (312A) from the number above and but it into is 16bit for
it would look something like this
0011 0001 0010 1010
In IPv6 the number is made up of 8 blocks, each block represents 16 bits. This
gives us a total of 128bits for our address space which allows us to have 2128
(approximately 340 undecillion or 3.4×1038)
3.3 IPv6 Special Formatting
In IPv6 there are special formatting options around the use of zero’s when they
are contiguous you can use to write your IPv6 address. If take our IPv6 number
again
312A:0:0:46b1:0:0:abc1:123D
Page 6 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
We can see that we have in block 2 & 3 a zero and in block 5 & 6 a zero. So before
we shorten the address, you have to note that it can only be done ONCE and it is
usually in the first section of the address space. Taking our IPv6 number above
this now shortens to
312A::46b1:0:0:abc1:123D
As you can see when we shorten blocks of contiguous zero’s we can use :: to
denote this.
Another example might be
FE80:0:0:0:0:0:0:1234
This shortens to
FE80::1234
Each time we know that there must be eight blocks in the number and from
knowing that we can work backwards to figure out our number
Take the following IPv6 address
356F::1234:5af4:ab12
We can see from this number that only 4 blocks are listed with our special :: to
denote we have shortened blocks of zero’s.
Knowing that we have to have 8 blocks in our IPv6 address we can see we are
missing 4 blocks and since :: represents a contiguous set of 0’s we can now write
our number as
356F:0000:0000:0000:0000:1234:5af4:ab12
or
356F:0:0:0:0:1234:5af4:ab12
Page 7 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
3.4 IPv6 Networks
The next important thing to understand in IPv6 is how we work with it on the
network. If we remember in IPv4 when you define a subnet you usually wrote it
is
192.168.0.0/24
This denotes that we have 256 addresses in the space with 2 reserved, 1 for the
broadcast and 1 for the network address.
In this case the network address is 192.168.0.0 and the broadcast is 192.168.0.255
When deciding on your IPv4 space you need to consider if this network is going
to be a private network, a network that needs internet connectivity or if this
network is going to be directly attached to the internet.
If you wanted a private network you would just assume to use one of the defined
private non routable IPv4 spaces. If the network requires internet connectivity;
than you will need to consider either obtaining publically routable IPv4 space or
using a technology like NAT which will hide your private IP space. If the
network is going to be directly attached to the internet then you will need a
public address which can only be provided by the ISP.
In IPv6 we have similar concepts, we do not really have a concept of NAT and it
should be noted that broadcast on IPv6 networks do not exist.
In IPv6 we have the following address types
IPv6 Address Type
Link Local Unicast
Global Unicast
Unique Local Unicast
Equivalent IPv4 Address Type
The auto configured 169.254.0.0 addresses
Public Routable Addresses
Private IP Space (192.168.0.0 etc..)
We will discuss this further in the next section
Page 8 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
3.4 Address Types
3.4.1
Link Local Unicast
Link Local Unicast addresses always start with FE80:: /64, if you take the
following screenshot
This represents the link local unicast address. It is for use in the local network
only. These addresses are auto-configured from a discovery mechanism built
into IPv6 which probes and discovers the local network.
At the end of the address you will notice a %15 this stands for the interface
number. In IPv6 it is possible to have the same IP address on different interfaces
as IPv6 uses the %interfacenumber to define this. This is called the Zone ID
Generally Window’s assigns a unique Link local unicast address per interface.
3.4.2
Global Unicast
Global Unicast are the publically assigned address space for existing on the
internet. They can only be assigned by an ISP or if you are a Local internet
registry then your Regional Internet Registry (i.e. RIPE etc..)
They always start with a range of 2000 – 3FFF with a 2 reserved ranges. These are
2001 and 2002. The 2001 range is reserved for Teredo (this is an IPv6 transition
technology) and the 2002 range is used for 6To4 (another IPv6 transition
technology)
3.4.3
Unique Local Unicast
Unique Local Unicast are the private address space for IPv6 which you can
design and deploy for your network. They always start with FC::/7
In IPv6 we mentioned previously that there is no broadcast address. If there is no
broadcast who do we determine where a resource is located on the network. In
this scenario we have a Multicast address; multicast is being able to send a
packet of discovery to a group (i.e. routers) which can then allow us to pinpoint
Page 9 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
the resource we are trying to contact and go directly there, rather than the
traditional method of sending out a broadcast to everyone and having a massive
amount of responses.
Multicast Address start with FF and are used only for link local (local network)
operations.
Here are some examples of Multicast Addresses
Address
FF01::1
FF02::1
FF01::2
FF02::2
FF05::5
Description
Interface-Local All Nodes
Link-Local All Nodes
Interface – Local All Routers
Link Local All Routers
Site-Local All Routers
3.5 IPv6 Auto-configuration
IPv6 is difficult to configure due to the sheer size of the address space and the size of
the IPv6 number; taking this into consideration auto configuration has been taken
into account to aid the administrator in their transition to IPv6.
There are 2 defined modes of auto configuration these are
3.5.1
Stateful
This method requires manual configuration of the IPv6 address space on the
clients or configure and use a local DHCPv6 server for the proper distribution of
IPv6 space.
3.5.2
Stateless
This is where a network will auto configure based on the link local discovery
mechanism built into IPv6. This will talk to its neighbors and configure its IP
address based on the response using the defined Multicast Addresses.
Page 10 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
3.6 Name Resolution
In IPv6 there are 3 main methods for name resolution, these are



3.6.1
Link Local Multicast Name Resolution (LLMNR)
Peer Name Resolution Protocol (PNRP)
DNSv6
Link Local Multicast Name Resolution (LLMNR)
For the local network we will be using the LLMNR to resolve local
addresses. This uses DNS packets sent over multicast to discover the
network. Interestingly this replaces the computer browser service. This
cannot be used on the internet
For internet name resolution we can use PNRP or DNSv6.
3.6.2 DNSv6
DNSv6 works exactly the same as DNSv4 but has a new AAAA record to
support the IPv6 address instead of the A record that an IPv4 Address
used. The PTR record has also been updated to support the IPv6 address.
However the PTR is structured a little differently than IPv4 and in my
opinion there is no logical correlation to how the address and how we
work we the address.
If we take our IPv6 address from earlier 312A:0:0:46b1:0:0:abc1:123D the
PTR will look like the following
d.3.2.1.1.c.b.a.0.0.0.0.0.0.0.0.1.b.6.4.0.0.0.0.0.0.0.0.a.2.1.3.ip6.arpa
The digits in the IPv6 number is separated via a .
Page 11 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
3.6.3 Peer Name Resolution Protocol (PNRP)
PNRP uses a hashing mechanism. Essentially the Name is hashed and
stored. Then when you want to query for a name, it will form the hash
and perform proximity detection. For example if you want to browse to
Hotmail.com and its hash is 650123, it will check its local store for a
proximity of 65000 and if it doesn’t have the address it will try and
discover it via its neighbors hash. It will continue to bounce around until
the direct address is discovered and sent back. After this we will talk
directly to the Hotmail.com server.
Page 12 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
Appendix A - IPv6 Address Structure
Let’s start with our IPv6 Address as below
356F:0000:0000:0000:0000:1234:5af4:ab12
As previously mentioned this number is format as 8 x 16 bit blocks.
So if we translate the number to binary
11010101101111000000000000000000000000000000000000000000000000000000000000000010010001101001011010111101001010101100010010
That is 128 bits.
The first 48bits define the Network ID (often referred to the routing prefix)
The next 16bits define the Subnet ID
The last 64bits define the Interface ID (often generated in relation to the MAC address)
For Example
Our IPv6 address is
356F:0000:0000:abcd:0000:1234:5af4:ab12
Our network / routing prefix is the first 48bits
So our IPv6 looks like 356F::/64
Our Subnet ID is abcd
So our IPv6 looks like 356F::abcd /64
Page 13 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
Appendix B – IPv4 to IPv6 Transition technologies
There are the main transition technologies available today




Tunneling
ISATAP or (intrasite automatic tunnel addressing protocol)
Teredo
6to4
Tunneling
Essentially what you are doing is placing an IPv6 PACKET into an IPv4 payload. This is
not putting an IPv6 address into an IPv4 address. We specify the packet type of 41
which signifies a encapsulated IPv6 packet.
The main problem is vendor support for packet type 41, consider this when choosing
this transition method.
ISATAP
This protocol generates 2 types of virtual addresses to define private or public IPv4


::0:5EFE:X.X.X.X
- private address (X.X.X.X is a valid IPv4 address)
::200:5EFE:Y.Y.Y.Y - public address (Y.Y.Y.Y is a valid IPv4 Address)
Notice the difference of 0 and 200 for the definition of public address space and private
address space.
Take the following screenshot
As you can see from the link-local IPv6 address is starts with FE80 with defines a link
local address, it also shows FE80::5EFE as we do not define the 200 we can safely
assume this is an private address space.
Page 14 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
If you have published an IPv6 network for communication beyond your link local
subnet. As you can see from our screenshot we have an IPv6 address of
2001:4898:0:FFF:0:5EFE:10.85.96.144
We can see our 0:5EFE is part of this address as well but we also have a network
defined which is 2001:4898:0:FFF/64
On this subnet we can then use our network to find our router via neighbor discovery
and talk to other networks with IPv6
6to4
This protocol is mainly an internet based protocol and uses relay servers to allow IPv6
networks to communicate with IPv4 networks. This protocol doesn’t not encapsulate or
tunnel merely it acts as a medium to allow you to migrate to full IPv6 networks.
Teredo
This protocol allows IPv6 capable hosts to communicate over an IPv4 Internet in full
IPv6 mode.
As previous mentioned IPv6 does not like NAT. Since there will be a lot of networks
still using NAT for a long time to come we need to address this issue. The other
transition technologies 6to4 and Tunneling do NAT work correctly over NAT and
should not be used when this is part of the infrastructure. Teredo supports NAT by
encapsulating an IPv6 packet into an IPv4 UDP packet and route them over an IPv4
Network. This is transmitted over port UDP 3544.
Teredo is a last resort protocol and will be phased out.
Page 15 of 15
IPv6 for the IT Pro
Revision 1.0
Author: John McCabe
Related documents
Assignment - Staffordshire University
Assignment - Staffordshire University
bsys 1000 FMGT 1C ELLA HUANG
bsys 1000 FMGT 1C ELLA HUANG
File
File
IPv4 to IPv6 Migration strategies
IPv4 to IPv6 Migration strategies
IPv4 and IPv6
IPv4 and IPv6
APNIC Focus Group and Survey Action Plan
APNIC Focus Group and Survey Action Plan
Download
advertisement