IPv6

Question 1

Problems with NAT

Answer 1

NAT breaks the end to end IP model

This can cause security & application issues

Devices such as NGFWs, traversal servers, & proxy servers can help

It would be a cleaner solution if IP supported an addressing scheme which was big enough to give all devices in the world a publicly reachable address (enter IPv6)

Question 2

Dual Stack

Answer 2

A network interface can have both an IPv4 & IPv6 address at the same time

It can then communicate using either protocol

Dual stack can be enabled long term to support both IPv4 & IPv6 apps or as a transition strategy

Question 3

IPv6 Addressing Format

Answer 3

Uses 128 bit address (compared to 32 in IPv4)

Format:
X:X:X:X:X:X:X:X

Each “X” is a 16 bit hexadecimal field (0-9 | A-F)

Question 4

IPv6 Address Part Naming

Answer 4

Each segment in IPv4 is an “octet” (8 bits)

Each segment in IPv6 is 16 bits (no official nickname)
Sometimes “pieces” “quartets” or “hextets”

Question 5

Address Shortening

Answer 5

Leading zeros can be removed
2001:0DB8:0000:0001:0000:0000:0000:0001 can be…
2001:DB8:0:1:0:0:0:1

Successive all zero fields can be shortened to “ :: “
2001:DB8:0:1:0:0:0:1 can be…
2001:DB8:0:1::1
–Can only be done once in an address

Question 6

Global Unicast Address

Answer 6

Similar to IPv4 public addresses

They are assigned to an individual host and have global reachability
–Unless blocked by a security policy

Assigned from the range 2000::/3

Internet authorities assign blocks from the overall 2000::/3 range to organizations

A common assignment for a company is a /48 block
2001:10:10::/48

A smaller/larger block can be assigned depending on company size

IPv6 standards state that addresses for individual hosts should be /64
Using /64 everywhere simplifies the addressing & enables the use of EUI-64 addresses

Question 7

Command: Configure Global Unicast

Answer 7

ipv6 unicast-routing

Question 8

Command: Verify IPv6 Interfaces

Answer 8

show ipv6 interface brief

Question 9

IPv6: Broadcast vs. Multicast

Answer 9

IPv6 does not support broadcast traffic
–It does support multicast to all hosts on the local subnet (equivalent)

Question 10

EUI-64

Answer 10

A Cisco router can generate full IPv6 addresses for itself when given the interface and /64 network to use

The host portion of the address is derived from the interface’s MAC, which is guaranteed to be globally unique

A MAC address is a /48 address compared to the /64 host portion of the IPv6 address

FF:FE is injected in the middle of the /48 MAC to bring it to 64 bits
–Also, the 7th bit is inverted

Question 11

Command: Configure EUI-64 on F0/0 & F2/0

Answer 11

This is not recommended

Int f0/0
Ipv6 address 2001:db8:0:1::/64 eui-64

Int f2/0
Ipv6 address 2001:db8:0::/64 eui-64

Question 12

Unique Local

(And the address range)

Answer 12

Similar to RFC 1918 private addresses

Not publicly reachable

Assigned from the range FC00::/7

Hosts should be assigned /64 addresses

Question 13

Link Local

Answer 13

Valid for communications on that link only
Cannot send traffic to another link

Assigned from the range FE80::/10 to FEB0::/10

Can be used for communications which should not be forwarded beyond the local link, like routing protocol hello packets
–They are mandatory on IPv6 enabled Cisco router interfaces

Automatically generated with EUI-64 addresses on IPv6 enabled Cisco router interfaces
–The EUI-64 address can be overridden with manual configuration

Link local addresses are valid on the local link only so you can use the same address on multiple interfaces

Question 14

Command: Configure Link Local Manually to fe80::1 on F0/0 & F2/0

Answer 14

Int f0/0
Ipv6 address fe80::1 link-local

Int f2/0
Ipv6 address fe80::1 link-local

Question 15

Command: Multiple IPv4 Address Configuration on F0/0
192.168.10.1/24 = Primary
172.16.0.1/24 = Secondary

Answer 15

Interface f0/0
Ip address 172.16.0.1 255.255.255.0 secondary
Ip address 192.168.10.1 255.255.255.0

Question 16

Command: Configure Multiple IPv6 Addresses on F0/0
2001:db8:0:0::1/64
2001:db8:0:1::1/64
FE80::1 (Link Local)

Answer 16

Interface f0/0
Ipv6 address FE80::1 link-local
Ipv6 address 2001:db8:0:0::1/64
Ipv6 address 2001:db8:0:1::1/64

(You don’t need to specify secondary)

Question 17

Multiple IPv6 Address Summary

Answer 17

Link local addresses are mandatory on IPv6 enabled interfaces

Global unicast & unique local addresses are optional

You can have multiple addresses on the same interface

One link local address for routing protocol traffic & one global unicast address for normal routing is typical

Question 18

SLAAC

Answer 18

Stateless Address Auto Configuration:

Hosts can be assigned IPv6 addresses via static, DHCPv6, or SLAAC

With Stateful addressing (DHCP)
–DHCP servers track their MAC to IP assignments

With SLAAC, hosts learn the /64 subnet their interface is on from their local router and then use this info to generate their own IPv6 EUI-64 address
–Modern OSs randomize the host portion rather than using standard EUI-64 for privacy reasons

The router does not track which hosts have which IPs = Stateless addressing

Question 19

SLAAC: Router Advertisements

Answer 19

When a global unicast IPv6 address is configured on an interface then Router Advertisements advertising the network prefix are sent out by default

These ICMP messages are sent to the “All Nodes” multicast address from the interface’s link-local address

Hosts can also send a “Router Solicitation” message to request the info

Question 20

SLAAC & DNS

Answer 20

In practice, a DHCP server is still required to give out info such as DNS server

If the IP is assigned by SLAAC & the DNS server is assigned by DHCP, this results in a stateless configuration, where the DHCP server does not retain info about the hosts

Question 21

Unspecified Address

Answer 21

:: is the Unspecified Address (AKA: Unknown Address)

An IPv6 route to ::/0 is a default route equivalent to
0.0.0.0 0.0.0.0 in IPv4

:: is used as the source when an interface is trying to acquire an address

Question 22

Neighbor Discovery

Answer 22

The IPv6 version of ARP
Uses ICMP Neighbor Solicitations & Neighbor Advertisements
–Equivalent of ARP requests/replies

Neighbor solicitation messages are sent to the Solicited-Node multicast address which reaches all hosts on the subnet

Question 23

Command: Show Neighbor Discovery Info

Answer 23

show ipv6 neighbors

Question 24

IPv6 Routing

Answer 24

IPv6 routing works the same way as IPv4
–Processes are separate
–There are separate routing tables as well

If a router receives an IPv4 packet, it will route according to IPv4 table
If a router receives an IPv6 packet, it will route according to IPv6 table

IPv6 routing is disabled by default

ipv6 unicast-routing
–Enables it

Question 25

IPv6 Routing Protocol Support

Answer 25

RIPng (RIP Next Gen)
EIGRP for IPv6
OSPFv3
IS-IS
MP-BGP4 (MultiProtocol BGP-4)

Question 26

Command: Verify IPv6 Routing Info (3 Commands)

Answer 26

show ipv6 route
show ipv6 protocol
show ipv6 interface brief

Question 27

Command: Configure IPv6 Static Route

Answer 27

ipv6 route 2001:DB8::/64 2001:DB8:0:1::2

Question 28

Command: Configure IPv6 Summary Route

Answer 28

Ipv6 route 2001:Db8:0::/48 2001:db8:0::2

Question 29

Command: Configure IPv6 Default Route

Answer 29

ipv6 route ::/0 2001:db8:3::2