Slide 1

Download Report

Transcript Slide 1 

Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
IPv6
Chapter 13
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Objectives
• Discuss the fundamental concepts of
IPv6
• Describe IPv6 practices
• Implement IPv6 in a TCP/IP network
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Overview
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Introduction to IPv6
• Internet Protocol version 4 (IPv4)
– Created around 1979
– 32-bit IP address space – ~4 billion addresses
– Allocation methods wasted addresses
• Internet Protocol version 6 (IPv6)
– 128-bit addresses
– Improved security, routing, other features
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Three parts to Chapter 13
• IPv6 basics
• Using IPv6
• Moving to IPv6
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
IPv6 basics
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• IPv6 address notation
– 128 bits written in hexadecimal
– 2001:0000:0000:3210:0800:200C:00CF:1234
– A pair of colons represents a string of
consecutive groups of zeroes
– 2001::3210:0800:200C:00CF:1234
– Only one set of colon pairs per address
– FEDC:0000:0000:0000:00CF:0000:BA98:1234
– FEDC::CF:0:BA98:1234
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• IPv6 address notation (cont.)
– IPv6 loopback address
– ::1
– 0000:0000:0000:0000:0000:0000:0000:0001
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Link-local address
– Self-generated (in manner of IPv4 APIPA)
– First 64 bits always FE80::/64
– Second 64 bits EUI-64
• Generated with calculation using MAC address
• Most operating systems use EUI-64
• Extra steps in Windows Vista and Windows 7
• Guaranteed unique
• Link-local address works on private networks
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.1 Link-local address
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• IPv6 subnet masks
– Function like IPv4 subnet masks
– Represented with /x CIDR naming
– FEDC::CF:0:BA98:1234/64
– No subnet is ever longer than /64
– IANA gives out /32 subnets to big ISPs
– ISPs pass out /48 and /64 subnets
– Most IPv6 subnets are between /48 & /64
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.2 Link-local address in Windows Vista
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Multicasting
– Multicasts have been around for a while
– Existed in IPv4 and in IPv6
• In IPv4 used Class D addresses (224.0.0.0/4)
• Only specific applications used multicast
– Works differently in IPv6
• Several IPv6-only multicast addresses added
• Used by specific services (for example, router
messages)
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• The end of broadcast
– Each link-local is a unicast address
– Multicast addresses replace broadcast
• FF02::2 only read by routers
• FF02::1 all nodes address
• FF02::1:FFxx:xxxx solicited-node address
– Anycast addresses
• Used in DNS
• Looks like a unicast to sending computer
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.3 Multicast to routers
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Table 13.1
Address
IPv6 Multicast Addresses
Function
FF02::1
All Nodes Address
FF02::2
All Routers Address
FF02::FFXX:XXXX
Solicited-Node Address
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Global address
– Global unicast address
– Required for Internet access
– IPv6-capable gateway router gives to hosts
– Router configured to do this
– 2001:470:B8F9:1/64
• Router provides prefix
• NIC generates the rest (using EUI-64)
– 2001:470:B8F9:1:20C:29FF:FE53:45CA
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.4 Getting a global address
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.5 IPv6 configuration on Macintosh OS X
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Aggregation
– Current problem with tier-1 routers
• No default routes
• Huge routing table (30,000-50,000 routes)
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.6 No-default routers
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Aggregation (cont.)
– Every router uses a subnet of the next higher
router’s routes
– Reduces size and complexity of tables
– Gives detailed geographic picture
– IP address shows location
– Part of IPv6
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• How aggregation works
– Gateway gives first 64 bits of IP address to
computers
– Gateway gets its 48-bit prefix from upstream
– 2001:d0be:7922:1:fc2d:aeb2:99d2:e2b4
– Network prefix is 2001:dObe:7922:1 /64
– ISP’s network prefix 2001:D0BE /32
– ISP adds 16-bit subnet: 2001:d0be:7922/48
– At your gateway, tech adds 16-bit subnet
– Result: 2001:d0be:7922:1 /64
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.7 Aggregation
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.8 An IPv6 group of routers
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.9 Adding the first prefix
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.10 Adding the second prefix
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Aggregation and router changes
– From ISP1 to ISP2
– New 32-bit prefix: 2ab0:3c05/32
– Downstream routers make an “all nodes”
multicast
– All clients get new IP addresses
– IPv6 address changes rare but normal
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.11 New IP address updated downstream
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Using IPv6
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Enabling IPv6
– Table 13.2 lists IPv6 status of operating systems
– Check to see if IPv6 is running
• ipconfig in Windows
• ifconfig in Linux or Mac OS X
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Table 13.2
IPv6 Adoption by IS
Operating System
IPv6 Status
Windows 2000
Windows 2000 came with “developmental” IPv6 support.
Microsoft does not recommend using Windows 2000 for IPv6.
Original Windows XP came with a rudimentary but fully
functional IPv6 stack that had to be installed from the command
prompt. SP1 added the ability to add the same IPv6 stack under
the Install | Protocols menu.
Complete IPv6 support. IPv6 is active on default installs.
Complete IPv6 support. IPv6 is not installed by default but is
easily installed via the Install | Protocols menu.
Complete IPv6 support. IPv6 is active on default installs.
Complete IPv6 support from kernel 2.6. IPv6 is active on default
installs.
Complete IPv6 support on all versions. IPv6 is active on default
installs.
Windows XP
Windows Vista/Windows 7
Windows Server 2003
Windows Server 2008
Linux
Macintosh OS X
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• NAT in IPv6
– NAT not used in IPv6
– All IP addresses exposed to the Internet
– Huge address space makes IP scanning nearly
impossible
– IPSec important for security
– Security options beyond IPv6
• Encryption
• Firewall
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.12 IPv6 enabled in Windows Vista
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.13 IPv6 enabled in Ubuntu 8.10
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.14 Angry IP scanner at work
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• DHCP in IPv6
– DHCPv6
– Works differently than in IPv4
– IP address and subnet received from gateway
router
– Need DCHPv6 for other IP information
– Two modes of DHCPv6
• Stateful – works like DHCP in IPv4
• Stateless – only passes out optional information
• Stateless is the norm
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.15 DHCPv6 server in action
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• DNS in IPv6
–
–
–
–
–
Trivial
Most DNS servers now support IPv6 addresses
DNS servers supporting IPv6 use AAAA records
DNSv6 details not finalized
For now, manually add DNS server information to
IPv6 clients
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.16 IPv6 addresses on DNS server
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.17 Manually adding an IPv6 DNS server
in Vista
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Moving to IPv6
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• IPv4 and IPv6
– What is not ready for IPv6?
• Most home routers
• Some Internet routers
– What is ready for IPv6?
• Most recent operating systems
• All root DNS servers
• All tier-1 ISP routers
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.18 IPv4 and IPv6 on one computer
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.19 The IPv6 gap
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Tunnels
– IPv4-to-IPv6 tunnels bridge the gap
• Encapsulate IPv6 traffic into an IPv4 tunnel
• Endpoints at IPv6 client and IPv6 router
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.20 The IPv4-to-IPv6 tunnel
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• 6to4 tunnels
– 6to4 dominant tunneling protocol
• Does not require a tunnel broker
• Usually connects two routers
• Normally requires public IPv4 address
• Uses public relay routers
• 192.88.9.1 is 6to4 anycast address
• Challenging to set up
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• 6in4 tunnels
– 6in4
• Most popular tunneling protocol
• One of only two that is NAT traversal
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Teredo tunnels
– Teredo
• NAT-traversal IPv6 tunneling protocol
• Built into Microsoft Windows
• Addresses start with 2001:0000 /32
• Many people use third-party tool
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• ISATAP
– Intra-Site Automatic Tunnel Addressing
Protocol (ISATAP)
– Works within an IPv4 network
– Adds IPv4 address to an IPv6 prefix for
endpoints
– 2001:db8::98ca:200:131.107.28.9.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Tunnel brokers
– Someone must act as far endpoint
– Must know tunneling standard and how
to connect to endpoint
– Create tunnel
– Usually offers custom-made endpoint client
– May use automatic configuration protocols
• Tunnel Setup Protocol (TSP)
• Tunnel Information and Control protocol (TIC)
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Tunnel Broker
URL
Hexago/Freenet/Go6
www.go6.net
SixXs
www.sixxs.net
Hurricane Electric
(no TSP/TIC)
www.tunnelbroker.net
AARNet
broker.aarnet.net.au
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• Setting up a tunnel
– Each tunnel broker has its own setup
– Read instructions carefully
– Figure 13.21 uses Hexago client
• Join and download at www.go6.net
• Install client
• Enter Gateway 6 address, user name, password
• You are now on the IPv6 Internet
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.21 Gateway6 Client Utility
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
Figure 13.22 Gateway6 Client Utility Status tab
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.
Mike Meyers’ CompTIA Network+® Guide to Managing and
Troubleshooting Networks, Third Edition (Exam N10-005)
• IPv6 is here, really!
– IPv6 will happen very soon
– IPv4 addresses are running out
– “The Big Switchover” coming soon
– Knowing IPv6 is important to your future
© 2012 The McGraw-Hill Companies, Inc. All rights reserved.