IPv6: Operation - univ-reunion.frlim.univ-reunion.fr/staff/panelli/4_teaching/IUT/RT1-M... ·...

IPv6: Operation

By Pascal AnelliSource: G6 c©

http://lim.univ-reunion.fr/staff/panelli

R&T 1Universite de la Reunion

March 31, 2020

1 / 47


Content

1 ForewordsIPv4 crisisIPv6, the solutionAbout this course

2 IPv6 addressing reminder

3 IPv6 protocol operation control

4 Conclusion

Forewords IPv4 crisis

History

Exponential growth in the 90’s:

Address space has been exhausting

Routing tables have been exploding

IP addresses become a scare resourceForecast of exhaustion of the address space

Growth will be stopped initialy in 94!

Percentage Allocated (Allocated and Assigned Combined) in January 1996I Class A - 100.00%I Class B - 61.95%I Class C - 36.44%

⇒Problem about the size of address space

2 / 47

Forewords IPv4 crisis

IPv4 is not enough

7 billion peoples

New connected objects

New usages for Internet

Requirement is 300 to 350 million addresses per year

Source: http://www.google.com/intl/en/ipv6

3 / 47

http://www.google.com/intl/en/ipv6

Content




4 Conclusion

Forewords IPv6, the solution

Why switch to IPv6?

The SOLUTION to the IPv4 address pool exhaustion

1 Enable new usages on the InternetI IPv6 restores the end-to-end principle : smart ends and dump pipesI No more box-in-the-middle problem (except firewalls)I Network independence for deployment of new protocols and applicationsI Open new application fields : Wireless home automation networks (WHANs),

Sensor networks, etc.

2 To go beyond the IPv4 limits :

3 To add simplicity :

4 to reduce the connectivity cost

⇒IPv6 for a communication network supporting innovation

4 / 47


Why switch to IPv6?


1 Enable new usages on the Internet2 To go beyond the IPv4 limits :

I For a growth unlimitedI IPv6 address space is large enough for the future; IPv6 is built for long-term

deploymentI An address space for the new uses, for the new (tiny) devices (Internet of

Things)




4 / 47


Why switch to IPv6?


1 Enable new usages on the Internet

2 To go beyond the IPv4 limits :3 To add simplicity :

I Plug-and-play (Auto-configuration): Network is configured mainly at therouter level

I IP header, focus on performance,



4 / 47


Why switch to IPv6?




3 To add simplicity :4 to reduce the connectivity cost

I Residual IPv4 addresses insufficient and costly to deploy: increasefunctionalities behind the box

I A connectivity scalable : Multiple-level NATs are complex (NAT444)!I NAT Traversal development cost is getting unbearable for applicationsI Same functions of IPv4 at the beginning


4 / 47


Why switch to IPv6?







4 / 47


Where we are ?

IPv6 adoption

Source :http://www.google.com/ipv6/statistics.html

5 / 47

http://www.google.com/ipv6/statistics.html


Where we are ?

IPv6 Adoption per-country

Source :http://www.google.com/ipv6/statistics.html

5 / 47

http://www.google.com/ipv6/statistics.html

Content




4 Conclusion

Forewords About this course

G6

Material is taken from the G6 tutorial and copyrighted from G6.

G6: Group of IPv6 actors in France (researchers, engineers, ...):

Academic & industrial partnersI CNRS, Institut TELECOM, INRIA, Universities . . .I AFNIC, 6Wind, Bull, ...

Launched in 1995.

Today a legal association under French Law (1901)

For further information: http://www.g6.asso.fr

6 / 47

http://www.g6.asso.fr

Forewords About this course

The first MOOC on IPv6 !G6 and Institut Mines-Telecom released the first M(assive) O(pen) O(line)C(ourse) on IPv6.

available on France Universite Numeriqueprovide videos, a book, exercices and labs4 teachers and a dynamic community interacting

Fifth session starts on June 2019

7 / 47

https://www.fun-mooc.fr/courses/course-v1:MinesTelecom+04012+session05/about

Content

1 Forewords



4 Conclusion

IPv6 addressing reminder

What is IPv6 ?

A new IP version

Addressing: Extend address format to 128 bits (16 bytes)I Global addressing

Protocol: Keep things that where successful in IPv4I ConnectionlessI Auto-descriptive packet

Processing: Correct (or suppress) inefficient topics in IPv4I Fix and well-known header formatI No fragmentation inside the network

Operation: Provide a good support to IP operationI Address resolutionI Auto-configurationI Multicast

⇒IPv4 and IPv6 are functionally the same.

8 / 47


IPv6 Addressing

Requirements

Flexibility for network evolutions

To reduce routing table size

ChoiceSeveral adresses types:

I castingI scopeI transition

Use CIDR principles to aggregate routes

Hexadecimal representation

Interfaces have several IPv6 addresses

9 / 47


Notation

Base format :I 8 words of 16 bits separated by ”:”I Each word consists of 4 hexadecimal digits [0− 9,A− F ]

Compressed format:

2001:0db8:beef:0001:0000:0000:cafe:deca

1 Remove 0 on the left of each word

2 Consecutive words with null value are abbreviated by "::"

3 To avoid ambiguity, substitute ONLY one sequence of zeros by ::

IPv4 in IPv6 format:I An IPv4 address may also appearI The 4 low-order 8-bit pieces are noted in standard IPv4 representationI 0:0:0:0:0:ffff:192.0.2.1 ⇒ ::ffff:192.0.2.1

10 / 47

0:0:0:0:0:ffff:192.0.2.1

::ffff:192.0.2.1


Notation


Compressed format:

2001:db8:beef:1:0:0:cafe:deca





10 / 47

0:0:0:0:0:ffff:192.0.2.1

::ffff:192.0.2.1


Notation


Compressed format:

2001:db8:beef:1::cafe:deca





10 / 47

0:0:0:0:0:ffff:192.0.2.1

::ffff:192.0.2.1


Address prefix

Identification of a contiguous set of addresses

Use CIDR principles: Combining node address and prefix

ipv6-address/prefix-length

Prefix lengthI How many of the leftmost contiguous bits of the address comprise the prefix

For example, let the 60 bits prefix 2001:0db8:0000:d0d0:I 2001:db8:0:d0d0:1e1a:deca:dead:face/60

Alternative representation:I 2001:db8:0:d0d0::/60

Warning:

2001:db8:3::/40 is in fact 2001:db8:0003::/40 and not2001:db8:0300::/40

11 / 47


IPv6 Addressing scheme

RFC 4291 defines addresses types :I loopback (::1)I link local (fe80::/10)I global unicast (2000::/3)I multicast (ff00::/8)

RFC 4193 adds a private unicast address typeI unique local IPv6 unicast addresses (fc00::/7)

Interfaces have several IPv6 addressesI at least a link-local and a global unicast addresses

Note:There are no broadcast addresses in IPv6, their function being superseded bymulticast addresses

12 / 47

http://www.ietf.org/rfc/rfc4291.txt



Unicast Address

Hierarchical address spaceI Address is aggregable with prefix

Structured in 2 parts:I Subnet prefix: every subnet should be a /64I Interface identity on a link

Format:

Subnet prefix Interface ID

64 128-64

13 / 47


Global Unicast Address RFC 3587

Unique global address

2000::/3 to 3000::/3

Format:

001 Global Prefix SID Interface ID

3 45 16 64

public topology

given by the provider

local topology

assigned by network engineer

link address

auto or manual configuration

Global routing prefix is structured hierarchically by RIRs and ISPsSID: Subnet ID

I 16-bit length up to 65 535 subnetsF For home network, global prefix may be a /56 or /60 depending on the ISP

I There is no strict rules to structure SID:F sequencial : 1, 2, ...F use VLAN numberF include usage to allow filtering,

14 / 47


2000::/3

3000::/3


Link-Local Address

Automatically generated at bootstrap

Address not routable

Used for auto-configuration

the prefix is fe80::/64I The exit interface is not definedI A %iface, is added at the end of the address to avoid ambiguity.

Destination Gateway Flags Netif

default fe80::213:c4ff:fe69:5f49%en0 UGSc en0

Format:

fe80 0...0 Interface ID

10 54 64

link address

auto-configuration

15 / 47

fe80::/64


Other kind of addresses : ULA RFC 4193

Equivalent to the private addresses in IPv4

But try to avoid same prefixes on two different sites:I avoid renumbering if two company mergeI avoid ambiguities when VPN are used

These prefixes are not routable on the Internet

Unique Local IPv6 Unicast Addresses:

fd Random Value SID Interface ID

8 40 16 64

private topology

Not Routable in the Internet

local topology link address

http://www.sixxs.net/tools/grh/ula/ to create your own ULA prefix.

16 / 47


http://www.sixxs.net/tools/grh/ula/


Multicast address

Identifies several interfaces

Format:

8 4 4 112

ff xRPT scope Group ID

T (Transient) 0: well known address - 1: temporary addressP (Prefix) 1 : assigned from a network prefix (T must be set to 1) RFC 3306R : Embedding the Rendezvous Point (RP) address in an IPv6 Multicast address RFC 3956

Scope :I 1 - interface-localI 2 - link-localI 3 - reservedI 4 - admin-localI 5 - site-localI 8 - organisation-localI e - globalI f - reserved

17 / 47




Multicast address

Predefined group ID

1 All Nodes

2 All Routers

Well Known Multicast Addresses :http://www.iana.org/assignments/ipv6-multicast-addresses

Example

FF0s::1 All nodes in the scope s (s= 1, 2)

FF0s::2 All routers in the scope s (s= 1, 2, 5)

18 / 47

http://www.iana.org/assignments/ipv6-multicast-addresses


Others addresses

loopback0:0:0:0:0:0:0:1⇒::1

unspecified0:0:0:0:0:0:0:0 ⇒::

I indicates the absence of an addressI In a routing table, used as default routeI must not be used as the destination address

For further details

”Overview of IPv6” - Cisco:http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/

configuration/rtg_brdg/guide/ipv6.html

19 / 47

0:0:0:0:0:0:0:1

::1

0:0:0:0:0:0:0:0

::

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/rtg_brdg/guide/ipv6.html

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/rtg_brdg/guide/ipv6.html

Content

1 Forewords


3 IPv6 protocol operation controlControl an IPv6 network through ICMPv6Neighbor discoveryStateless Address Auto-Configuration (SLAAC)

4 Conclusion

IPv6 protocol operation control Control an IPv6 network through ICMPv6

Supervision avec ICMPv6

20 / 47

http://lim.univ-reunion.fr/staff/panelli/4_teaching/Ressources/video-mooc/A31-1.mp4


ICMPv6 RFC 4443

Goal

ICMP (Internet Control Message Protocol) monitors the IP operation.Functionalities are extended and better organized

Functionalities

ICMPv6 covers ICMPv4 (for IPv4) features:

Error report encountered in processing packetInformation about the status of the network

ICMPv6 contains new functionalities:

Auto-configurationMulticast group memberships manangementNeighbor discoveryMobility

Procedures and messages format are separated.ICMPv6 is encapsulated in IPv6 packet : next header = 58

21 / 47



ICMPv6: General Message Format

0..............7..............15...............23...............31

Type Code Checksum

Options

First wordtype: nature of the message ICMPv6code: specifies the cause of the message ICMPv6checksum: used to verify the integrity of ICMP packet (mandatory)

22 / 47


ICMPv6 : Two Functions

Error occurs during forwarding (value < 128)1 Destination Unreachable2 Packet Too Big3 Time Exceeded4 Parameter Problem

Management applications (value > 128)128 Echo Request129 Echo Reply

130 Group Membership Query131 Group Membership Report132 Group Membership Reduction

133 Router Solicitation134 Router Advertissement135 Neighbor Solicitation136 Neighbor Advertissement137 Redirect

23 / 47


Information about the connectivity

Ping (Packet INternet Groper)

Check connectivity of a network interface.

Type:

128: Echo request129: Echo reply

0..............7..............15..............23..............31

Type = 128/129 Code =0 Checksum

Identifier Sequence Number

Data

24 / 47


Error: Packet Too Big

ContextWhen a router cannot forward a packet because it is larger than the MTU of theoutgoing link.Routers are not allowed to fragment IPv6 packets.

0.............7..............15..............23...............31

Type = 2 Code = 0 Checksum

MTU

Packet which generated error

(with MTU constraint)

25 / 47


Path MTU discovery for IPv6 RFC 8201

A

B

R

MTU=1500

MTU=1280

PMTU(*)=1500

26 / 47




A

B

R

MTU=1500

MTU=1280

PMTU(*)=1500

A-> B Size=1500

26 / 47




A

B

R

MTU=1500

MTU=1280

PMTU(*)=1500

R-> A ICMP6 Error: Packet too big

MTU=1280

26 / 47




A

B

R

MTU=1500

MTU=1280

PMTU(*)=1500

R-> A ICMP6 Error: Packet too big

MTU=1280

PMTU(B)=1280

26 / 47




A

B

R

MTU=1500

MTU=1280

PMTU(*)=1500

PMTU(B)=1280

A-> B Size=1280

26 / 47


Content

1 Forewords



4 Conclusion

IPv6 protocol operation control Neighbor discovery

Decouverte des voisins

27 / 47



Neighbor Discovery (ND) RFC 4861

IPv6 nodes sharing the same physical medium (link) use Neighbor Discovery (ND)to :

Determine link-layer addresses of their neighborsI IPv4 : ARP

Address auto-configurationI Layer 3 parameters: IPv6 address, default route, MTU and Hop LimitI Only for hosts !I IPv4 : impossible, mandate a centralized DHCP server

Duplicate Address Detection (DAD)

Maintain neighbors reachability information (NUD)

Principles

Mainly uses multicast addresses

Protocol messages are transported/encapsulated in IPv6 packets:I Protocol uses ICMPv6 messages

28 / 47



Types of ICMPv6 messages used to ND

For routing configuration and auto-configuration :I Router Solicitation (RS) : 133I Router Advertisement (RA) : 134I Redirect: 137

For interaction between neighborsI Neighbor Solicitation (NS) : 135I Neighbor Advertisement (NA) : 136

29 / 47


Address Resolution

Principle

Sending a request by a NS to Solicited-Node Multicast Addresscorresponding to the target address.

A node sends a NA in response to a valid NS, targeting one of the node’sassigned addresses.

30 / 47


Address Resolution

Principle

Sending a request by a NS to Solicited-Node Multicast Addresscorresponding to the target address.

A node sends a NA in response to a valid NS, targeting one of the node’sassigned addresses.

Interface configuration

Each IPv6 node has joined 2 special multicast groups for every network interface :

All-nodes multicast group: ff02::1

Solicited-node multicast group: ff02::1:ffxx:xxxx30 / 47


Solicited-Node Multicast Address

GoalsWidely used for stateless auto-configuration and for address resolution

Avoid the use of broadcast

Rules

Derive a Multicast Address from a Unicast Address

A node must join the associated solicited-node multicast addresses for everyof its unicast addresses

IPv6 multicast address is mapped in MAC address and added in the Ethernetcard. (RFC 2464)

I ⇒no address resolution for Multicast address

2 parts:I Prefix: FF02::1:FF00:0/104I Group ID: low-order 24 bits of unicast address

31 / 47


FF02::1:FF00:0/104



Derive a Multicast Address from a Unicast AddressI Widely used for stateless auto-configurationI Avoid the use of broadcast

01-02-03-04-05-06

32 / 47




01-02-03-04-05-06

fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506

32 / 47




01-02-03-04-05-06

fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506 GP::1

32 / 47




01-02-03-04-05-06

fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506 GP::1

ff02::1:ff04:0506 ff02::1:ff00:0001

32 / 47




01-02-03-04-05-06

fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506 GP::1

ff02::1:ff04:0506 ff02::1:ff00:0001

33-33-ff-04-05-06 33-33-ff-00-00-01

32 / 47




01-02-03-04-05-06

fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506 GP::1

ff02::1:ff04:0506 ff02::1:ff00:0001

33-33-ff-04-05-06 33-33-ff-00-00-01

Example

1 IPv6 addr: 2001:0660:010a:4002:4421:21FF:FE24:87c1

2 Sol. Mcast addr: FF02:0000:0000:0000:0000:0001:FF24:87c1

3 Ethernet: 33:33:FF:24:87:c1

32 / 47


Duplicated Address Detection (DAD) RFC 4862

Rule 1Before being valid on an interface, an IPv6 address has to be proved unique onthe network.

DAD mechanism use Neighbor Discovery to ensure adress uniqueness

Validating host sends a NS targetting this addressSame host triggers a timer for NA reception (around 1s)If no NA received before timer expiration, the address is considered as unique

Rule 2If an address conflict is detected, resolution is responsability of the administrator.

33 / 47


Content

1 Forewords



4 Conclusion

IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)

Auto-configuration

Hosts should be plug & play

The new address format allows plug and play

Configuring a network interface:

Allocate or create an IPv6 address

Indicate the prefix length for the network

Communicate the router address of the default route

Identify the local name server

34 / 47


Auto-configuration

2 types of auto-configuration

Stateless Address Auto-Configuration (SLAAC) RFC 4862

To configure address without maintaining any state

Stateful Address Auto-Configuration RFC 8415

Use of DHCPv6 (Dynamic Host Configuration Protocol)

Client/Server/Relay architecture

Can be used to complement stateless auto-configuration

34 / 47




Auto-configuration: Stateless vs Stateful

StatelessPro:

Reduce manual configuration

No server, no state (therouter provides allinformation)

Cons:

Non-obvious addresses

No control on addresses onthe LAN

Security flaws

Stateful (DHCPv6)

Pro:

Control of addresses on theLAN

Control of address format

Cons:

Require an extra server

Still need RA mechanism(still vulnerable)

Clients to be deployed

Stateless: Typically, for Plug-and-Play networks (Home Network)

Stateful: Typically, for administrated networks (enterprise, institution)

If concerned about security => static configuration !

35 / 47


Auto-configuration sans etat

Part 1: Principe

36 / 47



Auto-configuration sans etat

Part 2: Echanges avec le routeur

36 / 47



Stateless Address Auto-Configuration (SLAAC) RFC 4862

Principle

Allows a host to create a unicast address from:

Its MAC addressPrefixes sent by neighbor routers

SLAAC steps:

Link-local addresses creationDuplicate addresses detection (DAD)Discover the routers on-link (RS/RA)Configure hosts global addressesConfigure other parameters: default router, name server

37 / 47



Address creation

Unicast address format

Subnet prefix Interface ID

64 128-64

Principle

IID is created from EUI-64Subnet prefix is either well-known (FE80::/64) or received from router

38 / 47


How to Construct an IID from MAC Address RFC 2464

64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)

IEEE propose a way to transform a MAC-48 to an EUI-64

Universal/Local changed for numbering purpose

39 / 47







00 VendorMAC-48 Serial Number

00 Vendor Serial Number0xfffeEUI-64

39 / 47









10 Vendor Serial Number0xFFFEIID

39 / 47









10 Vendor Serial Number0xFFFEIID

There is no conflicts if IID are manually numbered: 1, 2, 3, ...

39 / 47



Examples

From MAC to IIDMAC address (48 bits)

I 00:A0:24:E3:FA:4B

EUI-64 (64 bits + U=0/L=1)I 00A0:24FF:FEE3:FA4B

IID (U=1/L=0)I 02A0:24FF:FEE3:FA4B

On Unix

%ifconfiglo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1inet 127.0.0.1 netmask 0xff000000

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet6 fe80::216:cbff:febe:16b3%en1 prefixlen 64 scopeid 0x5inet 192.168.2.5 netmask 0xffffff00 broadcast 192.168.2.255inet6 2001:660:7307:6031:216:cbff:febe:16b3 prefixlen 64autoconfether 00:16:cb:be:16:b3media: autoselect status: activesupported media: autoselect

40 / 47


In brief

41 / 47

Content

1 Forewords



4 Conclusion

Conclusion

ICMPv6

Messages

ICMPv6 is different from ICMP for IPv4I IPv6 next header (or extension): 58

Procedures and messages format are separated

Used ToAs ICMPv4:

I Error report encountered in forwarding packetI Information about the status of the network

Discovery the PMTU⇒Alternate solution by Packetization Layer Path MTU Discovery (RFC 4821)

Neighbor discoveryI Address resolution

Stateless Address Auto-configuration:I Network is configured mainly at the router levelI Allows a host to configure its network interface

42 / 47


Conclusion

IPv6 Operations

BenefitsICMPv6 covers ICMPv4 features

I BUT features are extended and better organized

Efficiently address resolutionI Mainly uses multicast addressesI Protocol uses ICMPv6 messagesI ICMPv6 messages are transported/encapsulated in IPv6 packets

Auto-configuration of hosts (stateless and stateful)I Layer 3 ”Plug & Play” Protocol

⇒Provide efficiently and simplicity

Attention

Never filter ICMPv6 messages blindly (RFC 4890)

43 / 47


Conclusion

How can G6 help you?

Book ”IPv6, Theorie et Pratique”

Reference book in French

Online version: http://livre.g6.asso.fr/

New version in progress

Web Site & Newsletter

http://g6.asso.fr/

MOOC

Objectif IPv6 : vers l’internet nouvelle generation

44 / 47

http://livre.g6.asso.fr/

http://g6.asso.fr/

https://www.fun-mooc.fr/courses/course-v1:MinesTelecom+04012+session05/about

Conclusion

References

S. Bortzmeyer blog: RFC Analysishttp://www.bortzmeyer.org/search

Support and e-learninghttp://www.6deploy.eu

https://www.ripe.net/support/training/courses

Practice: ”Computer Networking : Principles, Protocols and Practice”http://cnp3bis.info.ucl.ac.be

Major milestones to IPv6 deploymenthttp://en.wikipedia.org/wiki/IPv6_deployment

45 / 47

http://www.bortzmeyer.org/search

http://www.6deploy.eu

https://www.ripe.net/support/training/courses

http://cnp3bis.info.ucl.ac.be

http://en.wikipedia.org/wiki/IPv6_deployment

Conclusion

Questions ?

46 / 47

Conclusion

Fin

Slides written in LATEX. March 31, 2020.Document class beamer.by Pascal Anellihttp://lim.univ-reunion.fr/staff/panelli

47 / 47


IPv6: Operation - univ-reunion.frlim.univ-reunion.fr/staff/panelli/4_teaching/IUT/RT1-M... ·...

Documents

Transcript of IPv6: Operation - univ-reunion.frlim.univ-reunion.fr/staff/panelli/4_teaching/IUT/RT1-M... ·...