Objective: To understand IPv6 implementation in the Intranet and Internet

IPv6 Addressing Basics: It is 128 bit long 0000000000000000:0000000000000000:0000000000000000:00000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Divide it into 8 groups of 16 bit each, with each group separated by a colon They are converted to hexadecimal instead of the decimal conversion in IPv4.

E.g.: 1100100000000001:000100011111111: C 8 0 1 : 1 1 F F : 1111111011010100:000000000000 F E D 4 : 0 0 0 1000:0000000000000000:000000000000 8 0 0 0000:00000000000000000:00000000 0 0 0 00000001 0 1

So our IPv6 address will be: C801:11FF:FED4:8::1 Cont. So our IPv6 address will be: C801:11FF:FED4:8::1

With this basic let us now see what are the kind of IPv6 address we can have: FE80: Link Local IPv6 address 2XXX: Global unicast IPv6 address 3XXX: Global unicast IPv6 address FFXX: Multicast IPv6 address **Anycast IPv6 address

Link Local Address: It start from FE80:: (network Address) Rest is calculated by the system using the MAC address. E.g.: System MAC: CA01.11D4.0008 Link Local Address will be: FE80::C801:11FF:FEd4:8 Let us see how it is calculated by the system: Step1: Convert the MAC Address to Binary Binary of CA01.11D4.0008 will be 1100101000000001.0001000111010100.0000000000001000 Step2: Flip the 7th bit and then insert FFFE in the middle for the new EUI-64 Host ID Here the 7th bit is 1 which will be flipped to 0 and so the first 4 hexadecimal digits will now be 1100100000000001 --------------------------- C801

Thus the link local Address is: FE80::C801:11FF:FED4:8 Cont. And after inserting FFFE right in the middle of the newly calculated MAC address we get C801.11FFFED4. 0008 which is C801.11FF.FED4.8 (64 bit Host ID) Thus the link local Address is: FE80::C801:11FF:FED4:8 We can hard code the MAC address so as to get a link local address of our choice Even the link local address can be hard coded without changing the MAC address

Global IPv6 Address: Global IPv6 address are currently assigned in the range 2XXX and 3XXXX They can also be hard coded in the system.

Multicast IPv6 Address: Every host joins a special multicast group based on the last 24 bits of its host ID *The solicited node multicast group is: FF02::1:FFxx:xxxx Where xx:xxxx = last 24 bits of host ID Also every device joins a multicast group of FF02::1 by default

Anycast Address: An IP address that you can use on 2 or more device The keyword “Anycast” disables Duplicate Address Detection (DAD) E.g.: Consider 2435::9/64 is the IP address assigned in two different networks as DNS address and a third router is trying to reach it from yet another network. The routing protocols will sort out which 2345::/64 network is the “closest”.

IPv6 Unique Local Address A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 4193. It is the IPv6 counterpart of the IPv4 private address. ULAs are available for use in private networks, e.g. inside a single site or organization, or spanning a limited number of sites or organizations. As fd00::/8 ULAs are not meant to be routed outside their administrative domain (site or organization), administrators of interconnecting networks normally do not need to worry about the uniqueness of ULA prefixes. However, if networks require routing ULAs between each other in the event of a merger, for example, the risk of address collision is extremely small if the RFC 4193 selection algorithm was used. They are not routable in the global IPv6 Internet Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges: They are not allocated by an address registry and may be used in networks by anyone without outside involvement. They are not guaranteed to be globally unique. Reverse Domain Name System (DNS) entries (under ip6.arpa) for fd00::/8 ULAs cannot be delegated in the global DNS.

With those basics in place let us move on to Transition Techniques: Using Both IPv4 and IPv6 During the time that the routing infrastructure is being transitioned from IPv4-only, to IPv4 and IPv6, and finally to IPv6-only, hosts must be able to reach destinations using either IPv4 or IPv6. For example, during the transition, some server services will be reachable over IPv6. However, some services, which have not yet been updated to support both IPv4 and IPv6, are only reachable over IPv4. Therefore, hosts must be able to use both IPv4 and IPv6. To use both IPv4 and IPv6 Internet layers on the same host, IPv6/IPv4 hosts can have the following architectures: *Dual IP layer architecture *Dual stack architecture

*Dual IP Layer Architecture A dual IP layer architecture contains both IPv4 and IPv6 Internet layers with a single implementation of Transport layer protocols such as TCP and UDP. A Dual IP Layer Architecture

A Dual Stack Architecture A dual stack architecture contains both IPv4 and IPv6 Internet layers with separate protocol stacks containing separate implementations of Transport layer protocols such as TCP and UDP. A Dual Stack Architecture

Tunneling: IPv6 over IPv4 Tunneling IPv6 over IPv4 tunneling is the encapsulation of IPv6 packets with an IPv4 header so that IPv6 packets can be sent over an IPv4 infrastructure. Within the IPv4 header: The IPv4 Protocol field is set to 41 to indicate an encapsulated IPv6 packet. The Source and Destination fields are set to IPv4 addresses of the tunnel endpoints. The tunnel endpoints are either manually configured as part of the tunnel interface or are automatically derived from the next-hop address of the matching route for the destination and the tunneling interface. Following Figure shows IPv6 over IPv4 tunneling.

IPv6 over IPv4 Tunneling

Tunneling Configurations: Router-to-Router Host-to-Router or Router-to-Host Host-to-Host Router-to-Router In the router-to-router tunneling configuration, two IPv6/IPv4 routers connect two IPv6-capable infrastructures over an IPv4 infrastructure. The tunnel endpoints span a logical link in the path between the source and destination. The IPv6 over IPv4 tunnel between the two routers acts as a single hop. Router-to-Router Tunneling

Host-to-Router and Router-to-Host In the host-to-router tunneling configuration, an IPv6/IPv4 node that resides within an IPv4 infrastructure creates an IPv6 over IPv4 tunnel to reach an IPv6/IPv4 router. In the router-to-host tunneling configuration, an IPv6/IPv4 router creates an IPv6 over IPv4 tunnel across an IPv4 infrastructure to reach an IPv6/IPv4 node. Host-to-Router and Router-to-Host Tunneling

Host-to-Host Host-to-Host Tunneling In the host-to-host tunneling configuration, an IPv6/IPv4 node that resides within an IPv4 infrastructure creates an IPv6 over IPv4 tunnel to reach another IPv6/IPv4 node that resides within the same IPv4 infrastructure. Host-to-Host Tunneling

Types of Tunnels Configured Automatic Configured Tunnels A configured tunnel requires manual configuration of tunnel endpoints. In a configured tunnel, the IPv4 addresses of tunnel endpoints are not derived from addresses that are encoded in the next-hop address when sending or forwarding the packet. Router-to-router tunneling configurations can be manually configured. The tunnel interface configuration, consisting of the IPv4 addresses of the tunnel endpoints, must be manually specified along with static routes that use the tunnel interface.

Automatic Tunnels An automatic tunnel is a tunnel that does not require manual configuration. Tunnel endpoints for automatic tunnels are determined by the use of routes, next-hop addresses based on destination IPv6 addresses, and logical tunnel interfaces. There are following automatic tunneling technologies: ISATAP Used for unicast communication across an IPv4 intranet and is enabled by default. 6to4 Used for unicast communication across the IPv4 Internet and is enabled by default. Teredo Used for unicast communication across the IPv4 Internet over network address translators (NATs).

ISATAP ISATAP is an address assignment and host-to-host, host-to-router, and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6/IPv4 hosts across an IPv4 intranet. ISATAP addresses use the locally administered interface identifier ::0:5EFE:w.x.y.z, in which w.x.y.z is a private unicast IPv4 address, or ::200:5EFE:w.x.y.z, in which w.x.y.z is a public unicast IPv4 address. An ISATAP interface identifier can be combined with any 64-bit prefix that is valid for IPv6 unicast addresses, including link-local (FE80::/64), unique local, and global prefixes. The interface identifier portion of an ISATAP address contains an embedded IPv4 address that is used to determine the destination IPv4 address for the IPv4 header when ISATAP-addressed IPv6 traffic is tunneled across an IPv4 network.

For example, Host A is configured with the IPv4 address of 10. 40. 1 For example, Host A is configured with the IPv4 address of 10.40.1.29 and Host B is configured with the IPv4 address of 192.168.41.30. Host A is automatically configured with the ISATAP address of FE80::5EFE:10.40.1.29 and Host B is automatically configured with the ISATAP address of FE80::5EFE:192.168.41.30. An Example ISATAP Configuration

6to4 6to4 is an address assignment and router-to-router, host-to-router, and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 treats the entire IPv4 Internet as a single link. 6to4 uses the global address prefix 2002:WWXX:YYZZ::/48, in which WWXX:YYZZ is the colon-hexadecimal representation of a public IPv4 address (w.x.y.z) assigned to a site or host. Figure 17 shows the structure of a 6to4 address. Structure of a 6to4 Address 6to4 allows you to assign global IPv6 addresses within your organization and to reach locations on the IPv6 Internet without requiring you to obtain a connection to the IPv6 Internet or an IPv6 global address prefix from an Internet service provider (ISP).

Teredo Teredo, also known as IPv4 network address translator (NAT) traversal (NAT-T) for IPv6, provides address assignment and host-to-host automatic tunneling for unicast IPv6 connectivity across the IPv4 Internet, even when the IPv6/IPv4 hosts are located behind one or multiple IPv4 NATs. To traverse IPv4 NATs, IPv6 packets are sent as IPv4-based User Datagram Protocol (UDP) messages

Translation: Translation techniques perform IPv4-to-IPv6 translation (and vice versa) at a particular layer of the protocol stack, typically the network, transport or application layer. Unlike tunneling, which does not alter the tunneled data packet, translation mechanisms do modify or translate IP packets commutatively between IPv4 and IPv6. Translation approaches are generally recommended in an environment with IPv6- only nodes communicating with IPv4-only nodes. -Because protocol translation is not exact, but merely the best approximation of one protocol with another, the translation of header fields, addresses, extensions, options, fragmentation, and error reporting can be exploited.

IPv6 Support in Different Operating Systems IPv6 Support on: Linux Windows XP Windows Vista HP-UX FreeBSD CISCO IOS Apple MAC OS X Solaris

Linux Modern Linux distributions already contain IPv6-ready kernels.  The IPv6 capability is generally compiled as a module.  It's possible that this module is not loaded automatically on startup.

Linux Kernel 2.2.x is not IPv6-up-to-date anymore.  IPv6 support in series 2.4.x is no longer improved according to definitions in latest RFCs. It's recommend to use series 2.6.x now.

Windows XP IPv6 is not enabled by default. (Windows XP SP2)  The support has to be explicitly installed and enabled. Proper IPv6 support was added with the ”Advanced Networking Pack” and updated in the Service Pack 2. Several subprotocols are missing and left for future work/third party software.

Windows Vista IPv6 is installed and active by default. The IPv6 stack was completely rewritten  as part of the ”Next Generation TCP/IP stack”. IPv6 is now supported as part of a Dual IP Layer. IPv6 is active in a default installation.  No manual steps are needed for activation.  If attached to an IPv6 link, Vista automatically performs stateless autoconfiguration and creates local and global addresses.

HP-UX HP-UX Unix includes IPv6 support since about December 2001 with the bundle of HP-UX 11i and the add-on product IPv6NCF11i. The add-on software was later superseded by the Transport Optional Upgrade Releases, TOURs.  IPv6 support was limited at the beginning. More features and subprotocols being added over the time with the TOURs The most current HP-UX release 11i v3 supports most IPv6 functionality in its base system with advanced features available in the IPv6Upgrade bundle.

HP-UX HP-UX 11i with the latest TOUR can be used as IPv6 host (node)  A Router in a variety of logical (tunnels) and physical media Together with the support for new subprotocols such as (Mobile IPv6, DHCPv6). Many of the supplied networking utilities and programs (servers and network transports) are also modified to be IPv6-capable. Supports Unique Local Unicast Addresses.

FreeBSD FreeBSD implements its IPv6 support from the Japanese KAME IPv6 project.  The FreeBSD release 6.1 implements KAME. The core functions of the KAME stack are integrated. Support for several newer subprotocols is not integrated into the FreeBSD base system .

CISCO IOS Router Most of Cisco’s IOS based routers support IPv6 with the right IOS version. IPv6 is active in default, IOS releases that support it. IPv6 routing is deactivated by default and must be manually switched on. The integrated routing and advertisement daemon is active by default after manual address and prefix configuration.

CISCO IOS Router  Privacy extensions for host addresses are not supported.  Both filtering/firewalling solutions on IOS support IPv6. ACLs: Cisco IOS can filter IPv6 packets with its integrated ACLs. The filtering is supported since 12.2(2)T and 12.3 Tunnelled and translated packets can also be filtered.

CISCO IOS Router Cisco IOS Firewall supports IPv6 filtering since IOS 12.3(7)T and 12.4. Tunnels: Cisco IOS supports configured IPv6 tunnels. Interfaces support 6to4 prefixes and routing after manual configuration. Other tunnels supported: IPv6 IPsec VPNs are supported in IOS since 12.4(4)T 6PE, IPv6 over IPv6 MPLS VPNs ISATAP GRE

Apple Mac OS X Implements its IPv6 functionality from the KAME The core functions are integrated.  Support for several newer subprotocols is not integrated into the Mac OS X base.  Also currently not available via additional/third-party software.

Solaris Includes IPv6 support in its current Solaris 10 Comparable features on the Solaris Express and OpenSolaris (2009.6)  Support was first added with Solaris 8  As of Solaris 10/Solaris Express the functionality is relative complete and integrated into the base operating system.

THANK YOU