Transcript Class Power Points for Chapter #13

Sybex CCNA 640-802
Chapter 13: IPv6
Chapter 13 Objectives
The CCNA Topics Covered in this chapter include:
• What is IPv6?
• Why do we need IPv6?
• IPv6 Addressing
• Address types
• Special Addresses
• Autoconfiguration
• Configuring IPv6
• Tunneling
2
What is IPv6? (and why is it good?)
People refer to IPv6 as “the next-generation Internet protocol,” and it
was originally created as the answer to IPv4’s inevitable, looming
address-exhaustion crisis.
Though you’ve probably heard a thing or two about IPv6 already, it has
been improved even further in the quest to bring us the flexibility,
efficiency, capability, and optimized functionality that can truly meet
our ever-increasing needs.
[One benefit of using NAT, CIDR and private addressing is that they
have given us time to tweak IPv.6 so that we now have a muchimproved version of what originally a protocol with compatibility a
performance issues. Now that we have IPv6, however, NAT should
just go away, or to paraphrase the Philadelphia sports fans, “Go NAT,
and take PAT with you!]
3
What is IPv6?
(continued)
• Why does NAT suck? First because it’s a chokepoint on a network,
through which every packet must pass and be altered. This is a lot of
overhead and it slows down the network. Second, it’s a security
nightmare. It complicates every service on your network and forces
them all to install kluges, hacks and workarounds.
• Another IPv6 benefit is the form of the IP header (next page). The
required items are moved to the front of the header and all the
options are put into an extension header (next page). The IPv4
header is something of a jumble (below) with 10 fields and a number
of flags.
0
8
version
hdr len
16
TOS
length
ident
TTL
31
flags
protocol
offset
checksum
source address
destination address
options (variable)
pad (variable)
What is IPv6?
(continued)
• The IPv6 header has only six fields and no flags.
0
8
version
16
priority
31
flow label
payload length
next header
hop limit
source address 4 words
destination address 4 words
options (variable number, usually fixed length)
• This is one example of an extension header.
0
8
next header
16
reserved
31
offset
ident
reserved
M
What is IPv6?
(continued)
• Three other examples of extension headers.
0
8
16
0
next header
31
next address
# of addresses
strict/loose routing bitmap
1 – 24 addresses
0
8
16
31
length
next header
type
value
0
8
next header
16
0
31
194
Payload length in bytes
0
IPsec Architecture with IPv.6
Transport Mode
Router
Router
Tunnel Mode
• With NAT, your end-to-end connection ended at the router; but
with IPv6, NAT goes away because you no longer need to
translate from public to private addresses and vice-versa. So, the
tunnel can now go from one end device all the way to the other.
What IPSec has always called “transport mode”.
7
Why do we need IPv6?
• Because we need to communicate, and our current system isn’t
really cutting it anymore—kind of like how the Pony Express can’t
compete with airmail. Just look at how much time and effort we’ve
invested in coming up with slick new ways to conserve bandwidth
and IP addresses.
• The amount of people and devices that connect to networks
increases each and every day.
• With more addresses in existence every day, we need to organize
them better. The structure of the IPv6 address allows them to be
easily placed into a hierarchy and to be aggregated more efficiently.
With IPv4 this was handled by using CIDR and by supernetting
addresses. With IPv6 everything you need to place an address into a
routing table is contained in the address itself – no need to borrow
bits or to treat the address as something different just for the
8
purpose of creating a routing table.
IPv6 Addressing
IPv6 addresses are 128 bits
• IPv.6 gives us 3.4 x 10^38 addresses, or
340,000,000,000,000,000,000,000,000,000,000,000,000 – more or
less.
• For those of you keeping track, this is either 340 undecillion (the
American version), or 340 sextillion (British version), or a s***load
(my first impression).
9
Shortened Expression
You can actually leave out parts of the address to abbreviate it, but to get
away with doing that you have to follow a couple of rules.
• First, you can drop any leading zeros in each of the individual blocks.
• After you do that, the sample address from earlier would then look like this:
2001:db8:3c4d:12:0:0:1234:56ab
Okay, that’s a definite improvement—at least we don’t have to write all of those
extra zeros! But what about whole blocks that don’t have anything in them except
zeros? Well, we can kind of lose those too—at least some of them. Again referring to
our sample address, we can:
•
remove the two blocks of zeros by replacing them with double colons, like this:
2001:db8:3c4d:12::1234:56ab
(Each number separated by double colon represents 2 bytes, 4 Hex chars.)
10
Address Types
• Unicast: 1-1
• Global Unicast
• Link-local: private address
– This is the equivalent of our 10.x.x.x or 192.168.x.x
addresses. Their “scope” is “local”. One step up from this are
Site-local addresses: They have a broader scope than linklocal (they have one extra bit) and are intended to cover an
entire “site”, or a company, for example. These have been
largely replaced, however, by “Unique Local” addresses,
below, because of confusion over what made up a “Site”.
• Unique Local: globally unique (the IETF allocated a block of
addresses as a non-routable subnet for use as private
addresses. Not exactly like IPv4 addresses, they can be seen
by other routers, but only a very small chance that they might
overlap. A Registry exists to ensure no overlap.
• Multicast: 1-many
11
• Anycast: 1-one of many
Special Addresses
0:0:0:0:0:0:0:0
Equals ::. This is the equivalent of IPv4’s 0.0.0.0, and is typically the source address of
a host when you’re using stateful configuration.
0:0:0:0:0:0:0:1 Loopback test
Equals ::1. The equivalent of 127.0.0.1 in IPv4.
0:0:0:0:0:0:192.168.100.1
This is how an IPv4 address would be written in a mixed IPv6/IPv4 network environment.
2000::/3
The global unicast address range. (Like any IPv4 address)
FC00::/7
The unique local unicast range. (Like the IPv4 private addresses: 10.x.x.x, etc.)
FE80::/10
The link-local unicast range. (Also meant for private addressing, but with the addition
of being unique – imagine if you used the 192.168.x.x range for your company, and no
other company used that range).
12
Special Addresses Cont.
FF00::/8
The multicast range. (a one-to-many packet, just as with the 224 to 239 range in IPv4)
3FFF:FFFF::/32
Reserved for examples and documentation. (like Class E in IPv4)
2001:0DB8::/32
Also reserved for examples and documentation. (also like Class E in IPv4)
2002::/16
Used with 6to4, which is the transition system—the structure that allows IPv6 packets
to be transmitted over an IPv4 network without the need to configure explicit
tunnels.
13
Autoconfiguration
RS: Router Solicitation
RA: Router Advertisement
Autoconfiguration simplifies address assignment and network renumbering when you
change your internet connection.
14
Stateless Address Autoconfiguration
(from another PPt)
3 ways to configure network interfaces: Manually,
Stateful, Stateless
IPSAA IPv6 addr. Separated into 2 2 parts:
network and interface id.
Link- local addresses: prefix FE80::0 + interface
identifier (EUI-64 format)
Obtain network id through Router solicitation (RS)
Configuring IPv6
In order to enable IPv6 on a router, you have to use the ipv6
unicast-routing global configuration command:
Corp(config)#ipv6 unicast-routing
IPv6 isn’t enabled by default on any interfaces either, so we have
to go to each interface individually and enable it. You use the
interface configuration command
ipv6 address <ipv6prefix>/<prefix-length> [eui-64] to get
this done.
Here’s an example:
Corp(config-if)#ipv6 address
2001:db8:3c4d:1:0260.d6FF.FE73.1987/64
You can specify the entire 128-bit global IPv6 address or you
can use the eui-64 option. Remember, the eui-64 format allows the
device to use its MAC address and pad it to make the interface ID.
Corp(config-if)#ipv6 address
16
2001:db8:3c4d:1::/64 eui-64
Tunneling 6to4
17