Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
Document related concepts

Net bias wikipedia , lookup

Server Message Block wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

AppleTalk wikipedia , lookup

Wake-on-LAN wikipedia , lookup

I²C wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
IPv6
Chapter 13
Objectives
• Discuss the fundamental concepts of
IPv6
• Describe IPv6 practices
• Implement IPv6 in a TCP/IP network
Overview
Introduction to IPv6
• Internet Protocol version 4 (IPv4)
– Created around 1979
– 32-bit IP address space – ~4 billion addresses
– Allocation methods wasted addresses
• Internet Protocol version 6 (IPv6)
– 128-bit addresses
– Improved security, routing, other features
Three Parts to Chapter 13
• IPv6 Basics
• Using IPv6
• Moving to IPv6
IPv6 Basics
• IPv6 Address Notation
– 128-bits written in hexadecimal
– 2001:0000:0000:3210:0800:200C:00CF:1234
– Pair of colons represent string of consecutive
groups of zeroes
– 2001::3210:0800:200C:00CF:1234
– Only one set of colon pairs per address
– FEDC:0000:0000:0000:00CF:0000:BA98:1234
– FEDC::CF:0:BA98:1234
• IPv6 Address Notation
– IPv6 loopback address
– ::1
– 0000:0000:0000:0000:0000:0000:0000:0001
• Link-Local Address
– Self-generated (in manner of IPv4 APIPA)
– First 64-bits always FE80::/64
– Second 64-bits EUI-64
• Generated with calculation using MAC address
• Most operating systems use EUI-64
• Extra steps in Windows Vista and Windows 7
• Guaranteed unique
• Link-local address works on private networks
Figure 13.1 Link-local address
• IPv6 Subnet Masks
– Function like IPv4 subnet masks
– Represented with /x CIDR naming
– FEDC::CF:0:BA98:1234/64
– No subnet is ever longer than /64
– IANA gives out /32 subnets to big ISPs
– ISPs pass out /48 and /64 subnets
– Most IPv6 subnets are between /48 & /64
Figure 13.2 Link-local address in Windows Vista
• The End of Broadcast
– Each link-local is a unicast address
– Multicast addresses replace broadcast
• FF02::2 only read by routers
• FF02::1 all nodes address
• FF02::1:FFxx:xxxx solicited-node address
– Anycast
• Used in DNS
• Looks like a unicast to sending computer
Figure 13.3 Multicast to routers
Table 13.1
Address
IPv6 Multicast Addresses
Function
FF02::1
All Nodes Address
FF02::2
All Routers Address
FF02::FFXX:XXXX
Solicited-Node Address
• Global Addresses
– Global unicast address
– Required for Internet access
– IPv6-capable gateway router gives to hosts
– Router configured to do this
– 2001:470:B8F9:1/64
• Router provides prefix
• NIC generates the rest (using EUI-64)
– 2001:470:B8F9:1:20C:29FF:FE53:45CA
Figure 13.4 Getting a global address
Figure 13.5 IPv6 configuration on Macintosh OS X
• Aggregation
– Current problem with tier-one routers
• No default routes
• Huge routing table (30,000-50,000 routes)
Figure 13.6 No-default routers
• Aggregation
– Every router uses a subnet of the next higher
router’s routes
– Reduces size and complexity of tables
– Gives detailed geographic picture
– IP address shows location
– Part of IPv6
• How aggregation works
– Gateway gives first 64 bits of IP address to
computers
– Gateway gets its 48-bit prefix from upstream
– 2001:d0be:7922:1:fc2d:aeb2:99d2:e2b4
– Network prefix is 2001:dObe:7922:1 /64
– ISP’s network prefix 2001:D0BE /32
– ISP adds 16-bit subnet: 2001:d0be:7922/48
– At your gateway, tech adds 160bit subnet
– Result: 2001:d0be:7922:1 /64
Figure 13.7 Aggregation
Figure 13.8 An IPv6 group of routers
Figure 13.9 Adding the first prefix
Figure 13.10 Adding the second prefix
• Aggregation and router changes
– From ISP1 to ISP2
– New 32-bit prefix: 2ab0:3c05/32
– Downstream routers make an “all nodes”
multicast
– All clients get new IP addresses
– IPv6 address changes rare but normal
Figure 13.11 New IP address updated downstream
Using IPv6
• Enabling IPv6
– Table 13.2 lists IPv6 status of operating systems
– Check to see if IPv6 is running
• IPCONFIG in Windows
• IFCONFIG in Linux or Mac OS X
Table 13.2
IPv6 Adoption by IS
Operating System
IPv6 Status
Windows 2000
Windows 2000 came with “developmental” IPv6 support.
Microsoft does not recommend using Windows 2000 for IPv6.
Original Windows XP came with a rudimentary but fully functional IPv6 stack that had to be installed from the command
prompt. SP1 added the ability to add the same IPv6 stack under
the Install | Protocols menu.
Complete IPv6 support. IPv6 is active on default installs.
Complete IPv6 support. IPv6 is not installed by default but is
easily installed via the Install | Protocols menu.
Complete IPv6 support. IPv6 is active on default installs.
Complete IPv6 support from kernel 2.6. IPv6 is active on default
installs.
Complete IPv6 support on all versions. IPv6 is active on default
installs.
Windows XP
Windows Vista/Windows 7
Windows Server 2003
Windows Server 2008
Linux
Macintosh OS X
• NAT in IPv6
– NAT not used in IPv6
– All IP addresses exposed to the Internet
– Huge address space makes IP scanning nearly
impossible
– IPSec important for security
– Security options beyond IPv6
• Encryption
• Firewall
Figure 13.12 IPv6 enabled in Windows Vista
Figure 13.13 IPv6 enabled in Ubuntu 8.10
Figure 13.14 Angry IP scanner at work
• DHCP in IPv6
– DHCPv6
– Works differently than in IPv4
– IP address and subnet received from gateway
router
– Need DCHPv6 for other IP information
– Two modes of DHCPv6
• Stateful – works like DHCP in IPv4
• Stateless – only passes out optional information
• Stateless is the norm
Figure 13.15 DHCPv6 server in action
• DNS in IPv6
–
–
–
–
–
Trivial
Most DNS servers now support IPv6 addresses
DNS servers supporting IPv6 use AAAA records
DNSv6 details not finalized
For now manually add DNS server information to
IPv6 clients
Figure 13.16 IPv6 addresses on DNS server
Figure 13.17 Manually adding an IPv6 DNS server
in Vista
Moving to IPv6
• IPv4 and IPv6
– What is not ready for IPv6?
• Most home routers
• Some Internet routers
– What is ready for IPv6?
• Most recent operating systems
• All root DNS servers
• All tier-one ISP routers
Figure 13.18 IPv4 and IPv6 on one computer
Figure 13.19 The IPv6 gap
• Tunnels
– IPv4-to-IPv6 tunnels bridge the gap
• Encapsulate IPv6 traffic into an IPv4 tunnel
• Endpoints at IPv6 client and IPv6 router
Figure 13.20 The IPv4-to-IPv6 tunnel
• 6to4 Tunnels
– 6to4 dominant tunneling protocol
• Does not require a tunnel broker
• Usually connects two routers
• Normally requires public IPv4 address
• Uses public relay routers
• 192.88.9.1 is 6to4 anycast address
• Challenging to set up
• 6in4 Tunnels
– 6in4
• Most popular tunneling protocol
• One of only two that is NAT traversal
• Teredo Tunnels
– Teredo
• NAT-traversal IPv6 tunneling protocol
• Built into Microsoft Windows
• Addresses start with 2001:0000 /32
• Many people use third-party tool
• ISATAP
– Intra-Site Automatic Tunnel Addressing
Protocol (ISATAP)
– Works within an IPv4 network
– Adds IPv4 address to an IPv6 prefix for
endpoints
– 2001:db8::98ca:200:131.107.28.9.
• Tunnel Brokers
– Someone must act as far endpoint
– Must know tunneling standard and how
to connect to endpoint
– Create tunnel
– Usually offers custom-made endpoint client
– May use automatic configuration protocols
• Tunnel Setup Protocol (TSP)
• Tunnel Information and Control protocol (TIC)
Tunnel Broker
URL
Hexago/Freenet/Go6
www.go6.net
SixXs
www.sixxs.net
Hurricane Electric
(no TSP/TIC)
www.tunnelbroker.net
AARNet
broker.aarnet.net.au
• Setting Up a Tunnel
– Each tunnel broker has its own setup
– Read instructions carefully
– Figure 13.21 uses Hexago client
• Join and download at www.go6.net
• Install client
• Enter Gateway 6 address, user name, password
• You are now on the IPv6 Internet
Figure 13.21 Gateway6 Client Utility
Figure 13.22 Gateway6 Client Utility Status tab
• IPv6 is here, really!
– IPv6 will happen very soon
– IPv4 addresses are running out
– “The Big Switchover” coming soon
– Knowing IPv6 important to your future
Related documents
Title: ISPs ignore IP timebomb
Title: ISPs ignore IP timebomb
Document
Document
homenet_feb2013
homenet_feb2013
IPv6 Site Renumbering Gap Analysis
IPv6 Site Renumbering Gap Analysis
The Road to IPv6
The Road to IPv6
Chapter 9b IPv6 Subnetting
Chapter 9b IPv6 Subnetting
IPv4 to IPv6 Migration strategies
IPv4 to IPv6 Migration strategies
Document
Document
Security on IPv6
Security on IPv6
HOW MANY IP ADDRESSES ARE AVAILABLE IN IPV6
HOW MANY IP ADDRESSES ARE AVAILABLE IN IPV6