IPv6 Link-Local Addresses Presentation
Download
Report
Transcript IPv6 Link-Local Addresses Presentation
5: Link-Local Addresses
Rick Graziani
Cabrillo College
[email protected]
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward
Approach to Understanding IPv6
•
By Rick Graziani
•
ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A
Straightforward Approach to Understanding IPv6
•
By Rick Graziani
•
ISBN-10: 1-58720-457-6
©
5.1: Purpose and Format of Link-Local Addresses
IPv6 Address Types
IPv6 Addresses
Unicast
Multicast
Assigned
FF00::/8
Anycast
Solicited Node
FF02::1:FF00:0000/104
Global
Unicast
Link-Local
Loopback
Unspecified
Unique
Local
Embedded
IPv4
2000::/3
FE80::/10
::1/128
::/128
FC00::/7
::/80
IPv6 does not have a “broadcast” address.
©
First 10 bits
1111 1110 10xx xxxx
Range:
Link-Local Unicast Range
Remaining 54 bits
64-bit Interface ID
FE80: 1111 1110 1000 0000 :
FEBF: 1111 1110 1011 1111 :
First hextet
Link-local Unicast
•
•
Link – Network segment
Link-local means, local to that
link or network.
©
Link-Local Unicast Address
• IPv6 Source – Always a unicast
• IPv6 Destination – Unicast,
multicast, or anycast.
• Unicast, including a link-local
address
IPv4
IPv6
©
Link-Local Unicast Address
Link-Local Communications
•
•
•
•
•
Used to communicate with other devices on the link.
Are NOT routable off the link (network).
Only have to be unique on the link.
Not included in the IPv6 routing table.
An IPv6 device must have at least a link-local address.
©
I’m not running IPv6…
or am I?
Most Networks Are Already Running
IPv6
I can
Butnow
I amcommunicate
really a bad
with
you
and
give
a
guy and I can
doyou
a DoS
PC> ipconfig
GUA and
be your
default
or MITM
attack.
Windows IP Configuration
gateway using SLAAC.
Ethernet adapter Local Area Connection:Even if IPv6 is not deployed, must
Connection-specific DNS Suffix :
understand and secure IPv6.
Link-local IPv6 Address . . . . : fe80::50a5:8a35:a5bb:66e1
IPv4 Address. . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . : 255.255.255.0
Default Gateway
. . . . . . . : 192.168.1.1
•
•
IPv6 is automatically enabled with Windows, MAC and Linux operating systems.
Can communicate with other devices on the link, including the router.
©
People Icon: Occupations set 5 © Copyright Fredy Sujono
An Important Role in IPv6
Routing Protocol
Messaging
From: Link-local
To: Multicast
From: Link-local
To: Multicast
•
•
•
ICMPv6 Router
Solicitation
From: Link-local or
unspecified address
To: Multicast
ICMPv6 Router
Advertisement
Used as a source IPv6 address before a device gets one
dynamically (SLAAC and DHCPv6).
• Router’s link-local address is used by devices as the default
gateway.
Routers exchange routing messages.
Router use the link-local address as the next-hop address in the
routing table: via link-local address.
I will use
your linklocal as my
default
gateway,
©
5.2: Automatically Created Link-Local Addresses
Link-Local Unicast Address
First 10 bits
1111 1110 10xx xxxx
Remaining 54 bits
64-bit Interface ID
FE80::Interface ID
Link-local addresses are created
• Automatically :
• FE80 (usually) – First 10 bits
• Interface ID
• EUI-64 (Cisco routers)
• Random 64 bits (many host operating systems)
• Static (manual) configuration – Common practice for routers.
©
Automatic Link-Local Address
Using EUI-64
G0/0
S0/0/0
G0/1
R1
R1# show interface gigabitethernet 0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is fc99.4775.c3e0 (bia
fc99.4775.c3e0)
<Output Omitted>
Link-local address: FE80:: 64-bit Interface ID
A 64-bit Interface ID is created with EUI-64 using:
• 48-bit MAC address
• Inserting 16 bits: FF-FE
• Flipping the U/L (Universal/Local) bit
©
Modified EUI-64 Format (Extended Unique Identifier–64)
OUI (24 bits)
FC
99
Device Identifier (24 bits)
47
75
C3
E0
Insert FF-FE
FC
99
47
FF
FE
75
C3
E0
FC
99
47
FF
FE
75
C3
E0
FF
FE
75
C3
E0
1111 1100
1110
U/L bit flipped
FE
99
47
©
Verifying the Router’s
Link-Local Address
G0/0
S0/0/0
G0/1
R1
R1# show interface gigabitethernet 0/0
Link-local
GigabitEthernet0/0 is up, line protocol is up
addresses
Hardware is CN Gigabit Ethernet, address is fc99.4775.c3e0 (bia
only have to
fc99.4775.c3e0)
be unique
<Output Omitted>
R1#show ipv6 interface brief
GigabitEthernet0/0
[up/up]
FE80::FE99:47FF:FE75:C3E0
2001:DB8:CAFE:1::1
GigabitEthernet0/1
[up/up]
FE80::FE99:47FF:FE75:C3E1
2001:DB8:CAFE:2::1
Serial0/0/0
[up/up]
FE80::FE99:47FF:FE75:C3E0
2001:DB8:CAFE:3::1
R1#
EUI-64
Wait! Two
Link-locals
are the
same!
on the link.
FF:FE = EUI-64 (most likely)
Serial interfaces will use a MAC
address of an Ethernet interface.
Mystery © Copyright sato00
©
Verifying the PC’s
Link-Local Address
EUI-64 or random 64-bit value
PC> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix .:
IPv6 Address. . . . . . . . . : 2001:db8:acad:1:3496:1c51:3f57:fe89
Link-local IPv6 Address . . . : fe80::3496:1c51:3f57:fe89
Default Gateway . . . . . . . : fe80::1
• Many operating systems will use a random 64-bit Interface IDs for GUA and
Link-Local IPv6 Addresses.
©
5.3: Manually Created Link-Local Addresses
Link-Local Unicast Address
First 10 bits
1111 1110 10xx xxxx
Remaining 54 bits
64-bit Interface ID
FE80::Interface ID
Link-local addresses are created
• Automatically :
• FE80 (usually) – First 10 bits
• Interface ID
• EUI-64 (Cisco routers)
• Random 64 bits (many host operating systems)
• Static (manual) configuration
• Only needed on devices where it helps the network
administrator remember the address… routers, default
gateways.
©
Static Link-Local Addresses
Static addresses are more easily remembered
and recognizable.
G0/0
FE80::1
G0/1 R1
FE80::1
S0/0/0
FE80::1
R1(config)#interface gigabitethernet 0/0
R1(config-if)#ipv6 address fe80::1 ?
link-local Use link-local address
R1(config-if)#ipv6 address fe80::1 link-local
R1(config-if)#exit
R1(config)#interface gigabitethernet 0/1
R1(config-if)#ipv6 address fe80::1 link-local
R1(config-if)#exit
R1(config)#interface serial 0/0/0
R1(config-if)#ipv6 address fe80::1 link-local
R1(config-if)#
Link-Local
Addresses have to
be unique only on
the link!
©
Link-Local Addresses: Local and Unique
FE80::2
FE80::2
G0/0
FE80::1
G0/1 R1
FE80::1
S0/0/0
FE80::1
S0/0/0
FE80::2
R2
• Link-local addresses have to be unique only on the link but …
• Link-local addresses must be unique on the link!
• Hosts don’t need to their link-local address statically configured –
automatically created is fine.
©
5.4: Verifying Link-Local Addresses
Verifying Router’s Link-Local Address
R1#show ipv6 interface brief
GigabitEthernet0/0
[up/up]
FE80::FE99:47FF:FE75:C3E0
2001:DB8:CAFE:1::1
<output omitted>
R1#
R1# show ipv6 interface gigabitethernet 0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::FE99:47FF:FE75:C3E0
Global unicast address(es):
2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64
<output omitted>
R1#
©
Do I Need to Use the ipv6 enable Command?
Router(config)# interface gigabitethernet 0/1
Router(config-if)# ipv6 enable
Router(config-if)# end
Router# show ipv6 interface brief
GigabitEthernet0/1
[up/up]
FE80::20C:30FF:FE10:92E1
Link-local unicast
Router#
address only
•
•
Link-local addresses are automatically created whenever a global unicast address is
configured on the interface.
The ipv6 enable command will:
• Automatically create a link-local address when there is no global unicast address
or static link-local address
• Maintain the link-local address even when the global unicast address is removed
©
Pinging a Link-Local Address
FE80::2
?
FE80::1
G0/0
R1
2001:0DB8:ACAD:1::/64
FE80::1
Ser 0/0/0
:1
FE80::2
Ser 0/0/0
2001:DB8:CAFE:2::/64 :2
R2
R1# ping fe80::2
Output Interface: ser 0/0/0
Must include exit-interface
% Invalid interface. Use full interface name without spaces
(e.g. Serial0/1)
Output Interface: serial0/0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::2, timeout is 2 secs:
!!!!!
©
IPv6 Routing Table and Link-Local Addresses
R1# show ipv6 route ospf
O
2001:DB8:CAFE:2::/64 [110/657]
via FE80::2, Serial0/0/0
2001:DB8:CAFE:3::/64 [110/1304]
via FE80::2, Serial0/0/0
2001:DB8:CAFE:A002::/64 [110/1294]
via FE80::2, Serial0/0/0
O
O
R1#
Link-local addresses are used as next hop addresses
•
IPv6 dynamic routing protocols like OSPFv3 and EIGRP form neighbor
adjacencies and exchange messages using their link-local address as the
source address.
©
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward
Approach to Understanding IPv6
•
By Rick Graziani
•
ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A
Straightforward Approach to Understanding IPv6
•
By Rick Graziani
•
ISBN-10: 1-58720-457-6
©
5: Link-Local Addresses
Rick Graziani
Cabrillo College
[email protected]