Embed Size (px)
Citation preview
©
Shameless plug:
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58720-457-6
STEAL MY STUFF!
Username = ciscoPassword = perlman
www.cabrillo.edu/~rgraziani/ipv6.html
©
Running Out of IPv4
• The regions with the largest populations have the lowest percentages of people connected to the Internet
Graphic from Internet World Stats, www.internetworldstats.com/stats.htm
©
When is IPv6 going to happen?
©
From Misperceptions about ARIN IPv4 Depletion (from ARIN)
©
• ISPs are running out or have run out of IPv4
• 70% of ISP transit traffic (IPv4 and IPv6) is being carried over IPv6 (Cisco Live, 2015)
• Large ISPs looking to go to IPv6 only• CGN is not a good option (breaks things)• 47% of Internet content available on IPv6• Parts of Internet going IPv6 only• ISPs, mobile feeling the wave now• Home and corporate content is next wave• US Corporate office …. Well ….
Wave hitting the ISP shores
©
CGN breaks (from RFC 6598)• Console gaming• Video streaming• Peer-to-Peer Applications• Geo-location
100.64.0.0/10
192.168.1.0/24
©
CENIC customers may be allocated space no larger than a /27 (32 usable addresses).
In all cases, utilization of 85% or greater must be demonstrated before additional space will be allocated.
©
And then there’s mobile…
• Facebook sees 20-40% (1-2 seconds) better performance because no NAT, CGN, etc.
• Facebook internally is IPv6 only
©
Comcast X1 is IPv6 Only - Comcast Voice is going IPv6 only
©
The benefits of deploying IPv6 onlyGeoff Huston (APNIC) Addressing NANOG64 (2015) (Comcast, Facebook, T-Mobile)
• 2013 – Less than 1% IPv6
• 2014 – 5%• 2015 – 20%• Why the sudden
growth?• Because operators
have had to go to IPv6• Comcast – 45% is
IPv6 for those dual stack
https://www.youtube.com/watch?v=EfjdOc41g0s
©
©
Representing an IPv6 Address
©
The Beauty of Hexadecimal: 4 bits = 1 hex digit
Dec 8 9101112131415
Hex 8 9 A B C D E F
Dec 0 1 2 3 4 5 6 7
Hex 0 1 2 3 4 5 6 7
Binary842100000001001000110100010101100111
Binary842110001001101010111100110111101111
©
IPv6 Address Notation
IPv6 addresses are 128-bit addresses represented in:• Hexadecimal: 1 hex digit = 4 bits• Eight 16-bit segments or “hextets” (not a formal term) between 0000 and FFFF• Separated by colons• Reading and subnetting IPv6 is easier than IPv4…. Really!
2001:0DB8:AAAA:1111:0000:0000:0000:0100
2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100
16 bits1
16 bits2
16 bits3
16 bits4
16 bits5
16 bits6
16 bits7
16 bits8
©
Number of IPv6 Addresses
IPv4 addresses: • 4.3 billionIPv6 addresses: • 340 undecillion
Number nameScientific Notation
Number of zeros
1 Thousand 103 1,000
1 Million 106 1,000,000
1 Billion 109 1,000,000,000
1 Trillion 1012 1,000,000,000,000
1 Quadrillion 1015 1,000,000,000,000,000
1 Quintillion 1018 1,000,000,000,000,000,000
1 Sextillion 1021 1,000,000,000,000,000,000,000
1 Septillion 1024 1,000,000,000,000,000,000,000,000
1 Octillion 1027 1,000,000,000,000,000,000,000,000,000
1 Nonillion 1030 1,000,000,000,000,000,000,000,000,000,000
1 Decillion 1033 1,000,000,000,000,000,000,000,000,000,000,000
1 Undecillion 1036 1,000,000,000,000,000,000,000,000,000,000,000,00
0
IPv44.3 billion
IPv6340 undecillion
340,282,366,920,938,463,463,374,607,431,768,211,456
©
Two Rules for Compressing IPv6 AddressesRule 1: Omitting Leading 0s
• Two rules for reducing the size of written IPv6 addresses. • First rule: Leading zeroes in any 16-bit segment do not have to be written.
2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc002001 : DB8 : 1 : 1000 : 0 : 0 : ef0 : bc00
2001 : 0DB8 : 010d : 000a : 00dd : c000 : e000 : 00012001 : DB8 : 10d : a : dd : c000 : e000 : 1
2001 : 0DB8 : 0000 : 0000 : 0000 : 0000 : 0000 : 0500 2001 : DB8 : 0 : 0 : 0 : 0 : 0 : 500
©
Two Rules for Compressing IPv6 AddressesRule 1: Omitting Leading 0s
Only leading 0s can be excluded, trailing 0s must be included.Or leads to ambiguity…
2001 : 0DB8 : ab : 1234 : 5678: 9abcd: ef12: 3456
2001 : 0DB8 : 00ab : 1234 : 5678: 9abcd: ef12: 34562001 : 0DB8 : ab00 : 1234 : 5678: 9abcd: ef12: 34562001 : 0DB8 : 0ab0 : 1234 : 5678: 9abcd: ef12: 3456
?
©
Two Rules for Compressing IPv6 AddressesRule 2: Double Colon ::
• The second rule can reduce this address even further:• Second rule: Any single, contiguous string of one or more 16-bit segments
consisting of all zeroes can be represented with a double colon (::).
2001 : 0DB8 : 1000 : 0000 : 0000 : 0000 : 0000 : 0001 2001 : DB8 : 1000 : : 1
2001:DB8:1000::1
Second rule First ruleFirst rule
©
Only a single contiguous string of all-zero segments can be represented with a double colon. Although the rule states that both of these are correct…
2001 : DB8 : 0000 : 0000 : 1234 : 0000 : 0000 : 5678
2001 : DB8 :: 1234 : 0 : 0 : 5678
2001 : DB8 : 0 : 0 : 1234 :: 5678
or
Rule 2: Double Colon :: Choices
Maximum reduction of the address is known as the “compressed” format.
… RFC 5952 states that the longest string of zeroes must be replaced with the :: and if they are equal then the first string of 0’s should use the :: representation.
RFC 5952
©
Using the double colon more than once in an IPv6 address can create ambiguity because of the ambiguity in the number of 0s.
2001:DB8::1234::5678
2001:DB8:0000:0000:0000:1234:0000:56782001:DB8:0000:0000:1234:0000:0000:56782001:DB8:0000:1234:0000:0000:0000:5678
Rule 2: Double Colon :: Only Once
The IPv6 Prefix Length
©
IPv4: Subnet Mask and Prefix Length
Prefix SubnetBinary Mask Length Mask11111111 00000000 00000000 00000000 /8 255.0.0.011111111 10000000 00000000 00000000 /9 255.128.0.011111111 11000000 00000000 00000000 /10 255.192.0.011111111 11100000 00000000 00000000 /11 255.224.0.011111111 11110000 00000000 00000000 /12 255.240.0.011111111 11111000 00000000 00000000 /13 255.248.0.011111111 11111100 00000000 00000000 /14 255.252.0.011111111 11111110 00000000 00000000 /15 255.254.0.011111111 11111111 00000000 00000000 /16 255.255.0.011111111 11111111 10000000 00000000 /17 255.255.128.011111111 11111111 11000000 00000000 /18 255.255.192.011111111 11111111 11100000 00000000 /19 255.255.224.011111111 11111111 11110000 00000000 /20 255.255.240.011111111 11111111 11111000 00000000 /21 255.255.248.011111111 11111111 11111100 00000000 /22 255.255.252.011111111 11111111 11111110 00000000 /23 255.255.254.011111111 11111111 11111111 00000000 /24 255.255.255.011111111 11111111 11111111 10000000 /25 255.255.255.12811111111 11111111 11111111 11000000 /26 255.255.255.19211111111 11111111 11111111 11100000 /27 255.255.255.22411111111 11111111 11111111 11110000 /28 255.255.255.24011111111 11111111 11111111 11111000 /29 255.255.255.24811111111 11111111 11111111 11111100 /30 255.255.255.25211111111 11111111 11111111 11111110 /31 255.255.255.25411111111 11111111 11111111 11111111 /32 255.255.255.255
©
Terminology
• Terminology: • Prefix equivalent to the network address of an IPv4 address• Prefix length equivalent to subnet mask in IPv4• Interface ID equivalent to host portion of an IPv4 address
2001:DB8:CAFE:1::0001/64
Prefix Interface ID
©
IPv6 Prefix Length• IPv6 prefixes are always identified by prefix length.• Written immediately following the IPv6 address, usually no space.• The prefix length does not have to fall on a nibble (4-bit)
boundary…. But make your life easier! (See hidden slide)
2001:0DB8:0000:0000:0000:0000:0000:0001
/32 /48/52/56/60/64
Prefix
Prefix length
Interface ID
Hex digit = 4 bits :Hextet: = 16 bits
©
IPv6 Prefix LengthPrefixes (network/subnet address):
2001:DB8::/322001:DB8:1::/482001:DB8:CAFE::/482001:DB8:CAFE:1::/642001:DB8:CAFE:1234::/64
2001:DB8:CAFE::1/482001:DB8:CAFE::99:2/482001:DB8:CAFE:1::100/642001:DB8:CAFE:1:AAAA:BBBB:CCCC:DDDD/64
IPv6 devices (hosts, etc.):
Just count hextets!• /32 = 2 hextets• /48 = 3 hextets• /64 = 4 hextets (user subnets,
LANs)
Overview of IPv6 Addresses Address Types
©
IPv6 Address Types…. Road MapIPv6 Addresses
FF00::/8 FF02::1:FF00:0000/104
::/128::1/1282000::/3 FE80::/10 FC00::/7 ::/80
Unicast Multicast Anycast
Assigned Solicited Node
Global Unicast
Link-Local Loopback UnspecifiedUnique Local
Embedded IPv4
Lesson 4 Lesson 5
Lesson 6
IPv6 does not have a “broadcast” address.
©
IPv6 Source and Destination Addresses
• IPv6 Source – Always a unicast• IPv6 Destination – Unicast,
multicast or anycast.
• Unicast includes Global Unicast or Link-Local Unicast.
IPv4
IPv6
©
Global Unicast Address
• Global Unicast Address (GUA)• 2000::/3 (First hextet: 2000::/3 to 3FFF::/3)• Globally unique and routable• Similar to public IPv4 addresses• 2001:DB8::/32 - RFC 2839 and RFC 6890 reserves this range of addresses
for documentation• These are the addresses we will be referring to the most.
IPv6 Internet
©
Global Unicast Address RangeInterface IDSubnet IDGlobal Routing Prefix
001 0010 0000 0000 0000 :0011 1111 1111 1111 :
IANA’s allocation of IPv6 address space in 1/8th sections
Range: 2000: 3FFF:
• Global Unicast Address (GUA)• 2000::/3 • First hextet: 2000::/3 to 3FFF::/3• 1/8th of IPv6 address space
First hextet
©
Parts of a Global Unicast Address
• 64-bit Interface ID = 18 quintillion (18,446,744,073,709,551,616) devices/subnet• 16-bit Subnet ID (initially recommended) = 65,536 subnets
IPv4 Unicast Address
32 bits
Network portion Host portionSubnet portion
/?
IPv6 Global Unicast Address
128 bits
Global Routing Prefix Interface ID16-bit Subnet ID
/64/48
©
/64 Global Unicast Address and the 3-1-4 Rule
Interface IDSubnet IDGlobal Routing Prefix
2001 : 0DB8 : CAFE : 0001 : 0000 : 0000 : 0000 : 0100
3 + 1 = 4 (/64) : 42001:0DB8:CAFE:0001:0000:0000:0000:0100/642001:DB8:CAFE:1::100/64
16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits
3 1 4
/48 /64
©
Global Routing Prefix determines number of /64 subnets *
2001:DB8:0000:0000:0000:0000:0000:0000Global Routing Prefix /64
/60 (4-bit Subnet ID) = 16 subnets
/56 (8-bit Subnet ID) = 256 subnets
/52 (12-bit Subnet ID) = 4,096 subnets
/48 = (16-bit Subnet ID) 65,536 subnets
64-bit Interface ID
/44 = (20-bit Subnet ID) 1,048,576 subnets
/40 (24-bit Subnet ID) = 16,777,216 subnets
/36 (28-bit Subnet ID) = 268,435,456 subnets
/32 (32-bit Subnet ID) = 4,294,967,296 subnets
Subnet ID
(Many sites will get this prefix length)
18 quintillion hosts per subnet
As many IPv6 subnets as there are IPv4 addresses!
From your ISP or ARIN
/32 UCSC from ARIN/48 Cabrillo from CENIC
IPv6 lets us create a well organized and easy to manage addressing plan without having to try and conserve addresses.
©
Subnetting IPv6 in Two Minutes or Less
Can you count in hex?
Just increment by 1 in Hexadecimal:
2001:0DB8:CAFE:0000::/64
2001:0DB8:CAFE:0001::/64
2001:0DB8:CAFE:0002::/64 ...
2001:0DB8:CAFE:0009::/64
2001:0DB8:CAFE:000A::/64
Valid abbreviation is to remove the leading 0s:
2001:DB8:CAFE:1::/64
3-1-4 Rule
• /48 from ISP• Creating /64 subnets
Manual Configuration of IPv6 Addresses Allocation (SLAAC and DHCPv6)
©
• Exactly the same as an IPv4 address only different.• No space between IPv6 address and Prefix-length.• IOS commands for IPv6 are very similar to their IPv4 counterpart.• All 0’s and all 1’s are valid IPv6 host IPv6 addresses.
No space
R1(config)#interface gigabitethernet 0/0R1(config-if)#ipv6 address 2001:db8:cafe:1::1/64R1(config-if)#no shutdownR1(config-if)#exit
2001:DB8:CAFE:3::/64
2001:DB8:CAFE:1::/64
2001:DB8:CAFE:2::/64
G0/0:1:1
G0/1
:1S0/0/0
:100
:100
Static GUA Configuration
R1
A
B
©
2001:DB8:CAFE:3::/64
2001:DB8:CAFE:1::/64
2001:DB8:CAFE:2::/64
G0/0:1:1
G0/1
:1S0/0/0
:100
:100
Static GUA Configuration
R1
A
B
R1(config)#interface gigabitethernet 0/1 R1(config-if)#ipv6 address 2001:db8:cafe:2::1/64R1(config-if)#no shutdownR1(config-if)#exitR1(config)#interface serial 0/0/0 R1(config-if)#ipv6 address 2001:db8:cafe:3::1/64R1(config-if)#no shutdownR1(config-if)#exit
I love the 3-1-4 rule and
subnetting IPv6!
The ipv6 unicast-routing global configuration command is required for forward IPv6 packets – it is not required to configure IPv6 addresses.
©
R1# show running-config
<output omitted for brevity>interface GigabitEthernet0/0 no ip address duplex auto speed auto ipv6 address 2001:DB8:CAFE:1::1/64!
2001:DB8:CAFE:3::/64
2001:DB8:CAFE:1::/64
2001:DB8:CAFE:2::/64
G0/0:1:1
G0/0
:1S0/0/0
:100
:100
Verifying Address Using
Running Configuration
R1
A
B
IPv4 address
IPv6 address
©
R1# show ipv6 interface briefGigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:CAFE:1::1! <output omitted>
Global unicast address
Link-local unicast address
• Link-local and global unicast addresses are displayed.• Link-local address automatically created when (before) the global unicast
address is.• Link-local addresses are used for communicating with other devices on the
same link (not routable).• We will discuss link-local addresses in Lesson 5.
Verifying Unicast Addresses on R1
©
Same as IPv4 devices:• Servers, printers, routers, etc.
Can also be a link-local unicast address of the router.
Static GUA Configuration on PC
©
PCA> ipconfigWindows IP ConfigurationEthernet adapter Local Area Connection: Connection-specific DNS Suffix : IPv6 Address. . . . . . . . . . : 2001:db8:cafe:1::100 Link-local IPv6 Address . . . . : fe80::50a5:8a35:a5bb:66e1 Default Gateway . . . . . . . : 2001:db8:cafe:1::1
Verifying Unicast Addresses on PC
• Link-local addresses are created automatically.• Recent Microsoft operating systems use a random 64-bit Interface ID for link-
local address… (coming soon)
©
PCA> ping 2001:db8:cafe:1::1
Pinging 2001:db8:cafe:1::1 from 2001:db8:cafe:1::100 with 32 bytes of data:
Reply from 2001:db8:cafe:1::1: time=1msReply from 2001:db8:cafe:1::1: time=1msReply from 2001:db8:cafe:1::1: time=1msReply from 2001:db8:cafe:1::1: time=1ms
Ping statistics for 2001:db8:cafe:1::1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1msPCA>
Verifying IPv6 Connectivity
Dynamic Configuration of IPv6 Addresses Allocation (SLAAC and DHCPv6)
©
Dynamic IPv6 Address Allocation
Global Unicast
Manual Dynamic
StaticIPv6
unnumbered
Static + EUI 64
SLAAC DHCPv6
SLAAC + DHCPv6
Similar to IPv4 unnumbered
Stateless Stateful
Next Presentation!
DHCPv6-PD
©
DHCP Server
Dynamic IPv4 Address Allocation
DHCP Client
I need IPv4 addressing information from a DHCP server.
Here is your IPv4 address, subnet mask,
default gateway and DNS server addresses.
©
It Begins with the RA Message
• An ICMPv6 Router Advertisement (RA) suggests to all IPv6 devices on the link how it will receive IPv6 Address Information.
• Sent periodically by an IPv6 router or…• … when the router receives a Router Solicitation message from a host.• Routers can be configured with IPv6 addresses without being an IPv6 router.
DHCPv6 Server
ICMPv6 Router Advertisement
ICMPv6 Router Solicitation
Multicast: To all IPv6 routers, I need
IPv6 address information
Multicast: To all IPv6 devices,
let me tell you how to do this …
I might not even be needed.
Router(config)# ipv6 unicast-routing
©
Router Advertisement: 3 Options
DHCPv6 Server
RA
Router(config)# ipv6 unicast-routing
Option 1: SLAAC – No DHCPv6 (Default on Cisco routers)
“I’m everything you need (Prefix, Prefix-length, Default Gateway)”
Option 2: SLAAC + Stateless DHCPv6 for DNS address
“Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.” (DNS can be in RA)
Option 3: All addressing except default gateway – DHCPv6
“I can’t help you. Ask a DHCPv6 server for all your information.”
DHCPv6
Option 1 and 2: Stateless Address Autoconfiguration• DHCPv6 Server does not maintain state of addressesOption 3: Stateful Address Configuration• Address received from DHCPv6 Server
©
Hey! I can do that!
Stateful vs Stateless
• Stateful – Some server is keeping track or a record of the interaction.• Stateless – No one is keeping track or a record…. But device can still make
sure theirs is unique.
DHCPv6 Server
STATEFUL: I need an IPv6 address
from someone who is keeping track of
who has what address.
I might not even be needed.
STATELESS: I will come up with my own IPv6 address…. No
one will keep track of what address I have.
©
Note: Domain name and DNS server list may be included if router (and end system) support RFC 6106 IPv6 RA Options for DNS Configuration.
SLAAC Option 1 – RA Message
To: FF02::1 (All-IPv6 devices)
From: FE80::1 (Link-local address)
Prefix: 2001:DB8:CAFE:1::
Prefix-length: /64
RA
1
MAC: 00-19-D2-8C-E0-4C
Prefix: 2001:DB8:CAFE:1::
Prefix-length: /64
Default Gateway: FE80::1
Global Unicast Address:
2001:DB8:CAFE:1: + Interface ID
2001:DB8:CAFE:1::/64
EUI-64 Process or Random 64-bit value
2
DHCPv6 Server
3
SLAAC: Stateless Address Autoconfiguration
©
SLAAC: Interface ID
Global Routing Prefix 64-bit Interface ID16-bit Subnet ID
/64/48
EUI-64 Process Randomly Generated Number(Privacy Extension)
SLAACOperating System
EUI-64 Random 64-bit
Windows XP, Server 2003 ✔Windows Vista and newer ✔MAC OSX ✔Linux ✔
DHCPv6 Server
Default OS behavior can be changed.
Known instead of unknown © Copyright DOC RABE Media Man in paper bag on head © Copyright binik
©
Modified EUI-64 Format (Extended Unique Identifier–64)
00 19 D2 8C E0 4C
OUI (24 bits) Device Identifier (24 bits)
00 19 D2 8C E0 4CFF FE
19 D2 8C E0 4CFF FE0000 000000
U/L bit flipped
0000 0010
02 19 D2 8C E0 4CFF FE
Insert FF-FE
©
PC> ipconfigWindows IP ConfigurationEthernet adapter Local Area Connection: IPv6 Address. . . . . . . . : 2001:db8:cafe:1:0219:d2ff:fe8c:e04c Link-local IPv6 Address . . : fe80::0219:d2ff:fe8c:e04c Default Gateway . . . . . : fe80::1
Router Advertisement EUI-64
A 64-bit Interface ID and the EUI-64 process accommodates:• The IEEE specification for a 64-bit MAC address• 64-bit boundary processing
Verifying SLAAC on the PC Using
EUI-64
Why. The Dude looking at the red question mark © Copyright jojje11
Purpose and Format of Link-Local Addresses
©
IPv6 Address TypesIPv6 Addresses
FF00::/8 FF02::1:FF00:0000/104
::/128::1/1282000::/3 FE80::/10 FC00::/7 ::/80
Unicast Multicast Anycast
Assigned Solicited Node
Global Unicast
Link-Local Loopback UnspecifiedUnique Local
Embedded IPv4
IPv6 does not have a “broadcast” address.
©
Link-Local Unicast Range
• Link – Network segment• Link-local means, local to that
link or network.
Remaining 54 bits 64-bit Interface ID1111 1110 10xx xxxx
1111 1110 1000 0000 :1111 1110 1011 1111 :
Range: FE80: FEBF:
Link-local Unicast
First 10 bits
First hextet
©
Link-Local Unicast Address
• IPv6 Source – Always a unicast• IPv6 Destination – Unicast,
multicast, or anycast.• Unicast, including a link-local
address
IPv4
IPv6
©
• Used to communicate with other devices on the link.• Are NOT routable off the link (network).• Only have to be unique on the link.• Not included in the IPv6 routing table.• An IPv6 device must have at least a link-local address.
Link-Local Communications
Link-Local Unicast Address
©
PC> ipconfigWindows IP ConfigurationEthernet adapter Local Area Connection: Connection-specific DNS Suffix : Link-local IPv6 Address . . . . : fe80::50a5:8a35:a5bb:66e1 IPv4 Address. . . . . . . . . . : 192.168.1.101 Subnet Mask . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . : 192.168.1.1
Most Networks Are Already Running IPv6
• IPv6 is automatically enabled with Windows, MAC and Linux operating systems.• Can communicate with other devices on the link, including the router.
I’m not running IPv6… or am I?
I can now communicate with you and give you a GUA and be your default gateway using SLAAC.
But I am really a bad guy and I can do a DoS
or MITM attack.
Even if IPv6 is not deployed, must understand and secure IPv6.
People Icon: Occupations set 5 © Copyright Fredy Sujono
©
I will use your link-
local as my default
gateway,
• Used as a source IPv6 address before a device gets one dynamically (SLAAC and DHCPv6).• Router’s link-local address is used by devices as the default gateway.
• Routers exchange routing messages.• Router use the link-local address as the next-hop address in the routing
table: via link-local address.
An Important Role in IPv6
ICMPv6 Router Solicitation
From: Link-local or unspecified addressTo: Multicast
ICMPv6 Router Advertisement
From: Link-localTo: Multicast
Routing Protocol Messaging
From: Link-localTo: Multicast
Automatically Created Link-Local Addresses
©
Link-Local Unicast Address
Link-local addresses are created • Automatically :
• FE80 (usually) – First 10 bits• Interface ID
• EUI-64 (Cisco routers)• Random 64 bits (many host operating systems)
• Static (manual) configuration – Common practice for routers.
Remaining 54 bits 64-bit Interface ID1111 1110 10xx xxxx
FE80::Interface ID
First 10 bits
©
R1
G0/0
G0/1
S0/0/0
R1# show interface gigabitethernet 0/0GigabitEthernet0/0 is up, line protocol is up Hardware is CN Gigabit Ethernet, address is fc99.4775.c3e0 (bia fc99.4775.c3e0)<Output Omitted>
Automatic Link-Local Address Using EUI-64
Link-local address: FE80:: 64-bit Interface IDA 64-bit Interface ID is created with EUI-64 using: • 48-bit MAC address • Inserting 16 bits: FF-FE• Flipping the U/L (Universal/Local) bit • EUI-64 can also be used to automatically create Global Unicast
Addresses (next presentation)
©
Modified EUI-64 Format (Extended Unique Identifier–64)
FC 99 47 75 C3 E0
OUI (24 bits) Device Identifier (24 bits)
FC 99 47 75 C3 E0FF FE
99 47 75 C3 E0FF FE1111 1100FC
U/L bit flipped
1111 1110
FE 99 47 75 C3 E0FF FE
Insert FF-FE
©
R1
G0/0
G0/1
S0/0/0
R1# show interface gigabitethernet 0/0GigabitEthernet0/0 is up, line protocol is up Hardware is CN Gigabit Ethernet, address is fc99.4775.c3e0 (bia fc99.4775.c3e0)<Output Omitted>
R1#show ipv6 interface briefGigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:CAFE:1::1GigabitEthernet0/1 [up/up] FE80::FE99:47FF:FE75:C3E1 2001:DB8:CAFE:2::1Serial0/0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:CAFE:3::1R1#
EUI-64
Serial interfaces will use a MAC address of an Ethernet interface.
FF:FE = EUI-64 (most likely)
Wait! Two Link-locals
are the same!
Verifying the Router’s Link-Local Address
Link-local addresses
only have to be unique on the link.
Mystery © Copyright sato00
©
PC> ipconfigWindows IP ConfigurationEthernet adapter Local Area Connection: Connection-specific DNS Suffix .: IPv6 Address. . . . . . . . . : 2001:db8:acad:1:3496:1c51:3f57:fe89 Link-local IPv6 Address . . . : fe80::3496:1c51:3f57:fe89 Default Gateway . . . . . . . : fe80::1
• Many operating systems will use a random 64-bit Interface IDs for GUA and Link-Local IPv6 Addresses (more in next presentation).
Verifying the PC’s Link-Local Address
EUI-64 or random 64-bit value
Manually Created Link-Local Addresses
©
Link-Local Unicast Address
Link-local addresses are created • Automatically :
• FE80 (usually) – First 10 bits• Interface ID
• EUI-64 (Cisco routers)• Random 64 bits (many host operating systems)
• Static (manual) configuration• Only needed on devices where it helps the network
administrator remember the address… routers, default gateways.
Remaining 54 bits 64-bit Interface ID1111 1110 10xx xxxx
FE80::Interface ID
First 10 bits
©
R1
G0/0 FE80::1
G0/1FE80::1
S0/0/0FE80::1
R1(config)#interface gigabitethernet 0/0R1(config-if)#ipv6 address fe80::1 ? link-local Use link-local address
R1(config-if)#ipv6 address fe80::1 link-localR1(config-if)#exitR1(config)#interface gigabitethernet 0/1R1(config-if)#ipv6 address fe80::1 link-localR1(config-if)#exitR1(config)#interface serial 0/0/0R1(config-if)#ipv6 address fe80::1 link-localR1(config-if)#
Link-Local only Addresses have to be unique on the link!
Static addresses are more easily remembered and recognizable.
Static Link-Local Addresses
©
R1
G0/0 FE80::1
G0/1FE80::1
S0/0/0FE80::1
Link-Local Addresses: Local and Unique
R2S0/0/0
FE80::2
• Link-local addresses have to be unique only on the link but …• Link-local addresses must be unique on the link!• Hosts don’t need to their link-local address statically configured –
automatically created is fine.
FE80::2
FE80::2
Verifying Link-Local Addresses
©
Verifying Router’s Link-Local Address
R1#show ipv6 interface briefGigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:CAFE:1::1<output omitted>R1#R1# show ipv6 interface gigabitethernet 0/0GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::FE99:47FF:FE75:C3E0 Global unicast address(es): 2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64<output omitted>R1#
©
Router(config)# interface gigabitethernet 0/1Router(config-if)# ipv6 enableRouter(config-if)# endRouter# show ipv6 interface briefGigabitEthernet0/1 [up/up] FE80::20C:30FF:FE10:92E1Router#
• Link-local addresses are automatically created whenever a global unicast address is configured on the interface.
• The ipv6 enable command will:• Automatically create a link-local address when there is no global unicast address
or static link-local address• Maintain the link-local address even when the global unicast address is removed
Link-local unicast address only
Do I Need to Use the ipv6 enable Command?
©
R1# ping fe80::2Output Interface: ser 0/0/0% Invalid interface. Use full interface name without spaces
(e.g. Serial0/1)Output Interface: serial0/0/0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to FE80::2, timeout is 2 secs:!!!!!
Must include exit-interface
G0/0
FE80::1
2001:DB8:CAFE:2::/64
Ser 0/0/0:1
Ser 0/0/0 :2
R2R1
FE80::1 FE80::2
2001:0DB8:ACAD:1::/64
FE80::2?
Pinging a Link-Local Address
©
R1# show ipv6 route ospf
O 2001:DB8:CAFE:2::/64 [110/657] via FE80::2, Serial0/0/0O 2001:DB8:CAFE:3::/64 [110/1304] via FE80::2, Serial0/0/0O 2001:DB8:CAFE:A002::/64 [110/1294] via FE80::2, Serial0/0/0R1#
Link-local addresses are used as next hop addresses
IPv6 Routing Table and Link-Local Addresses
• IPv6 dynamic routing protocols like OSPFv3 and EIGRP form neighbor adjacencies and exchange messages using their link-local address as the source address.
©
Thank you and STEAL MY STUFF!www.cabrillo.edu/~rgraziani/ipv6.html
