Post on 14-Apr-2017
ADDRESSES OF AN IPV6 HOST
4
§ Link-Local
§ Unicast
§ Loopback
§ All-Nodes Multicast
§ Solicited-Node Multicast
FE80::61CC:B8CA:FCB2:36BE
2001:db8:1C6E::6D2B:1C6E
::1
FF01::1
FF02::1:FF2B:1C6E
(at least one)
IPV6 FORWARD DNS
5
ipv6-host IN AAAA 2001:DB8::1:2:34:56
host4711 IN A 192.249.249.111 IN AAAA 2001:db8:cafe:f9::d3
IPV6 REVERSE DNS
6
9.8.7.6.5.4.3.0.2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. IN PTR ipv6-host.bluecatnetworks.com.
2001:db8:cafe:f9::/64 >> 9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa.
§ “listen” Statement
§ “query-source” Statement
ISC BIND & IPV6
7
options { listen-on-v6 { 2001:db8:cafe:1::53; }; };
options { query-source-v6 address 2001:db8:cafe:1::53; };
§ “transfer-source” Statement
§ “notify-source” Statement
ISC BIND & IPV6
8
options { transfer-source-v6 2001:db8:cafe:1::53; };
options { notify-source-v6 2001:db8:cafe:1::53; };
DNS QUERIES
9
DNS Server
Resources
IPv4 = 192.168.191.3 IPv6 = 2001:DB8::1:2:345:6789
DNS Query
A/AAAA
Query via IPv6
Query via IPv4
DNS QUERIES
10
§ Filtering
§ Protocol-specific Search List
options { filter-aaaa-on-v4 yes; };
IPv6
IPv6
IPv6 IPv4 = bcnlab.corp IPv6 = v6.bcnlab.corp
Zone bcnlab.corp Zone v6.bcnlab.corp
DNS Server
ROUTER ADVERTISEMENT (RA)
11
Router
Prefix!?
Prefix, TTL, Flags
Src = link-local address (FE80::) Dst = all-routers multicast address (FF02::2)
Src = link-local address (FE80::) Dst = all-nodes multicast address (FF02::1)
ROUTER ADVERTISEMENT (RA)
12
Router
You‘re at 2001:db8:ca
fe:1::/64 A, M, O
Address Alloca+on Op+ons
A Flag SLAAC RFC 6106
M Flag DHCPv6 DHCP
O Flag SLAAC DHCP
RFC 6106
13
§ Recursive DNS Server
§ DNS Search List
switch# configure terminal switch(config)# interface ethernet 3/3 switch(config-if)# ipv6 nd ra dns server 2001:db8:1:2::53 sequence 0 switch(config-if)# ipv6 nd ra dns search-list bcn.corp sequence 1
Source: http://cisco.com (Nexus 7000 Series Routing Guide)
DHCPV6
14
§ Motivation: Central Management & Auditing
subnet6 2001:db8:1:2::/64 { range6 2001:db8:1:2::1:0 2001:db8:1:2::1:ffff; option dhcp6.name-servers 2001:db8:1:2::53; option dhcp6.domain-search "bcn.corp";
}
DHCPV6
15
§ RA defines Usage of DHCPv6
§ Clients on UDP 546
§ Servers & Relays on UDP 547
§ Special Multicast Addresses § FF02::1:2 (All-DHCP-Agents) used by Clients
§ FF05::1:3 (All-DHCP-Servers) used by Relays
DHCPV6
16
Client Server
SOLICIT – FF02::1:2
ADVERTISE (Unicast)
REQUEST (Unicast)
REPLY (Unicast)
Neighbour SolicitaLon Message (MulLcast)
No Answer Duplicate Address
DetecLon
PROTOCOL-SPECIFIC SEARCH LIST
17
IPv6
IPv6
IPv6
DHCP (v4/v6) IPv4 (119) = bcnlab.corp IPv6 (24) = v6.bcnlab.corp
DNS Server Router DNSSL
Resources
Zone bcnlab.corp Zone v6.bcnlab.corp
srv.v6.bcnlab.corp
Query via IPv4
Query via IPv6
srv.bcnlab.corp
THEORETICALLY ... ;)
18 Source: https://www.insinuator.net/2015/03/ipv6-router-advertisement-flags-rdnss-and-dhcpv6-conflicting-configurations/
ADDRESS MANAGEMENT FOR IPV6
19 Source: https://www.insinuator.net/2013/10/ipam-requirements-in-ipv6-networks/
§ Track dynamic Addresses (SLAAC + DHCP)
§ Connected L2/L3 Ports of Devices
§ Sorting Addresses by Categories
§ RFC 5952
§ Integration with DNS & DHCP
§ Metadata (Import, Reporting, etc.)