Download presentation
Presentation is loading. Please wait.
Published byBasil Harrison Modified over 8 years ago
1
Copyright © 2002 Juniper Networks, Inc. http://www.juniper.net Introduction to IPv6 Ross Callon Net 2002 Fredericton, New Brunswick
2
Agenda IPv6, What and Why? IPv6 Technical Description Transition to IPv6 Juniper's Phased IPv6 introduction Status and Plans for IPv6
3
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 3 What is IPv6? Datagram Protocol ** Routing via RIP, OSPF, IS-IS, BGP ** End-to-end reliability via TCP ** Can make use of MPLS ** ** The same as IPv4 Semantics are very similar to IPv4 Larger addresses More emphasis on security
4
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 4 Why: Advantages of IPv6 Technical Advantages Larger addresses Easier configuration Including easier address change Security “built in” Fix a few minor details
5
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 5 Why: Advantages of IPv6 Larger address space is the main point Permit growth into new areas Cellular phones / wireless devices IP telephony “Always on” high speed internet service requires “always available” address Avoid issues with NAT
6
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 6 Growth of the Internet 63 new hosts per minute 11 new domains per minute 109M total hosts (March 2001) Current annual growth rate: 51% Estimated 1B hosts by mid-2005 8,000 ISPs worldwide (4700+ in U.S. alone) Traffic growth 100-1000% per year Over 3M Websites 70% of Fortune 1000 use NAT Source: Center for Next Generation Internet NGI.ORG
7
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 7 Growth of the Mobile IP Market Sources: ABN AMRO/IDC/Ovum Mobile Subscribers PCs Connected to Web Mobile Internet Users
8
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 8 Inertia vs Incentive Lots of inertia is supporting IPv4 IPv4 is mature & widely deployed What is incentive to move to IPv6? IPv6 needs to Open up a new application area; or Relieve considerable pain IPv6 does the former now, and will do the latter eventually
9
Agenda IPv6, What and Why? IPv6 Technical Description Transition to IPv6 Juniper's Phased IPv6 introduction Status and Plans for IPv6
10
IPv6 Technical Description Addressing architecture Packet structure and header formats Header extensions ICMPv6 Neighbor discovery Autoconfiguration IPv6 routing protocols Flow Label
11
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 11 IPv6 Addressing Architecture Addresses similar to IPv4 IPv6 addresses identify interfaces (not nodes) Hierarchical, topological addresses Forwarding based on best match Some extra flexibility provided eg, anycast, auto-configuration Local node and link addresses available Easier address change supported updates RFC 2373
12
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 12 IPv6 Address types Unicast Identifies a single interface Packet sent to a unicast address is delivered to the interface identified by that address Anycast Identifies a set of interfaces (typically on different nodes) Packet sent to an anycast address is delivered to one of the interfaces identified by that address (normally the nearest) Multicast Identifies a set of interfaces (typically on different nodes) Packet sent to a multicast address is delivered to all interfaces identified by that address IPv6 has no broadcast address
13
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 13 IPv6 Address types: Unicast HTTP NTP Host
14
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 14 3 Hops away 4 Hops away IPv6 Address types: Anycast HTTP NTP Host Example: NTP Servers use the same anycast addresses. Anycast takes shortest link to NTP server. Host
15
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 15 IPv6 Address types: Multicast Video NTP Host
16
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 16 IPv6 Address Text Representation 128 bit length (16 octets) Represented as 8 * 16-bit pieces in hexadecimal, separated by colons ":" For prefixes: IPv6-address/length (bits) Multiple 16-bit fields of zeros can be compacted by using a double-colon "::" Compaction only used once per address Low order 32 bits can use v4 format “d.d.d.d“
17
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 17 IPv6 Address Representation examples IPv6 Addresses: CDFE:910A:2356:5709:8475:1024:3911:2021 2080:0000:0000:0000:0090:7AEB:1000:123A 1800:0000:0000:7AEF:0000:0000:1072:4310 1800:0000:0000:7AEF:0000:0000:16.114.67.16 Compacted IPv6 Address: 2080:0:0:0:90:7AEB:1000:123A Legal compaction 2080::90:7AEB:1000:123ALegal compaction 1800::7AEF:0:0:1072:4310Legal compaction 1800:0:0:7AEF::1072:4310Legal compaction 1800::7AEF::1072:4310Illegal compaction Compaction used twice!
18
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 18 IPv6 Address types High order bits define IPv6 address type Current IPv6 prefix allocation Special format addresses (00/8) (unspecified and loopback addresses) Link-local unicast addresses (FE8/10) Site-local unicast addresses (FEC/10) Multicast addresses (FF/8) Aggregatable global unicast addresses (other) Anycast addresses are allocated from unicast space
19
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 19 Aggregatable global unicast address May be used to connect to public internet Globally unique Based on topology Efficient routing Supports provider-based and exchange- based aggregation
20
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 20 Internet hierarchy ISP 1 ISP 2 ISP 3 ISP 4 IX1 IX2 S1 P1 S2 S3 P2 S4 S5 Public Site ISP = Internet Service Provider IX = Internet Exchange Point Sn = Site n Pm = Provider m S6
21
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 21 Internet hierarchy explained Currently 3 levels defined Public Site Interface Both Public and Site topology can be further subdivided to create even more hierarchies
22
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 22 IPv6 Address format (RFC 2374) FP= Format Prefix (= 001 for globally aggregated unicast addresses) TLA-ID= Top-level aggreation identifier RES= Reserved for future use NLA= Next-level aggregation identifier SLA-ID= Site-level aggregation identifier Interface ID= Interface identifier Interface-IDFPTLA-IDResNLA-IDSLA-ID ≥3≥3≤138241664 128 bit Public Topology Site Topology Interface Identifier Network Portion Node Portion
23
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 23 Interface ID Unique to the link Identifies interface on a specific link All except multicast addresses, must have EUI- 64 format MAC-to-EUI-64 conversion 1.First three octets of MAC becomes Company-ID 2.Last three octets of MAC becomes Node-ID 3.0xFFFE is inserted between Company-ID and Node- ID 4.Universal/Local-Bit (U/L-bit) is set to 1 for global scope
24
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 24 MAC-to-EUI-64 conversion example MAC Address: 0000:0B0A:2D51 In binary: 00000000 00000000 00001011 00001010 00101101 01010001 U/L Bit Company-ID Individual Node-ID Insert FFFE between Company-ID and Node-ID 00000000 00000000 00001011 11111111 11111110 00001010 00101101 01010001 Set U/L bit to 1 00000010 00000000 00001011 11111111 11111110 00001010 00101101 01010001 Resulting EUI-64 Address: 0200:0BFF:FE0A:2D51 U/L Bit = FFFE
25
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 25 Special-format addresses (FP=0x00) Unspecified address Format: 0:0:0:0:0:0:0:0 (all zeros) MUST NEVER be assigned to any node Represents absence of an address MUST NEVER be used as destination address in IPv6 packets nor in IPv6 routing headers Used for host initialization (i.e. autoconfiguration)
26
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 26 Special-format addresses (FP=0x00) Loopback address Format: 0:0:0:0:0:0:0:1 Analogous to IPv4 loopback 127.0.0.1 Can NEVER be assigned to any physical interface Used by nodes to send packets to themselves Traffic destined to loopback address MUST NEVER leave the sending node
27
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 27 Special-format addresses (FP=0x00) IPv6 with embedded IPv4 addresses Format: ::a.a.a.a Used for dual-stack nodes with v4 and v6 IPv6 address assignment is based on v4 address Used for automatic tunnels IPv6 automatically encapsulated over IPv4 This transition approach is not currently recommended (has been replaced by other approaches)
28
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 28 Local-use addresses - Link-local address (FP=FE8/10) Local significance only Meaningful only to nodes on a single link within a single site NOT globally unique Unique only within respective scope Used for autoconfiguration, neighbor discovery, nodes on routerless links, routing protocols Routers MUST NOT forward packets with either source or destination link-local addresses beyond that link
29
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 29 Link-local address format Examples FE80:0000:0000:5ABC:01FF:FE01:1111 FE80::0060:08FF:FEB1:7EA2 FE80::200:CFF:FE0A:2C51 Interface-ID11111110100 105464 128 bit
30
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 30 Local-use addresses - Site-local address (FP=FEC/10) To be used within a site only NOT globally unique Recommended for router interfaces NOT to be propagated beyond site boundaries Network configured with site-local address is NOT reachable from locations OUTSIDE the site Edge routers MUST keep site-local traffic within site
31
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 31 Site-local address format Interface-ID11111110110 105464 128 bit Subnet-ID (SLA-ID) 16 Examples FEC0:0000:0000:5ABC:01FF:FE01:1111 FEC0::0060:08FF:FEB1:7EA2 FEC0::200:CFF:FE0A:2C51
32
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 32 Anycast Addresses Used to address multiple interfaces on different nodes with SAME IPv6 address Allocated from unicast address space Addresses are taken from Interface-ID field Currently, only specified anycast addresses are for subnet-router and for Mobile IPv6 home-agents
33
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 33 Subnet-router anycast address format Examples Subnet-router anycast address: FEC0:0:0:A:: Resulting Unicast router address: FEC0:0:0:A:200:CFF:FE0A:2C51 00000000000000000Subnet Prefix n Bits128-n Bits 128 bit Subnet FEC0:0:0:A:: Interface-ID 200:CFF:FE0A:2C51 Interface-ID 200:CFF:FE0C:4A72
34
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 34 Multicast Addresses Always begin with 0xFF Two types Well-known – assigned by an official authority Transient – locally assigned for non-global use Multicast addresses are scoped Currently 5 scope levels defined: Local to the node (scope = 1, node-local) Local to the link (scope = 2, link-local) Local to the site (scope = 5, site-local) Local to the organization (scope = 8) Global (scope = E) Reserved (scope = 0 and scope = F)
35
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 35 Multicast address format Group-ID11111111flgs 84112 128 bit scope 4 First 3 bits set to 0 Last bit defines address type: 0 = Permanent (or well-known) 1 = Locally assigned (or transient) Defines address scope 0Reserved 1Node-local scope 2Link-local scope 5Site-local scope 8Organization local scope EGlobal scope FReserved
36
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 36 IPv6 Well-known multicast addresses IPv6 Well-known multicast address IPv4 Well-known multicast address Multicast Group Node-local scope FF01:0:0:0:0:0:0:1224.0.0.1All-nodes address FF01:0:0:0:0:0:0:2224.0.0.2All-routers address Link-local scope FF02:0:0:0:0:0:0:1224.0.0.1All-nodes address FF02:0:0:0:0:0:0:2224.0.0.2All-routers address FF02:0:0:0:0:0:0:5224.0.0.5OSPFIGP FF02:0:0:0:0:0:0:6224.0.0.6OSPFIGP-DR‘s FF02:0:0:0:0:0:0:9224.0.0.9RIP routers FF02:0:0:0:0:0:0:D224.0.0.13All PIM routers Site-local scope FF05:0:0:0:0:0:0:2224.0.0.2All-routers address Any valid scope FF0X:0:0:0:0:0:0:101224.0.1.1Network time protocol NTP
37
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 37 Required IPv6 addresses for nodes Link-local address for each interface All assigned unicast addresses Loopback address All-nodes multicast addresses Solicited-node multicast address for each of its assigned unicast and anycast addresses Multicast addresses of all other groups to which the host belongs A host is required to recognize the following addresses:
38
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 38 Required IPv6 addresses for routers Subnet-router anycast address for each of its routing interfaces All other anycast addresses configured on the router All-routers multicast address Multicast addresses of all other groups to which the router belongs In addition to the host address requirements a router is required to recognize the following addresses:
39
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 39 Multi-Homing Multi-Homed domains are common Are a “challenge” for topological addressing IPv6 requires hosts and DNS to deal with multiple addresses for a host is a proposal for how hosts select addresses to use for any particular communication This provides one possible solution An alternative: Exchange-based addresses More work is needed in this area
40
IPv6 Technical Description Addressing architecture Packet structure and header formats Header extensions ICMPv6 Neighbor discovery Autoconfiguration IPv6 routing protocols Flow Label
41
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 41 IPv4 vs. IPv6 Header formats Ver. 6 Ver. 6 Traffic class 8 bits Traffic class 8 bits Flow label 20 bits Flow label 20 bits Payload Length 16 bits Payload Length 16 bits Next Hdr. 8 bits Next Hdr. 8 bits Hop Limit 8 bits Hop Limit 8 bits Source Address 128 bits Source Address 128 bits Destination Address 128 bits Destination Address 128 bits 32 bits Ver. 4 Ver. 4 HL Datagram Length TOS Datagram-ID Flags Flag Offset TTL Protocol Header Checksum Source IP Address Destination IP Address IP Options (with padding if necessary) 32 bits IPv4 header IPv6 header TOS
42
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 42 “Missing” Fields from IPv4 Options Moved to be separate headers (discussed later) Fragmentation fields MTU discovery is a better approach For translation, is available in optional header Checksum Redundant with layer 2 CRC Length fields simplified No fragmentation, no options
43
IPv6 Technical Description Addressing architecture Packet structure and header formats Header extensions ICMPv6 Neighbor discovery Autoconfiguration IPv6 routing protocols Flow Label
44
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 44 Benefits of IPv6 extension headers IPv4 options drawbacks IPv4 options required special treatment in routers Options had negative impact on forwarding performance Therefore rarely used Benefits of IPv6 extension headers Extension headers are external to IPv6 header Routers do not look at these options except for Hop-by-hop options No negative impact on router‘s forwarding performance Easy to extend with new headers and option
45
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 45 IPv6 extension headers IPv6 header NH=TCP TCP header + data Routing header NH=TCP IPv6 header NH=Routing IPv6 header NH=Routing Routing header NH=Fragment Fragment header NH=TCP TCP header + data
46
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 46 IPv6 extension headers HeaderPrevious header‘s NH- value Hop-by-hop options0 Destination options60 Routing43 Fragment44 Authentication51 Encapsulating Security Payload (ESP)50 Destination options60 OSPF for IPv689
47
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 47 IPv6 extension header processing Extension headers are NOT examined or processed by any node along a packet’s delivery path ONLY hop-by-hop extension header is processed by every node along a packet's delivery path (including source and destination) Hop-by-hop header (if present) must immediately follow IPv6 header Extension headers are processed strictly in order they appear in the packet
48
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 48 IPv6 extension header orders RFC 2460 recommends following order: 1.IPv6 header 2.Hop-by-hop options header 3.Destination options header 4.Routing header 5.Fragment header 6.Authentication header 7.ESP header 8.Destination options header 9.Upper-layer header
49
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 49 Currently available IPv6 options Hop-by-hop Must be processed by every node on the packet‘s path Must always appear immediately after IPv6 header Two Hop-by-hop options already defined: 1. Router alert option 2. Jumbo payload option Destination Meant to carry information intended to be examined by the destination node Only options currently defined are padding options to fill out header on a 64-bit boundary if (future) options require it
50
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 50 Routing header Next header value: 43 Provides "source-routing" functionality Format: Next headerHdr. Ext. LenRouting TypeSegments left Type-specific data 32 bits
51
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 51 Fragment header Next header value: 44 Used to provide datagram fragmentation Format: Next headerReservedFragment offsetRes Identification M 32 bits
52
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 52 Authentication Next header value: 51 Provides data integrity and authentication Format: Next headerPayload Len.RESERVED Authentication data Security Parameters Index (SPI) Sequence Number Field 32 bits
53
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 53 Encapsulating Security Payload (ESP) Next header value: 50 Provides confidentiality, data origin authentication, connectionless integrity, and anti-replay service Format: Authentication data Sequence Number Payload data 32 bits Security Parameters Index (SPI) Pad lengthNext header Payload dataPadding
54
IPv6 Technical Description Addressing architecture Packet structure and header formats Header extensions ICMPv6 Neighbor discovery Autoconfiguration IPv6 routing protocols Flow Label
55
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 55 ICMPv6 Messages Destination unreachable Packet too big Time exceeded Parameter problem Echo request Echo reply
56
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 56 ICMPv6: Destination Unreachable Code0 - no route to destination 1 - communication with destination administratively prohibited 2 - (not assigned) 3 - address unreachable 4 - port unreachable Type=1CodeChecksum As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU 32 bits Unused UnusedThis field is unused for all code values. It must be initialized to zero by the sender and ignored by the receiver. IPv6 Header Destination Address: Copied from the Source Address field of the invoking packet.
57
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 57 ICMPv6: Packet too big CodeSet to 0 by the sender and ignored by the receiver MTUThe maximum transmission unit of the next-hop link Type=2CodeChecksum As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU 32 bits MTU IPv6 Header Destination Address: Copied from the Source Address field of the invoking packet.
58
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 58 ICMPv6: Time exceeded Code0 – Hop limit exceeded in transit 1 – Fragment reassembly time exceeded Type=3CodeChecksum As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU 32 bits Unused UnusedThis field is unused for all code values. It must be initialized to zero by the sender and ignored by the receiver. IPv6 Header Destination Address: Copied from the Source Address field of the invoking packet.
59
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 59 ICMPv6: Parameter problem Code0 - erroneous header field encountered 1 - unrecognized Next Header type encountered 2 - unrecognized IPv6 option encountered Type=4CodeChecksum As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU 32 bits Pointer PointerIdentifies the octet offset within the invoking packet where the error was detected. The pointer will point beyond the end of the ICMPv6 packet if the field in error is beyond what can fit in the maximum size of an ICMPv6 error message. IPv6 Header Destination Address: Copied from the Source Address field of the invoking packet.
60
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 60 ICMPv6: Echo request Code0 IdentifierAn identifier to aid in matching Echo Replies to this Echo Request. May be zero. Sequence NumberA sequence number to aid in matching Echo Replies to this Echo Request. May be zero. DataZero or more octets of arbitrary data. Type=128Code=0Checksum Data 32 bits IdentifierSequence Number IPv6 Header Destination Address: Any legal IPv6 address.
61
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 61 ICMPv6: Echo reply Code0 IdentifierThe identifier from the invoking Echo Request message. Sequence NumberThe sequence number from the invoking Echo Request message DataThe data from the invoking Echo Request message. Type=129Code=0Checksum Data 32 bits IdentifierSequence Number IPv6 Header Destination Address: Copied from the Source Address field of the invoking Echo Request packet.
62
IPv6 Technical Description Addressing architecture Packet structure and header formats Header extensions ICMPv6 Neighbor discovery Autoconfiguration IPv6 routing protocols Flow Label
63
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 63 Neighbor discovery Provides functionality for Serverless autoconfiguration Router discovery Prefix discovery Address resolution Neighbor unreachability detection Link MTU discovery Next-hop determination Duplicate address detection
64
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 64 Neighbor discovery Defines five ICMPv6 packets 1. Router solicitation (RS) 2. Router advertisement (RA) 3. Neighbor solicitation (NS) 4. Neighbor advertisement (NA) 5. Redirect
65
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 65 Router solicitation (RS) ICMP packet type 133 Sent by host to speed up learning of link-local routers Source address is sending host‘s address or 0:0:0:0:0:0:0:0 Destination address is typically all-routers multicast address: FF02::2 May contain sender‘s link layer address (only if source address is not unspecified) Reply is a Router Advertisement (RA)
66
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 66 Router solicitation (RS) format Type=133CodeChecksum Reserved 32 bits Options....
67
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 67 Router advertisement (RA) ICMP packet type 134 Sent by routers periodically or in response to a solicitation to provide information necessary for a node to configure itself Source address is link-local address of the sending router Destination address is either unicast address of a node that sent an RS, or link-scope all-nodes multicast address: FF02::1 Hop-limit MUST be set to 255 Possible options contained in RA: Source link layer address of the router MTU Prefix information about on-link prefixes
68
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 68 Router advertisement (RA) format Type=134CodeChecksum Reachable Time 32 bits Cur. Hop LimitMOReservedRouter lifetime Retransmit Timer Options....
69
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 69 Neighbor discovery: Router solicitation A B C D E F G Default GW-List A B C RS RA
70
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 70 Neighbor discovery: Router advertisement A B C D E F G Default GW-List A RA
71
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 71 Neighbor solicitation (NS) ICMP packet type 135 Used to provide/obtain link-layer address to/of a neighbor Used to verify neighbor reachability Source-address is link-local address of soliciting node Destination-address is either solicited-node multicast address associated with target IP address (link layer determination) Unicast address of the target (reachability verification) Hop-limit MUST be set to 255 Reply is a Neighbor advertisement (NA)
72
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 72 Neighbor solicitation (NS) format Type=135CodeChecksum Reserved 32 bits Target address Options....
73
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 73 Neighbor advertisement (NA) ICMP packet type 136 Sent in response to NS or unsolicited to immediately propagate new information Source address is any valid unicast address assigned to sending node Destination address is For solicited advertisements Source address of the solicitation If solicitations‘s address is unspecified: all-nodes multicast address For unsolicited advertisements All-nodes multicast Hop-limit MUST be set to 255
74
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 74 Neighbor advertisement (NA) format Type=136CodeChecksum Reserved 32 bits Target address Options.... RSO
75
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 75 Redirect Type=137CodeChecksum Reserved 32 bits Target address Options.... Destination address
76
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 76 Redirect A B C D E F G Default GW-List A B C ICMP Redirect to Router B Path used with Default Gateway "A" Host 3 Sent data to Host 3 using Default GW "A" Redirect traffic via Router B
77
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 77 Next-hop discovery Check neighbor cache for existing next- hop entry for particular destination Check whether destination is on- or off- link On-link: Sent directly to destination Off-link: Sent to default router Identify link-layer address of next-hop
78
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 78 Address resolution Uses Neighbor solicitation & advertisements Node checks neighbor cache first If no entry exists, node creates IP entry with state INCOMPLETE Node then sends NS to solicited-node multicast address Source address of NS is a unicast address Receiving node responds with NA indicating it‘s own link-level address Soliciting node updates neighbor cache entry from INCOMPLETE to REACHABLE upon receiption of NA
79
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 79 Neighbor unreachability detection 2 ways to verify neighbor reachability: Using hints from upper-layer protocols From responses to neighbor solicitations Forward direction communication (FDC) must be possible for a neighbor to be REACHABLE FDC is verified if forward progress is being made by an upper-layer protocol (i.e. TCP, receiption of TCP acks)
80
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 80 Neighbor unreachability detection If no verification can be received from upper-layer protocols (like UDP): Node actively probes neighbors to determine reachability state Probes are sent in conjunction with traffic. No traffic, no probes! Probe is neighbor solicitation (NS) Neighbor advertisement (NA) reply is expected to establish FDC
81
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 81 Neighbor unreachability detection Neighbor cache stores information about neighbors IP address Link-layer address Reachability state Neighbor reachability states INCOMPLETE REACHABLE STALE DELAY PROBE
82
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 82 Default router selection Uses default router list and neighbor cache Host chooses one router from it‘s default router list, if destination is off-link AND no cache entry exists for the destination OR Exisiting default router appears to be failing Default router is chosen the first time traffic is sent to an off-link destination REACHABLE routers have preference If multiple reachable routers exist, selection process depends on vendor‘s implementation
83
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 83 Duplicate address detection Must be performed by all nodes Performed before assigning a unicast address to an interface Performed on interface initialization Not performed for anycast addresses Link must be multicast capable New address is called "tentative" as long as duplicate address detection takes place
84
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 84 Duplicate address detection 1.Interface joins all-nodes multicast group 2.Interface joins solicited-node multicast group 3.Node sends (one) NS with Target address = tentative IP address Source address = unspecified (::) Destination address = tentative solicited- node address
85
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 85 Duplicate address detection If address already exists, the particular node sends a NA reply with Target address = tentative IP address Destination address = tentative solicited-node address If soliciting node receives NA reply with target address set to the tentative IP address, the address must be duplicate
86
IPv6 Technical Description Addressing architecture Packet structure and header formats Header extensions ICMPv6 Neighbor discovery Autoconfiguration IPv6 routing protocols Flow Label
87
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 87 Stateless Autoconfiguration Router Advertisements are used to configure hosts M-bit set to 0 tells host to use stateless address autoconfiguration O-bit set to 0 tells host to use stateless autoconfiguration for other parameters
88
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 88 Stateless autoconfiguration process 1.Node initialization 2.Node creates link-local address 3.Node runs duplicate address detection process If process fails, autoconfiguration fails. Manual configuration required. 4.Host (not routers) sends an all-routers multicast solicitation to find a router on the link 5.A router responds to the RS with router advertisement 6.Host uses information contained in RA to: Create site-local address Build an on-link prefix-list Know the link MTU
89
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 89 Stateful Autoconfiguration Router Advertisements are used to configure hosts M-bit set to 1 tells host to use stateful address autoconfiguration (like DHCPv6) O-bit set to 1 tells host to use stateful autoconfiguration for other parameters (like DNS)
90
IPv6 Technical Description Addressing architecture Packet structure and header formats Header extensions ICMPv6 Neighbor discovery Autoconfiguration IPv6 routing protocols Flow Label
91
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 91 MTU path discovery Minimum MTU for IPv6: 1280 bytes Recommended MTU: 1500 bytes Nodes should implement MTU PD Otherwise they must use minimum MTU MTU path discovery works for unicast & multicast MTU path discovery uses ICMP "packet too big" error messages
92
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 92 Static Routes [edit routing-options] ps@R1# show rib inet6.0 { static { route abcd::/48 next-hop 8:3::1; }
93
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 93 RIPng RFC 2080 describes RIPngv1, not to be confused with RIPv1 Based on RIP Version 2 (RIPv2) Uses UDP port 521 Operational procedures, timers and stability functions remain unchanged Message format changed to carry larger IPv6 addresses RIPng is not backward compatible to RIPv2
94
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 94 Multiprocotol BGP-4 Two new attributes support multiprotocol BGP-4 (aka BGP+) Multiprotocol reachable NLRI (MP_REACH_NLRI) Multiprotocol unreachable NLRI (MP_UNREACH_NLRI) MBGP extensions use for IPv6 is described in RFC 2545 MP_REACH_NLRI attribute describes reachable destinations Attribute contains information about Network layer protocol (i.e. IPv6) Prefixes Next-hop to reach prefixes MP_REACH_NLRI updates include One next-hop address List of associated NLRI‘s Follows BGP-4 rules for next-hop attribute IPv6 BGP routers advertise global address of NH-router
95
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 95 IS-IS draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS 2 new TLVs are defined: IPv6 Reachability (TLV type 236) IPv6 Interface Address (TLV type 232) Otherwise, uses same packet formats (!) IPv6 NLPID = 142
96
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 96 OSPFv3 Unlike IS-IS, new version required RFC 2740 Fundamental OSPF mechanisms and algorithms unchanged Packet and LSA formats are different
97
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 97 OSPFv3 Differences from OSPFv2 Runs per-link rather than per-subnet Multiple instances on a single link More flexible handling of unknown LSA types Link-local flooding scope added Similar to flooding scope of type 9 Opaque LSAs Area and AS flooding remain unchanged Authentication removed Neighboring routers always identified by RID Removal of addressing semantics IPv6 addresses not present in most OSPF packets RIDs, AIDs, and LSA IDs remain 32 bits
98
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 98 OSPFv3 LSAs TypeDescription 0x2001Router-LSA 0x2002Network-LSA 0x2003Inter-Area-Prefix-LSA 0x2004Inter-Area-Router-LSA 0x2005AS-External-LSA 0x2006Group-Membership-LSA 0x2007Type-7-LSA (NSSA) 0x2008Link-LSA 0x2009Inter-Area-Prefix-LSA
99
IPv6 Technical Description Addressing architecture Packet structure and header formats Header extensions ICMPv6 Neighbor discovery Autoconfiguration IPv6 routing protocols Flow Label
100
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 100 IPv6 Flow Label 20-bit field to indicate individual flows Scope is per source/destination address pair This is a major change to current IP use Is it useful? In the core, probably not Closer to the edge, or for BIG flows, maybe This is primarily an economic issue (do the benefits justify the cost?)
101
Agenda IPv6, What and Why? IPv6 Technical Description Transition to IPv6 Juniper's Phased IPv6 introduction Status and Plans for IPv6
102
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 102 Transition is expected to take many years IPv4 address exhaustion: 2005 and beyond IPv4 will not disappear anytime soon IPv4 is deployed on an enormous scale Protocols die very slowly, if at all Transition enablers Vendors must provide comparable features, functionality, robustness, performance,… … at all levels (routers to application) Customers must drive the transition Transition Overview
103
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 103 Lessons from History IP is not first protocol to transition There have been “issues” during previous transitions, example: New name service assumes unique addresses (huge address, clever admin.) Protocol translation, with address translation between old and new format Users had deployed local addresses Subtle contradiction big problem Interactions between mechanisms are key
104
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 104 Interaction of Transition Mechanisms draft-ietf-ngtrans-interation-00.txt discusses interactions between mechanisms Limited to two-way interactions (between 16 mechanisms) Does not discuss routing aspects Does not discuss security aspects Limited discussion of effect of translation There are very good reasons for these omissions (it is just too hard)
105
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 105 Myriad proposals Coexistence Dual IP stacks All network devices run both IPv4 and IPv6 stacks Dual IP layers TCP/UDP layer is shared "Bump In the Stack" (BIS) IPv6 modules in IPv4 implementations Tunneling Configured tunnels Automatic tunnels 6 to 4 tunnels 6 over 4 tunnels Translation SIIT – Stateless IP/ICMP Translator NAT-Protocol Translation (NAT-PT) Transition Mechanisms
106
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 106 Dual Stack Transition, Basic Method Routers & DNS are updated to support dual stack (v4 and v6) Hosts are then updated gradually to be dual Use v6 if policy and both ends support it Otherwise use v4 DNS used to determine capability of other end Tunneling may be used with this approach Eventually v4 is phased out This is included in RFC 2893 “Transition Mechanisms for IPv6 Hosts and Routers” (originally proposed in RFC 1347)
107
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 107 “Dual Stack Transition Mechanism” proposes additional functions No native V4 routing, tunnel over v6 instead Temporary v4 address assigned to v6 host, only when they want to talk to older v4 host May assign range of ports, reuse address Address servers and tunnel gateways (TEPs) This is said to be a simplification (??) The jury is still out on this one
108
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 108 Configured tunnels Connects IPv6 hosts or networks over an existing IPv4 infrastructure Generally used between sites exchanging traffic regularly Static tunnels configured on point-to-point basis Examples: CCC, MPLS, GRE, IP-IP, IPSec Automatic tunnels Tunnel is created then removed after use Requires IPv4 compatible addresses 6 to 4 – dynamically established Desirable as no explicit tunnel configuration required 6 over 4 - dynamically established Assumes IPv4 transit network is multicast enabled Tunnel broker IPv6 hosts request v6 tunnel; obtain script to build tunnel Tunneling
109
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 109 6 to 4 Tunneling IPv6/Dual Network 6to4 Router Adds v4 header IPv6/Dual Network IPv4 Core IPv6 Packet Connects isolated IPv6 domains over an IPv4 infrastructure Minimal manual configuration Uses globally unique prefix comprised of the unique 6 to 4 TLA and the globally unique IPv4 address of the exit router Expected to ease initial transition IPv4 PE Router Forwards as Usual Destination 6to4 router removes IPv4 header Delivery Generation
110
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 110 Translation Multiple forms of translation: Between semantically identical protocols Not applicable in this case (nor most) Semantic Dual-Stack (SIIT, RFC 2765) Application needs to be dual stack No meaningful gain over pure dual-stack NAT-PT Same packet translation as SIIT Different semantics (see following slides)
111
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 111 Network Address Translation -- Protocol Translation (NAT-PT) Semantically similar to (v4-to-v4) NAT v6-only hosts need to connect to v4 world DNS servers dynamically assign addresses from pool of global IPv4 addresses IP headers and addresses in applications are translated at NAT boxes NAT box must maintain state Address mappings, TCP sequence number change, Data Unit ID, reassembly, etc..
112
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 112 NAT-PT, continued Translation for any one session must take place at the same NAT-PT router Restricted topology NAT-PT is, like NAT, local to a domain This makes routing straightforward Security is limited (end to end can’t be translated, also no secure DNS) NAPT-PT extends maps TCP/UDP port #s (multiple v6 sessions use one v4 address)
113
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 113 Transition Lessons from the Past KEEP TRANSITION SIMPLE Limit scope and interaction of mechanisms Beware of semantic interdependence Make sure normal humans can fully understand the interactions and implications of all mechanisms Transition/Migration is THE hard part Ensuring existing products do IPv6 well Keeping transition mechanisms under control
114
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 114 Key Factors to a Successful Transition No "Flag Day" transitions! Last Internet transition was 1983 (NCP TCP) Maintain full IPv4/IPv6 dual access Minimize transition dependencies Don't upgrade node X before node Y Must be incremental Must be easy for end user Transition from IPv4 to dual stack must not break anything
115
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 115 Example Site Migration 1. Upgrade applications to be v4/v6 independent 2. Install transition mechanisms at domain edge (Tunnels, Translators) 3. Upgrade routing for native IPv6 4. Upgrade DNS to support IPv6 5. Upgrade hosts to dual stack 6. Convert hosts to IPv6-only (much later)
116
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 116 Example of Dual-Server Transition Client-server model is common Clients talk to servers Servers talk to other servers Install dual-stack Routers and servers (Including DNS, Email, and WWW servers) Communications between servers can use IPv4 or IPv6 Single-protocol clients contact servers using either protocol (v4 or v6)
117
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 117 Transition Security Risks Many transition technologies may open security risks such as DoS attacks Automated interactions open security holes Details aren’t fully understood Packet and route filters, DOS protection needs to be extended to transition techniques Authentication is needed where applicable Translation and authentication may be at odds
118
Agenda IPv6, What and Why? IPv6 Technical Description Transition to IPv6 Juniper's Phased IPv6 introduction Status and Plans for IPv6
119
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 119 Phase Details Platform, Interface Support IPv6 Support Across All Platforms, Interfaces CategoryFeaturePhaseRelated RFC Media Support EthernetP1RFC 2464 PPPP1RFC 2472 NBMAP1RFC 2491 ATM (all encapsulations)P1RFC 2492 Frame RelayP1RFC 2590
120
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 120 Phase Details Fundamental Features CategoryFeaturePhaseRelated RFC Forwarding IPv6 forwarding (in hardware)P1-- Addressing IPv6 Address typesP1RFC 2373 Global unicast address aggregationP1RFC 2373 :hex format with zero suppressionP1RFC 2373 DNSP1RFC 2874 Stateless autoconfigurationP1RFC 2462 Network prefix length notationP1RFC 2373 Routing Static routesP1-- RIPngP1RFC 2080 IS-ISP1-- BGP with v4 PeeringP1RFC 2283, 2545 BGP with v6 PeeringP1RFC 2283, 2545
121
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 121 Phase Details Neighbor Discovery CategoryFeaturePhaseRelated RFC Neighbor Discovery (Router portion) Router discoveryP1RFC 2461 Prefix discoveryP1RFC 2461 Parameter discoveryP1RFC 2461 Address autoconfigurationP1RFC 2461 Address resolutionP1RFC 2461 Next-hop determinationP1RFC 2461 Neighbor unreachability detectionP1RFC 2461 Duplicate address detectionP1RFC 2461 Note: Host portion for router in Next Phase (NP)
122
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 122 Phase Details Management CategoryFeaturePhaseRelated RFC ICMPv6 Destination unreachableP1RFC 2463 Packet too bigP1RFC 2463 Time exceededP1RFC 2463 Parameter ProblemP1RFC 2463 Echo request/replyP1RFC 2463 JUNOScriptP1-- Transition Dual stackP1RFC 2767 Configured tunnelsP1RFC 2893
123
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 123 Phase Details Applications CategoryFeaturePhaseRelated RFC Applications PingP1-- TelnetP1-- TracerouteP1-- FTPP1-- NetstatP1-- TCPdumpP1-- SSHP1-- ifinfoP1--
124
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 124 Phase Details MPLS CategoryFeaturePhaseRelated RFC MPLSL2 MPLS VPN/CCCP1--
125
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 125 Phase Details Options and Miscellaneous CategoryFeaturePhaseRelated RFC Optional Headers Hop-by-hopP1RFC 2460 Path MTU DiscoveryHost portionP1RFC 1981 Router portionP1RFC 1981 Multicast addresses (forwarding - NP) P1/NPRFC 2373
126
Agenda IPv6, What and Why? IPv6 Technical Description Transition to IPv6 Juniper's Phased IPv6 introduction Status and Plans for IPv6
127
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 127 Selected IPv6 RFC’s RFC 1881 – IPv6 Address allocation management RFC 1886 – DNS Extensions to Support IPv6 RFC 1887 – IPv6 Unicast address allocation RFC 1924 – IPv6 Compact representation of IPv6 addresses RFC 1981 – Path MTU discovery for IPv6 RFC 2073 – An IPv6 Aggregatable Global Unicast Address Format RFC 2080 – RIPng for IPv6 RFC 2373 – IPv6 Addressing architecture RFC 2374 – IPv6 Global aggregatable unicast address format RFC 2375 – IPv6 Multicast address assignments RFC 2460 – Internet Protocol, Version 6 (IPv6) Specification RFC 2461 – Neigbhor discovery for IPv6 RFC 2462 – IPv6 Stateless Address Autoconfiguration RFC 2463 – Internet Control Message Protocol Version 6
128
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 128 Selected IPv6 RFC’s, continued RFC 2675 – IPv6 Jumbograms RFC 2711 – IPv6 Router alert option RFC 2740 – OSPF for IPv6 RFC 2765 – Stateless IP/ICMP Translation Algorithm (SIIT) RFC 2766 – Network Address Translation -- Protocol Translation (NAT-PT) RFC 2767 – Dual Stack Hosts using the Bump-in-the-Stack Technique (BIS) RFC 2772 – 6Bone Backbone Routing Guidelines RFC 2893 – Transition mechanisms for IPv6 hosts and routers RFC 3056 – Connection of IPv6 Domains via IPv4 Clouds
129
http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 129 Selected IPv6 Internet Drafts Note: These will be updated over time (or go to www.ietf.org; click on ‘IETF Working Groups‘, click on ipv6 under the Internet area; also click on ngtrans under the Operations and Management area.)
130
Copyright © 2002 Juniper Networks, Inc. http://www.juniper.net http://www.juniper.net Thank you!
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.