Upload
mohamed-amine-allaoui
View
1.415
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Introduction to IPv6 ipv6 basics ipv6/ipv4 coexistance
Citation preview
ALLAOUI Mohamed Amine – CCNP [email protected]
2
PlanI. Introduction – TCP/IP modelII. Limitations of ipv4
1. Public and private addresses 2. NAT/PAT3. IPSec
III. Ipv61. Ipv6 concepts and addressing2. Ipv6 routing3. Ipv6 Security4. Migration to IPv6
IV. Ipv6/ipv4 coexistence1. NAT-PT2. Tunneling3. Dual stacks
V. Live Demo
ALLAOUI Mohamed Amine – CCNP [email protected]
3
TCP/IP
Application
Host-to-Host
Internet
Network Access
letter
Poste / UPS / DHL
With/ without acknowledgment of receipt
• Addresses• Priority• Routes
Cars, airplanes, ships
ALLAOUI Mohamed Amine – CCNP [email protected]
4
TCP/IP
Application
Host-to-Host
Internet
Network Access
HTTP – FTP – Telnet – RTP – DNS – SMTP
Ethernet – PPP – HDLC – Metro Ethernet – Frame Relay
TCP - UDP
IPv4 – IPv6
ALLAOUI Mohamed Amine – CCNP [email protected]
5
TCP/IP
My computer192.168.0.100
Google.com173.194.35.2
Application
Host-to-Host
Internet
Network Access
Internet
Network Access
Internet
Network Access
Application
Host-to-Host
Internet
Network Access
ALLAOUI Mohamed Amine – CCNP [email protected]
6
TCP/IP
My computerIP: 192.168.0.100Mac: mac-pc1
Google.comIP: 173.194.35.2
HTTP
TCP (source 2655, destination 80)
IPv4 (source 192.168.0.100,
destination 173.194.35.2)
EthernetSource mac-pc1, destination mac-r1
IPv4 (source 192.168.0.100, destination 173.194.35.2
EthernetSource mac-pc1, destination mac-r1
HTTP
TCP (source 2655, destination 80)
IPv4 (source 192.168.0.100,
destination 173.194.35.2
PPP / HDLC / ATM
Router 1IP: 192.168.0.254Mac: mac-r1
PPP / HDLC / ATM
Request
ALLAOUI Mohamed Amine – CCNP [email protected]
7
TCP/IP
My computerIP: 192.168.0.100Mac: mac-pc1
Google.comIP: 173.194.35.2
HTTP
TCP (source 80, destination 2655)
IPv4 (source 192.168.0.100,
destination 173.194.35.2)
EthernetSource mac-pc1, destination mac-r1
IPv4 (source 192.168.0.100, destination 173.194.35.2
EthernetSource mac-pc1, destination mac-r1
HTTP
TCP (source 80, destination 2655)
IPv4 (source 192.168.0.100,
destination 173.194.35.2
PPP / HDLC / ATM
Router 1IP: 192.168.0.254Mac: mac-r1
PPP / HDLC / ATM
Reply
ALLAOUI Mohamed Amine – CCNP [email protected]
8
Limitations of ipv4
1. Public and private addresses 2. NAT/PAT3. IPSec
ALLAOUI Mohamed Amine – CCNP [email protected]
9
IPv4 addresses• 32 bits of addresses - 4 Octets ( A.B.C.D)• Total number of addresses is (2^32-1) = 4.294.967.295• Different classes of IP addresses.
Class range number
A 1.0.0.0 126.255.255 126 networks of 16777214 hosts
B 128.0.0.0 191.255.255.255 16320 networks of 65534 hosts
C 192.0.0.0 223.255.255.2552145825
networks of 254 hosts
Subnet mask
255.0.0.0
255.255.0.0
255.255.255.0
All the remaining addresses are reserved for multicast and experimentation
Only approximately 3,5 B addresses are usable
ALLAOUI Mohamed Amine – CCNP [email protected]
10
Public and Private addresses
• 3 ranges of addresses are used as private addresses
» 192.168.0.0 – 192.168.255.255 » 172.16.0.0 – 172.31.255.255» 10.0.0.0 – 10.255.255.255
• All other usable addresses are public• Only public addresses are routed in the
internet.
ALLAOUI Mohamed Amine – CCNP [email protected]
11
Network Address Translation
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.254
Range 192.168.0.0 255.255.255.0
200.156.24.0 – 200.156.24.255
Private
Public
Private Public
192.168.0.1192.168.0.2192.168.0.3
200.168.24.1200.168.24.2200.168.24.3
ALLAOUI Mohamed Amine – CCNP [email protected]
12
Port Address Translation
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.254
Range 192.168.0.0 255.255.255.0
200.156.24.4
Private
Public
Private Public
192.168.0.1:2233192.168.0.2:1554192.168.0.3:6651
200.168.24.4:2233200.168.24.4:1554200.168.24.4:6651
private:source port Public:source port
ALLAOUI Mohamed Amine – CCNP [email protected]
13
NAT/PAT
• Uses a lot of processing power and memory• Hosting limitations• Provides basic security but not really useful• Slows down ip packets• …
ALLAOUI Mohamed Amine – CCNP [email protected]
14
IPSec
• Security at network layer• More reliable that transport/application layer
security• Consumes less processing power• Provides a lot of features• Provides some security to unsecure applications• Provides authentication, protection, encryption
and negociation
ALLAOUI Mohamed Amine – CCNP [email protected]
15
IPSec
Application
Host-to-Host
Internet
Network Access
ALLAOUI Mohamed Amine – CCNP [email protected]
16
IPv4 packet AH/ESP
Ipv4 packet
IPv4 packet Host to Host
Headers
Application
AH/ESP Host to Host ApplicationTransport Mode :
Tunnel Mode : IPv4 packet Host to Host Application
ALLAOUI Mohamed Amine – CCNP [email protected]
17
IPSec
• More overhead• More processing power• More bandwidth usage• More delay
ALLAOUI Mohamed Amine – CCNP [email protected]
18
IPv6
1. Ipv6 concepts and addressing2. Ipv6 routing3. Ipv6 Security
ALLAOUI Mohamed Amine – CCNP [email protected]
19
Ipv6 concepts and addressing
• New internet layer protocol• 128 bits of addresses =
340.282.366.920.938.463.463.374.607.431.770.000.000
• Ipv6 header is less complex that IPv4.• No private addresses• No broadcasts• Very long addresses:
2000:AD24:114d:aabc:1100:0001:0000:0001
ALLAOUI Mohamed Amine – CCNP [email protected]
21
Ipv6 concepts and addressing
• Address abbreviation– Ex: 2000:0000:0000:0000:0000:0000:0000:0001
== 2000::1– 2000:0001::1 == 2000:1::1
• 3 types of addresses:– Link Local : FE80:: /10– Multicast : FF02 :: /8– Global Unicast : 2000 :: /3
ALLAOUI Mohamed Amine – CCNP [email protected]
22
Ipv6 Routing
• Static routing• Dynamic routing– RIPng– OSPF 3– EIGRP for IPv6– Multiprotocol BGP
ALLAOUI Mohamed Amine – CCNP [email protected]
23
Static Routing
• every router only knows it’s directly connected networks• every router needs to know how to get to all networks• Every router had its own routing table• Each route has to be added staticly to every router
ALLAOUI Mohamed Amine – CCNP [email protected]
24
Dynamic Routing
• All routers has to use the same routing protocol• Each router sends updates to his neighbors to tell them about networks it knows
• RIPng• OSPF 3• EIGRP for IPv6
ALLAOUI Mohamed Amine – CCNP [email protected]
25
IPv6 Security
• NDP replaced ARP and stateful DHCP• Link local addresses are not routable• No duplicate MAC-Address on a subnet• « the Less we have on the header the more
secure the protocol is »• Ipv6 supports IPSec without adding another
header.
ALLAOUI Mohamed Amine – CCNP [email protected]
26
Neighbor Discovery Protocol
• Hosts send a Neighbor Sollicitation to verify if the global unicast address is unique and if it is the the correct subnet (FF02::1)
• Hosts send a Neighbor Advertisement to the multicast address of all IPv6 hosts (FF02::1) to tell them about it’s link local address.
• Finally, to know how to get to the gateway, hosts send another NS to know the IPv6 address of the gateway (FF02::2)
ALLAOUI Mohamed Amine – CCNP [email protected]
27
Migration to IPv6
• Every computer supports Ipv6 since 2002• Almost all routers support IPv6• Servers on the Internet has to be configured
to use IPv6• Network Operators are not using ipv6 yet.• Some countries in asia are already using IPv6.
ALLAOUI Mohamed Amine – CCNP [email protected]
28
Migration to IPv6
• What are we waiting for?– Some feature on IPv6 are not yet industry
standards– Internet users are afraid of using global unicast
addressed– Networks administrators are not confortable with
this new suite of protocols– Rare ressources are always more beneficial for
Internet Operators
ALLAOUI Mohamed Amine – CCNP [email protected]
29
Migration to IPv6
• What are we waiting for?– Some issues with NBMA (frame-relay, ATM, MPLS
…)– Gouvernements don’t accept changes easily.
ALLAOUI Mohamed Amine – CCNP [email protected]
30
IPv6/IPv4 coexistence
1. NAT-PT2. Tunneling3. Dual stacks
ALLAOUI Mohamed Amine – CCNP [email protected]
31
IPv6/IPv4 coexistence
CS Professors
ISPIPv6ip/GRE tunnel
2001:AA01:45:3::0/64
NAT -PT
195.25.111.3
2001:AA01:45:3::0/64 195.25.111.3
ALLAOUI Mohamed Amine – CCNP [email protected]
32
IPv6/IPv4 coexistence
CS Professors
ISP
2001:AA01:45:3::0/64
NAT –PT&
Dual stack
195.25.111.3
Automatic 6to4 or ISATAP tunnel
Dual Stack
ALLAOUI Mohamed Amine – CCNP [email protected]
33
NAT-PT
• Translates IPv6 addresses to IPv4 and IPv4 to IPv6
• Same as classic NAT and PAT
IPv6 address IPv4 address
2001:AA01:45:3::1 port 15422001:AA01:45:3::2 port 15982001:AA01:45:3::3 port 4452
195.25.111.3 port 1542195.25.111.3 port 1598195.25.111.3 port 4452
ALLAOUI Mohamed Amine – CCNP [email protected]
34
IPv4 Packet
Tunneling
• Point-to-point Tunnels– Ip6ip– Generic Router Encapsulation (GRE)
• Multipoint Tunnels– Automatic 6to4– ISATAP tunnels
IPv6 Packet Host to Host Application
ALLAOUI Mohamed Amine – CCNP [email protected]
35
Dual Stacks
• Interfaces that run both IPv4 and IPv6 at the same time
192.168.0.1
192.168.0.2
192.168.0.2542001:AA01:45:9::1/64
2001:AA01:45:9::2/64
2001:AA01:45:9::FFFF/64