Search This Blog

2015-11-22

Introduction to IPv6

IPv6 Fundamentals

There are only 3 address types, and IPv6 does not have broadcast addresses.

The reason broadcast was removed is because it is considered a subset of multicast addresses. If every host listens to a specific multicast address it is essentially the same as a broadcast address.
  • Unicast
  • Multicast
  • Anycast

IPv6 address format

8 hexadectets, hextets or a quibble (quad nibble) colon separated
Each hexadectet represents 2^16 in hex

IPv6 Address Space

2^128 addresses
3.4x10^38 addresses (undecillion)

An IPv6 Address

represented in hex
broken into eight equal parts
utilizes colons as a delimiter
RFC 5952 defines the text representation
each character is 4 bits - hex (nibble)
each colon separated value is 16 bits - hextet (4 nibbles)

All of the above represent the exact same address, just a way of reducing address size by compressing out zeroes.

Special IPv6 Addresses

Unspecified Address
::/128
Counterpart in IPv4 0.0.0.0/32
Function is exactly the same in IPv4 and IPv6

Default Route
::/0
Counterpart in IPv4 0.0.0.0/0

Loopback Address
::1/128
Counterpart in IPv4 127.0.0.1/8

Documentation & Misc.
2001:db8::/32 - documentation uses to use example addresses (shouldn't be used)
0100::64 - for purpose of discard (to null route packets)

Transition addresses (IPv4 to v6 or v6 to v4)

::ffff:0:0:0/96
2001::/32
2002::/16
fc00::/7
2001:20::/28
2001:2::/48
64:ff9b::/96


Deprecated address space:

::/96
fec0::/10
3ffe::/16
0200::/7


IPv6 Address Types

Unicast - sends out a single packet to a specific destination
Multicast - sends out a single packet destined for a multicast address and the router then splits it up and sends out multiple packets
Anycast

Unicast Addresses
Global - 2000::/3
Link-Local - fe80::/64
Unique Local - fc00::/7

Multicast Addresses
Beginning with "ff" indicates multicast address
All Multicast - ff00::/8
Solicited-node - ff02::1:f00:0/104
Link-local all-nodes - ff02::1
For every unicast address assigned you will have an associated multicast address

Anycast Addresses
Anycast addresses are really unicast
You can't tell an Anycast address by looking at it
Think of Anycast as a function of unicast

IPv6 Address Formatting Rules

Must all be lowecase hex
Colons are designated port numbers so with IPv6 you have to use square brackets in URLs
Example:
http://[2001:db8:cafe:5150::1]:8080

IPv6 Zone ID

Zone ID's typically make it easier to identify interfaces tied to IPv6 addresses
Example:
An IPv6 address is assigned to a host interface
Interface "8" has 2001:db8:cafe:5150::1

To represent a zone id use a %

2001:db8:cafe:5150::1%8


Typically the Zone ID will match interface ID
So in linux systems you can have something that looks like:

2001:db8:cafe:5150::1%eth0
2001:db8:cafe:5150::1%eno0

IPv6 Address Usage

Global Unicast Addresses

The total global unicast address space is 2^128 and we're only starting with 1/8 of the total available space when using 2000::/3

2000-3fff are the beginning hextet

All of the main IP providers have been given /12 or more to allocate out
2xxx are global unicast addresses that are being assigned
3xxx havent been assigned as of yet 2015-11-22

A standard IPv6 prefix for a lan is a /64

Each network that we would run in a lan has the amount of IPv4 addresses squared. So a /64 is effectively (total IPv4 address space)^2

IANA has all of the addresses these are handed out to APNIC, ARIN, and RIPE which are registries.

So it goes:
1 IANA
2 Registries
3 Organizations ISPs etc



IANA is holding 3000::/4 addresses in reserve as global unicast until we're ready to give out more.

Link-local addresses

Exist on every interface
fe80::/64
From the range of fe80::/10 but only the /64 is used for now
You cant subnet with the /10 since nothing has been coded to do so yet

Link-local is designed to be unique on a link like private subnets routed between each other.

Bogon addresses are addresses you would not expect to see on your local segment coming from outside of the internet.

IPv6 Neighbor Discovery Protocol

Allows hosts to discover other hosts on the same layer 2 ethernet segment. It uses multicast.
Replaces the function of ARP in IPv4

IPv6 packet is sent to destination which is a solicited node

A solicited node address is an address that exists for each IPv6 address on a host.

The solicited node address is created by appending the last 24 bits on an IPv6 address onto another prefix called the "solicited node prefix"

The solicited node prefix is: ff02::1:ff00:0/104

Once this solicited mode address is built up it installs the multicast address on the NIC to listen for traffic from other devices to discover each other.

Interfaces typically have a link-local and a global unicast address on them. So if the last 24 bits are the same on both the link-local and global unicast it only a single solicited node address is shared for these two addresses.

The Neighbor Discovery Protocol (NDP) process uses Solicited Node, Mulicast, and ICMPv6 to do its discovery

Building a solicited Node Address



There is a cool protocol that allows for link local name resolution using multicast because IPv6 addresses are so hard to remember the two are:
mDNS - mainly used by Apple - ff02::fb
LLMNR (Link Local Mulicast Name Resolution) - Microsoft mainly uses it - ff02::1:3

The equivalent of IPv4 broadcast in mulicast is: ff02::1 if you send packets to this address its pretty much the equivalent of sending a broadcast to an entire local network segment on layer 2.

IPv6 Anycast Addresses Use Cases

Typically requires the use of routing protocol to inject routes

Source wants to talk to the anycast address: 2001:db8::1
Routers will control the propagation of the anycast address throughout the network.
The servers themselves inject information into the router to let it know its status/availability. Then the routes communicate this availability to the rest of the routers in he network.
The routers will also know which machine will have the lowest cost or will be quickest to get to through the magic of routing.


ICMPv6


What is ICMPv6

Similar function as ICMP
Foundational level protocol - just as fundamental as IPv6
Provides info about the health of the network

ICMPv6 Protocol Details

Used to report errors and messages - It is not possible for IPv6 to operate without ICMPv6

Main Message Types:
Error
Informational

Type and Code fields are different than ICMP


Message body is just to provide additional verbose output for error and informational error codes.

Why ICMPv6

If there is a problem delivering or forwarding payload we use ICMPv6 to send these error messages

Combination of type and code will tell you what is happening.

Ping and traceroute work the same.

ICMPv6 Path MTU Discovery

Prior to sending a payload the router will be able to recognize that the MTU on its outbound interface is smaller than what it is expecting to send and will send back an "ICMPv6 Packet Too Big" message and will not attempt to fragment.


A cool tool is called "mtupath" which will tell you the MTU on a segment

Windows:

mtupath -6 $ipAddress


Neighbor discovery
Linux

ndisc6

Allows you to discover devices on the same link using ICMPv6 neighbor discovery.

IPv6 Prefix Notation


Counting in hex will give us our subnet mask bits since each character represents 1 hex character. Which represents a nibble which is 0000 through 1111 in binary or (0-9 and A-F) in hex.


Typically /64's are used for local segments.

However providers will typically allocate /48 address space giving you 16 bits to "subnet" with.


Subnetting Best Practices

Use natural nibble boundaries (count in increments of 4 when selecting subnets, i.e. /60 /56 /52)




Prefix Policy Table

defines how packets are routed out of an interface for ipv6

gives precedence to some local prefixes vs global

IPv6 and DNS

New Record Type
AAAA - resolves to an IPv6 address

A = 32bit record
AAAA = (A*4) = 32*4 = 128 bits

Reverse DNS record
PTR - points to ip6.arpa

Instead of IPv4 which:
PTS - points to in-addr.arpa



Router Advertisements

A method of dynamically discovering local neighbors and adding routes/default gateways


Automatic way to get default gateway essentially

Once you setup an IPv6 address on Cisco IOS it will by default send out RA's unless you specify not to.

DHCPv6 does not provide default gateway information so RA's are required to distribute this information.

Preference values are defined to break ties if there are multiple routers on a local LAN segment.

Failover can take some time as RA's are transmitted on regular defined intervals. Thus it is recommended to use VRRP or some other HA technology to make multiple default gateways highly available.

What are the use cases of RA

Obtain default gateway
Learn DNS info
determine if SLAAC DHCPv6 or both are used
Learn what Global Unicast or ULA prefix to use for that interface

IPv6 Neighbor Discovery



Neighbor Soliciations and Advertisements do the same function as IPv4 ARP

Inverse Neighbor Discovery (IND) protocol functions like IPv4 Reverse ARP

IPv6 and ethernet

New ethertype
IPv4 0x0800
IPv6 0x86DD

Jumbograms are a function available in IPv6 which allows the payload length to exceed the theoretical limit for IP MTU and is only a Layer 3 function.





No comments:

Post a Comment