17 Internet Protocol Version 6 (IPv6) Flashcards
Why Do We Need IPv6?
The number of people and devices that connect to networks increases dramatically each day. Pv4, upon which our ability to do all this connecting and communicating is presently dependent, is quickly running out of addresses for us to use. IPv4 has only about 4.3 billion addresses available—and we know that we don’t even get to use most of those! Sure, the use of Classless Inter-Domain Routing (CIDR) and Network Address Translation (NAT) has helped to extend the inevitable dearth of addresses, but we will still run out of them, and it’s going to happen within a few years. The solution is IPv6
The Benefits and Uses of IPv6
Not only does IPv6 give us lots of addresses (3.4 × 1038 = definitely enough), there are tons of other features built into this version that make it well worth the cost, time, and effort required to migrate to it. Today’s networks, as well as the Internet, have a ton of unforeseen requirements that simply weren’t even considerations when IPv4 was created. We’ve tried to compensate with
a collection of add-ons that can actually make implementing them more difficult than they would be if they were required by a standard. By default, IPv6 has improved upon and included many of those features as standard and mandatory.
One of these sweet new standards is IPsec—a feature that provides end-to-end security. But it’s the efficiency features that are really going to rock the house! For starters, the headers in an IPv6 packet have half the fields, and they are aligned to 64 bits, which gives us some seriously souped-up processing speed. Compared to IPv4, lookups happen at light speed! Most of the information that used to be bound into the IPv4 header was taken out, and now you can choose to put it, or parts of it, back into the header in the form of optional extension headers that follow the basic header fields. And of course there’s that whole new universe of addresses—the 3.4 × 1038 I just mentioned— IPv6 gives us a substantially larger address space, meaning the address itself is a whole lot bigger—four times bigger as a matter of fact! An IPv6 address is actually 128 bits in length, and no worries—I’m going to break down the address piece by piece and show you exactly what it looks like coming up in the section “IPv6 Addressing and Expressions.” For now, let me just say that all that additional room permits more levels of hierarchy inside the address space and a more flexible addressing architecture. It also makes routing much more efficient and scalable because the addresses can be aggregated a lot more effectively. And IPv6 also allows multiple addresses for hosts and networks. This is especially important for enterprises veritably drooling for enhanced access and availability. Plus, the new version of IP now includes an expanded use of multicast communication— one device sending to many hosts or to a select group—that joins in to seriously boost efficiency on networks because communications will be more specific. IPv4 uses broadcasts quite prolifically, causing a bunch of problems, the worst of which is of course the dreaded broadcast storm. This is that uncontrolled deluge of forwarded broadcast traffic that can bring an entire network to its knees and devour every last bit of bandwidth! Another nasty thing about broadcast traffic is that it interrupts each and every device on the network. When a broadcast is sent out, every machine has to stop what it’s doing and respond to the traffic whether the broadcast is relevant to it or not. But smile assuredly, everyone. There’s no such thing as a broadcast in IPv6 because it uses multicast traffic instead. And there are two other types of communications as well:
unicast, which is the same as it is in IPv4, and a new type called anycast. Anycast communication allows the same address to be placed on more than one device so that when traffic is sent to the device service addressed in this way, it’s routed to the nearest host that shares the same address. And this is just the beginning—we’ll get into the various types of communication later in the section called “Address Types.”
Address Types
IPv6 introduces the anycast. Broadcasts, as we know them, have been eliminated in IPv6 because of their cumbersome inefficiency and basic tendency to drive us insane!
Unicast
Packets addressed to a unicast address are delivered to a single interface. For load balancing, multiple interfaces across several devices can use the same address, but we’ll call that an anycast address. There are a few different types of unicast addresses, but we don’t need to get further into that here.
Global unicast addresses (2000::/3)
These are your typical publicly routable addresses and they’re the same as in IPv4. Global addresses start at 2000::/3. The ISP can provide you with a minimum /48 network ID, which in turn provides you 16-bits to create a unique 64-bit router interface address. The last 64-bits are the unique host ID.
Link-local addresses (FE80::/10)
These are like the Automatic Private IP Address (APIPA)
addresses that Microsoft uses to automatically provide addresses in IPv4 in that they’re not meant to be routed. In IPv6 they start with FE80::/10. Think of
these addresses as handy tools that give you the ability to throw a temporary LAN together for meetings or create a small LAN that’s not going to be routed but still needs to share and access files and services locally.
Unique local addresses (FC00::/7)
These addresses are also intended for nonrouting purposes over the Internet, but they are nearly globally unique, so it’s unlikely you’ll ever have one of them overlap. Unique local addresses were designed to replace site-local addresses, so they basically do almost exactly what IPv4 private addresses do: allow communication throughout a site while being routable to multiple local networks. Site-local addresses were
deprecated as of September 2004.
Multicast (FF00::/8)
Again, as in IPv4, packets addressed to a multicast address are delivered to all interfaces tuned into the multicast address. Sometimes people call them “oneto-
many” addresses. It’s really easy to spot a multicast address in IPv6 because they always start with FF. We’ll get deeper into multicast operation coming up, in “How IPv6 Works in an Internetwork.” Anycast Like multicast addresses, an anycast address identifies multiple interfaces on multiple devices. But there’s a big difference: the anycast packet is delivered to only one device—actually, to the closest one it finds defined in terms of routing distance. And again, this address is special because you can apply a single address to more than one host. These are referred to as “one-to-nearest” addresses. Anycast addresses are typically only configured on routers, never hosts, and a source address could never be an anycast address. Of note is that the IETF did reserve the top 128 addresses for each /64 for use with anycast addresses.
Special Addresses
0:0:0:0:0:0:0:0
Equals ::. This is the equivalent of IPv4’s 0.0.0.0 and is typically the source address of a host before the host receives an IP address when you’re using DHCP-driven stateful configuration.
0:0:0:0:0:0:0:1
Equals ::1. The equivalent of 127.0.0.1 in IPv4.
0:0:0:0:0:0:192.168.100.1
This is how an IPv4 address would be written in a mixed IPv6/IPv4 network environment.
2000::/3
The global unicast address range.
FC00::/7
The unique local unicast range.
FE80::/10
The link-local unicast range.
FF00::/8
The multicast range.
3FFF:FFFF::/32
Reserved for examples and documentation.
2001:0DB8::/32
Also reserved for examples and documentation.
2002::/16
Used with 6-to-4 tunneling, which is an IPv4-to-IPv6 transition system. The structure allows IPv6 packets to be transmitted over an IPv4 network without the need to configure explicit tunnels.
Manual Address Assignment
In order to enable IPv6 on a router, you have to use the ipv6 unicast-routing global configuration command:
Corp(config)# ipv6 unicast-routing
By default, IPv6 traffic forwarding is disabled, so using this command enables it. IPv6 isn’t enabled by default on any interfaces either, so we have to go to each interface individually and enable it. There are a few different ways to do this, but a really easy way is to just add an address to the interface. You use the interface configuration command ipv6 address <ipv6prefix>/<prefix-length> [eui-64] to get this done.
Here’s an example:
Corp(config-if)# ipv6 address 2001:db8:3c4d:1:0260:d6FF.FE73:1987/64
Corp(config-if)# ipv6 address 2001:db8:3c4d:1::/64 eui-64</prefix-length></ipv6prefix>
As an alternative to typing in an IPv6 address on a router, you can enable the interface instead to permit the application of an automatic link-local address. To configure a router so that it uses only link-local addresses, use the ipv6 enable interface configuration command:
Corp(config-if)# ipv6 enable
Stateless Autoconfiguration (eui-64)
Autoconfi guration is an especially useful solution because it allows devices on a network to address themselves with a link-local unicast address as well as with a global unicast address. This process happens through fi rst learning the prefix information from the router and then appending the device’s own interface address as the interface ID. But where does it get that interface ID? Well, you know every device on an Ethernet network has a physical MAC address, which is exactly what’s used for the interface ID. But since the interface ID in an IPv6 address is 64 bits in length and a MAC address is only 48 bits, where do the extra 16 bits come from? The MAC address is padded in the middle with the extra bits— it’s padded with FFFE. For example, let’s say I have a device with a MAC address that looks like this:
0060:d673:1987. After it’s been padded, it would look like this: 0260:d6FF:FE73:1987.
To perform autoconfiguration, a host goes through a basic two-step process:
1. First, the host needs the prefix information, similar to the network portion of an IPv4 address, to configure its interface, so it sends a router solicitation (RS) request for it. This RS is then sent out as a multicast to all routers (FF02::2). The actual information being sent is a type of ICMP message, and like everything in networking, this ICMP message has a number that identifies it. The RS message is ICMP type 133.
2. The router answers back with the required prefix information via a router advertisement (RA). An RA message also happens to be a multicast packet that’s sent to the all-nodes multicast address (FF02::1) and is ICMP type 134. RA messages are sent on a periodic basis, but the host sends the RS for an immediate response so it doesn’t have to wait until the next scheduled RA to get what it needs.
DHCPv6 (Stateful)
DHCPv6 works pretty much the same way DHCP does in v4, with the obvious difference that it supports IPv6’s new addressing scheme. And it might come as a surprise, but there are a couple of other options that DHCP still provides for us that autoconfiguration
doesn’t. And no, I’m not kidding—in autoconfiguration, there’s absolutely no mention of DNS servers, domain names, or many of the other options that DHCP has always generously provided for us via IPv4. This is a big reason that the odds favor DHCP’s continued use into the future in IPv6 at least partially—maybe even most of the time! Upon booting up in IPv4, a client sends out a DHCP Discover message looking for a server to give it the information it needs. But remember, in IPv6, the RS and RA process happens fi rst, so if there’s a DHCPv6 server on the network, the RA that comes back to the client will tell it if DHCP is available for use. If a router isn’t found, the client will respond by sending out a DHCP Solicit message, which is actually a multicast message addressed with a destination of ff02::1:2 that calls out, “All DHCP agents, both servers and relays.” It’s good to know that there’s some support for DHCPv6 in the Cisco IOS even though it’s limited. This rather miserly support is reserved for stateless DHCP servers and tells us it doesn’t offer any address management of the pool or the options available for configuring that address pool other than the DNS, domain name, default gateway, and SIP servers. This means that you’re defi nitely going to need another server around to supply and dispense all the additional, required information—maybe to even manage the address assignment, if needed!
IPv6 Header
An IPv4 header is 20 bytes long, so since an IPv6 address is four times the size of IPv4 at 128 bits, its header must then be 80 bytes long, right? That makes sense and is totally intuitive, but it’s also completely wrong! When IPv6 designers devised the header, they created fewer, streamlined fields that would also result in a faster routed protocol at the same time. The basic IPv6 header contains eight fi elds, making it only twice as large as an IP header at 40 bytes. Let’s zoom in on these fields:
Version
This 4-bit field contains the number 6, instead of the number 4 as in IPv4.
Traffic Class
This 8-bit field is like the Type of Service (ToS) field in IPv4.
Flow Label
This new field, which is 24 bits long, is used to mark packets and traffic flows. A flow is a sequence of packets from a single source to a single destination host, an anycast or multicast address. The field enables efficient IPv6 fl ow classification.
Payload Length
IPv4 had a total length fi eld delimiting the length of the packet. IPv6’s payload length describes the length of the payload only.
Next Header
Since there are optional extension headers with IPv6, this field defines the next header to be read. This is in contrast to IPv4, which demands static headers with each packet.
Hop Limit
This field specifies the maximum number of hops that an IPv6 packet can traverse.
Source Address
This fi eld of 16 bytes, or 128 bits, identifies the source of the packet.
Destination Address
This field of 16 bytes, or 128 bits, identifies the destination of the packet.
There are also some optional extension headers following these eight fields, which carry other Network layer information. These header lengths are not a fixed number.
So what’s different in the IPv6 header from the IPv4 header? Let’s look at that:
■ The Internet Header Length field was removed because it is no longer required. Unlike the variable-length IPv4 header, the IPv6 header is fixed at 40 bytes.
■ Fragmentation is processed differently in IPv6 and does not need the Flags field in the basic IPv4 header. In IPv6, routers no longer process fragmentation; the host is responsible for fragmentation.
■ The Header Checksum field at the IP layer was removed because most Data Link layer technologies already perform checksum and error control, which forces formerly optional upper-layer checksums (UDP, for example) to become mandatory.
ICMPv6
IPv4 used the ICMP workhorse for lots of tasks, including error messages like destination
unreachable and troubleshooting functions like Ping and Traceroute. ICMPv6 still does
those things for us, but unlike its predecessor, the v6 fl avor isn’t implemented as a separate
layer 3 protocol. Instead, it’s an integrated part of IPv6 and is carried after the basic
IPv6 header information as an extension header. And ICMPv6 gives us another really cool
feature—by default, it prevents IPv6 from doing any fragmentation through an ICMPv6
process called path MTU discovery. Figure 17.8 shows how ICMPv6 has evolved to become
part of the IPv6 packet itself. The ICMPv6 packet is identifi ed by the value 58 in the Next Header fi eld, located inside
the ICMPv6 packet. The Type fi eld identifi es the particular kind of ICMP message that’s
being carried, and the Code fi eld further details the specifi cs of the message. The Data fi eld
contains the ICMPv6 payload.
ICMPv6 type codes
1 Destination Unreachable
128 Echo Request
129 Echo Reply
133 Router Solicitation
134 Router Advertisement
135 Neighbor Solicitation
136 Neighbor Advertisement
Neighbor Discovery (NDP)
ICMPv6 also takes over the task of finding the address of other devices on the local link. The Address Resolution Protocol is used to perform this function for IPv4, but that’s been renamed neighbor discovery (ND) in ICMPv6. This process is now achieved via a multicast address called the solicited-node address because all hosts join this multicast group upon connecting to the network. Neighbor discovery enables these functions:
■ Determining the MAC address of neighbors
■ Router solicitation (RS) FF02::2 type code 133
■ Router advertisements (RA) FF02::1 type code 134
■ Neighbor solicitation (NS) Type code 135
■ Neighbor advertisement (NA) Type code 136
■ Duplicate address detection (DAD)
The part of the IPv6 address designated by the 24 bits farthest to the right is added to the end of the multicast address FF02:0:0:0:0:1:FF/104 prefix and is referred to as the solicited-node address. When this address is queried, the corresponding host will send back its layer 2 address. Devices can find and keep track of other neighbor devices on the network in pretty much the same way. When I talked about RA and RS messages earlier and told you that they use multicast traffic to request and send address information, that too is actually a function of ICMPv6—specifically, neighbor discovery. In IPv4, the protocol IGMP was used to allow a host device to tell its local router that it was joining a multicast group and would like to receive the traffic for that group. This IGMP function has been replaced by ICMPv6, and the process has been renamed multicast listener discovery. With IPv4, our hosts could have only one default gateway configured, and if that router went down we had to either fix the router, change the default gateway, or run some type of virtual default gateway with other protocols created as a solution for this inadequacy in IPv4. IPv6 hosts send a router solicitation (RS) onto their data link asking for all routers to respond, and they use the multicast address FF02::2 to achieve this. Routers on the same link respond with a unicast to the requesting host, or with a router advertisement (RA) using FF02::1. But that’s not all! Hosts also can send solicitations and advertisements between themselves
using a neighbor solicitation (NS) and neighbor advertisement (NA). Remember that RA and RS gather or provide information about routers, and NS and NA gather information about hosts. Remember that a “neighbor” is a host on the same data link or VLAN.
Solicited-Node and Multicast Mapping over Ethernet
If an IPv6 address is known, then the associated IPv6 solicited-node multicast address is known, and if an IPv6 multicast address is known, then the associated Ethernet MAC address is known. For example, the IPv6 address 2001:DB8:2002:F:2C0:10FF:FE18:FC0F will have a known solicited-node address of FF02::1:FF18:FC0F.
Now we’ll form the multicast Ethernet addresses by adding the last 32 bits of the IPv6 multicast address to 33:33. For example, if the IPv6 solicited-node multicast address is FF02::1:FF18:FC0F, the associated Ethernet MAC address is 33:33:FF:18:FC:0F and is a virtual address.
Duplicate Address Detection (DAD)
So what do you think are the odds that two hosts will assign themselves the same random IPv6 address? Personally, I think you could probably win the lotto every day for a year and still not come close to the odds against two hosts on the same data link duplicating an IPv6 address! Still, to make sure this doesn’t ever happen, duplicate address detection (DAD) was created, which isn’t an actual protocol, but a function of the NS/NA messages. When hosts make up or receive an IPv6 address, they send three DADs out via NDP NS asking if anyone has this same address. The odds are unlikely that this will ever happen,
but they ask anyway.
IPv6 Routing Protocols
The routing protocols we’ll still use in IPv6 have been renovated and given new names. Even though this chapter’s focus is on the Cisco exam objectives, which cover only static and default routing, I want to discuss a few of the more important ones too. First on the list is the IPv6 RIPng (next generation). Those of you who’ve been in IT for a while know that RIP has worked pretty well for us on smaller networks. This happens to be the very reason it didn’t get whacked and will still be around in IPv6. And we still have EIGRPv6 because EIGRP already had protocol-dependent modules and all we had to do was add a new one to it to fi t in nicely with the IPv6 protocol. Rounding out our group of protocol survivors is OSPFv3—that’s not a typo, it really is v3! OSPF for IPv4 was actually v2, so when it got its upgrade to IPv6, it became OSPFv3. Lastly, for the new objectives, we’ll list MP-BGP4 as a multiprotocol BGP-4 protocol for IPv6. Please understand for the objectives at this point in the book, we only need to understand static and default routing.
Static Routing with IPv6
We know that to make static routing work, whether in IP or IPv6, you need these three tools:
■ An accurate, up-to-date network map of your entire internetwork
■ Next-hop address and exit interface for each neighbor connection
■ All the remote subnet IDs. Of course, we don’t need to have any of these for dynamic routing, which is why we mostly use dynamic routing. It’s just so awesome to have the routing protocol do all that work for us
by finding all the remote subnets and automatically placing them into the routing table!