starclick

Friday, 19 July 2013


IPv6 tutorial


Internet has been growing extremely fast so the IPv4 addresses are quickly approaching complete depletion. Although many organizations already use Network Address Translators (NATs) to map multiple private address spaces to a single public IP address but they have to face with other problems from NAT (the use of the same private address, security…). Moreover, many other devices than PC & laptop are requiring an IP address to go to the Internet. To solve these problems in long-term, a new version of the IP protocol – version 6 (IPv6) was created and developed.
IPv6 was created by the Internet Engineering Task Force (IETF), a standards body, as a replacement to IPv4 in 1998. So what happened with IPv5? IP Version 5 was defined for experimental reasons and never was deployed.
While IPv4 uses 32 bits to address the IP (provides approximately 232 = 4,294,967,296 unique addresses – but in fact about 3.7 billion addresses are assignable because the IPv4 addressing system separates the addresses into classes and reserves addresses for multicasting, testing, and other specific uses), IPv6 uses up to 128 bits which provides 2128 addresses or approximately 3.4 * 1038 addresses. Well, maybe we should say it is extremely extremely extremely huge :)
IPv6 Address Types
Address TypeDescription
UnicastOne to One (Global, Link local, Site local)
+ An address destined for a single interface.
MulticastOne to Many
+ An address for a set of interfaces
+ Delivered to a group of interfaces identified by that address.
+ Replaces IPv4 “broadcast”
AnycastOne to Nearest (Allocated from Unicast)
+ Delivered to the closest interface as determined by the IGP
A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast)
IPv6 address format
Format:
x:x:x:x:x:x:x:x – where x is a 16 bits hexadecimal field and x represents four hexadecimal digits.
An example of IPv6: 
2001:0000:5723:0000:0000:D14E:DBCA:0764
There are:
+ 8 groups of 4 hexadecimal digits.
+ Each group represents 16 bits (4 hexa digits * 4 bit)
+ Separator is “:”
+ Hex digits are not case sensitive, so “DBCA” is same as “dbca” or “DBca”…
IPv6 (128-bit) address contains two parts:
+ The first 64-bits is known as the prefix. The prefix includes the network and subnet address. Because addresses are allocated based on physical location, the prefix also includes global routing information. The 64-bit prefix is often referred to as the global routing prefix.
+ The last 64-bits is the interface ID. This is the unique address assigned to an interface.
Note: Addresses are assigned to interfaces (network connections), not to the host. Each interface can have more than one IPv6 address.
Rules for abbreviating IPv6 Addresses:
+ Leading zeros in a field are optional
2001:0DA8:E800:0000:0260:3EFF:FE47:0001 can be written as
2001:DA8:E800:0:260:3EFF:FE47:1
+ Successive fields of 0 are represented as ::, but only once in an address:
2001:0DA8:E800:0000:0000:0000:0000:0001 -> 2001:DA8:E800::1
Other examples:
– FF02:0:0:0:0:0:0:1 => FF02::1
– 3FFE:0501:0008:0000:0260:97FF:FE40:EFAB = 3FFE:501:8:0:260:97FF:FE40:EFAB = 3FFE:501:8::260:97FF:FE40:EFAB
– 0:0:0:0:0:0:0:1 => ::1
– 0:0:0:0:0:0:0:0 => ::
IPv6 Addressing In Use
IPv6 uses the “/” notation to denote how many bits in the IPv6 address represent the subnet.
The full syntax of IPv6 is
ipv6-address/prefix-length
where
ipv6-address is the 128-bit IPv6 address
+ /prefix-length is a decimal value representing how many of the left most contiguous bits of the address comprise the prefix.
Let’s analyze an example:
2001:C:7:ABCD::1/64 is really
2001:000C:0007:ABCD:0000:0000:0000:0001/64
+ The first 64-bits 2001:000C:0007:ABCD is the address prefix
+ The last 64-bits 0000:0000:0000:0001 is the interface ID
+ /64 is the prefix length (/64 is well-known and also the prefix length in most cases)
In the next part, we will understand more about each prefix of an IPv6 address.
he Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for the assignment of IPv6 addresses. ICANN assigns a range of IP addresses to Regional Internet Registry (RIR) organizations. The size of address range assigned to the RIR may vary but with a minimum prefix of /12 and belong to the following range: 2000::/12 to 200F:FFFF:FFFF:FFFF::/64.
ipv6_Address_Allocation_Policy.jpg
Each ISP receives a /32 and provides a /48 for each site-> every ISP can provide 2(48-32) = 65,536 site addresses (note: each network organized by a single entity is often called a site).
Each site provides /64 for each LAN -> each site can provide 2(64-48) = 65,536 LAN addresses for use in their private networks.
So each LAN can provide 264 interface addresses for hosts.
-> Global routing information is identified within the first 64-bit prefix.
Note: The number that represents the range of addresses is called a prefix

ipv6_policy_ISP.jpg
Now let’s see an example of IPv6 prefix: 2001:0A3C:5437:ABCD::/64:
IPv6_prefix_length_example.jpg
In this example, the RIR has been assigned a 12-bit prefix. The ISP has been assigned a 32-bit prefix and the site is assigned a 48-bit site ID. The next 16-bit is the subnet field and it can allow 216, or 65536 subnets. This number is redundant for largest corporations on the world!
The 64-bit left (which is not shown the above example) is the Interface ID or host part and it is much more bigger: 64 bits or 264 hosts per subnet! For example, from the prefix 2001:0A3C:5437:ABCD::/64 an administrator can assign an IPv6 address 2001:0A3C:5437:ABCD:218:34EF:AD34:98D to a host.
IPv6 Address Scopes
Address types have well-defined destination scopes:
IPv6 Address Scopes              Description
Link-local address+ only used for communications within the local subnetwork (automatic address configuration, neighbor discovery, router discovery, and by many routing protocols). It is only valid on the current subnet.
+ routers do not forward packets with link-local addresses.
+ are allocated with the FE80::/64 prefix -> can be easily recognized by the prefix FE80. Some books indicate the range of link-local address is FE80::/10, meaning the first 10 bits are fixed and link-local address can begin with FE80, FE90,FEA0 and FEB0 but in fact the next 54 bits are all 0s so you will only see the prefix FE80 for link-local address.
+ same as 169.254.x.x in IPv4, it is assigned when a DHCP server is unavailable and no static addresses have been assigned
+ is usually created dynamically using a link-local prefix of FE80::/10 and a 64-bit interface identifier (based on 48-bit MAC address).
Global unicast address+ unicast packets sent through the public Internet
+ globally unique throughout the Internet
+ starts with a 2000::/3 prefix (this means any address beginning with 2 or 3). But in the future global unicast address might not have this limitation
Site-local address+ allows devices in the same organization, or site, to exchange data.
+ starts with the prefix FEC0::/10. They are analogous to IPv4′s private address classes.
+ Maybe you will be surprised because Site-local addresses are no longer supported (deprecated) by RFC 3879 so maybe you will not see it in the future.

All nodes must have at least one link-local address, although each interface can have multiple addresses.
However, using them would also mean that NAT would be required and addresses would again not be end-to-end.
Site-local addresses are no longer supported (deprecated) by RFC 3879.
Special IPv6 Addresses
Reserved Multicast AddressDescription
FF02::1+ All nodes on a link (link-local scope).
FF02::2+ All routers on a link
FF02::5+ OSPFv3 All SPF routers
FF02::6+ OSPFv3 All DR routers
FF02::9+ All routing information protocol (RIP) routers on a link
FF02::A+ EIGRP routers
FF02::1:FFxx:xxxx+ All solicited-node multicast addresses used for host auto-configuration and neighbor discovery (similar to ARP in IPv4)
+ The xx:xxxx is the far right 24 bits of the corresponding unicast or anycast address of the node
FF05::101+ All Network Time Protocol (NTP) servers
Reserved IPv6 Multicast Addresses
Reserved Multicast AddressDescription
FF02::1+ All nodes on a link (link-local scope).
FF02::2+ All routers on a link
FF02::9+ All routing information protocol (RIP) routers on a link
FF02::1:FFxx:xxxx+ All solicited-node multicast addresses used for host auto-configuration and neighbor discovery (similar to ARP in IPv4)
+ The xx:xxxx is the far right 24 bits of the corresponding unicast or anycast address of the node
FF05::101+ All Network Time Protocol (NTP) servers

3 comments:

Every Admin Should Know These Commands Active Directory 1.   To quickly list all the groups in your domain, with members, run this c...