1. Copyright © 2002 Juniper Networks, Inc. http://www.juniper.net Introduction to IPv6 Ross Callon Net 2002 Fredericton, New Brunswick

2. Agenda  IPv6, What and Why?  IPv6 Technical Description  Transition to IPv6  Juniper's Phased IPv6 introduction  Status and Plans for IPv6

3. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 3 What is IPv6?  Datagram Protocol **  Routing via RIP, OSPF, IS-IS, BGP **  End-to-end reliability via TCP **  Can make use of MPLS ** ** The same as IPv4  Semantics are very similar to IPv4  Larger addresses  More emphasis on security

4. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 4 Why: Advantages of IPv6  Technical Advantages  Larger addresses  Easier configuration  Including easier address change  Security “built in”  Fix a few minor details

5. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 5 Why: Advantages of IPv6  Larger address space is the main point  Permit growth into new areas  Cellular phones / wireless devices  IP telephony  “Always on” high speed internet service requires “always available” address  Avoid issues with NAT

6. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 6 Growth of the Internet  63 new hosts per minute  11 new domains per minute  109M total hosts (March 2001)  Current annual growth rate: 51%  Estimated 1B hosts by mid-2005  8,000 ISPs worldwide (4700+ in U.S. alone)  Traffic growth 100-1000% per year  Over 3M Websites  70% of Fortune 1000 use NAT Source: Center for Next Generation Internet NGI.ORG

7. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 7 Growth of the Mobile IP Market Sources: ABN AMRO/IDC/Ovum Mobile Subscribers PCs Connected to Web Mobile Internet Users

8. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 8 Inertia vs Incentive  Lots of inertia is supporting IPv4  IPv4 is mature & widely deployed  What is incentive to move to IPv6?  IPv6 needs to  Open up a new application area; or  Relieve considerable pain  IPv6 does the former now, and will do the latter eventually

9. Agenda  IPv6, What and Why?  IPv6 Technical Description  Transition to IPv6  Juniper's Phased IPv6 introduction  Status and Plans for IPv6

10. IPv6 Technical Description  Addressing architecture  Packet structure and header formats  Header extensions  ICMPv6  Neighbor discovery  Autoconfiguration  IPv6 routing protocols  Flow Label

11. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 11 IPv6 Addressing Architecture  Addresses similar to IPv4  IPv6 addresses identify interfaces (not nodes)  Hierarchical, topological addresses  Forwarding based on best match  Some extra flexibility provided  eg, anycast, auto-configuration  Local node and link addresses available  Easier address change supported  updates RFC 2373

12. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 12 IPv6 Address types  Unicast  Identifies a single interface  Packet sent to a unicast address is delivered to the interface identified by that address  Anycast  Identifies a set of interfaces (typically on different nodes)  Packet sent to an anycast address is delivered to one of the interfaces identified by that address (normally the nearest)  Multicast  Identifies a set of interfaces (typically on different nodes)  Packet sent to a multicast address is delivered to all interfaces identified by that address  IPv6 has no broadcast address

13. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 13 IPv6 Address types: Unicast HTTP NTP Host

14. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 14 3 Hops away 4 Hops away IPv6 Address types: Anycast HTTP NTP Host Example: NTP Servers use the same anycast addresses. Anycast takes shortest link to NTP server. Host

15. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 15 IPv6 Address types: Multicast Video NTP Host

16. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 16 IPv6 Address Text Representation  128 bit length (16 octets)  Represented as 8 * 16-bit pieces in hexadecimal, separated by colons ":"  For prefixes: IPv6-address/length (bits)  Multiple 16-bit fields of zeros can be compacted by using a double-colon "::"  Compaction only used once per address  Low order 32 bits can use v4 format “d.d.d.d“

17. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 17 IPv6 Address Representation examples IPv6 Addresses: CDFE:910A:2356:5709:8475:1024:3911:2021 2080:0000:0000:0000:0090:7AEB:1000:123A 1800:0000:0000:7AEF:0000:0000:1072:4310 1800:0000:0000:7AEF:0000:0000:16.114.67.16 Compacted IPv6 Address: 2080:0:0:0:90:7AEB:1000:123A Legal compaction 2080::90:7AEB:1000:123ALegal compaction 1800::7AEF:0:0:1072:4310Legal compaction 1800:0:0:7AEF::1072:4310Legal compaction 1800::7AEF::1072:4310Illegal compaction Compaction used twice!

18. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 18 IPv6 Address types  High order bits define IPv6 address type  Current IPv6 prefix allocation  Special format addresses (00/8) (unspecified and loopback addresses)  Link-local unicast addresses (FE8/10)  Site-local unicast addresses (FEC/10)  Multicast addresses (FF/8)  Aggregatable global unicast addresses (other)  Anycast addresses are allocated from unicast space

19. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 19 Aggregatable global unicast address  May be used to connect to public internet  Globally unique  Based on topology  Efficient routing  Supports provider-based and exchange- based aggregation

20. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 20 Internet hierarchy ISP 1 ISP 2 ISP 3 ISP 4 IX1 IX2 S1 P1 S2 S3 P2 S4 S5 Public Site ISP = Internet Service Provider IX = Internet Exchange Point Sn = Site n Pm = Provider m S6

21. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 21 Internet hierarchy explained  Currently 3 levels defined  Public  Site  Interface  Both Public and Site topology can be further subdivided to create even more hierarchies

22. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 22 IPv6 Address format (RFC 2374) FP= Format Prefix (= 001 for globally aggregated unicast addresses) TLA-ID= Top-level aggreation identifier RES= Reserved for future use NLA= Next-level aggregation identifier SLA-ID= Site-level aggregation identifier Interface ID= Interface identifier Interface-IDFPTLA-IDResNLA-IDSLA-ID ≥3≥3≤138241664 128 bit Public Topology Site Topology Interface Identifier Network Portion Node Portion

23. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 23 Interface ID  Unique to the link  Identifies interface on a specific link  All except multicast addresses, must have EUI- 64 format  MAC-to-EUI-64 conversion 1.First three octets of MAC becomes Company-ID 2.Last three octets of MAC becomes Node-ID 3.0xFFFE is inserted between Company-ID and Node- ID 4.Universal/Local-Bit (U/L-bit) is set to 1 for global scope

24. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 24 MAC-to-EUI-64 conversion example  MAC Address: 0000:0B0A:2D51  In binary: 00000000 00000000 00001011 00001010 00101101 01010001 U/L Bit Company-ID Individual Node-ID  Insert FFFE between Company-ID and Node-ID 00000000 00000000 00001011 11111111 11111110 00001010 00101101 01010001  Set U/L bit to 1 00000010 00000000 00001011 11111111 11111110 00001010 00101101 01010001  Resulting EUI-64 Address: 0200:0BFF:FE0A:2D51 U/L Bit = FFFE

25. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 25 Special-format addresses (FP=0x00) Unspecified address  Format: 0:0:0:0:0:0:0:0 (all zeros)  MUST NEVER be assigned to any node  Represents absence of an address  MUST NEVER be used as destination address in IPv6 packets nor in IPv6 routing headers  Used for host initialization (i.e. autoconfiguration)

26. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 26 Special-format addresses (FP=0x00) Loopback address  Format: 0:0:0:0:0:0:0:1  Analogous to IPv4 loopback 127.0.0.1  Can NEVER be assigned to any physical interface  Used by nodes to send packets to themselves  Traffic destined to loopback address MUST NEVER leave the sending node

27. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 27 Special-format addresses (FP=0x00) IPv6 with embedded IPv4 addresses  Format: ::a.a.a.a  Used for dual-stack nodes with v4 and v6  IPv6 address assignment is based on v4 address  Used for automatic tunnels  IPv6 automatically encapsulated over IPv4  This transition approach is not currently recommended (has been replaced by other approaches)

28. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 28 Local-use addresses - Link-local address (FP=FE8/10)  Local significance only  Meaningful only to nodes on a single link within a single site  NOT globally unique  Unique only within respective scope  Used for autoconfiguration, neighbor discovery, nodes on routerless links, routing protocols  Routers MUST NOT forward packets with either source or destination link-local addresses beyond that link

29. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 29 Link-local address format  Examples FE80:0000:0000:5ABC:01FF:FE01:1111 FE80::0060:08FF:FEB1:7EA2 FE80::200:CFF:FE0A:2C51 Interface-ID11111110100 105464 128 bit

30. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 30 Local-use addresses - Site-local address (FP=FEC/10)  To be used within a site only  NOT globally unique  Recommended for router interfaces  NOT to be propagated beyond site boundaries  Network configured with site-local address is NOT reachable from locations OUTSIDE the site  Edge routers MUST keep site-local traffic within site

31. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 31 Site-local address format Interface-ID11111110110 105464 128 bit Subnet-ID (SLA-ID) 16  Examples FEC0:0000:0000:5ABC:01FF:FE01:1111 FEC0::0060:08FF:FEB1:7EA2 FEC0::200:CFF:FE0A:2C51

32. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 32 Anycast Addresses  Used to address multiple interfaces on different nodes with SAME IPv6 address  Allocated from unicast address space  Addresses are taken from Interface-ID field  Currently, only specified anycast addresses are for subnet-router and for Mobile IPv6 home-agents

33. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 33 Subnet-router anycast address format  Examples Subnet-router anycast address: FEC0:0:0:A:: Resulting Unicast router address: FEC0:0:0:A:200:CFF:FE0A:2C51 00000000000000000Subnet Prefix n Bits128-n Bits 128 bit Subnet FEC0:0:0:A:: Interface-ID 200:CFF:FE0A:2C51 Interface-ID 200:CFF:FE0C:4A72

34. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 34 Multicast Addresses  Always begin with 0xFF  Two types  Well-known – assigned by an official authority  Transient – locally assigned for non-global use  Multicast addresses are scoped  Currently 5 scope levels defined:  Local to the node (scope = 1, node-local)  Local to the link (scope = 2, link-local)  Local to the site (scope = 5, site-local)  Local to the organization (scope = 8)  Global (scope = E)  Reserved (scope = 0 and scope = F)

35. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 35 Multicast address format Group-ID11111111flgs 84112 128 bit scope 4 First 3 bits set to 0 Last bit defines address type: 0 = Permanent (or well-known) 1 = Locally assigned (or transient) Defines address scope 0Reserved 1Node-local scope 2Link-local scope 5Site-local scope 8Organization local scope EGlobal scope FReserved

36. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 36 IPv6 Well-known multicast addresses IPv6 Well-known multicast address IPv4 Well-known multicast address Multicast Group Node-local scope FF01:0:0:0:0:0:0:1224.0.0.1All-nodes address FF01:0:0:0:0:0:0:2224.0.0.2All-routers address Link-local scope FF02:0:0:0:0:0:0:1224.0.0.1All-nodes address FF02:0:0:0:0:0:0:2224.0.0.2All-routers address FF02:0:0:0:0:0:0:5224.0.0.5OSPFIGP FF02:0:0:0:0:0:0:6224.0.0.6OSPFIGP-DR‘s FF02:0:0:0:0:0:0:9224.0.0.9RIP routers FF02:0:0:0:0:0:0:D224.0.0.13All PIM routers Site-local scope FF05:0:0:0:0:0:0:2224.0.0.2All-routers address Any valid scope FF0X:0:0:0:0:0:0:101224.0.1.1Network time protocol NTP

37. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 37 Required IPv6 addresses for nodes  Link-local address for each interface  All assigned unicast addresses  Loopback address  All-nodes multicast addresses  Solicited-node multicast address for each of its assigned unicast and anycast addresses  Multicast addresses of all other groups to which the host belongs A host is required to recognize the following addresses:

38. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 38 Required IPv6 addresses for routers  Subnet-router anycast address for each of its routing interfaces  All other anycast addresses configured on the router  All-routers multicast address  Multicast addresses of all other groups to which the router belongs In addition to the host address requirements a router is required to recognize the following addresses:

39. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 39 Multi-Homing  Multi-Homed domains are common  Are a “challenge” for topological addressing  IPv6 requires hosts and DNS to deal with multiple addresses for a host  is a proposal for how hosts select addresses to use for any particular communication  This provides one possible solution  An alternative: Exchange-based addresses  More work is needed in this area

40. IPv6 Technical Description  Addressing architecture  Packet structure and header formats  Header extensions  ICMPv6  Neighbor discovery  Autoconfiguration  IPv6 routing protocols  Flow Label

41. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 41 IPv4 vs. IPv6 Header formats Ver. 6 Ver. 6 Traffic class 8 bits Traffic class 8 bits Flow label 20 bits Flow label 20 bits Payload Length 16 bits Payload Length 16 bits Next Hdr. 8 bits Next Hdr. 8 bits Hop Limit 8 bits Hop Limit 8 bits Source Address 128 bits Source Address 128 bits Destination Address 128 bits Destination Address 128 bits 32 bits Ver. 4 Ver. 4 HL Datagram Length TOS Datagram-ID Flags Flag Offset TTL Protocol Header Checksum Source IP Address Destination IP Address IP Options (with padding if necessary) 32 bits IPv4 header IPv6 header TOS

42. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 42 “Missing” Fields from IPv4  Options  Moved to be separate headers (discussed later)  Fragmentation fields  MTU discovery is a better approach  For translation, is available in optional header  Checksum  Redundant with layer 2 CRC  Length fields simplified  No fragmentation, no options

43. IPv6 Technical Description  Addressing architecture  Packet structure and header formats  Header extensions  ICMPv6  Neighbor discovery  Autoconfiguration  IPv6 routing protocols  Flow Label

44. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 44 Benefits of IPv6 extension headers IPv4 options drawbacks  IPv4 options required special treatment in routers  Options had negative impact on forwarding performance  Therefore rarely used Benefits of IPv6 extension headers  Extension headers are external to IPv6 header  Routers do not look at these options except for Hop-by-hop options  No negative impact on router‘s forwarding performance  Easy to extend with new headers and option

45. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 45 IPv6 extension headers IPv6 header NH=TCP TCP header + data Routing header NH=TCP IPv6 header NH=Routing IPv6 header NH=Routing Routing header NH=Fragment Fragment header NH=TCP TCP header + data

46. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 46 IPv6 extension headers HeaderPrevious header‘s NH- value Hop-by-hop options0 Destination options60 Routing43 Fragment44 Authentication51 Encapsulating Security Payload (ESP)50 Destination options60 OSPF for IPv689

47. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 47 IPv6 extension header processing  Extension headers are NOT examined or processed by any node along a packet’s delivery path  ONLY hop-by-hop extension header is processed by every node along a packet's delivery path (including source and destination)  Hop-by-hop header (if present) must immediately follow IPv6 header  Extension headers are processed strictly in order they appear in the packet

48. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 48 IPv6 extension header orders RFC 2460 recommends following order: 1.IPv6 header 2.Hop-by-hop options header 3.Destination options header 4.Routing header 5.Fragment header 6.Authentication header 7.ESP header 8.Destination options header 9.Upper-layer header

49. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 49 Currently available IPv6 options  Hop-by-hop  Must be processed by every node on the packet‘s path  Must always appear immediately after IPv6 header  Two Hop-by-hop options already defined: 1. Router alert option 2. Jumbo payload option  Destination  Meant to carry information intended to be examined by the destination node  Only options currently defined are padding options to fill out header on a 64-bit boundary if (future) options require it

50. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 50 Routing header  Next header value: 43  Provides "source-routing" functionality  Format: Next headerHdr. Ext. LenRouting TypeSegments left Type-specific data 32 bits

51. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 51 Fragment header  Next header value: 44  Used to provide datagram fragmentation  Format: Next headerReservedFragment offsetRes Identification M 32 bits

52. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 52 Authentication  Next header value: 51  Provides data integrity and authentication  Format: Next headerPayload Len.RESERVED Authentication data Security Parameters Index (SPI) Sequence Number Field 32 bits

53. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 53 Encapsulating Security Payload (ESP)  Next header value: 50  Provides confidentiality, data origin authentication, connectionless integrity, and anti-replay service  Format: Authentication data Sequence Number Payload data 32 bits Security Parameters Index (SPI) Pad lengthNext header Payload dataPadding

54. IPv6 Technical Description  Addressing architecture  Packet structure and header formats  Header extensions  ICMPv6  Neighbor discovery  Autoconfiguration  IPv6 routing protocols  Flow Label

55. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 55 ICMPv6 Messages  Destination unreachable  Packet too big  Time exceeded  Parameter problem  Echo request  Echo reply

56. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 56 ICMPv6: Destination Unreachable Code0 - no route to destination 1 - communication with destination administratively prohibited 2 - (not assigned) 3 - address unreachable 4 - port unreachable Type=1CodeChecksum As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU 32 bits Unused UnusedThis field is unused for all code values. It must be initialized to zero by the sender and ignored by the receiver. IPv6 Header Destination Address: Copied from the Source Address field of the invoking packet.

57. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 57 ICMPv6: Packet too big CodeSet to 0 by the sender and ignored by the receiver MTUThe maximum transmission unit of the next-hop link Type=2CodeChecksum As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU 32 bits MTU IPv6 Header Destination Address: Copied from the Source Address field of the invoking packet.

58. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 58 ICMPv6: Time exceeded Code0 – Hop limit exceeded in transit 1 – Fragment reassembly time exceeded Type=3CodeChecksum As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU 32 bits Unused UnusedThis field is unused for all code values. It must be initialized to zero by the sender and ignored by the receiver. IPv6 Header Destination Address: Copied from the Source Address field of the invoking packet.

59. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 59 ICMPv6: Parameter problem Code0 - erroneous header field encountered 1 - unrecognized Next Header type encountered 2 - unrecognized IPv6 option encountered Type=4CodeChecksum As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU 32 bits Pointer PointerIdentifies the octet offset within the invoking packet where the error was detected. The pointer will point beyond the end of the ICMPv6 packet if the field in error is beyond what can fit in the maximum size of an ICMPv6 error message. IPv6 Header Destination Address: Copied from the Source Address field of the invoking packet.

60. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 60 ICMPv6: Echo request Code0 IdentifierAn identifier to aid in matching Echo Replies to this Echo Request. May be zero. Sequence NumberA sequence number to aid in matching Echo Replies to this Echo Request. May be zero. DataZero or more octets of arbitrary data. Type=128Code=0Checksum Data 32 bits IdentifierSequence Number IPv6 Header Destination Address: Any legal IPv6 address.

61. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 61 ICMPv6: Echo reply Code0 IdentifierThe identifier from the invoking Echo Request message. Sequence NumberThe sequence number from the invoking Echo Request message DataThe data from the invoking Echo Request message. Type=129Code=0Checksum Data 32 bits IdentifierSequence Number IPv6 Header Destination Address: Copied from the Source Address field of the invoking Echo Request packet.

62. IPv6 Technical Description  Addressing architecture  Packet structure and header formats  Header extensions  ICMPv6  Neighbor discovery  Autoconfiguration  IPv6 routing protocols  Flow Label

63. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 63 Neighbor discovery Provides functionality for  Serverless autoconfiguration  Router discovery  Prefix discovery  Address resolution  Neighbor unreachability detection  Link MTU discovery  Next-hop determination  Duplicate address detection

64. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 64 Neighbor discovery Defines five ICMPv6 packets 1. Router solicitation (RS) 2. Router advertisement (RA) 3. Neighbor solicitation (NS) 4. Neighbor advertisement (NA) 5. Redirect

65. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 65 Router solicitation (RS)  ICMP packet type 133  Sent by host to speed up learning of link-local routers  Source address is sending host‘s address or 0:0:0:0:0:0:0:0  Destination address is typically all-routers multicast address: FF02::2  May contain sender‘s link layer address (only if source address is not unspecified)  Reply is a Router Advertisement (RA)

66. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 66 Router solicitation (RS) format Type=133CodeChecksum Reserved 32 bits Options....

67. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 67 Router advertisement (RA)  ICMP packet type 134  Sent by routers periodically or in response to a solicitation to provide information necessary for a node to configure itself  Source address is link-local address of the sending router  Destination address is either  unicast address of a node that sent an RS, or  link-scope all-nodes multicast address: FF02::1  Hop-limit MUST be set to 255  Possible options contained in RA:  Source link layer address of the router  MTU  Prefix information about on-link prefixes

68. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 68 Router advertisement (RA) format Type=134CodeChecksum Reachable Time 32 bits Cur. Hop LimitMOReservedRouter lifetime Retransmit Timer Options....

69. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 69 Neighbor discovery: Router solicitation A B C D E F G Default GW-List A B C RS RA

70. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 70 Neighbor discovery: Router advertisement A B C D E F G Default GW-List A RA

71. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 71 Neighbor solicitation (NS)  ICMP packet type 135  Used to provide/obtain link-layer address to/of a neighbor  Used to verify neighbor reachability  Source-address is link-local address of soliciting node  Destination-address is either  solicited-node multicast address associated with target IP address (link layer determination)  Unicast address of the target (reachability verification)  Hop-limit MUST be set to 255  Reply is a Neighbor advertisement (NA)

72. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 72 Neighbor solicitation (NS) format Type=135CodeChecksum Reserved 32 bits Target address Options....

73. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 73 Neighbor advertisement (NA)  ICMP packet type 136  Sent in response to NS or unsolicited to immediately propagate new information  Source address is any valid unicast address assigned to sending node  Destination address is  For solicited advertisements  Source address of the solicitation  If solicitations‘s address is unspecified: all-nodes multicast address  For unsolicited advertisements  All-nodes multicast  Hop-limit MUST be set to 255

74. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 74 Neighbor advertisement (NA) format Type=136CodeChecksum Reserved 32 bits Target address Options.... RSO

75. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 75 Redirect Type=137CodeChecksum Reserved 32 bits Target address Options.... Destination address

76. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 76 Redirect A B C D E F G Default GW-List A B C ICMP Redirect to Router B Path used with Default Gateway "A" Host 3 Sent data to Host 3 using Default GW "A" Redirect traffic via Router B

77. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 77 Next-hop discovery  Check neighbor cache for existing next- hop entry for particular destination  Check whether destination is on- or off- link  On-link: Sent directly to destination  Off-link: Sent to default router  Identify link-layer address of next-hop

78. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 78 Address resolution  Uses Neighbor solicitation & advertisements  Node checks neighbor cache first  If no entry exists, node creates IP entry with state INCOMPLETE  Node then sends NS to solicited-node multicast address  Source address of NS is a unicast address  Receiving node responds with NA indicating it‘s own link-level address  Soliciting node updates neighbor cache entry from INCOMPLETE to REACHABLE upon receiption of NA

79. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 79 Neighbor unreachability detection  2 ways to verify neighbor reachability:  Using hints from upper-layer protocols  From responses to neighbor solicitations  Forward direction communication (FDC) must be possible for a neighbor to be REACHABLE  FDC is verified if forward progress is being made by an upper-layer protocol (i.e. TCP, receiption of TCP acks)

80. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 80 Neighbor unreachability detection  If no verification can be received from upper-layer protocols (like UDP):  Node actively probes neighbors to determine reachability state  Probes are sent in conjunction with traffic. No traffic, no probes!  Probe is neighbor solicitation (NS)  Neighbor advertisement (NA) reply is expected to establish FDC

81. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 81 Neighbor unreachability detection  Neighbor cache stores information about neighbors  IP address  Link-layer address  Reachability state  Neighbor reachability states  INCOMPLETE  REACHABLE  STALE  DELAY  PROBE

82. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 82 Default router selection  Uses default router list and neighbor cache  Host chooses one router from it‘s default router list, if  destination is off-link AND no cache entry exists for the destination OR  Exisiting default router appears to be failing  Default router is chosen the first time traffic is sent to an off-link destination  REACHABLE routers have preference  If multiple reachable routers exist, selection process depends on vendor‘s implementation

83. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 83 Duplicate address detection  Must be performed by all nodes  Performed before assigning a unicast address to an interface  Performed on interface initialization  Not performed for anycast addresses  Link must be multicast capable  New address is called "tentative" as long as duplicate address detection takes place

84. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 84 Duplicate address detection 1.Interface joins all-nodes multicast group 2.Interface joins solicited-node multicast group 3.Node sends (one) NS with  Target address = tentative IP address  Source address = unspecified (::)  Destination address = tentative solicited- node address

85. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 85 Duplicate address detection  If address already exists, the particular node sends a NA reply with  Target address = tentative IP address  Destination address = tentative solicited-node address  If soliciting node receives NA reply with target address set to the tentative IP address, the address must be duplicate

86. IPv6 Technical Description  Addressing architecture  Packet structure and header formats  Header extensions  ICMPv6  Neighbor discovery  Autoconfiguration  IPv6 routing protocols  Flow Label

87. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 87 Stateless Autoconfiguration  Router Advertisements are used to configure hosts  M-bit set to 0 tells host to use stateless address autoconfiguration  O-bit set to 0 tells host to use stateless autoconfiguration for other parameters

88. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 88 Stateless autoconfiguration process 1.Node initialization 2.Node creates link-local address 3.Node runs duplicate address detection process  If process fails, autoconfiguration fails. Manual configuration required. 4.Host (not routers) sends an all-routers multicast solicitation to find a router on the link 5.A router responds to the RS with router advertisement 6.Host uses information contained in RA to:  Create site-local address  Build an on-link prefix-list  Know the link MTU

89. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 89 Stateful Autoconfiguration  Router Advertisements are used to configure hosts  M-bit set to 1 tells host to use stateful address autoconfiguration (like DHCPv6)  O-bit set to 1 tells host to use stateful autoconfiguration for other parameters (like DNS)

90. IPv6 Technical Description  Addressing architecture  Packet structure and header formats  Header extensions  ICMPv6  Neighbor discovery  Autoconfiguration  IPv6 routing protocols  Flow Label

91. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 91 MTU path discovery  Minimum MTU for IPv6: 1280 bytes  Recommended MTU: 1500 bytes  Nodes should implement MTU PD  Otherwise they must use minimum MTU  MTU path discovery works for unicast & multicast  MTU path discovery uses ICMP "packet too big" error messages

92. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 92 Static Routes [edit routing-options] ps@R1# show rib inet6.0 { static { route abcd::/48 next-hop 8:3::1; }

93. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 93 RIPng  RFC 2080 describes RIPngv1, not to be confused with RIPv1  Based on RIP Version 2 (RIPv2)  Uses UDP port 521  Operational procedures, timers and stability functions remain unchanged  Message format changed to carry larger IPv6 addresses  RIPng is not backward compatible to RIPv2

94. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 94 Multiprocotol BGP-4 Two new attributes support multiprotocol BGP-4 (aka BGP+)  Multiprotocol reachable NLRI (MP_REACH_NLRI)  Multiprotocol unreachable NLRI (MP_UNREACH_NLRI)  MBGP extensions use for IPv6 is described in RFC 2545  MP_REACH_NLRI attribute describes reachable destinations  Attribute contains information about  Network layer protocol (i.e. IPv6)  Prefixes  Next-hop to reach prefixes  MP_REACH_NLRI updates include  One next-hop address  List of associated NLRI‘s  Follows BGP-4 rules for next-hop attribute  IPv6 BGP routers advertise global address of NH-router

95. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 95 IS-IS  draft-ietf-isis-ipv6-02.txt, Routing IPv6 with IS-IS  2 new TLVs are defined:  IPv6 Reachability (TLV type 236)  IPv6 Interface Address (TLV type 232)  Otherwise, uses same packet formats (!)  IPv6 NLPID = 142

96. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 96 OSPFv3  Unlike IS-IS, new version required  RFC 2740  Fundamental OSPF mechanisms and algorithms unchanged  Packet and LSA formats are different

97. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 97 OSPFv3 Differences from OSPFv2  Runs per-link rather than per-subnet  Multiple instances on a single link  More flexible handling of unknown LSA types  Link-local flooding scope added  Similar to flooding scope of type 9 Opaque LSAs  Area and AS flooding remain unchanged  Authentication removed  Neighboring routers always identified by RID  Removal of addressing semantics  IPv6 addresses not present in most OSPF packets  RIDs, AIDs, and LSA IDs remain 32 bits

98. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 98 OSPFv3 LSAs TypeDescription 0x2001Router-LSA 0x2002Network-LSA 0x2003Inter-Area-Prefix-LSA 0x2004Inter-Area-Router-LSA 0x2005AS-External-LSA 0x2006Group-Membership-LSA 0x2007Type-7-LSA (NSSA) 0x2008Link-LSA 0x2009Inter-Area-Prefix-LSA

99. IPv6 Technical Description  Addressing architecture  Packet structure and header formats  Header extensions  ICMPv6  Neighbor discovery  Autoconfiguration  IPv6 routing protocols  Flow Label

100. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 100 IPv6 Flow Label  20-bit field to indicate individual flows  Scope is per source/destination address pair  This is a major change to current IP use  Is it useful?  In the core, probably not  Closer to the edge, or for BIG flows, maybe  This is primarily an economic issue (do the benefits justify the cost?)

101. Agenda  IPv6, What and Why?  IPv6 Technical Description  Transition to IPv6  Juniper's Phased IPv6 introduction  Status and Plans for IPv6

102. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 102  Transition is expected to take many years  IPv4 address exhaustion: 2005 and beyond  IPv4 will not disappear anytime soon  IPv4 is deployed on an enormous scale  Protocols die very slowly, if at all  Transition enablers  Vendors must provide comparable features, functionality, robustness, performance,…  … at all levels (routers to application)  Customers must drive the transition Transition Overview

103. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 103 Lessons from History  IP is not first protocol to transition  There have been “issues” during previous transitions, example:  New name service assumes unique addresses (huge address, clever admin.)  Protocol translation, with address translation between old and new format  Users had deployed local addresses  Subtle contradiction  big problem  Interactions between mechanisms are key

104. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 104 Interaction of Transition Mechanisms  draft-ietf-ngtrans-interation-00.txt discusses interactions between mechanisms  Limited to two-way interactions (between 16 mechanisms)  Does not discuss routing aspects  Does not discuss security aspects  Limited discussion of effect of translation  There are very good reasons for these omissions (it is just too hard)

105. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 105  Myriad proposals  Coexistence  Dual IP stacks  All network devices run both IPv4 and IPv6 stacks  Dual IP layers  TCP/UDP layer is shared  "Bump In the Stack" (BIS)  IPv6 modules in IPv4 implementations  Tunneling  Configured tunnels  Automatic tunnels  6 to 4 tunnels  6 over 4 tunnels  Translation  SIIT – Stateless IP/ICMP Translator  NAT-Protocol Translation (NAT-PT) Transition Mechanisms

106. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 106 Dual Stack Transition, Basic Method  Routers & DNS are updated to support dual stack (v4 and v6)  Hosts are then updated gradually to be dual  Use v6 if policy and both ends support it  Otherwise use v4  DNS used to determine capability of other end  Tunneling may be used with this approach  Eventually v4 is phased out  This is included in RFC 2893 “Transition Mechanisms for IPv6 Hosts and Routers” (originally proposed in RFC 1347)

107. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 107 “Dual Stack Transition Mechanism”  proposes additional functions  No native V4 routing, tunnel over v6 instead  Temporary v4 address assigned to v6 host, only when they want to talk to older v4 host  May assign range of ports, reuse address  Address servers and tunnel gateways (TEPs)  This is said to be a simplification (??)  The jury is still out on this one

108. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 108  Configured tunnels  Connects IPv6 hosts or networks over an existing IPv4 infrastructure  Generally used between sites exchanging traffic regularly  Static tunnels configured on point-to-point basis  Examples: CCC, MPLS, GRE, IP-IP, IPSec  Automatic tunnels  Tunnel is created then removed after use  Requires IPv4 compatible addresses  6 to 4 – dynamically established  Desirable as no explicit tunnel configuration required  6 over 4 - dynamically established  Assumes IPv4 transit network is multicast enabled  Tunnel broker  IPv6 hosts request v6 tunnel; obtain script to build tunnel Tunneling

109. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 109 6 to 4 Tunneling IPv6/Dual Network 6to4 Router Adds v4 header IPv6/Dual Network IPv4 Core IPv6 Packet  Connects isolated IPv6 domains over an IPv4 infrastructure  Minimal manual configuration  Uses globally unique prefix comprised of the unique 6 to 4 TLA and the globally unique IPv4 address of the exit router  Expected to ease initial transition IPv4 PE Router Forwards as Usual Destination 6to4 router removes IPv4 header Delivery Generation

110. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 110 Translation  Multiple forms of translation:  Between semantically identical protocols  Not applicable in this case (nor most)  Semantic Dual-Stack (SIIT, RFC 2765)  Application needs to be dual stack  No meaningful gain over pure dual-stack  NAT-PT  Same packet translation as SIIT  Different semantics (see following slides)

111. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 111 Network Address Translation -- Protocol Translation (NAT-PT)  Semantically similar to (v4-to-v4) NAT  v6-only hosts need to connect to v4 world  DNS servers dynamically assign addresses from pool of global IPv4 addresses  IP headers and addresses in applications are translated at NAT boxes  NAT box must maintain state  Address mappings, TCP sequence number change, Data Unit ID, reassembly, etc..

112. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 112 NAT-PT, continued  Translation for any one session must take place at the same NAT-PT router  Restricted topology  NAT-PT is, like NAT, local to a domain  This makes routing straightforward  Security is limited (end to end can’t be translated, also no secure DNS)  NAPT-PT extends maps TCP/UDP port #s (multiple v6 sessions use one v4 address)

113. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 113 Transition Lessons from the Past  KEEP TRANSITION SIMPLE  Limit scope and interaction of mechanisms  Beware of semantic interdependence  Make sure normal humans can fully understand the interactions and implications of all mechanisms  Transition/Migration is THE hard part  Ensuring existing products do IPv6 well  Keeping transition mechanisms under control

114. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 114 Key Factors to a Successful Transition  No "Flag Day" transitions!  Last Internet transition was 1983 (NCP  TCP)  Maintain full IPv4/IPv6 dual access  Minimize transition dependencies  Don't upgrade node X before node Y  Must be incremental  Must be easy for end user  Transition from IPv4 to dual stack must not break anything

115. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 115 Example Site Migration 1. Upgrade applications to be v4/v6 independent 2. Install transition mechanisms at domain edge (Tunnels, Translators) 3. Upgrade routing for native IPv6 4. Upgrade DNS to support IPv6 5. Upgrade hosts to dual stack 6. Convert hosts to IPv6-only (much later)

116. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 116 Example of Dual-Server Transition  Client-server model is common  Clients talk to servers  Servers talk to other servers  Install dual-stack Routers and servers  (Including DNS, Email, and WWW servers)  Communications between servers can use IPv4 or IPv6  Single-protocol clients contact servers using either protocol (v4 or v6)

117. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 117 Transition Security Risks  Many transition technologies may open security risks such as DoS attacks  Automated interactions open security holes  Details aren’t fully understood  Packet and route filters, DOS protection needs to be extended to transition techniques  Authentication is needed where applicable  Translation and authentication may be at odds

118. Agenda  IPv6, What and Why?  IPv6 Technical Description  Transition to IPv6  Juniper's Phased IPv6 introduction  Status and Plans for IPv6

119. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 119 Phase Details Platform, Interface Support IPv6 Support Across All Platforms, Interfaces CategoryFeaturePhaseRelated RFC Media Support EthernetP1RFC 2464 PPPP1RFC 2472 NBMAP1RFC 2491 ATM (all encapsulations)P1RFC 2492 Frame RelayP1RFC 2590

120. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 120 Phase Details Fundamental Features CategoryFeaturePhaseRelated RFC Forwarding IPv6 forwarding (in hardware)P1-- Addressing IPv6 Address typesP1RFC 2373 Global unicast address aggregationP1RFC 2373 :hex format with zero suppressionP1RFC 2373 DNSP1RFC 2874 Stateless autoconfigurationP1RFC 2462 Network prefix length notationP1RFC 2373 Routing Static routesP1-- RIPngP1RFC 2080 IS-ISP1-- BGP with v4 PeeringP1RFC 2283, 2545 BGP with v6 PeeringP1RFC 2283, 2545

121. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 121 Phase Details Neighbor Discovery CategoryFeaturePhaseRelated RFC Neighbor Discovery (Router portion) Router discoveryP1RFC 2461 Prefix discoveryP1RFC 2461 Parameter discoveryP1RFC 2461 Address autoconfigurationP1RFC 2461 Address resolutionP1RFC 2461 Next-hop determinationP1RFC 2461 Neighbor unreachability detectionP1RFC 2461 Duplicate address detectionP1RFC 2461 Note: Host portion for router in Next Phase (NP)

122. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 122 Phase Details Management CategoryFeaturePhaseRelated RFC ICMPv6 Destination unreachableP1RFC 2463 Packet too bigP1RFC 2463 Time exceededP1RFC 2463 Parameter ProblemP1RFC 2463 Echo request/replyP1RFC 2463 JUNOScriptP1-- Transition Dual stackP1RFC 2767 Configured tunnelsP1RFC 2893

123. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 123 Phase Details Applications CategoryFeaturePhaseRelated RFC Applications PingP1-- TelnetP1-- TracerouteP1-- FTPP1-- NetstatP1-- TCPdumpP1-- SSHP1-- ifinfoP1--

124. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 124 Phase Details MPLS CategoryFeaturePhaseRelated RFC MPLSL2 MPLS VPN/CCCP1--

125. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 125 Phase Details Options and Miscellaneous CategoryFeaturePhaseRelated RFC Optional Headers Hop-by-hopP1RFC 2460 Path MTU DiscoveryHost portionP1RFC 1981 Router portionP1RFC 1981 Multicast addresses (forwarding - NP) P1/NPRFC 2373

126. Agenda  IPv6, What and Why?  IPv6 Technical Description  Transition to IPv6  Juniper's Phased IPv6 introduction  Status and Plans for IPv6

127. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 127 Selected IPv6 RFC’s  RFC 1881 – IPv6 Address allocation management  RFC 1886 – DNS Extensions to Support IPv6  RFC 1887 – IPv6 Unicast address allocation  RFC 1924 – IPv6 Compact representation of IPv6 addresses  RFC 1981 – Path MTU discovery for IPv6  RFC 2073 – An IPv6 Aggregatable Global Unicast Address Format  RFC 2080 – RIPng for IPv6  RFC 2373 – IPv6 Addressing architecture  RFC 2374 – IPv6 Global aggregatable unicast address format  RFC 2375 – IPv6 Multicast address assignments  RFC 2460 – Internet Protocol, Version 6 (IPv6) Specification  RFC 2461 – Neigbhor discovery for IPv6  RFC 2462 – IPv6 Stateless Address Autoconfiguration  RFC 2463 – Internet Control Message Protocol Version 6

128. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 128 Selected IPv6 RFC’s, continued  RFC 2675 – IPv6 Jumbograms  RFC 2711 – IPv6 Router alert option  RFC 2740 – OSPF for IPv6  RFC 2765 – Stateless IP/ICMP Translation Algorithm (SIIT)  RFC 2766 – Network Address Translation -- Protocol Translation (NAT-PT)  RFC 2767 – Dual Stack Hosts using the Bump-in-the-Stack Technique (BIS)  RFC 2772 – 6Bone Backbone Routing Guidelines  RFC 2893 – Transition mechanisms for IPv6 hosts and routers  RFC 3056 – Connection of IPv6 Domains via IPv4 Clouds

129. http://www.juniper.net Copyright © 2002 Juniper Networks, Inc. 129 Selected IPv6 Internet Drafts  Note: These will be updated over time   (or go to www.ietf.org; click on ‘IETF Working Groups‘, click on ipv6 under the Internet area; also click on ngtrans under the Operations and Management area.)

130. Copyright © 2002 Juniper Networks, Inc. http://www.juniper.net http://www.juniper.net Thank you!