White Paper IPv6 February. 2010 D-Link HQ.

White Paper IPv6 February. 2010 D-Link HQ

Agenda What is IPv6? Why do we need IPv6? How does IPv6 work?
IPv6 Routing Technologies IPv6 Transition Technologies IPv6 Feature Support Matrix

What is IPv6? IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4"). Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet. IPv6 fixes a number of problems in IPv4, such as the limited number of available IPv4 addresses. Compared with IPv4，IPv6 has the following features: Near-limitless address space Network auto configuration The built-in security Better QoS support Simplified Packet Header Better mobility Routing improvement 4

IPv6 Features Larger Address Spaces
IPv6 addresses are 128-bits long, which enables a total of 3.4 * possible addressable nodes Stateless Address Autoconfiguration IPv6 hosts use ICMPv6 router discovery message for auto-configuration Mandatory Network Layer Security IPSec support is mandatory in IPv6 Interoperable with IPv4 IPSec Simplified Packet Header No fragmentation by default in IPv6 Time-to-Live (TTL) field replaced by Hop Count No Checksum field => rely on L4 protocol

Larger Address Spaces IPv4 IPv6 IP v4 = 32 Bits IP v6 = 128 Bits
About 4,200,000,000 possible addressable nodes IPv6 128 bits About 340,282,366,920,938,463,463,374,607,431,768,211,456 nodes IP v4 = 32 Bits IP v6 = 128 Bits

Why do we need IPv6? IPv4 Exhaustion: Short-term solutions:
IPv4 contains about 4 billion addresses However, a large block is reserved for special use and not for public Rapid Internet growth in the 1990s also dramatically used up IP addresses Mobile devices, broadband connections all use IP now Current IPv4 addresses are predicted to be exhausted by 2011 Short-term solutions: Network Address Translation (NAT) DHCP in broadband (xDSL, ETTx) applications Use of classless subnet mask (CIDR) As of September 2008, Geoff Huston of APNIC predicts with detailed simulations an exhaustion of the unallocated IANA pool in February Tony Hain of Cisco Systems predicts the exhaustion date to be around November These predictions are derived from current trends, and do not take into account any last chance rush to acquire the last available addresses. But as everything is based on IP now, we need a long-term solution to address this problem 8

Drivers for IPv6? IP Everywhere Tender requirement
Internet-enabled wireless devices Diversity of Network Devices Home Application : IP to the home Peer-to-Peer Application, Gaming Tender requirement Government Education Military Investment Protection for future compatibility Government & Organization Leadership IPv6 Ready Logo Popularity 9

How does IPv6 work? IPv6 Addressing IPv6 Packet Format ICMPv6
IPv6 Neighbor Discovery IPv6 Address Configuration IPv6 Security

IPv6 Addressing IPv6 Address Format: IPv6 address = Prefix + Interface ID Prefix: Equivalent to the network ID in the V4 address Interface ID: Equivalent to the host ID in the v4 address 128 bits, divided into eight 16-bit groups by using colons. Each part includes 4-bit hex numbers. The length of the network address (prefix) is represented with “/number”. Example: 3ffe:3700:1100:0001:d9e6:0b9d:14c6:45ee/64

IPv6 Address Abbreviation
In each 16-bit segment, the starting zero can be omitted One or multiple adjacent all 0’s segments can be represented by two colons :: Two colons can only be used once The following example shows the different ways for representing an address: 0001:0123:0000:0000:0000:ABCD:0000:0001/96 1:123:0:0:0:ABCD:0:1/96 1:123::ABCD:0:1/96

IPv6 Address Classification
Unicast address : Link-local , Site-local, Global Multicast address Anycast address Special address : Not specified, Loopback Address type Binary prefix IPv6 ID Not specified (128 bits) ::/128 Loopback address (128 bits) ::1/128 Multicast FF00::/8 Link-local address FE80::/10 Site-local address FEC0::/10 Global unicast (Others)

Unicast Address Identifying a single interface
IPv6 unicast address classification (One interface has multiple addresses for different intentions): Link-local address e.g. FE80::E0:F726:4E58 Site-local address e.g. FEC0::E0:F726:4E58 Global unicast address e.g. 2001:A304:6101:1::E0:F726:4E58 Global-local Site-local Link-local

Structure of Link-local address
Only for communications within one segment of a local network or a point-to-point connection. This addressing is accomplished by stateless address auto-configuration. The packets with link-local source or destination addresses are not sent to other links Structure of Link-local address Link-local addresses are network addresses which are intended only for communications within one segment of a local network (a link) or a point-to-point connection. They allow addressing hosts without using a globally-routable address prefix. Routers will not forward packets with link-local addresses. Link-local addresses are often used for network address configuration when no external source of network addressing information is available. This addressing is accomplished by the host operating system using a process known as stateless address autoconfiguration. IPv4 addresses in the range /16 are assigned automatically by a host operating system when no other IP addressing assignment is available, e.g., from a DHCP server. In IPv6, link-local addresses are required and are automatically chosen with the FE80::/10 prefix. Interface ID 54 64 10

Structure of Site-local address
Used for internal addressing for a single site Packets with site-local source or destination addresses are not forwarded to other sites Equivalent to the private addresses in the IPv4 network (RFC 1918) Structure of Site-local address 10 bits 38 bits 16 bits 64 bits Site-local addresses are designed to be used for addressing inside of a site without the need for a global prefix. Although a subnet ID may be up to 54-bits long, it is expected that globally-connected sites will use the same subnet IDs for site-local and global prefixes. Routers must not forward any packets with site-local source or destination addresses outside of the site. IPv4 addresses in the range /8, /12 and /16 are the IP address space for private internets (RFC 1918). In IPv6, site-local addresses with the FE80::/10 prefix are intended for the same purpose. Subnet ID Interface ID

Global Unicast Address
Used for unique address globally Packets with global addresses are forwarded to any part of the global network (in the ideal case) Structure of a global unicast address 45 bits 16 bits 64 bits 001 Global route prefix Subnet ID Interface ID

Interface Identifier (ID)
The last 64 bits of an IPv6 address Unique to the 64-bit prefix of the IPv6 address Can be obtained in several different ways IEEE adopts MAC-to-EUI*-64 conversion Auto-generated pseudo-random number Assigned via DHCP Manually configured Can be used to create link-local / site-local addresses Can be used to create global addresses with stateless auto configuration * Extended Unique Identifier (EUI)

EUI-64 Specification Converting 48-bit MAC addresses into 64-bit interface ID (EUI) Automatically generated by the device MAC is unique, so the interface ID is also unique Steps: Insert the FFFE into the organization ID (higher 24 bits) and node ID (lower 24 bits) in a MAC address Perform complementary operation to the bit (u-bit) before the g-bit in the MAC address (mostly change from 0 to 1) Universally (=0)/Locally (=1) Administered ccccccugcccccccc ccccccccxxxxxxxx xxxxxxxxxxxxxxxx Universal/Local (u-bit) The U/L bit is the seventh bit of the first byte and is used to determine whether the address is universally or locally administered. If the U/L bit is set to 0, the IEEE, through the designation of a unique company ID, has administered the address. If the U/L bit is set to 1, the address is locally administered. The network administrator has overridden the manufactured address and specified a different address. Individual/Group (g-bit) The I/G bit is the low order bit of the first byte and is used to determine whether the address is an individual address (unicast) or a group address (multicast). When set to 0, the address is a unicast address. When set to 1, the address is a multicast address. ccccccugcccccccc cccccccc xxxxxxxx xxxxxxxxxxxxxxxx 0xFF xFE

Multicast address Flags Scope Group ID V6 multicast MAC address
First three bits are set to 0 The last bit defines the address type 0 = Fixed or well known 1 = Locally allocated or temporary Scope Scope of the multicast group Group ID Multicast group ID V6 multicast MAC address The leading two Bytes “33-33” following 4 bytes/32bits from the last 32 bits (group ID) of the 128 bit IP Multicast address. Reserved 1 Local node range 2 Link-local range 5 Site-local range 8 Local enterprise range E Global range F

Pre-defined Multicast Address
IPv6 predefined multicast address IPv4 predefined multicast address Multicast group Site-local range FF01::1 All node addresses FF01::2 All router addresses Link-local range FF02::1 FF02::2 FF02::5 All OSPF routers FF02::6 All OSPF assigned routers FF02::9 All RIP routers FF02::13 All PIM routers FF05::2 All routers Global FF0x::101 NTP protocol

Solicited-Node Multicast Address
Particular multicast addresses in IPv6 Each node must have a corresponding solicited-node multicast address for each unicast and anycast* address configured, for address resolution (ND*), and repetition detection (DAD*). Solicited-Node multicast address generation process Last 24 bits of interface ID: XX:XXXX Prefix FF02:0:0:0:0:1:FF FF02:0:0:0:0:1:FFXX:XXXX Example: The MAC address of the host is b3-1e The IPv6 address is FE80::0202:B3FF:FE1E:8329 Solicited-Node multicast address: FF02::1:FF1E:8329 The solicited-node address facilitates efficient querying of network nodes during address resolution. IPv6 uses the Neighbor Solicitation message to perform address resolution. Instead of using the local-link scope all-nodes address as the Neighbor Solicitation message destination, which would disturb all IPv6 nodes on the local link, the solicited-node multicast address is used. The solicited-node multicast address consists of the prefix FF02::1:FF00:0/104 and the last 24-bits of the IPv6 address that is being resolved. For example, for the node with the link-local IPv6 address of FE80::0202:B3FF:FE1E:8329, the corresponding solicited-node address is FF02::1:FF1E8329. To resolve the FE80::0202:B3FF:FE1E:8329, address to its link layer address, a node sends a Neighbor Solicitation message to the solicited-node address of FF02::1:FF1E8329. * Please refer to the following slides

Structure of a anycast address
IPv6 New Type that is assigned to more than one interface (typically belonging to different nodes), with the property that a packet sent to an anycast address is routed to the "nearest" interface with that address, according to the routing protocols' measure of distance. Cannot be used as the source address Cannot be assigned to an IPv6 host, that is, it may be assigned to an IPv6 router only. Structure of a anycast address An IPv6 anycast address is an address that is assigned to more than one interface (typically belonging to different nodes), with the property that a packet sent to an anycast address is routed to the "nearest" interface having that address, according to the routing protocols' measure of distance. Anycast addresses are allocated from the unicast address space, using any of the defined unicast address formats. When a unicast address is assigned to more than one interface, thus turning it into an anycast address, the nodes to which the address is assigned must be explicitly configured to know that it is an anycast address. On the Internet, anycast is usually implemented by using BGP to simultaneously announce the same destination IP address range from many different places on the Internet. This results in packets addressed to destination addresses in this range being routed to the "nearest" point on the net announcing the given destination IP address. In the past, Anycast was suited to connectionless protocols (generally built on UDP), rather than connection-oriented protocols such as TCP that keep their own state. However, there are many cases where TCP Anycast is now used, including on carrier networks such as Prolexic. With TCP Anycast, there are cases where the receiver selected for any given source may change from time to time as optimal routes change, silently breaking any conversations that may be in progress at the time. These conditions are typically referred to as a "pop switch". To correct for this issue, there have been proprietary advancements within custom IP stacks which allow for healing of stateful protocols where it is required. However, without any technology to heal pop switches, systems like GeoDNS are more appropriate. For this reason, anycast is generally used as a way to provide high availability and load balancing for stateless services such as access to replicated data; for example, DNS service is a distributed service over multiple geographically dispersed servers. n bits 128-n bits Subnet prefix 000………0

Anycast Example The data is routed to the "nearest" or "best" destination among all the interfaces allocated with an anycast address Who’s Gateway? I’m nearest one. Packet Flow Anycast packets will be sent to nearest one of “Gateways”

Special Address Unspecified address Loopback address
0:0:0:0:0:0:0:0 = ::/128 Loopback address 0:0:0:0:0:0:0:1 = ::1/128 IPv6 address embedded with IPv4 address Used for connection with traditional networks to implement seamless communication between the IPv4 network and IPv6 network. The IPv4 address used must be a globally unique IPv4 unicast address. IPv4 compatible IPv6 address IPv4 mapped IPv6 address -Unspecified address is typically used in the source field of a datagram sent by a device seeking to have its IP address configured. -Loopback address is used for management purposes. -IPv4 compatible IPv6 address is used for auto-tunnelling. -IPv4 mapped IPv6 address is used for SIIT mutual access.

IPv6 Packet Format IPv4 Packet Header IPv6 Packet Header
Service Type Ver 4bits Traffic Class 8bits Flow Label 20bits Ver IHL Total Length Payload Length 16bits Next Header 8bits Hop Limit 8bits Identification Flags Offset TTL Protocol Header Checksum Source Address Source Address 128bits Destination Address Options + Padding 20~60 Bytes A flow is uniquely identified by the combination of a source address and a non-zero flow label. Destination Address 128bits 40 Bytes

IPv6 Expanded Header Next Header type examples:
Zero or multiple EH IPv6 Header Extension Header Extension Header Transport-level PDU Next Header Next Header type examples: Hop-by-hop Options ICMPv4 TCP UDP Routing Fragment Encapsulating Security Payload (ESP) Authentication Header (AH) ICMPv6 No next header Destination Options OSPF

IPv6 Expanded Header Example
IPv6 Header Next Header = 6 Transport-level PDU IPv6 Header Next Header = 44 (Fragment) Fragment Header Next Header = 6 (TCP) Transport-level PDU Transport-level PDU IPv6 Header Next Header = 43 (Routing) Authentication Header Next Header = 6 (TCP) Routing Header Next Header = 51 (AH) Transport-level PDU

ICMPv6 The IPv6 Next Header of the ICMPv6 has the value of 58 (0x3a).
The ICMPv6 has two types of functions: Network layer fault reporting E. g.: Destination Unreachable Information reporting Network layer troubleshooting, like the basics of ping Implementing some network layer functions: router discovery ICMPv6 Packet Format

ICMPv6 Message Type 0 -127: error packet (Bit 0 of the Type field is 0) : information packets (Bit 0 of the Type field is 1) Type Message 1 Destination unreachable 2 Packet too big 3 Time exceeded 4 Parameter problem 128 Echo request 129 Echo reply 133 Router solicitation (RS) 134 Router Advertisement (RA) 135 Neighbor solicitation (NS) 136 Neighbor Advertisement (NA) 137 Redirect

ICMPv6 Ping Implementation
The Ping uses an ICMP Echo to activate the destination to respond with an ICMP Echo Reply. ICMP Request 1::1 2::1 ICMP Reply 1::2014:222f:5339:7866 2::210:5cff:fee5:f239 ICMP Request ICMP Reply

ICMPv6 Tracert Implementation
The Tracert sends specific ICMP request of Hop Limit to the destination node so that the intermediate node will respond with ICMP Time Exceeded packets PCA RT PCB [PCA]ECHO Request: PCB, Hop=1 [RT]TIME EXCEEDED: PCA [PCA]ECHO Request: PCB, Hop=2 [PCB] Echo Reply: PCA

IPv6 Neighbor Discovery
The RFC2461 has defined the neighbor discovery protocol. Neighbor physical address discovery Router discovery Duplicate Address Detection Redirect Auto address configuration

Neighbor Physical Address Discovery
Replace the used IPv4 ARP to discover link layer address of IPv6 node Two types of ICMPv6 packets are used for interaction Neighbor solicitation (NS) The MAC address of NS can be set to multicast for address resolution, unicast for node reachability Neighbor advertisement (NA) Response to neighbor solicitation message Also send to inform change of link layer address NS: Neighbor Solicitation NA: Neighbor Advertisement

Neighbor Physical Address Discovery
PC-A send Neighbor solicitation (NS) packet to find PC-B PC-B responses to PC-A with Neighbor advertisement (NA) packet I want to find B, where is it? I’m here. NS A NA B Ethernet header Destination address: MAC address of solicited-node address of PC-B (a multicast MAC address) IPv6 header Source address: PC-A Destination address: Solicited-node address of B ICMP type 135 NS packet header Destination address: PC-B NS options MAC address of PC-A Ethernet header Destination address: MAC address of PC-A IPv6 packet header Source address: PC-B Destination address: PC-A ICMP type 136 NA packet header Destination address: PC-B NA options MAC address of PC-B IPv6 use the solicited-node multicast address as the destination address for NS packets Solicited-Node Address: FF02:0:0:0:0:1:FFXX:XXXX

Router Discovery Host send to inquire about presence of a router on the link Two types of ICMPv6 packets are used for interaction Router solicitation (RS) Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces Send to all routers multicast address of FF02::2 (all routers multicast address) Source IP address is either link local address or unspecified IPv6 address (::) Router advertisement (RA) Response to router solicitation message Send to all-node multicast address (FF02::1) at periodical intervals RS: Router Solicitation RA: Router Advertisement

Router Discovery The router on the link will send RA at periodical intervals. The host receiving the RA will be added into the default router list The router receiving the RA will check the consistency of the RA contents A B RA RA IPv6 header Source address: Link-local address Destination address: all-node multicast addresse(FF02::1) ICMP type 134 RA header Current hop restriction, flag bit, router alive-period, reachability and retransmission timer RA options Router link layer address, MTU, prefix

Duplicate Address Detection (DAD)
The DAD ensures that there are not any two same unicast addresses in the network. All addresses must be subject to DAD The NS and NA are used for DAD interaction If any duplicate address is found，the address cannot be assigned to the interface. If the address is derived from an interface identifier, a new identifier will need to be assigned to the interface, or all IP addresses for the interface will need to be manually configured. NS: Neighbor Solicitation NA: Neighbor Advertisement

Duplicate Address Detection (DAD) Process
An address is referred to as a temporary address before assigned to an interface Sending Neighbor Solicitation packets at periodical intervals Source address: Unspecified address Destination address: Requested node solicited-node multicast address (FF02:1:FFXX:XXXX) The neighbor with the same address will send Neighbor Advertisement packets Source address: The same address Destination address: all-nodes multicast address (FF02::1) Before sending a Neighbor Solicitation, an interface MUST join the all-nodes multicast address and the solicited-node multicast address of the tentative address. The former insures that the node receives Neighbor Advertisements from other nodes already using the address; the latter insures that two nodes attempting to use the same address simultaneously detect each other's presence. The requested node solicited-node multicast address consists of the prefix FF02::1:FF00:0/104 and the last 24-bits of the requested IPv6 address.

Duplicate Address Detection (DAD)
PC-A has the same IPv6 address as PC-B’s. PC-A and PC-B use NS and NA to perform the DAD interaction process. 2000::1 A B New configuration address 2000::1 Ethernet header Destination address: MAC address of solicited node address of PC-A IPv6 header Source address: :: Destination address: FF02::1:FF00:1 (Solicited-node multicast address of PC-A) ICMP type 135 NS header Target address: 2000::1 NS NA Ethernet header Destination address: MAC address for all node multicast address IPv6 header Source address: 2000::1 Destination address: FF02::1 ICMP type 136 NA header Destination address: 2000::1

Redirect Redirect is used by a router to signal the reroute of a packet to a better router When the gateway knows a better forwarding path, it will notify the host through a redirect packet

Redirect PC-A takes R1 as default gateway through router solicitation process R1 finds R2 has better forwarding path to the network of PC-B R1 sends a redirect packet to PC-A to inform it PC-A should directly take R2 as the next hop to PC-B B A R1 R2 Redirect IPv6 header Source address: R1 Destination address: PC-A ICMP type 137 Redirect header Next-hop address: R2 Destination address: PC-B

IPv6 Address Configuration
Auto configuration Stateless autoconfiguration Stateful autoconfiguration Manual configuration Recommended for servers and important network devices

Functions of Autoconfiguration
The auto configuration technology performs the following functions: Assign the address parameter to the host Address prefix Interface ID Assign other related parameters to the host Router address Hops MTU

Autoconfiguration Process
Interface initialization The interface generates the “temporary” address Perform DAD to the “temporary” address The interface generates the link-local address, having the IP connectivity Determining which autoconfiguration is used -by the Router Advertisement packets and host configuration Stateless autoconfiguration Stateful autoconfiguration Obtaining the global address

Stateless Autoconfiguration
Interface initialization The host sends the Router Solicitation packet The router replies the Router Advertisement packet The host obtains the prefix and other parameters IPv6 address=1::ABCD Link-local address = FE80::EFGH IPv6 address=1::1 Link-local address = FE80::ABCD RS packet Source: FE80::ABCD　Destination: FF02::2 RA packet (prefix is 1::) Source: FE80::EFGH　Destination: FF02::1

Stateful Autoconfiguration (DHCPv6)
DHCP Client Initiate requests on a link to obtain configuration parameters Use its link local address to connect the server Send requests to FF02::1:2 multicast address DHCP Server Responds to requests from clients Optionally provides the client with: IPv6 addresses Other configuration parameters (DNS servers…) Memorizes client’s state The DHCPv6 RFC, submitted in July of 2003, proposes an (almost) entire rewrite of DHCPv4, complete with authentication and interoperability with stateless autoconfiguration. DHCPv6 is called ``stateful'' since there is bidirectional and (somewhat) reliable communication between the client and server. As is similar in DHCPv4, DHCPv6 also uses UDP messages to communicate with clients and servers, claiming ports 546 and 547, respectively. Clients, instead of broadcasting, communicate with the DHCPv6 servers via reserved multicast addresses. ff02:1:2 is the link scoped address for All_DHCP_Relay_Agents_and_Servers and ff05::1:3 is the site scoped address for All_DHCP_Servers. This assumes each client has a working link-local address and has performed some address collision detection, usually DAD, prior to communicating with the DHCPv6 server. LAN DHCPv6 Server

DHCPv6 Client & Server The DHCP Client sends DHCP request to obtain IPv6 address from a DHCPv6 server. The DHCP Server then replies IPv6 address and other parameters such as gateway, DNS server and so on to the client. DHCP Request DHCP Solicit DHCP Advertise DHCP Reply DHCPv6 Client Assign 2042::fd25/64 You can use it! DHCPv6 Server 2042::fd55/64 I want to get a IPv6 address! My IP address is 2042::fd25/64 ! I will use 2042::fd25/64

DHCPv6 Relay Agent If DHCP clients and servers are not in the same network, it needs DHCP relay agents to help forwarding DHCP request messages between clients and servers. DHCP Response DHCPv6 Server IPv6: 2042::1 Internet DHCP Response DHCPv6 Server IPv6: 2042::2 Agent status: enable Server address: 2042::1 Agent status: enable Server address: 2042::2 Relay Response Relay Request Relay Request Relay Response DHCPv6 Agent DHCPv6 Agent DHCP Request DHCP Request DHCPv6 Client DHCPv6 Client

Manual Configuration Manual configuration is recommended for routers and important devices to avoid the network card replacement. Example: Configure the ipv6 address of the server: 2001:288::F:120:0:0:5F/64 Why I cannot access the server? Oh, he just replaced a network card!

IP-MAC-Port Binding IP-MAC-Port Binding v6 (IMPBv6) builds and maintains an IP-MAC-Port Binding table to filter un-trusted hosts. ND/DHCP snooping sniffs NS/DHCP packets to make a binding of (IPv6-address, MAC, Port). Manually configured entry Entry built by DHCPv6 Snooping DHCPv6 Server IP MAC Port … DHCP Reply Entry built by ND Snooping A a 2 C c 18 B b 12 You’re not PC-B You’re not PC-A You’re not PC-C ND: Neighbor Discovery NS: Neighbor Solicitation I’m PC-B I’m PC-A I’m PC-C Faked NA IP: C MAC: b DAD NS DHCP Request Faked NA IP: A MAC: c Faked NA IP: B MAC: a PC-A PC-B PC-C IP: A MAC: a IP: B MAC: b IP: C MAC: c

IPv6 ACL (access control list)
ACL-access control list, is used to filter packet by limiting network traffic and usage by specific users or devices. ACLs can filter traffic as it passes through a switch and permit or deny packets at specified interfaces/ports. IP Port Action 2042::fd24/ Permit 2042::fd26/ Deny 2042::fd26/64 2042::fd24/64 PC-B PC-A 2009::fd26/64 2042::fd24/64

IPv6 Web-based Access Control
Web-Based Authentication Login is designed to authenticate a user when the user is trying to access the network through the switch. Only authenticated user can access the network. Name:*** Password:*** Login Success! Login Fail! Name:*** Password:**** Http Http Http PC-B PC-A

IPv6 Multicast Router / Switch
MLD Snooping With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. IPv6 Multicast Router / Switch Group: FF1E: 1 Member port: 2 Multicast Data FF1E::1 Multicast Data FF1E::dd16 IPv6 Server MLD Snooping Group: FF1E: 1 Member port: 20 Group: FF1E: 1 Member port: 10 Multicast Listener Discovery (MLD) is a component of the Internet Protocol Version 6 (IPv6) suite. MLD is used by IPv6 routers to discover multicast listeners on a directly attached link, much as IGMP is used in IPv4. The protocol is embedded in ICMPv6 instead of using a separate protocol. MLDv1 is similar to IGMPv2 and MLDv2 similar to IGMPv3. Group: FF1E: 1 Member port: 16 Join FF1E::1 IPv6 Client IPv6 Client IPv6 Client

IPv4 & v6 Routing Protocol Version Comparison
Unicast RIP RIP v1/v2 RIPng OSPF OSPF v1/v2 OSPF v3 IS-IS IS-IS (for IPv4) IS-IS for IPv6 BGP BGP 4 BGP 4+ Multicast IGMP/MLD IGMP v1/v2/v3 MLD v1/v2 PIM PIM (for IPv4) PIM v6

RIP next generation (RIPng)
RFC2080 defines RIPng Similarities to IPv4 Based on RIPv2 Distance vector mechanism 16-hop radius Horizontal split Differences from IPv4 RIP update is sent to the specific multicast group FF02::9 Using the UDP port 521 (RIP uses UDP port 520) Information format is changed to bear the IPv6 prefix

RIP next generation (RIPng)
Routers with the same routing protocol (RIPng) distribute their “best route” information through an IPv6-based network Switch A Switch B Switch C N1 RIPng N2 RIPng I can ping PC-B I can ping PC-A I can’t ping PC-B I can’t ping PC-A Exchange routing information Exchange routing information PC-A PC-B Switch B Switch A Switch C 2000::/64 RIPng 3000::/64 RIPng 2000::/64 Local 3000::/64 Local 2000::/64 Local 3000::/64 RIPng 2000::/64 RIPng 3000::/64 RIPng 3000::/64 Local 2000::/64 RIPng

OSPF version 3（OSPFv3） RFC2740 defines OSPFv3
The basic OSPF mechanism and operating method are the same. Major improvement of OSPFv3 over OSPFv2 The data packet and LSA format are different from those of the OSPFv2 The OSPFv3 runs on the basis of the link, while the OSPFv2 runs on the basis of network segments. The topological relationship of OSPFv3 has nothing to do with the IPv6 address. The IPv6 link-local address is used to identify the adjacent neighbor. The LSA expansion range is introduced.

OSPF version 3（OSPFv3） OSPFv3 is designed for IPv6 routing, Routers with the same routing protocol (OSPFv3) distribute their “best route” information through an IPv6-based network Each additional area must have a direct or virtual connection to the backbone OSPF area (area 0). I learned IPv6 network N3 I learned IPv6 network N1 Area1 and Area0 exchange routing information Area2 Area1 Area0 Switch B Switch C N1 N2 N3 Switch A Switch D Virtual link PC-B PC-A Area2 and Area0 exchange routing information I can not ping PC-B I can ping PC-B I can ping PC-A I can not ping PC-A

IPv6 Transition Technologies
The transition from IPv4 to IPv6 is evolving from Network edge to the core IPv4 island IPv6 Internet IPv4 island IPv6 island IPv4 Internet IPv6 island Protocol conversion IPv6 island IPv6 Internet IPv6 island IPv4 Internet IPv6 island IPv6 island

Basic transition mechanism
Dual stack When the device is upgraded to IPv6, it retains the IPv4 support. The applications can choose to select IPv6 or IPv4. The protocol allows the application to gradually evolve from IPv4 to IPv6. Tunnel The IPv6 packet, as the payload of the IPv4, can be sent over an IPv4-only infrastructure . The above two can be summarized as the co-existence technology. Interworking The IPv6 and IPv4 mutual access technology, suitable for coexistence between IPv6 Internet and IPv4 Internet with the need for intercommunication between them.

Overview of IPv6 Transition Technologies
Dual Stack Manual DSTM IPv4/IPv6 Co-existence technology 6to4 Tunnel ISATAP Tunnel Broker Auto tunneling Evolution strategy of IPv4/IPv6 Socks64 SIIT IPv4/IPv6 Mutual access technology Protocol conversion NAT-PT Transport layer relay Application layer agent gateway

IPv4/v6 Dual Stack Dual-stack technology: When the device is upgraded to IPv6, the IPv4 support is retained. The application can use IPv6 or IPv4. All transit technologies are implemented on the basis of dual-stack. Advantage: Good interworking, easy to understand, easy to implement Disadvantage: Every IPv4 node must be upgraded. It involves a high cost, and the shortage of IPv4 address is not solved

IPv4/v6 Dual Stack Ethernet IPv4-IPv6 applications IPv4 applications
data TCP UDP TCP UDP IPv4 stack IPv4 stack IPv6 stack Protocol ID (Ethernet) Protocol ID (Ethernet) 0x0800 0x0800 0x86DD Ethernet Ethernet IPv4 only IPv4-IPv6 Dual Stack

IPv6-over-IPv4 tunneling is the encapsulation of IPv6 packets with an IPv4 header so that IPv6 packets can be sent over an IPv4-only infrastructure. Advantage: Use the tunnel of IPv4 as the virtual link of IPv6 The existing network is fully exploited so that the backbone internal equipment does not need to be upgraded, meeting the strategy of transit from the border. Disadvantage: The tunnel needs to be configured at the cost of efficiency. Only the communication between v6-v6 is possible. D-Link DGS-3600 series will support dual stack and tunnel (Manual, 6to4, ISATAP) in R2.80. IPv4 Header IPv6 Header IPv6 Packet Payload IP v4 Packet Payload

Manual Tunnel Manual tunnels are simple point-to-point tunnels that can be used within a site or between sites. Ipv6route table IPv6 Prefix IPIF 4000::/64 tn1 5000::/64 tn1 2000::1/ v103 3000::1/64 v51 … Ipv6route table IPv6 Prefix IPIF 2000::/64 tn1 3000::/64 tn1 4000::1/ v102 5000::1/64 v100 … V100 V103 ipv4 packet SA: DA: ipv6 packet SA:5000::2 DA:2000::2 Manual Tunnel ipv6 packet SA:5000::2 DA:2000::2 SA:5000::2 DA:2000::2 tn1 tn1 Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : Manual IPv6 Address : Unknown Tunnel Source : Tunnel Destination : Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : Manual IPv6 Address : Unknown Tunnel Source : Tunnel Destination : Decapsulation of IPv6 packets with an IPv4 header Encapsulation of IPv6 packets with an IPv4 header

6to4 Tunnel 6to4 Tunnels are dynamically established between IPv6 sites. It is suitable for interworking of multiple IPv6 edge sides via the IPv4 network. 6to4 address format 2002:<IPv4 address>::/64 2002 IPv4 address SLA ID Interface ID /16 /48 /64 /128 V100 V103 IPv4 packet SA: DA: IPv6 packet SA:2002:3C01:0104:1::1/64 DA:2002:3201:0106:1::1/64 IPv6 packet SA:2002:3C01:0104:1::1/64 DA:2002:3201:0106:1::1/64 6to4Tunnel SA:2002:3C01:0104:1::1 DA:2002:3201:0106:1::1 tn1 tn1 SLA ID: Site-Level Aggregation Identifier Each site obtains /48 prefix, which allows division into /64 subnets. Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : 6to4 Tunnel Source : Tunnel Destination : Decapsulation of IPv6 packets with an IPv4 header Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : 6to4 Tunnel Source : Tunnel Destination : 2002:3201:0106:1:: Encapsulation of IPv6 packets with an IPv4 header

ISATAP Tunnel IPv4 IPv6 Prefix:3000::/64
ISATAP (Intrasite Automatic Tunnel Address Protocol) tunnels are usually used for the auto tunneling technology between the host and router. IPv4 address: IPv6 link-local address: Fe80::5efe:0202:0202 IPv6 global address: 3000::5efe:0202:0202 IPv4 address: IPv6 link-local address: Fe80::5efe:0101:0101 Potential routers list : ISATAP Router ISATAP Host IPv4 Host gets the global IPv6 address: 3000::5efe:0101:0101 IPv6 ISATAP Tunnel Route advertisement IPv4 SA: IPv4 DA: IPv6 SA: fe80::5efe:0202:0202 IPv6 DA: fe80::5efe:0101:0101 ISATAP prefix:3000::/64 Prefix:3000::/64 Route solicitation IPv4 SA: IPv4 DA: IPv6 SA:fe80::5efe:0101:0101 IPv6 DA:fe80::5efe:0202:0202 Encapsulation of IPv6 packets (RA) with an IPv4 header including IPv6 prefix Encapsulation of IPv6 packets (RS) with an IPv4 header and send to the router ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4. Link-local address generation Any host wishing to participate in ISATAP over a given IPv4 network can set up a virtual IPv6 network interface. The link-local address is determined by concatenating fe80::5efe: with the 32 bits of the host's IPv4 address (expressed in hexadecimal notation). Neighbor Discovery Because ISATAP uses IPv4 as a non multicast/broadcast-capable (unlike Ethernet) link layer, ICMPv6 Neighbor Discovery cannot be done in the usual manner. The link layer address associated with a given IPv6 address is contained in the lower-order 32-bits of the IPv6 address. Because IPv4 network lacks multicast support for the use of automatic Router Discovery, ISATAP hosts must be configured with a potential routers list (PRL).

ISATAP Tunnel IPv4 IPv6 Prefix:3000::/64
After ISTAP tunnel is built, IPv6 packets from the host to outside IPv6 network will go to the router first through ISATAP tunnel. IPv4 address: IPv6 global address: 3000::5efe:0202:0202 IPv4 address: IPv6 global address: 3000::5efe:0101:0101 ISATAP Router ISATAP Host IPv4 IPv6 ISATAP Tunnel IPv6 packet SA: 3000::5efe:0101:0101 DA:2002::2 Prefix:3000::/64 ipv6 packet SA: 3000::5efe:0101:0101 DA:2000::2 ipv4 packet SA: DA: SA: 3000::5efe:0101:0101 DA:2000::2 Decapsulation of IPv6 packets with an IPv4 header Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : ISATAP Tunnel Source : Tunnel Destination : Tunnel Interface : tn1 Interface Admin state : Enabled Tunnel Mode : ISATAP Tunnel Source : Tunnel Destination : Encapsulation of IPv6 packets with an IPv4 header

IPv6 Neighbor Discovery
IPv6 Feature Support Matrix IPv6 Basic Features Ping/ Traceroute IPv6 Neighbor Discovery DHCPv6 Client DHCPv6 Relay Agent IMPBv6 IPv6 ACL/QoS WAC support IPv6 MLD Snooping DES-3028   (R2) DES-3200 F (2010)  (R1.1)   (R1) DES-3528 B (R2.2) TBD DES-3800 DES-3810 F (R2, SI) F (FCS, SI) DGS-3100 F (R3.6) DGS-3120 F (FCS) F (R2) DGS-3200 B (R1.6) DGS-3400 F (R2.7) DGS-3700 DGS-3600 F (R2.8) B (R2.52) DES-7200 F DGS-8000 B (R1) IPv6 Neighbor Discovery includes router discovery, duplicate address detection, redirection and auto address configuration.  Function ready F Future release B Beta code ready  Not supported

IPv6 Feature Support Matrix
IPv6 Routing & Transition IPv6 Static Route RIPng OSPFv3 MLD PIMv6 IPv4/v6 Dual Stack IPv6 Tunneling* DES-3028  DES-3200  (R1.1) DES-3528  (R2.2) DES-3800 DES-3810 F (FCS, EI) F (R2, EI) F (2010) F (FCS) DGS-3100 DGS-3120 DGS-3200  DGS-3400 F (R2.7)  (R2.62) F (R3) DGS-3700 F DGS-3600 B (R2.8) B (R2.52)  (R2.5) DES-7200 DGS-8000 F (R2)  Function ready F Future release B Beta code ready  Not supported * IPv6 Tunneling includes Manual, 6to4 and ISATAP.

White Paper IPv6 February. 2010 D-Link HQ.

Similar presentations

Presentation on theme: "White Paper IPv6 February. 2010 D-Link HQ."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

White Paper IPv6 February. 2010 D-Link HQ.

Similar presentations

Presentation on theme: "White Paper IPv6 February. 2010 D-Link HQ."— Presentation transcript:

Similar presentations

About project

Feedback