Ipv6

ALLAOUI Mohamed Amine – CCNP [email protected]

1

IPv6

Presented by: ALLAOUI Mohamed Amine


2

PlanI. Introduction – TCP/IP modelII. Limitations of ipv4

1. Public and private addresses 2. NAT/PAT3. IPSec

III. Ipv61. Ipv6 concepts and addressing2. Ipv6 routing3. Ipv6 Security4. Migration to IPv6

IV. Ipv6/ipv4 coexistence1. NAT-PT2. Tunneling3. Dual stacks

V. Live Demo


3

TCP/IP

Application

Host-to-Host

Internet

Network Access

letter

Poste / UPS / DHL

With/ without acknowledgment of receipt

• Addresses• Priority• Routes

Cars, airplanes, ships


4

TCP/IP

Application

Host-to-Host

Internet

Network Access

HTTP – FTP – Telnet – RTP – DNS – SMTP

Ethernet – PPP – HDLC – Metro Ethernet – Frame Relay

TCP - UDP

IPv4 – IPv6


5

TCP/IP

My computer192.168.0.100

Google.com173.194.35.2

Application

Host-to-Host

Internet

Network Access

Internet

Network Access

Internet

Network Access

Application

Host-to-Host

Internet

Network Access


6

TCP/IP

My computerIP: 192.168.0.100Mac: mac-pc1

Google.comIP: 173.194.35.2

HTTP

TCP (source 2655, destination 80)

IPv4 (source 192.168.0.100,

destination 173.194.35.2)

EthernetSource mac-pc1, destination mac-r1

IPv4 (source 192.168.0.100, destination 173.194.35.2


HTTP


IPv4 (source 192.168.0.100,

destination 173.194.35.2

PPP / HDLC / ATM

Router 1IP: 192.168.0.254Mac: mac-r1

PPP / HDLC / ATM

Request


7

TCP/IP

My computerIP: 192.168.0.100Mac: mac-pc1

Google.comIP: 173.194.35.2

HTTP


IPv4 (source 192.168.0.100,

destination 173.194.35.2)


IPv4 (source 192.168.0.100, destination 173.194.35.2


HTTP


IPv4 (source 192.168.0.100,

destination 173.194.35.2

PPP / HDLC / ATM

Router 1IP: 192.168.0.254Mac: mac-r1

PPP / HDLC / ATM

Reply


8

Limitations of ipv4

1. Public and private addresses 2. NAT/PAT3. IPSec


9

IPv4 addresses• 32 bits of addresses - 4 Octets ( A.B.C.D)• Total number of addresses is (2^32-1) = 4.294.967.295• Different classes of IP addresses.

Class range number

A 1.0.0.0 126.255.255 126 networks of 16777214 hosts

B 128.0.0.0 191.255.255.255 16320 networks of 65534 hosts

C 192.0.0.0 223.255.255.2552145825

networks of 254 hosts

Subnet mask

255.0.0.0

255.255.0.0

255.255.255.0

All the remaining addresses are reserved for multicast and experimentation

Only approximately 3,5 B addresses are usable


10

Public and Private addresses

• 3 ranges of addresses are used as private addresses

» 192.168.0.0 – 192.168.255.255 » 172.16.0.0 – 172.31.255.255» 10.0.0.0 – 10.255.255.255

• All other usable addresses are public• Only public addresses are routed in the

internet.


11

Network Address Translation

192.168.0.1

192.168.0.2

192.168.0.3

192.168.0.254

Range 192.168.0.0 255.255.255.0

200.156.24.0 – 200.156.24.255

Private

Public

Private Public

192.168.0.1192.168.0.2192.168.0.3

200.168.24.1200.168.24.2200.168.24.3


12

Port Address Translation

192.168.0.1

192.168.0.2

192.168.0.3

192.168.0.254

Range 192.168.0.0 255.255.255.0

200.156.24.4

Private

Public

Private Public

192.168.0.1:2233192.168.0.2:1554192.168.0.3:6651

200.168.24.4:2233200.168.24.4:1554200.168.24.4:6651

private:source port Public:source port


13

NAT/PAT

• Uses a lot of processing power and memory• Hosting limitations• Provides basic security but not really useful• Slows down ip packets• …


14

IPSec

• Security at network layer• More reliable that transport/application layer

security• Consumes less processing power• Provides a lot of features• Provides some security to unsecure applications• Provides authentication, protection, encryption

and negociation


15

IPSec

Application

Host-to-Host

Internet

Network Access


16

IPv4 packet AH/ESP

Ipv4 packet

IPv4 packet Host to Host

Headers

Application

AH/ESP Host to Host ApplicationTransport Mode :

Tunnel Mode : IPv4 packet Host to Host Application


17

IPSec

• More overhead• More processing power• More bandwidth usage• More delay


18

IPv6

1. Ipv6 concepts and addressing2. Ipv6 routing3. Ipv6 Security


19

Ipv6 concepts and addressing

• New internet layer protocol• 128 bits of addresses =

340.282.366.920.938.463.463.374.607.431.770.000.000

• Ipv6 header is less complex that IPv4.• No private addresses• No broadcasts• Very long addresses:

2000:AD24:114d:aabc:1100:0001:0000:0001


20

IPv6 Header


21

Ipv6 concepts and addressing

• Address abbreviation– Ex: 2000:0000:0000:0000:0000:0000:0000:0001

== 2000::1– 2000:0001::1 == 2000:1::1

• 3 types of addresses:– Link Local : FE80:: /10– Multicast : FF02 :: /8– Global Unicast : 2000 :: /3


22

Ipv6 Routing

• Static routing• Dynamic routing– RIPng– OSPF 3– EIGRP for IPv6– Multiprotocol BGP


23

Static Routing

• every router only knows it’s directly connected networks• every router needs to know how to get to all networks• Every router had its own routing table• Each route has to be added staticly to every router


24

Dynamic Routing

• All routers has to use the same routing protocol• Each router sends updates to his neighbors to tell them about networks it knows

• RIPng• OSPF 3• EIGRP for IPv6


25

IPv6 Security

• NDP replaced ARP and stateful DHCP• Link local addresses are not routable• No duplicate MAC-Address on a subnet• « the Less we have on the header the more

secure the protocol is »• Ipv6 supports IPSec without adding another

header.


26

Neighbor Discovery Protocol

• Hosts send a Neighbor Sollicitation to verify if the global unicast address is unique and if it is the the correct subnet (FF02::1)

• Hosts send a Neighbor Advertisement to the multicast address of all IPv6 hosts (FF02::1) to tell them about it’s link local address.

• Finally, to know how to get to the gateway, hosts send another NS to know the IPv6 address of the gateway (FF02::2)


27

Migration to IPv6

• Every computer supports Ipv6 since 2002• Almost all routers support IPv6• Servers on the Internet has to be configured

to use IPv6• Network Operators are not using ipv6 yet.• Some countries in asia are already using IPv6.


28

Migration to IPv6

• What are we waiting for?– Some feature on IPv6 are not yet industry

standards– Internet users are afraid of using global unicast

addressed– Networks administrators are not confortable with

this new suite of protocols– Rare ressources are always more beneficial for

Internet Operators


29

Migration to IPv6

• What are we waiting for?– Some issues with NBMA (frame-relay, ATM, MPLS

…)– Gouvernements don’t accept changes easily.


30

IPv6/IPv4 coexistence

1. NAT-PT2. Tunneling3. Dual stacks


31


CS Professors

ISPIPv6ip/GRE tunnel

2001:AA01:45:3::0/64

NAT -PT

195.25.111.3

2001:AA01:45:3::0/64 195.25.111.3


32


CS Professors

ISP

2001:AA01:45:3::0/64

NAT –PT&

Dual stack

195.25.111.3

Automatic 6to4 or ISATAP tunnel

Dual Stack


33

NAT-PT

• Translates IPv6 addresses to IPv4 and IPv4 to IPv6

• Same as classic NAT and PAT

IPv6 address IPv4 address

2001:AA01:45:3::1 port 15422001:AA01:45:3::2 port 15982001:AA01:45:3::3 port 4452

195.25.111.3 port 1542195.25.111.3 port 1598195.25.111.3 port 4452


34

IPv4 Packet

Tunneling

• Point-to-point Tunnels– Ip6ip– Generic Router Encapsulation (GRE)

• Multipoint Tunnels– Automatic 6to4– ISATAP tunnels

IPv6 Packet Host to Host Application


35

Dual Stacks

• Interfaces that run both IPv4 and IPv6 at the same time

192.168.0.1

192.168.0.2

192.168.0.2542001:AA01:45:9::1/64

2001:AA01:45:9::2/64

2001:AA01:45:9::FFFF/64


36

Thank you for your attentionAny questions ?

Technology

Ipv6