IPv6 - Jozi Linux User Group Presentation

Jozi LUG - IPv6

IPv6 Introduction & How ToSponsors

LPI Southern AfricaJumping Bean

http://www.south-africa.lpi.org/

http://www.jumpingbean.co.za/

http://south-africa.lpi.org/

http://www.meetup.com/Jozi-Linux-User-Group-JLUG/

http://www.linuxcertification.co.za/

IPv6 Introduction & How To

● IPv6 Overview● IPv6 Configurations


Overview, Goals & Benefits

IPv6 Goals

● Goals of IPv6 – Simplify address allocation,

– Simplify network administration,

– Simplify routing,

– resolve security and mobility issues,

– improve Quality of Service (QoS),

– Increase address space

IPv6 Overview

● RFC 791 (IPv4) published 1981● RFC 2460 (IPv6) published 1998● 128 bits address space versus 32 bit for IPV4● 3.4x1038 addresses ~ 4.8x1028 addresses for

every human on earth (7 billion people).● IPv4 has ~4.3 billion addresses in total

IPv6 Benefits

● No need for NAT● No need for address re-use● No need to renumber network as number of

devices grow e.g from class C to class A.● No need to renumber network when location

changes● Better route aggregation,

IPv6 Benefits

● Built in multi-casting● Stateless auto configuration● User can keep session while moving from

location to location – e.g. wireless and mobile networking in bus, airplane

● Simplified IPv6 headers means faster processing even though larger than IPv4

IPv6 Benefits

● Fixed subnet (interface identifier)length● No need for NAT● For home users/SOHO

– Fixed routable IPs!


IPv6 Address Notation

IPv4 Address Notation

● IPv4 - Dotted quad notation● Addresses written as 4 groups of 3 digit

decimal values separated by a . – 192.168.014.022

● Abbreviation rule– Drop leading 0

IPv6 Address Address Notation

● IPv6 - Addresses written as 8 groups of 16 bit hexadecimal values separated by :

– 2001:0db8:85a3:0000:0000:8a2e:0370:7334

● Abbreviation rules

1. Drop leading zeros in a 16 bit value

2. Replace a group of sequential 0 with a double colon ::


● 2001:0db8:85a3:0000:0000:8a2e:0370:7334● After rule 1

– 2001:db8:85a3:0:0:8a2e:370:7334

● After rule 2– 2001:db8:85a3::8a2e:370:7334


● Most significant 64 bits “network mask” called network prefix in IPv6

● Least significant 64 bits – interface identifier called host identifier in IPv4

● Interface identifier constructed from MAC address via EUI64 algorithm


● Bad for Internet browsing – privacy concerns can track usage and reveals info – e.g. card manufacturer, machine etc

● Can use random identifier for host identifier


IPv6 Address Allocation


● Internet Assigned Numbers Authority (IANA) assigned Regional Internet Registrars 23/12 bit blocks

● Regional Internet registrars (Afrinic) assign blocks 19/32 to local Internet registrars

●

http://www.afrinic.net/


● Local Internet registries (ISP) assign IPv6 address to end users. Recommended home users get 46 or 56 bit blocks but who knows. Means multiple subnets

● Can apply for own, provider independent, IPv6 address block with Regional registrar – not for individuals.

– Recommended for IPS/provider independence


Routing Methodologies &IPv6 Address Scopes

IPv6 Routing Methodologies

● Unicast– Identifies a single network interface

● Anycast– Assigned to a multiple interfaces on different

nodes, router sends packet to nearest interface. Any unicast address can be an anycast address

IPv6 Routing Methodologies

● Multicast– Applied to many host which participate in a

mutli-cast group. Packet received by all participants

IPv6 Address Classes

● Anycast/Unicast– 1st 64 bits – network prefix

● 1st 48 (or more) routing prefix● 2nd 16 (or less) subnet id

– 2nd 64 - bits interface identifier

– Link-Local● 1st 10 prefix (fixed) (0xfe80)● 2nd 54 zeros

IPv6 Address Classes

● Multi-cast Address– 1st 8bit prefix

– 2nd 4bit flag

– 3rd 4 bit scope field

– Every block of IPv6 addresses includes multi-cast addresses, therefore easier for organisations to implement

IPv6 Address Scope

● IPv6 addresses have scope● Link-local scope

– Link-local

– Loopback

● All others except Unique Local Addresses (ULA) have global scope

● ULA not routable – linked to network on which they are used - site-local

IPv6 Address Scope

● ULA - Reserved address space for internal lan use. The block fc00::/7 (site-local).

● Block has been subdivided into – fc00::/8 – not in use/reserved

– fd00::/8 – for use in private lans. Network prefix is /48 – the remaining 40 bits random string.

– Allows for 65536 subnets

IPv6 Address Scope

● ::/128 – unspecified address – used to show port listening for incoming connections, waiting for address assignment

● ::/0 – default unicast route address● ::1/128 – loopback.● fe80::/10 – link local

IPv6 Address Scope

● fc00::/7 – unique local addresses – similar to private addresses. Will see fd00::/7 for unique local address as 8th bit must be 1

● ::ffff:0:0/96 – maps IPv4 addresses to IPv6


IPv6 Network Configuration


IPv6 Link-Local

IPv6 – Link Local

● Link-local – limited to layer two domain. ● None routable,scope is limited.● 1st 10 bits fixed. /10● 0xfe80 – 0xfebf technically but will see fe80

mostly● Most will use 0xfe80::64 bit host or interface ID● Link local address auto-generated

IPv6 – Link Local

● Link-local generated from mac address (EUI-64)

● 00-0C-29-C2-52-FF

– Take mac address and insert 0xFFE at the 24th bit offset

● 00-0C-29-FF-FE-C2-52-FF

– Invert universal bit in the 6th position of the first octet

● 020c:29ff:fec2:52ff

IPV6 – Link Local

● Pinging link-local address must specify interface to use as accessible by all ip addresses.


IPv6 – Neighbourhood Discovery Protocol

IPv6 Neighbour Discovery Protocol

● Replaces– ARP

– ICMP Router Discovery

– ICMP Redirect

● Used by hosts to:– Discover neighbouring routers

– Discover address, network prefix & config parameters


● Used by routers to:– Advertise presence, host config parameters &

on-link prefixes

– Inform hosts of better next-hop address

● Used by nodes(ie hosts + routers) to:– Resolve link-layer address of neighbouring

node for IPv6 addresses


● Used by nodes(ie hosts + routers) to:– Determine if packets can be sent to or received

from a neighbour

● Use for Link-local address assignment and stateless auto configuraiton (covered next)


IPv6 Simple Network Configuration

IPv6 – Hub/Switch + Hosts Network

● Simple setup with hub/switch no router then automatic networking with link-local only

● DNS resolution done by ZeroConf (Avahi) Mutli-cast DNS


IPv6 Network Configuration with Router

IPv6 – Router + Hosts Network

● Two Options– SLAAC – Stateless automatic address

configuration, or

– DHCP6 - Stateful automatic address configuration, or

– Combination – due to missing features, and partial implementation by vendors, of each protocol may be necessary to use both to provide full feature set.


IPv6 Stateless Automatic Address Configuration

IPv6 SLAAC

● SLAAC – Stateless Automatic Address Configuration

● uses Neighbourhood Discovery Protocol (NDP)● Listens for router advertisements messages

(RA),● Similar to DHCP was implemented before

DHCP established

IPv6 SLAAC

● Assigns addresses,● Assigns default router,● Problems

– Slaac standard had no way to set DNS settings on client

– Added support for RDNSS (recursive DNS server) 2010 but not implemented widely

IPv6 SLAAC

● Problems continued– Cant configure other services with SLAAC eg

NTP, SMTP etc

– DNS server must be updated by each client

● Pros – Widely supported


IPv6 DHCPv6

IPv6 DHCP

● DHCPv6– Works like DHCPv4

– Allows for control over address allocation I.e can restrict assignments to small range of addresses or map to specific clients,

– Update DNS from central location,

– Can configure other services

IPv6 DHCP

● DHCPv6 Problems:– Not default route option (have to use Router

announcement from router)

– Not supported widely. E.G. Not supported by Android


IPv6 SOHO/Home Network with ADSL Router

IPv6 – Network with ADSL Router

● Two Scenarios– ISP provides IPv6 addresses

– ISP provides only IPv4 address


● ISP provides IPv6 block– Prefix delegation from ISP, should be a block of

addresses 48/52

– ADSL modem or Linux box DHCP server handles prefix delegation and assigns addresses to local nodes

– Probably best to have a site-local address and ISP assigned address for each device


● ISP provides IPv6 block– DHCP update local DNS for site-local

addresses


● ISP provides IPv4 address– Use SLAAC internally to assign IPv6 address

– Use 6in4 tunnel broker● SixXs● Freenet6● Hurricane Electrical

IPv6 Linux Utilities & Services

● Radvd – router advertising daemon– used for SLAAC configuration

● ISC DHCP Server – IPv6 DHCP server– Used for stateful configuration

● IPRoute – network config tools

IPv6 Linux Utilities & Services

● Ping6 – must specify which interface to ping through

– ping6 -I eth3 fe80::227c:8fff:fe1e:909a

● IPTables6 – for iptables firewall

IPv6 - Issues

● Firewall rules reference IP addresses not DNS entries; changing of internal IP means rules need to be changed

● IP addresses now trackable– Unique IP address for each device means

easier to track. Privacy issues

– Can randomise the interface identifier “privacy addresses” but will also need to change IP address at random intervals

IPv6 - Issues

● Mainly problems for home users● Need firewall as all hosts are reachable

– Not really a problem as ADSL modems usual come with inbound firewall

● Renumbering of network, changing ISP or ISP changes block assignment

– Setup Site-local,

– Use ZeroConf

IPv6 - Issues

● Simple mutli-homing without a BGP router not possible at the moment or very difficult

IPv6 - Jozi Linux User Group Presentation

Technology

Transcript of IPv6 - Jozi Linux User Group Presentation