Regional Cisco Networking Academy Conference 2014 Introduction to IPv6: Exactly the same as IPv4… only completely different Rick Graziani CS/CIS Instructor Cabrillo College Giving you the knowledge and confidence to teach IPv6

Topics A lot of stuff, but don’t be intimidated! Why IPv6? IPv6 and ICMPv6 at a glance Format of an IPv6 Address IPv6 Address Global Unicast IPv6 Address Subnetting Link-Local Unicast IPv6 Address Static Configuration of a Global Unicast Address Dynamic Configuration of a Global Unicast Address Three options Link-local address Multicast address Address Resolution A lot of stuff, but don’t be intimidated!

Why are they making me learn IPv6?

We’re running out of IPv4 Monday, January 31, 2011 IANA allocated the last /8 IPv4 address blocks to the RIRs. RIR’s have very few IPv4 address left, if any. Many ISPs are severely limited and some have already run out.

Internet Penetration Rate by Population About 80% of North America has Internet access Some ISPs are only giving out IPv6 Only 28% of Asia and 16% of Africa has Internet access

Internet of Everything http://canadablog.cisco.com/2013/09/24/for-canada-how-big-is-everything-in-the-internet-of-everything/ Cisco defines the Internet of Everything (IoE) as bringing together people, process, data, and things to make networked connections more relevant and valuable than ever before. Cisco estimates that there will be 50 billion “connected” devices by 2020. That’s a lot of addresses!

No more NAT as we know it 192.168.1.0/24 RFC 1918 Private Address Public IPv4 Address Using NAT to “hide” IPv6 networks has been the source of some debate. IETF continues to state that NAT is not a security feature. NAT for IPv4 breaks many things. IETF does not support the concept of translating a “private IPv6” address to a “public” IPv6 address... but there are exceptions.

Benefits of IPv6 Larger address space Stateless autoconfiguration End-to-end reachability without private addresses and NAT Better mobility support Peer-to-peer networking easier to create and maintain, and services such as VoIP and Quality of Service (QoS) become more robust. The “killer application” for the Internet is the Internet itself. https://www.ipv6ready.org/

You are probably already running IPv6 RS RA IPv4 IPv6 IPv4 IPv6 R1 Rouge RA Here is an IPv6 prefix and gateway Here is an IPv6 prefix and gateway I need an IPv6 prefix IPv4 IPv6 Windows Vista or later, Mac OSX, Linux already running IPv6 Packet analyzer (Wireshark) Potential man-in-the-middle attack RS (Router Solicitations) and RA (Router Advertisements) described in other lessons. Get familiar with IPv6!

I bought a /24 on eBay and I’m doing NAT444444, so I’m good! Now’s the time “Finding “creative” ways to keep IPv4 alive without transitioning to IPv6 is like rearranging deck chairs on the titanic.” IETF IPv4 is not going away any time soon, but it will be replaced by IPv6 Now is the time to learn, test and become familiar with IPv6

IPv6 at home Learn IPv6 in the Lab Implement IPv6 in a part of your network See if you get IPv6 at home Contact ISP IPv6 enabled modem IPv6 enabled router Linksys ea6500 Router

When do I have to go to IPv6? IPv4 and IPv6 will coexist for the foreseeable future. Dual-stack – Device running both IPv4 and IPv6. Enterprises and ISPs have to support both protocols, which is a reason to eventually go to only IPv6.

Various Transition Strategies – Mostly for ISPs Tunneling – IPv6 packets encapsulated inside IPv4 packets. NAT64 – Translating between IPv4 and IPv6. Native IPv6 – All IPv6 (our focus and the goal of every organization).

IPv4 and IPv6 IPv6 is more than just larger address space. It was a chance to make some improvements on the IP protocol.

IPv6 at a Glance Next Header = Protocol field in IPv4. Indicates the data payload type (TCP, UDP, ICMPv6) Hop Limit = TTL (Time to Live) in IPv4. Number of router hops before packet is discarded. Routers do not fragment IPv6 packets unless it is the source of the packet. Use of a Link-Local Address. ICMPv6 is more robust than ICMPv4. SLAAC (Stateless Address Autoconfiguration) for dynamic addressing.

Internet Control Message Protocol (ICMPv6) IPv6 Next Header Value: 58 decimal or 3A hexadecimal ICMPv6 Header ICMPv6 Message Body Next Header 58 IPv6 Header IPv6 Data Described in RFC 4443 Much more robust than ICMP for IPv4 Contains new functionality and improvements. More than just “messaging” but “how IPv6 conducts business”. General message similar to ICMP for IPv4 (Type and Code fields)

Neighbor Discovery Protocol Uses ICMPv6 ICMPv6 informational messages used by Neighbor Discovery (RFC 4861): Router Solicitation Message Router Advertisement Message Discussed with dynamic configuration of IPv6 addresses We will also introduce assigned multicast addresses Neighbor Solicitation Message Neighbor Advertisement Message Discussed with address resolution (IPv4 ARP) We will also introduce solicited node multicast address Redirect Message (Similar to ICMPv4) Router-Device Messaging Device-Device Messaging

Understanding the format of IPv6 Address

IPv6 Address Notation One Hex digit = 4 bits 2001:0DB8:AAAA:1111:0000:0000:0000:0100/64 2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100 16 bits 1 16 bits 2 16 bits 3 16 bits 4 16 bits 5 16 bits 6 16 bits 7 16 bits 8 IPv6 addresses are 128-bit addresses represented in: Eight 16-bit segments or “hextets” (not a formal term) Hexadecimal (non-case sensitive) between 0000 and FFFF Separated by colons Reading and subnetting IPv6 is easier than IPv4!

How many addresses does 128 bits give us? 2001:0DB8:AAAA:1111:0000:0000:0000:0100/64 2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits How many addresses does 128 bits give us? 340 undecillion addesses or … 340 trillion trillion trillion addresses or … “50 billion billion billion addresses for every person on earth” or…. “A string of soccer balls would wrap around our universe 200 billion times!” … in other words … You won’t need to learn IPv7 for the next version of CCNA!

This isn’t the first time Early versions of CCNA included: IPv4 Appletalk IPX

Rule 1: Leading 0’s Two rules for reducing the size of written IPv6 addresses. The first rule is: Leading zeroes in any 16-bit segment do not have to be written. 2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00 2001 : DB8 : 1 : 1000 : 0 : 0 : ef0 : bc00 2001 : 0DB8 : 010d : 000a : 00dd : c000 : e000 : 0001 2001 : DB8 : 10d : a : dd : c000 : e000 : 1 2001 : 0DB8 : 0000 : 0000 : 0000 : 0000 : 0000 : 0500 2001 : DB8 : 0 : 0 : 0 : 0 : 0 : 500 If any 16-bit segment has fewer than four hexadecimal digits, it is assumed that the missing digits are leading zeroes.

Rule 2: Double colon :: equals 0000…0000 The second rule can reduce this address even further: Any single, contiguous string of one or more 16-bit segments consisting of all zeroes can be represented with a double colon. FE80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001 FE80 : : 1 FE80::1 Second Rule First Rule

Rule 2: Double colon :: equals 0000…0000 Only a single contiguous string of all-zero segments can be represented with a double colon. Both of these are correct… FE80 : 0000 : 0000 : 0000 : 0014 : 0000 : 0000 : 0095 FE80 :: 14 : 0 : 0 : 95 OR FE80 : 0 : 0 : 0 : 14 :: 95

Rule 2: Double colon :: equals 0000…0000 Using the double colon more than once in an IPv6 address can create ambiguity because of the ambiguity in the number of 0’s. FE80::14::95 FE80:0000:0000:0000:0014:0000:0000:0095 FE80:0000:0000::0014:0000:00000000:0095 FE80:0000:0014:0000:0000:0000:0000:0095

Network Prefixes IPv4, the prefix—the network portion of the address—can be identified by a dotted decimal netmask or bitcount. 255.255.255.0 or /24 IPv6 prefixes are always identified by bitcount (prefix length). Prefix length notation: 2001:0DB8:100:a::/64 16 32 48 64 bits The address is followed by a forward slash and a decimal number indicating how many of the first bits of the address are the prefix bits.

IPv6 Addresses

IPv6 Addressing Unicast Multicast Anycast Assigned Solicited Node FF00::/8 FF02::1:FF00:0000/104 Unspecified Unique Local Embedded IPv4 Global Unicast Link-Local Loopback 2000::/3 3FFF::/3 FE80::/10 FEBF::/10 ::1/128 ::/128 FC00::/7 FDFF::/7 ::/80

Global Unicast Address (GUA) Global Routing Prefix Subnet ID Interface ID Range: 2000::/3 0010 0000 0000 0000 :: to 3FFF::/3 0011 1111 1111 1111 :: 001 IANA’s allocation of IPv6 address space in 1/8th sections Global unicast addresses are similar to IPv4 addresses Routable Unique

Global Unicast Address (GUA) Global Routing Prefix Subnet ID Interface ID Range: 2000::/3 0010 0000 0000 0000 :: to 3FFF::/3 0011 1111 1111 1111 :: 001 Global unicast addresses are equivalent to IPv4 public addresses Except under very specific circumstances, all end users will have a global unicast address Terminology: Prefix equivalent to network address Prefix length equivalent to subnet mask in IPv4 Interface ID equivalent to host portion

Typical Global Unicast Address and Why We Love IPv6! IPv4 Unicast Address /? Network portion Subnet portion Host portion 32 bits IPv6 Global Unicast Address /48 /64 16-bit Fixed Subnet ID Global Routing Prefix Interface ID 128 bits 64-bit Interface ID = 18 quintillion (18,446,744,073,709,551,616) devices/subnet 16-bit Subnet ID = 65,536 subnets

/64 Global Unicast Addresses and the 3-1-4 rule /48 /64 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits Global Routing Prefix Subnet ID Interface ID 3 1 4 2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100 3 + 1 = 4 (/64) : 4 2001:0DB8:AAAA:1111:0000:0000:0000:0100/64 2001:0DB8:AAAA:1111::100/64

Subnetting IPv6 and Why Our Students Will Love IPv6 Just increment by 1 in Hexadecimal: 2001:0DB8:AAAA:0000::/64 2001:0DB8:AAAA:0001::/64 2001:0DB8:AAAA:0002::/64 2001:0DB8:AAAA:000A::/64 Valid abbreviation is to remove the 3 leading 0’s from the first shown quartet 2001:0DB8:AAAA:1::/64 3-1-4 Rule

Subnetting into the Interface ID /48 /112 48 bits 64 bits 16bits Global Routing Prefix Subnet ID Prefix Interface ID Global Routing Prefix Subnet-ID Interface ID 2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0000 : 0000 2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0001 : 0000 2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0002 : 0000 thru 2001 : 0DB8 : AAAA : FFFF : FFFF : FFFF : FFFE : 0000 2001 : 0DB8 : AAAA : FFFF : FFFF : FFFF : FFFF : 0000

Subnetting on a nibble boundary /48 /68 60 bits 48 bits 20 bits Global Routing Prefix Subnet ID Interface ID /68 Prefix Subnetting on a nibble (4 bit) boundary makes it easier to list the subnets: /64, /68, /72, etc. 2001:0DB8:AAAA:0000:0000::/68 2001:0DB8:AAAA:0000:1000::/68 2001:0DB8:AAAA:0000:2000::/68 through 2001:0DB8:AAAA:FFFF:F000::/68 /68

Subnetting within a nibble /48 /70 48 bits 22 bits 58 bits Global Routing Prefix Subnet ID Interface ID /70 Prefix Four Bits: The two leftmost bits are part of the Subnet-ID, whereas the two rightmost bits belong to the Interface ID. 2001:0DB8:AAAA:0000:0000::/70 0000 2001:0DB8:AAAA:0000:0400::/70 0100 2001:0DB8:AAAA:0000:0800::/70 1000 2001:0DB8:AAAA:0000:0C00::/70 1100 bits

Do we need the IPv6 equivalent to a /30? /127? /48 /127 48 bits 79 bits 1bit Global Routing Prefix Subnet ID 127-bit Prefix 1 bit Interface ID Beyond the scope of CCNA but may be of interest…. RFC 6164 - Using 127-Bit IPv6 Prefixes on Inter-Router Links Ping-Pong Attack Neighbor Cache Exhaustion Issue There are mitigation techniques for both. If you still want to use a /127, reserve a separate /64 for each /127. 2001:0DB8:AAAA:F000::/64 2001:0DB8:AAAA:F000::A/127 2001:0DB8:AAAA:F000::B/127 2001:0DB8:AAAA:F001::/64 2001:0DB8:AAAA:F001::A/127 2001:0DB8:AAAA:F001::B/127

Global Unicast IPv6 Address Static Configuration

Stateless Autoconfiguration Configuring a Global Unicast Address Global Unicast Manual Dynamic IPv6 Unnumbered Stateless Autoconfiguration IPv6 Address DHCPv6 Static EUI-64

Exactly the same as an IPv4 address only different. R1(config)#interface gigabitethernet 0/0 R1(config-if)#ipv6 address 2001:db8:acad:1::1/64 R1(config-if)#no shutdown R1(config-if)#exit No space Exactly the same as an IPv4 address only different. No space between IPv6 address and Prefix-length. IOS commands for IPv6 are very similar to their IPv4 counterpart. All 0’s and all 1’s are valid IPv6 host IPv6 addresses.

R1(config)#interface gigabitethernet 0/1 R1(config-if)#ipv6 address 2001:db8:acad:2::1/64 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface serial 0/0/0 R1(config-if)#ipv6 address 2001:db8:acad:3::1/64 R1(config-if)#clock rate 56000

show running-config command on router R1 R1# show running-config <output omitted for brevity> interface GigabitEthernet0/0 no ip address duplex auto speed auto ipv6 address 2001:DB8:ACAD:1::1/64 !

show ipv6 interface brief command on router R1 R1# show ipv6 interface brief GigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:ACAD:1::1 Link-local unicast address Global unicast address Link-local address automatically created when (before) the global unicast address is. We will discuss link-local addresses soon.

PC1: Static Global Unicast Address 2001:db8:acad:1::10 64 2001:db8:acad:1::1 (or link-local address)

PC1: Static Global Unicast Address PC1> ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1::10 Link-local IPv6 Address . . . . . : fe80::50a5:8a35:a5bb:66e1 Default Gateway . . . . . . . . . : 2001:db8:acad:1::1

Pinging a Global Unicast IPv6 Addresses Ping uses ICMPv6 Echo Request and Echo Reply messages similar to ICMPv4. PC1> ping 2001:db8:acad:1::1 Pinging 2001:db8:acad:1::1 from 2001:db8:acad:1::100 with 32 bytes of data: Reply from 2001:db8:acad:1::1: time=1ms Ping statistics for 2001:db8:acad:1::1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms PC1>

Global Unicast IPv6 Address Dynamic Configuration

Dynamic Configuration of IPv6 Addresses Global Unicast Manual Dynamic IPv6 Unnumbered Stateless Autoconfiguration IPv6 Address DHCPv6 Static EUI-64

IPv4 Dynamic Addresses DHCP Server

With IPv6 it begins with the Router Advertisement To all IPv6 routers: I need IPv6 address information ICMPv6 Router Solicitation DHCPv6 Server To all IPv6 devices: Let me tell you how to do this … ICMPv6 Router Advertisement ICMPv6 Neighbor Discovery Router Solicitation Router Advertisement The Router Advertisement (RA) tells hosts how it will receive IPv6 Address Information. Sent periodically by an IPv6 router or… … when the router receives a Router Solicitation message from a host.

ICMPv6 Router Advertisement R1(config)# ipv6 unicast-routing DHCPv6 Server Router Advertisement/Solicitation Messages Part of ICMPv6 (Internet Control Message Protocol for IPv6) Router Advertisements (RA) are sent by an “IPv6 router” – ipv6 unicast-routing command Forwards IPv6 Packets Can be enabled for IPv6 static and dynamic routing Sends ICMPv6 Router Advertisements Note: Routers can be configured with IPv6 addresses without being an IPv6 router

SLAAC (Stateless Address Autoconfiguration) Option 1 and 2: Stateless Address Autconfiguration – DHCPv6 Server does not maintain state of addresses Option 3: Stateful Address Configuration – Address received from DHCPv6 Server DHCPv6 R1(config)# ipv6 unicast-routing DHCPv6 Server Option 1: SLAAC (Default on Cisco routers) “I’m everything you need (Prefix, Prefix-length, Default Gateway)” Option 2: SLAAC + Stateless DHCPv6 for DNS address “Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.” Option 3: All addressing except default gateway – DHCPv6 “I can’t help you. Ask a DHCPv6 server for all your information.” RA

Router Advertisement – Option 1 SLAAC 2001:DB8:ACAD:1::/64 MAC: 00-03-6B-8C-E0-80 1 Option 1 – RA Message To: FF02::1 (All IPv6 devices multicast – more later) From: FE80::1 (Link-local address) Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64 2 RA Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64 Default Gateway: FE80::1 Global Unicast Address: 2001:DB8:ACAD:1: + Interface ID 3 EUI-64 Process or Random 64-bit value DHCPv6 Server

Dynamic Interface ID Router Advertisement 2001:DB8:ACAD:1::/64 DHCPv6 Server /48 /64 64 bits Global Routing Prefix Subnet ID Interface ID SLAAC EUI-64 Process Randomly Generated Number (Privacy Extension) Windows operating systems, Windows XP and Server 2003 use EUI-64. Windows Vista and newer; hosts create a random 64-bit Interface ID. Linux: Mostly use random 64-bit number Mac OSX: use EUI-64 (on my Macs)

EUI-64 (Extended Unique Identifier – 64) 2001:DB8:ACAD:1::/64 MAC: 00-03-6B-E9-D4-80 1 Option 1 – RA Message To: FF02::1 (All IPv6 devices multicast) From: FE80::1 (Link-local address) Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64 2 RA Prefix: 2001:DB8:ACAD:1:: Prefix-length: /64 Default Gateway: FE80::1 Global Unicast Address: 2001:DB8:ACAD:1: + Interface ID EUI-64 Process or Random 64-bit value DHCPv6 Server

EUI-64 F F F E 00 03 6B E9 D4 80 02 03 6B FF FE E9 D4 80 OUI 24 bits Device Identifier 24 bits Hexadecimal 00 03 6B E9 D4 80 Step 1: Split the MAC address Binary 0000 0000 0000 0011 0110 1011 1110 1001 1101 0100 1000 0000 F F F E Step 2: Insert FFFE Binary 0000 0000 0000 0011 0110 1011 1111 1111 1111 1110 1110 1001 1101 0100 1000 0000 Step 3: Flip the U/L bit Binary 0000 0010 0000 0011 0110 1011 1111 1111 1111 1110 1110 1001 1101 0100 1000 0000 Modified EUI-64 Interface ID in Hexadecimal Notation 02 03 6B FF FE E9 D4 80 Binary

PC1: Global Unicast Address Router Advertisement EUI-64 PC1> ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:02-03-6b-ff-fe-e9-d4-80 Link-local IPv6 Address . . . . . : fe80::02-03-6b-ff-fe-e9-d4-80 Default Gateway . . . . . . . . . : fe80::1 A 64-bit Interface ID and the EUI-64 process accommodate the IEEE specification for a 64-bit MAC address.

Option 2:Stateless DHCPv6 I created my own address, have a prefix-length, default gateway, but I need a DNS address… ICMPv6 Router Advertisement DHCPv6 DHCPv6 Server Other Configuration Flag is set. Use me for your address information just like SLAAC but… … you need to get other information from a DHCPv6 server like possibly a DNS server address. Learn how to configure the RA message and the Stateless DHCPv6 server in the Intermediate IPv6 presentation 

Option 3: Stateful DHCPv6 The router’s Router Advertisement tells me it can’t help me and I need to communicate with a stateful DHCPv6 server… ICMPv6 Router Advertisement DHCPv6 DHCPv6 Server Managed Configuration Flag is set. Get ALL of your address information from a DHCPv6 server except use my link-local address for your default gateway address. Learn how to configure the RA message and the Stateful DHCPv6 server in the Intermediate IPv6 presentation 

What about Stateful DHCPv6? DHCPv6 is similar to DHCPv4. Host operating systems “may” include the option of ignoring the Router Advertisement from the router and only use the stateful services of a DHCPv6 server. Note: All addresses should be checked before use with DAD (Duplicate Address Detection), similar to gratuitous ARP in IPv4. DHCPv6 DHCPv6 Server

The World of IPv4 – DHCPv4 and NAT G0/1 G0/1 HOME G0/0 ISP DHCPv4 Public IPv4 Address for the interface Private IPv4 Address DHCPv4 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 What about DHCP and IPv6 for my home network – First IPv4 at home…. ISP only has to deliver a public IPv4 address for Home router interface. DHCP and RFC 1918 private address space is used for home network (ISP is not involved). NAT is used for translation – but has its drawbacks! No NAT (like that… kind of) for IPv6

The World of IPv6 – DHCPv6-PD (Prefix Delegation) Complete IPv6 Reachability Delegating Router (DR) Requesting Router (RR) G0/1 G0/1 G0/0 ISP-DR HOME-RR How does the home network get a “pubic” IPv6 address? IPv6 Address for the interface: SLAAC DHCPv6 (Stateful or Stateless) DHCPv6 with Prefix Delegation In the Intermediate presentation we will learn the operations and configuration of DHCPv6-PD.

Link-Local Unicast IPv6 Addresses

IPv6 Addressing Unicast Multicast Anycast Assigned Solicited Node FF00::/8 FF02::1:FF00:0000/104 Unspecified Unique Local Embedded IPv4 Global Unicast Link-Local Loopback 2000::/3 3FFF::/3 FE80::/10 FEBF::/10 ::1/128 ::/128 FC00::/7 FDFF::/7 ::/80

Link-Local Communications Link-local unicast Link-Local Communications Used to communicate with other devices on the link. Are NOT routable off the link (network). Only have to be unique on the link. Are not included in the IPv6 routing table. An IPv6 device must have at least a link-local address. Used by: Hosts to communicate to the IPv6 network before it has a global unicast address. Router’s link-local address is used by hosts as the default gateway address. Adjacent routers to exchange routing updates

Link-local Unicast Interface ID FE80::/10 10 bits Remaining 54 bits 64 bits /64 1111 1110 10xx xxxx Interface ID FE80::/10 EUI-64, Random or Manual Configuration Range: FE80::/10 1111 1110 1000 0000 :: to FEBF::/10 1111 1110 1011 1111 ::

IOS uses EUI-64 to Create Link-Local Addresses Wait! Two Link-Locals are the same! G0/0 S0/0/0 R1 G0/1 R1#show interface gigabitethernet 0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is CN Gigabit Ethernet, address is fc99.4775.c3e0 (bia fc99.4775.c3e0) <Output Omitted> R1#show ipv6 interface brief GigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:ACAD:1::1 GigabitEthernet0/1 [up/up] FE80::FE99:47FF:FE75:C3E1 2001:DB8:ACAD:2::1 Serial0/0/0 [up/up] 2001:DB8:ACAD:3::1 R1# EUI-64 FF:FE = EUI-64 (most likely) Serial interfaces will use a MAC address of an Ethernet interface.

PC1: Link-Local Unicast Address PC1> ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix .: IPv6 Address. . . . . . . . . : 2001:db8:acad:1:3496:1c51:3f57:fe89 Link-local IPv6 Address . . . : fe80::3496:1c51:3f57:fe89 Default Gateway . . . . . . . : fe80::1 Many operating systems will use a random 64-bit Interface IDs for GUA and Link- Local IPv6 Addresses.

Configuring Static Link-Local Addresses G0/0 FE80::1 S0/0/0 FE80::1 G0/1 FE80::1 R1 Static addresses are more easily remembered and recognizable. R1(config)#interface gigabitethernet 0/0 R1(config-if)#ipv6 address fe80::1 ? link-local Use link-local address R1(config-if)#ipv6 address fe80::1 link-local R1(config-if)#exit R1(config)#interface gigabitethernet 0/1 R1(config)#interface serial 0/0/0 R1(config-if)# Link-Local Addresses only have to be unique on the link!

ipv6 enable command Router(config)# interface gigabitethernet 0/1 Router(config-if)# ipv6 enable Router(config-if)# end Router# show ipv6 interface brief GigabitEthernet0/1 [up/up] FE80::20C:30FF:FE10:92E1 Router# Link-local unicast address only Link-local addresses are automatically created whenever a global unicast address is configured The ipv6 enable command will: Create a link-local address when there is no global unicast address Maintain the link-local address even when the global unicast address is removed

Pinging a Link-Local Address FE80::1 FE80::2 R1 Ser 0/0/0 :1 Ser 0/0/0 :2 R2 FE80::1 2001:0DB8:ACAD:2::/64 2001:0DB8:ACAD:1::/64 G0/0 R1# ping fe80::2 Output Interface: ser 0/0/0 % Invalid interface. Use full interface name without spaces (e.g. Serial0/1) Output Interface: serial0/0/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::2, timeout is 2 secs: !!!!! Must include exit-interface

Next-hop addresses in IPv6 Routing Tables R1# show ipv6 route ospf O 2001:DB8:CAFE:2::/64 [110/657] via FE80::2, Serial0/0/0 O 2001:DB8:CAFE:3::/64 [110/1304] O 2001:DB8:CAFE:A002::/64 [110/1294] R1# Link-local addresses are used as next hop addresses

Multicast IPv6 Addresses

IPv6 Multicast IPv6 Addressing Unicast Multicast Anycast Assigned Solicited Node FF00::/8 FF02::1:FF00:0000/104 ICMPv6 Neighbor Discovery Router Solicitation Router Advertisement ICMPv6 Neighbor Discovery Neighbor Solicitation

IPv6 Multicast Similar to Multicast addresses for IPv4. 8 bits 4 bits 4 bits 112bits 1111 1111 Flag Scope Group ID FF00::/8 Similar to Multicast addresses for IPv4. Used to send a packet to a group of devices. Two types: Assigned Solicited Node

Assigned Multicast Addresses FE80::1 FF02::1 ICMPv6 Router Advertisement FF02::1 – All IPv6 Devices All IPv6 devices, including the router, belong to this group. Every IPv6 device will listen and process packets to this address.

Assigned Multicast Addresses FE80::0123:456:789A:BCDE FF02::2 R1(config)# ipv6 unicast-routing ICMPv6 Router Solicitation FF02::2 – All IPv6 Routers All IPv6 routers belong to this group. Used to communicate with an IPv6 Router (ipv6 unicast routing)

Multicast Groups of a Router R1# show ipv6 interface gigabitethernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::FE99:47FF:FE75:C3E0 Global unicast address(es): 2001:DB8:ACAD:1::1, subnet is 2001:DB8:ACAD:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::5 FF02::6 FF02::1:FF00:1 FF02::1:FF75:C3E0 <output omitted for brevity> Member of these Multicast Groups All-IPv6 devices on this link All-IPv6 routers on this link: IPv6 routing enabled OSPFv3 All OSPF Routers (similar to 224.0.0.5) OSPFv3 All DR Routers (similar to 224.0.0.6) Solicited-node multicast addresses FF02 – “2” means link-local scope What is a solicited node multicast address? Let’s talk address resolution.

Address Resolution

Address Resolution: IP to MAC Mapping Know IPv4, what is the MAC? My IPv4! Here is the MAC? 2 1 ARP Reply ARP Request PC1 PC2 ARP Cache 3 1 My IPv6! Here is the MAC? 2 Neighbor Advertisement Neighbor Solicitation Know IPv6, what is the MAC? NeighborCache 3 IP to data link(MAC) address mapping: IPv4 addresses use ARP IPv6 addressing use ICMPv6 Neighbor Discovery messages Neighbor Solicitation Neighbor Advertisement Devices store this mapping in their Neighbor Cache ICMPv6 Neighbor Discovery Neighbor Solicitation Neighbor Advertisement

Address Resolution: IP to MAC Mapping IPv4: ARP over Ethernet Ethernet ARP Request/Reply ARP Request: Broadcast Know IPv4, what is the MAC? My IPv4! Here is the MAC? 2 1 ARP Reply ARP Request PC1 PC2 1 My IPv6! Here is the MAC? 2 Know IPv6, what is the MAC? Neighbor Advertisement Neighbor Solicitation IPv6: ICMPv6 over IPv6 over Ethernet Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement NS: Multicast NS: Solicited Node Multicast

Advantages of Multicast Ethernet Broadcast Destination MAC Address: Broadcast Data must be passed to upper layer for processing. IPv4 or IPv6 Multicast IP multicast packets can be filtered by the switch, only sending packets to members of that group IPv4 - IGMP (Internet Group Management Protocol) IPv6 - MLD (Multicast Listener Discovery) However, Solicited Node Multicasts are forwarded out all ports because of the potentially huge forwarding tables needed to to store these addresses. (For now.) Ethernet Broadcast Solicited Node multicast addresses to be sent to every port to improve network robustment and management. IPv6 Addressing Architecture requires that all nodes must join the associated Solicited-Node multicast addresses for every unicast and anycast address it is assigned. This causes MLD snooping switches to create potentially huge multicast forwarding tables just to handle Neighbor Discovery. A simple change to alleviate this would be to allow switches to forward a range of addresses that include the Solicited-Node multicast addresses to every port. This also could help in network discovery. IPv4/IPv6 Multicast IGMP/MLD Snooping

Why layer 2 multicast? ARP Requests: Layer 2 broadcasts: Ethernet broadcasts are sent to all devices. Flood the entire broadcast domain (subnet/VLAN). Ethernet NIC must process the frame. Any filtering is done by a higher layer protocol such as ARP. Target IPv4 Address Solicited Node Multicasts: Layer 2 and Layer 3 multicasts: Although solicited node multicasts are forwarded out all ports, …. Layer 2 multicast allows frames to be filtered by the NIC and not have send data to an upper layer protocol for inspection.

Neighbor Cache (IPv4 ARP Cache) Neighbor Advertisement Neighbor Cache IPv6 Address MAC Address 2001:DB8:ACAD:1::10 0021.9bd9.c644 PC1 IPv6 - 2001:DB8:ACAD:1::10 MAC - 0021.9bd9.c644 Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses Similar to ARP Cache for IPv4 5 States (2 noticeable and 3 transitory): (My CCNP Presentation) Reachable: Packets have recently been received providing confirmation that this device is reachable. Stale: A certain time period has elapsed since a packet has been received from this address. Transitory States: INCOMPLETE, DELAY, PROBE

Neighbor Cache Windows: netsh interface ipv6 show neighbor Linux/MAC: ip neighbor show R1# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0 2001:DB8:ACAD:1::10 16 0021.9bd9.c644 STALE Fa0/0 R1# ping 2001:db8:aaaa:1::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 2001:DB8:ACAD:1::10 0 0021.9bd9.c644 REACH Fa0/0 R1# Age Time (in minutes) since the address was confirmed to be reachable. A hyphen (-) indicates a static entry.

ICMPv6 Review

Internet Control Message Protocol (ICMPv6) IPv6 Next Header Value: 58 decimal or 3A hexadecimal ICMPv6 Header ICMPv6 Message Body Next Header 58 IPv6 Header IPv6 Data Described in RFC 4443 Much more robust than ICMP for IPv4 Contains new functionality and improvements. More than just “messaging” but “how IPv6 conducts business”. General message similar to ICMP for IPv4 Also uses Type and Code fields like in ICMPv4.

Neighbor Discovery Protocol Uses ICMPv6 ICMPv6 informational messages used by Neighbor Discovery (RFC 4861): Router Solicitation Message Router Advertisement Message Discussed with dynamic configuration of IPv6 addresses Introduced with assigned multicast addresses Neighbor Solicitation Message Neighbor Advertisement Message Discussed with address resolution (IPv4 ARP) Introduced with solicited node multicast address Redirect Message (Similar to ICMPv4) Router-Device Messaging Device-Device Messaging

Router Solicitations and Router Advertisements Used by SLAAC (Stateless Address Autoconfiguration) 1 Router Solicitation Message I need IPv6 address information. FF02::2 All IPv6 Routers PC1 DHCPv6 Server Router Advertisement Message Here is one of three options: I have everything you need. I have mostly what you need, but you will need to contact a DHCPv6 server for other information like a DNS address. I have nothing for you. Contact a DHCPv6 serverl 2 FF02::1 All IPv6 Devices

Neighbor Solicitations and Neighbor Advertisements Neighbor Solicitation Message Whoever has the IPv6 Address 2001:DB8:ACAD:1::10 please send me your Ethernet MAC address. 1 PC2 Solicited Node Multicast PC1 2 Neighbor Advertisement Message I have the IPv6 Address 2001:DB8:ACAD:1::10. Here is my Ethernet MAC address: 0021:9bd9:c644. Unicast Address Resolution - A device knows the IPv6 address but needs the Layer 2 MAC address. Unlike ARP, ICMPv6 Neighbor Solicitation/Advertisement messages are encapsulated in IPv6. Information is stored in the Neighbor Cache.

Teach it and use it, and it will all make sense! What we covered… Why IPv6? IPv6 and ICMPv6 at a glance Format of an IPv6 Address IPv6 Address Global Unicast IPv6 Address Subnetting Link-Local Unicast IPv6 Address Static Configuration of a Global Unicast Address Dynamic Configuration of a Global Unicast Address Three options Link-local address Multicast address Address Resolution Teach it and use it, and it will all make sense!

Quality time with my two nieces… Web Site, Book, Etc. Shameless plug! Rick Graziani - graziani@cabrillo.edu PowerPoints for CCNA, CCNP, IPv6 www.cabrillo.edu/~rgraziani Username = cisco Password = perlman Quality time with my two nieces…

And…… Thank you very much! Rick Graziani - graziani@cabrillo.edu www.cabrillo.edu/~rgraziani Username = cisco Password = perlman