4: IPv6 Global Unicast Addresses
Transcript of 4: IPv6 Global Unicast Addresses
©
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58720-457-6
4.1: Purpose and Format of GUA
©
IPv6 Address TypesIPv6 Addresses
FF00::/8 FF02::1:FF00:0000/104
::/128::1/1282000::/3 FE80::/10 FC00::/7 ::/80
Unicast Multicast Anycast
Assigned Solicited Node
Global Unicast Link-Local Loopback Unspecified Unique
LocalEmbedded
IPv4
IPv6 does not have a “broadcast” address.
©
IPv6 Source and Destination Addresses• IPv6 Source – Always a unicast
(link-local or GUA)• IPv6 Destination – Unicast,
multicast, or anycast.
IPv4
IPv6
©
Global Unicast Address
• Global Unicast Address (GUA)• 2000::/3 (First hextet: 2000::/3 to 3FFF::/3)• Globally unique and routable• Similar to public IPv4 addresses• 2001:DB8::/32 - RFC 2839 and RFC 6890 reserves this range of addresses
for documentation• These are the addresses we will be referring to the most.
IPv6 Internet
©
Global Unicast Address RangeInterface IDSubnet IDGlobal Routing Prefix
001 0010 0000 0000 0000 :0011 1111 1111 1111 :
IANA’s allocation of IPv6 address space in 1/8th sections
Range: 2000: 3FFF:
• Global Unicast Address (GUA)• 2000::/3 • Range 2000::/64 thru 3fff:fff:fff:fff::/64• 1/8th of IPv6 address space
First hextet
©
Global Unicast Address Range
• Except under very specific circumstances, all end users will have a global unicast address.• Note: A host (an interface) can potentially have multiple IPv6
addresses on the same or different networks.• Terminology:
• Prefix equivalent to the network address of an IPv4 address• Prefix length equivalent to subnet mask in IPv4• Interface ID equivalent to host portion of an IPv4 address
Interface IDSubnet IDGlobal Routing Prefix
001 Range: 2000::/64 thru 3fff:fff:fff:fff::/64
©
Parts of a Global Unicast Address
• 64-bit Interface ID = 18 quintillion (18,446,744,073,709,551,616) devices/subnet• 16-bit Subnet ID (initially recommended) = 65,536 subnets
IPv4 Unicast Address
32 bits
Network portion Host portionSubnet portion
/?
IPv6 Global Unicast Address
128 bits
Global Routing Prefix Interface ID16-bit Subnet ID
/64/48
©
/64 Global Unicast Address and the 3-1-4 Rule
Interface IDSubnet IDGlobal Routing Prefix
2001 : 0DB8 : CAFE : 0001 : 0000 : 0000 : 0000 : 0100
3 + 1 = 4 (/64) : 42001:0DB8:CAFE:0001:0000:0000:0000:0100/642001:DB8:CAFE:1::100/64
16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits
3 1 4
/48 /64
4.2: Subnetting IPv6
©
Subnetting IPv6Can you count in hex?
Just increment by 1 in Hexadecimal:
2001:0DB8:CAFE:0000::/64
2001:0DB8:CAFE:0001::/64
2001:0DB8:CAFE:0002::/64 ...
2001:0DB8:CAFE:0009::/64
2001:0DB8:CAFE:000A::/64
Valid abbreviation is to remove the leading 0s:
2001:DB8:CAFE:1::/64
3-1-4 Rule
©
For Demonstration Purposes OnlyExtending the Subnet ID
Prefix
2001 : 0DB8 : CAFE : 0000 : 0000 : 0000 : 0000 : 00002001 : 0DB8 : CAFE : 0000 : 0001 : 0000 : 0000 : 00002001 : 0DB8 : CAFE : 0000 : 0002 : 0000 : 0000 : 0000 thru2001 : 0DB8 : CAFE : FFFF : FFFE : 0000 : 0000 : 00002001 : 0DB8 : CAFE : FFFF : FFFF : 0000 : 0000 : 0000
Global Routing Prefix Subnet-ID Interface ID
Global Routing Prefix48-bit Interface ID32-bit Subnet ID
/80/48
Global Routing Prefix Interface ID16-bit Fixed Subnet ID
/64/48
Note:• It is highly recommended to NOT subnet into the /64
interface ID portion of the address to configure subnets. • The only exception would be for network infrastructure
(router-to-router links, router-to-switch links, etc.).• Networks with an end system attached should be a /64.
©
For Demonstration Purposes OnlySubnetting on a Nibble Boundary
/68 Prefix
Subnetting on a nibble (4 bit) boundary makes it easier to list the subnets: /64, /68, /72, etc.2001:0DB8:CAFE:0000:0000::/682001:0DB8:CAFE:0000:1000::/682001:0DB8:CAFE:0000:2000::/68 through2001:0DB8:CAFE:FFFF:F000::/68
/68
Global Routing Prefix Interface IDSubnet ID/68/48
20 bits 60 bits
©
For Demonstration Purposes OnlySubnetting within a Nibble
/70 Prefix
2001:0DB8:CAFE:0000:0000::/70
2001:0DB8:CAFE:0000:0400::/70
2001:0DB8:CAFE:0000:0800::/70
2001:0DB8:CAFÉ:0000:0C00::/70
Global Routing Prefix Interface IDSubnet ID/70/48
22 bits 58 bits
0000
0100
1000
1100
Four Bits: • Two leftmost bits:
Subnet-ID
• Two rightmost bits: Associated with the Interface ID
Binary
©
• RFC 6164 - Using 127-Bit IPv6 Prefixes on Inter-Router Links• Ping-Pong Attack • Neighbor Cache Exhaustion Issue
• There are mitigation techniques for both.• If you want to use a /127, reserve a separate /64 for each /127…. Really!
Do I Need the IPv6 Equivalent to an IPv4 /30?
Global Routing Prefix Subnet ID/127/48
79 bits 1bit
©
2001:DB8:CAFE:F000::/64
2001:DB8:CAFE:F000::0/127
2001:DB8:CAFE:F000::1/127
2001:DB8:CAFE:F001::/64
2001:DB8:CAFE:F001::0/127
2001:DB8:CAFE:F001::1/127
Allocate Separate /64’s
Global Routing Prefix Subnet ID/127/48
79 bits 1bit
0 or 12001:DB8:CAFE:F000::/64
2001:DB8:CAFE:F001::/64
2001:DB8:CAFE:F002::/64
2001:DB8:CAFE:F003::/64
And so on...
For each /127 allocate an entire /64:
000F000F0013 bits
All 0s “::” can be confusing
©
Use a Different Last 3 bits for the Subnet ID
Global Routing Prefix Subnet ID/127/48
79 bits 1bit
0 or 12001:DB8:CAFE:F000::/64
2001:DB8:CAFE:F000::A/127
2001:DB8:CAFE:F000::B/127
2001:DB8:CAFE:F001::/64
2001:DB8:CAFE:F001::A/127
2001:DB8:CAFE:F001::B/127
101F000F0013 bits
Be careful which two interfaces addresses you choose.
::9 and ::A are not on the same /127 subnet
©
IPv6 Addressing Plan• IPv4 subnetting is used to help
conserve IPv4 address space.• Managing a limited space• VLSM• /30s for point-to-point links
• IPv6 address conservation does not need to be as aggressive as IPv4.
• Developing an address plan that is:• Makes sense.• Easy to manage.
• NANOG BCOP: IPv6 Subnetting • Cisco: IPv6 Address Guide• RIPE NCC: Preparing an IPv6
Addressing Plan - RIPE Network
RFC 1878 VLSM
4.3: IPv6 Address Allocation
©
/48 /64/32/23
*RIR
*ISP Prefix
*Site Prefix
Subnet Prefix
* This is a minimum allocation. The prefix-length may be shorter if it can be justified.
/56
Possible Home Site Prefix
I am getting a /64 at homeGlobal Routing Prefix
Interface IDSubnet IDSub
IPv6 Address Allocation
Internet Service Provider
©
Global Routing Prefix determines number of /64 subnets *
2001:DB8:0000:0000:0000:0000:0000:0000
/32 = 65,536 /48’s
/64
/60 = 16 /64’s
/56 = 256 /64’s
/52 = 4,096 /64’s
/48 = 65,536 /64’s (Many sites will get this prefix length)
64-bit Interface ID
/44 = 1,048,576 /64’s/40 = 16,777,216 /64’s
/36 = 268,435,456 /64’s
/32 = 4,294,967,296 /64’s
©
PI versus PA Address Space
Provider Independent (PI) Address Space• Address space that is assigned by the RIR. • Remains assigned to the customer regardless of provider• No prefix renumbering needed if change providersProvider Aggregatable (PA) Address Space• Address space that is typically assigned by an ISP to a customer. • Change provider, must get new address space• Customer must do prefix renumbering (Helpful IETF RFCs)
Global Routing Prefix Interface ID
/48/32
Subnet ID
ISPRIR
4.4: Configuring a Static GUA
©
Configuring a Global Unicast Address
• Details, including the operations and configurations of SLAAC (Stateless Address Autoconfiguration) in Lesson 7 and DHCPv6 in Lessons 8.
Global Unicast
Manual Dynamic
Static IPv6 unnumbered
Static + EUI 64
SLAAC DHCPv6
SLAAC + DHCPv6
Similar to IPv4 unnumbered
Stateless Stateful
Overview only
DHCPv6-PD
©
• Exactly the same as an IPv4 address only different.• No space between IPv6 address and Prefix-length.• IOS commands for IPv6 are very similar to their IPv4 counterpart.• All 0’s and all 1’s are valid IPv6 host IPv6 addresses.
No space
R1(config)#interface gigabitethernet 0/0R1(config-if)#ipv6 address 2001:db8:cafe:1::1/64R1(config-if)#no shutdownR1(config-if)#exit
2001:DB8:CAFE:3::/642001:DB8:CAFE:1::/64
2001:DB8:CAFE:2::/64
G0/0:1:1
G0/1:1S0/0/0
:100
:100
Static GUA Configuration
R1
A
B
©
2001:DB8:CAFE:3::/642001:DB8:CAFE:1::/64
2001:DB8:CAFE:2::/64
G0/0:1:1
G0/1:1S0/0/0
:100
:100
Static GUA Configuration
R1
A
B
R1(config)#interface gigabitethernet 0/1 R1(config-if)#ipv6 address 2001:db8:cafe:2::1/64R1(config-if)#no shutdownR1(config-if)#exitR1(config)#interface serial 0/0/0 R1(config-if)#ipv6 address 2001:db8:cafe:3::1/64R1(config-if)#no shutdownR1(config-if)#exit
I love the 3-1-4 rule and
subnetting IPv6!
The ipv6 unicast-routing global configuration command is required for forward IPv6 packets – it is not required to configure IPv6 addresses.
©
R1# show running-config
<output omitted for brevity>interface GigabitEthernet0/0 no ip address duplex auto speed auto ipv6 address 2001:DB8:CAFE:1::1/64!
2001:DB8:CAFE:3::/642001:DB8:CAFE:1::/64
2001:DB8:CAFE:2::/64
G0/0:1:1
G0/0:1S0/0/0
:100
:100
Verifying Address Using
Running Configuration
R1
A
B
IPv4 address
IPv6 address
©
R1# show ipv6 interface briefGigabitEthernet0/0 [up/up] FE80::FE99:47FF:FE75:C3E0 2001:DB8:CAFE:1::1! <output omitted>
Global unicast addressLink-local unicast address
• Link-local and global unicast addresses are displayed.• Link-local address automatically created when (before) the global unicast address
is.• Link-local addresses are used for communicating with other devices on the same
link (not routable).• We will discuss link-local addresses in Lesson 5.
Verifying Unicast Addresses on R1
©
Same as IPv4 devices:• Servers, printers, routers, etc.
Can also be a link-local unicast address of the router.
Static GUA Configuration on PC
©
PCA> ipconfigWindows IP ConfigurationEthernet adapter Local Area Connection: Connection-specific DNS Suffix : IPv6 Address. . . . . . . . . . : 2001:db8:cafe:1::100 Link-local IPv6 Address . . . . : fe80::50a5:8a35:a5bb:66e1 Default Gateway . . . . . . . : 2001:db8:cafe:1::1
Verifying Unicast Addresses on PC
• Link-local addresses are created automatically.• Recent Microsoft operating systems use a random 64-bit Interface ID for link-
local address… (coming soon)
©
PCA> ping 2001:db8:cafe:1::1
Pinging 2001:db8:cafe:1::1 from 2001:db8:cafe:1::100 with 32 bytes of data:
Reply from 2001:db8:cafe:1::1: time=1msReply from 2001:db8:cafe:1::1: time=1msReply from 2001:db8:cafe:1::1: time=1msReply from 2001:db8:cafe:1::1: time=1ms
Ping statistics for 2001:db8:cafe:1::1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1msPCA>
Verifying IPv6 Connectivity
©
Router(config)# ipv6 general-prefix ? WORD General prefix name
Router(config)# ipv6 general-prefix MyGUA 2001:db8:cafe::/48Router(config)# interface gigabitethernet 0/0Router(config-if)# ipv6 address MyGUA 0:0:0:88::1/64Router(config-if)# no shutdownRouter(config-if)# exitRouter(config)# interface gigabitethernet 0/1Router(config-if)# ipv6 address MyGUA 0:0:0:99::1/64Router(config-if)# no shutdownRouter(config-if)# endRouter# show ipv6 interface briefGigabitEthernet0/0 [up/up] FE80::7EAD:74FF:FECC:5380 2001:DB8:CAFE:88::1GigabitEthernet0/1 [[up/up] FE80::7EAD:74FF:FECC:5381 2001:DB8:CAFE:99::1<output omitted>
IPv6 General Prefix: Making your life easier
• The general-prefix option can be used as a short-cut or alias for just about any command requiring an IPv6 address, addressing, ACLs, etc.
©
Router(config)# no ipv6 general-prefix MyGUA 2001:db8:cafe::/48Router(config)# ipv6 general-prefix MyGUA 2001:db8:beef::/48Router(config-if)# endRouter# show ipv6 interface briefGigabitEthernet0/0 [up/up] FE80::7EAD:74FF:FECC:5380 2001:DB8:BEEF:88::1GigabitEthernet0/1 [[up/up] FE80::7EAD:74FF:FECC:5381 2001:DB8:BEEF:99::1<output omitted>Router# show running-config<partial output> ipv6 general-prefix MyGUA 2001:DB8:BEEF::/48!interface GigabitEthernet0/0 ipv6 address MyGUA ::88:0:0:0:1/64!interface GigabitEthernet0/1 ipv6 address MyGUA ::99:0:0:0:1/64!
IPv6 General Prefix: Renumbering
• It is also greatly simplifies network renumbering and allows for automated prefix definition.
4.5: Configuring a Static GUA with EUI-64
©
Configuring a Static GUA + EUI-64
Global Unicast
Manual Dynamic
Static IPv6 unnumbered
Static + EUI 64
SLAAC DHCPv6
SLAAC + DHCPv6
Similar to IPv4 unnumbered
Stateless Stateful
DHCPv6-PD
©
R1(config)# interface gigabitethernet 0/1R1(config-if)# ipv6 address 2001:db8:cafe:99::/64 ? eui-64 Use eui-64 interface identifier <cr>
R1(config-if)# ipv6 address 2001:0db8:cafe:99::/64 eui-64R1(config-if)#
2001:DB8:CAFE:99::/64
G0/1 R1
Configuring a Static GUA + EUI-64
All 0s is ok!
A 64-bit Interface ID is created with EUI-64 using: • 48-bit MAC address • Inserting 16 bits: FF-FE• Flipping the U/L (Universal/Local) bit
©
Modified EUI-64 Format (Extended Unique Identifier–64)
00 03 6B E9 D4 80
OUI (24 bits) Device Identifier (24 bits)
00 03 6B E9 D4 80FF FE
03 6B E9 D4 80FF FE0000 000000 U/L bit flipped
0000 0010
02 03 6B E9 D4 80FF FE
Insert FF-FE
©
R1(config)# interface gigabitethernet 0/1R1(config-if)# ipv6 address 2001:db8:cafe:99::/64 eui-64
R1# show interface gigabitethernet 0/1GigabitEthernet0/1 is up, line protocol is up Hardware is AmdFE, address is 0003.6be9.d480 (bia 0003.6be9.d480)<output omitted>
R1# show ipv6 interface gigabitethernet 0/1GigabitEthernet0/1 is up, line protocol is up IPv6 is enabled, link-local address is FE80::203:6BFF:FEE9:D480 Global unicast address(es): 2001:DB8:CAFE:99:203:6BFF:FEE9:D480, subnet is 2001:DB8:CAFE:99::/64<output omitted>
Configuring a Static GUA + EUI-64
64-bit prefix from configuration64-bit Interface ID using EUI-64
EUI-64: 48-bit MAC address with FFFE (16 bits) inserted and 7th bit flipped
4.6: Overview of Dynamic IPv6 Address Allocation (SLAAC and DHCPv6)
©
Dynamic IPv6 Address Allocation
Global Unicast
Manual Dynamic
Static IPv6 unnumbered
Static + EUI 64
SLAAC DHCPv6
SLAAC + DHCPv6
Similar to IPv4 unnumbered
Stateless Stateful
Overview only
DHCPv6-PD
©
DHCP Server
Dynamic IPv4 Address Allocation
DHCP Client
I need IPv4 addressing information from a DHCP server.
Here is your IPv4 address, subnet mask,
default gateway and DNS server addresses.
©
ICMPv6Internet Control Message
Protocol for IPv6• ICMPv6 than just “messaging” but “how
IPv6 conducts business”.• ICMPv6 Neighbor Discovery (RFC
4861) – used in dynamic address allocation.
• More later!
©
Once again… ICMPv6 Neighbor DiscoveryICMPv6 informational messages used by Neighbor Discovery (RFC 4861):
• Router Solicitation Message• Router Advertisement Message
• Used for dynamic address allocation.
• Neighbor Solicitation Message• Neighbor Advertisement Message
• Used with address resolution (IPv4 ARP) and with DAD
• Redirect Message (Similar to ICMPv4)
Router-Device Messaging
Device-Device Messaging
©
It Begins with the RA Message
• An ICMPv6 Router Advertisement (RA) suggests to all IPv6 devices on the link how it will receive IPv6 Address Information.
• Sent periodically by an IPv6 router or…• … when the router receives a Router Solicitation message from a host.
DHCPv6 Server
ICMPv6 Router Advertisement
ICMPv6 Router Solicitation
Multicast: To all IPv6 routers, I need
IPv6 address information
Multicast: To all IPv6 devices,
let me tell you how to do this …
I might not even be needed.
©
It Begins with the RA Message
Router Advertisement (RA) Message• Part of ICMPv6 (Internet Control Message Protocol for IPv6)• RA messages are sent by an “IPv6 router”, ipv6 unicast-routing command
• Forwards IPv6 Packets• Enables IPv6 dynamic routing• Sends ICMPv6 Router Advertisements
• Routers can be configured with IPv6 addresses without being an IPv6 router.• IPv6 static routes can be configured but the router will only forward locally
generated packets – it will not forward packets that transit through the router.
DHCPv6 Server
ICMPv6 Router Advertisement
Router(config)# ipv6 unicast-routing
©
Router Advertisement: 3 Options
DHCPv6 Server
RA
Router(config)# ipv6 unicast-routing
Option 1: SLAAC – No DHCPv6 (Default on Cisco routers)“I’m everything you need (Prefix, Prefix-length, Default Gateway)” Option 2: SLAAC + Stateless DHCPv6 for DNS address“Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.” (DNS can be in RA)Option 3: All addressing except default gateway – DHCPv6“I can’t help you. Ask a DHCPv6 server for all your information.”
DHCPv6
Option 1 and 2: Stateless Address Autoconfiguration• DHCPv6 Server does not maintain state of addressesOption 3: Stateful Address Configuration• Address received from DHCPv6 Server
©
Dynamic IPv6 Address Allocation
Global Unicast
Manual
Static IPv6 unnumbered
Static + EUI 64
SLAAC DHCPv6
SLAAC + DHCPv6
Similar to IPv4 unnumbered
Stateless Stateful
DHCPv6-PD
• ICMPv6 – Lesson 9• ICMPv6 Neighbor Discovery including packet captures – Lesson 10
Dynamic
Stateful
Lesson 8
Lesson 7
©
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58720-457-6