IPv6 Hosts Implementation with Cisco. Internetworking MS- Windows with IPv6.

IPv6

Hosts Implementation with Cisco

Internetworking MS-Windows with IPv6

IPv6 Host Implementation 3

Windows OS Products: Support for IPv6

1998 Support for Windows NT and Windows 2000 available

since 1998 for research and experiment Users can download and install Ipv6 code

In 2000 MS released IPv6 Technology Preview for Windows 2000

and distributed it to the internet community.

2001 Support for Windows XP Professional, XP Home Edition,

XP Pro and XP Home Edition SP1


IPv6 Support and Windows OSs

Support for Internet Protocol version 6 (IPv6), a new suite of standard protocols for the Network layer of the Internet, is built into the latest versions of Microsoft Windows, which include: Windows Vista, Windows Server 2008 (now in beta testing), Windows Server 2003, Windows XP with Service Pack 2, Windows XP with Service Pack 1, Windows XP Embedded SP1, and Windows CE .NET.


IPv6 and Windows XP & 2003 SRV.

The implementation of IPv6 in Windows XP and Windows Server 2003 is a dual stack architecture.

For IPv6 support, install a separate protocol through the Network Connections folder.

This separate IPv6 protocol stack had its own Transport layer that include TCP and UDP and its own Framing layer.

Changes to protocols in either the Transport or Framing layers had to be done to two Windows drivers: Tcpip.sys for the IPv4 protocol stack Tcpip6.sys for the IPv6 protocol stack


IPv6 Configuration The main elements of IPv6 configuration:

1. Assign IPv6 addresses for each interface2. Default router (known in IPv4 as the default gateway)3. Domain Name System (DNS) settings such as DNS

servers and name registration behaviour Unlike typical IPv4 nodes, typical IPv6 nodes have

multiple interfaces (both LAN and tunnel interfaces) and multiple addresses assigned to each interface.

Note: IPv6 does not use Network basic input/output system (NetBIOS). Therefore, an IPv6 configuration does not need NetBIOS settings or the addresses of Windows Internet Name Service (WINS) servers.


States of an IPv6 Address IPv6 hosts typically automatically configure IPv6 addresses by interacting with a

router and performing stateless IPv6 address autoconfiguration. After being verified as unique, autoconfigured addresses are in one or more of the

following states:1. Valid

An address for which uniqueness has been verified and from which unicast traffic can be sent and received.

Autoconfigured addresses have a valid lifetime assigned by the router.2. Preferred

A valid address that can be used for new communications. Autoconfigured addresses also have a preferred lifetime assigned by the

router.3. Deprecated

A valid address that cannot be used for new communications. Existing communication sessions can still use a deprecated address.

4. Invalid An address for which a node can no longer send or receive traffic. An address enters the invalid state after the valid lifetime expires.


IPv6 Default Router Just like an IPv4 host, an IPv6 host is typically configured with

the address of one or more routers on its subnet to which all remote traffic is sent.

In IPv6, the default routers are automatically configured through router discovery and the address of a default router is the link-local address of the IPv6 router's interface on the local subnet.

Configuration of a default router also creates a default route in the IPv6 routing table.

For an IPv6 node that performs router discovery over multiple interfaces, such as an IPv6 host using both a LAN connection and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), there will be multiple default routers and multiple default routes in the routing table.


IPv6 DNS Settings

Windows-based hosts can send DNS queries to DNS servers over either IPv4 or IPv6, depending on the configuration of the host and the DNS and routing infrastructure.

By default, Windows-based hosts send their DNS queries over IPv4 using the IPv4 address of the DNS server as configured by the DHCP.

Computers running XP, Server 2003, Vista, or Server 2008 can send DNS queries over IPv6 using one of the following:1. Locally configured unicast addresses of DNS servers2. Use the netsh interface ipv6 add dns command to configure

hosts with the IPv6 addresses of your DNS server. (For computers running Windows Vista or Windows Server 2008, you

can configure IPv6-addressed DNS servers through the properties of the Internet Protocol version 6 (TCP/IPv6) component in the Connections and Adapters folder.)


IPv6 DNS Settings

3. Well-known unicast addresses of DNS servers (fec0:0:0:ffff::1, fec0:0:0:ffff::2, and fec0:0:0:ffff::3)

4. Manually configure DNS servers with the well-known unicast addresses and add host routes to routing infrastructure so that the DNS servers are reachable from IPv6 hosts running Windows XP, Windows Server 2003, Windows Vista, or Windows Server 2008.


Enabling IPv6


Ipconfig.exe for Windows XP with SP2

Global addresses

link-local

temporary addresses public

address


IPv6 For Windows Vista

IPv6 Address A public IPv6 address. Unlike Windows XP with SP2, Windows Vista by default uses randomly derived interface IDs for public and link-local IPv6 addresses.

Temporary IPv6 Address A global address with a randomly derived interface ID that has a short valid lifetime.

Link-local IPv6 Address A link-local address with its corresponding zone ID (the interface index).

Site-local IPv6 Address A site-local address with its corresponding zone ID (the site ID).


Ipconfig.exe for Windows Vista

Ipconfig.exe now displays the IPv6 addresses before the IPv4 addresses and indicates the type of IPv6 address using the following labels:


Route.exe Tool

In Windows Server 2003, Windows Vista, and Windows Server 2008, Route.exe tool to display the IPv6 route table.


Migrating IPv6.exe Commands to Netsh

IPv6 for XP and XP with Service Pack 1 (SP1) includes the Ipv6.exe tool, which is used to configure the IPv6 protocol.

Ipv6.exe commands are being replaced with commands in the netsh interface ipv6 and netsh interface ipv6 isatap contexts.

Because the Ipv6.exe tool will not be included in the Windows Server 2003 family, scripts that contain Ipv6.exe commands should be updated with the appropriate Netsh commands.


Migrating IPv6.exe Commands to Netsh

Ipv6.exe Command Netsh Equivalent

ipv6 install netsh interface ipv6 install

ipv6 uninstall netsh interface ipv6 uninstall

pv6 [-v] if [IfIndex] netsh interface ipv6 show interface [[interface=]String] [[level=]{normal |verbose}] [[store=]{active | persistent}]

ipv6 ifcr 6over4 V4Src netsh interface ipv6 add 6over4tunnel [[interface=]String][localaddress=]IPv4Address [[store=]{active | persistent}]

For complete Table of commands, refer to http://technet.microsoft.com/en-us/library/bb726950.aspx


Manual Configuration for IPv6 In most cases, an IPv6 host running Windows Vista™,

Windows® XP, or a member of the Windows Server® 2003 family does not have to be manually configured.

However, there are some cases in which the computer must be manually configured with IPv6 addresses. Additionally, there are times when a computer has a special role on the network.

Manually configure IPv6 for: Manual IPv6 addresses An IPv6 router A 6to4 router An Intra-Site Automatic Tunnel Addressing Protocol

(ISATAP) router A 6over4 router


Manual IPv6 addresses

Windows Vista, Windows XP, and the Windows Server 2003 family supports stateless address autoconfiguration.

Addresses, routes, and other configuration parameters are automatically configured on the basis of the receipt of Router Advertisement messages. netsh interface ipv6 add address [interface=]InterfaceNameOrIndex

[address=]IPv6Address [[type=]unicast|anycast] [[validlifetime=]Minutes|infinite] [[preferredlifetime=]Minutes|infinite] [[store=]active|persistent]

By default, the address type is unicast, the valid and preferred lifetimes are infinite, and the address is persistent.

To obtain the interface name or its index, use the display of the netsh interface ipv6 show interface command. netsh interface ipv6 add address "Local Area Connection"

2001:db8::1a49:2aa:ff:fe34:ca8f


IPv6 Configuration Information with the Netsh.exe Tool

netsh interface ipv6 show address netsh interface ipv6 show interface netsh interface ipv6 show route


netsh interface ipv6 show address


netsh interface ipv6 show interface

It displays the list of IPv6 interfaces, their interface index, interface metric, maximum transmission unit (MTU), state, and name.

netsh interface ipv6 show interface on Windows Vista:


netsh interface ipv6 show route

It displays the IPv6 route table and includes information about whether the routes are published (if the computer is acting as an advertising router) and the route type.

netsh interface ipv6 show route on a Windows Vista:


Ping6 on Windows

The new ping6 command on Microsoft sends ICMPv6 echo request messages to the specified destination to display the reachability of a destination IPv6 node

Internetworking Linux with IPv6


IPv6-ready kernel

Modern Linux distributions already contain IPv6-ready kernels, the IPv6 capability is generally compiled as a module, but it's possible that this module is not loaded automatically on startup.

Check for IPv6 support in the current running kernel /proc/net/if_inet6

A short automatical test looks like: # test -f /proc/net/if_inet6 && echo "Running kernel is

IPv6 ready"


Try to load IPv6 module

# modprobe ipv6

If this is successful, this module should be listed, testable with following auto-magically line: # lsmod |grep -w 'ipv6' && echo "IPv6 module successfully

loaded" And the check shown above should now run

successfully.


Compile kernel with IPv6 capabilities

If both above shown results were negative and your kernel has no IP6 support, than you have the following options:

1. Update your distribution to a current one which supports IPv6 out-of-the-box (recommended for newbies)

2. Compile a new vanilla kernel (easy, if you know which options you needed)

3. Recompile kernel sources given by your Linux distribution (sometimes not so easy)

4. Compile a kernel with USAGI extensions


Displaying existing IPv6 addresses

First check, whether and which IPv6 addresses are already configured (perhaps auto-magically during stateless auto-configuration). Using "ip"

A host which is auto-configured # /sbin/ip -6 addr show dev <interface> # /sbin/ip -6 addr show dev eth0 2: eth0:

<BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_ fast qlen 100

inet6 fe80::210:a4ff:fee3:9566/10 scope link inet6 2001:0db8:0:f101::1/64 scope global inet6 fec0:0:0:f101::1/64 scope site


Displaying existing IPv6 addresses

Using "ifconfig" # /sbin/ifconfig <interface>

(output filtered with grep to display only IPv6 addresses). Here you see different IPv6 addresses with different scopes. # /sbin/ifconfig eth0 |grep "inet6 addr:"

inet6 addr: fe80::210:a4ff:fee3:9566/10 Scope:Link

inet6 addr: 2001:0db8:0:f101::1/64 Scope:Global

inet6 addr: fec0:0:0:f101::1/64 Scope:Site


Add an IPv6 address

Command # /sbin/ip -6 addr add <ipv6address>/<prefixlength> dev

<interface> Example

# /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0

Command # /sbin/ifconfig <interface> inet6 add

<ipv6address>/<prefixlength> Example

# /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64


Removing an IPv6 address

Command # /sbin/ip -6 addr del <ipv6address>/<prefixlength> dev

<interface> Example

# /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0 Command

# /sbin/ifconfig <interface> inet6 del <ipv6address>/<prefixlength>

Example # /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64


IPv6-ready network configuration tools

You wont get very far, if you are running an IPv6-ready kernel, but have no tools to configure IPv6.

There are several packages in existence which can configure IPv6.

1. net-tools package

2. iproute package


net-tools package

The net-tool package includes some tools like ifconfig and route, which helps to configure IPv6 on an interface.

Look at the output of ifconfig -? or route -?, if something is shown like IPv6 or inet6, then the tool is IPv6-ready.

Auto-magically check: # /sbin/ifconfig -? 2>& 1|grep -qw 'inet6' && echo "utility 'ifconfig' is IPv6-

ready“

Same check can be done for route: # /sbin/route -? 2>& 1|grep -qw 'inet6' && echo "utility 'route' is IPv6-

ready"


iproute package Alexey N. Kuznetsov (current a maintainer of the Linux networking

code) created a tool-set which configures networks through the netlink device.

Using this tool-set you have more functionality than net-tools provides, but its not very well documented and isn't for the faint of heart. # /sbin/ip 2>&1 |grep -qw 'inet6' && echo "utility 'ip' is IPv6-ready"

If the program /sbin/ip isn't found, then I strongly recommend you install the iproute package. You can get it from your Linux distribution (if contained) You can download the tar-ball and recompile it: Original FTP source and

mirror (missing) You're able to look for a proper RPM package at RPMfind/iproute

(sometimes rebuilding of a SRPMS package is recommended)


IPv6-ready test/debug programs

After you have prepared your system for IPv6, you now want to use IPv6 for network communications.

First you should learn how to examine IPv6 packets with a sniffer program.

This is strongly recommended because for debugging/troubleshooting issues this can aide in providing a diagnosis very quickly.

1. IPv6 ping

2. IPv6 traceroute6

3. IPv6 tracepath6

4. IPv6 tcpdump


IPv6 ping This program is normally included in package iputils. It is designed for simple transport tests sending ICMPv6 echo-

request packets and wait for ICMPv6 echo-reply packets. Usage

# ping6 <hostwithipv6address> # ping6 <ipv6address> # ping6 [-I <device>] <link-local-ipv6address>

Example # ping6 -c 1 ::1

PING ::1(::1) from ::1 : 56 data bytes 64 bytes from ::1: icmp_seq=0 hops=64 time=292 usec

--- ::1 ping statistics --- 1packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms


IPv6 ping

ping6 needs raw access to socket and therefore root permissions.

So if non-root users cannot use ping6 then there are two possible problems:

1. ping6 is not in users path (probably, because ping6 is generally stored in /usr/sbin -> add path (not really recommended)

2. ping6 doesn't execute properly, generally because of missing root permissions -> chmod u+s /usr/sbin/ping6


Specifying interface for IPv6 ping Using link-local addresses for an IPv6 ping, the kernel does not know

through which (physically or virtual) device it must send the packet - each device has a link-local address.

A try will result in following error message: # ping6 fe80::212:34ff:fe12:3456 connect: Invalid argument

Specify the interface additionally like shown here: # ping6 -I eth0 -c 1 fe80::2e0:18ff:fe90:9205

PING fe80::212:23ff:fe12:3456(fe80::212:23ff:fe12:3456) from fe80::212:34ff:fe12:3478 eth0: 56 data bytes 64 bytes from fe80::212:23ff:fe12:3456: icmp_seq=0 hops=64 time=445 usec

--- fe80::2e0:18ff:fe90:9205 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms


IPv6 traceroute6

It's a program similar to IPv4 traceroute. # traceroute6 www.6bone.net

traceroute to 6bone.net (3ffe:b00:c18:1::10) from 2001:0db8:0000:f101::2, 30

hops max, 16 byte packets

1 localipv6gateway (2001:0db8:0000:f101::1) 1.354 ms 1.566 ms 0.407 ms

2 swi6T1-T0.ipv6.switch.ch (3ffe:2000:0:400::1) 90.431 ms 91.956 ms 92.377 ms

3 3ffe:2000:0:1::132 (3ffe:2000:0:1::132) 118.945 ms 107.982 ms 114.557 ms

4 3ffe:c00:8023:2b::2 (3ffe:c00:8023:2b::2) 968.468 ms 993.392 ms 973.441 ms

5 3ffe:2e00:e:c::3 (3ffe:2e00:e:c::3) 507.784 ms 505.549 ms 508.928 ms

6 www.6bone.net (3ffe:b00:c18:1::10) 1265.85 ms * 1304.74 ms


IPv6 tracepath6

It's a program like traceroute6 and traces the path to a given destination discovering the MTU along this path.

# tracepath6 www.6bone.net 1 ?: [LOCALHOST] pmtu 1480

1: 3ffe:401::2c0:33ff:fe02:14 150.705ms

2: 3ffe:b00:c18::5 267.864ms

3: 3ffe:b00:c18::5 asymm 2 266.145ms pmtu 1280 3: 3ffe:3900:5::2 asymm

4 346.632ms 4: 3ffe:28ff:ffff:4::3 asymm 5 365.965ms

5: 3ffe:1cff:0:ee::2 asymm 4 534.704ms

6: 3ffe:3800::1:1 asymm 4 578.126ms !N

Resume: pmtu 1280


IPv6 tcpdump On Linux, tcpdump is the major tool for packet capturing. IPv6 support is normally built-in in current releases of version 3.6. tcpdump uses expressions for filtering packets to minimize the noise:

icmp6: filters native ICMPv6 traffic ip6: filters native IPv6 traffic (including ICMPv6) proto ipv6: filters tunneled IPv6-in-IPv4 traffic not port ssh: to suppress displaying SSH packets for running tcpdump in a

remote SSH session

Also some command line options are very useful to catch and print more information in a packet, mostly interesting for digging into ICMPv6 packets:

“-s 512”: increase the snap length during capturing of a packet to 512 bytes

“-vv”: really verbose output “-n”: don't resolve addresses to names, useful if reverse DNS resolving

isn't working proper


IPv6 ping to 2001:0db8:100:f101::1 native over a local link


IPv6 ping to 2001:0db8:100::1 routed through an IPv6-in-IPv4-tunnel

1.2.3.4 and 5.6.7.8 are tunnel endpoints (all addresses are examples)

Lab Exercise

Case-Study : Internetworking IPv6 Hosts with Cisco

IPv6 Hosts Implementation with Cisco. Internetworking MS- Windows with IPv6.

Documents

Transcript of IPv6 Hosts Implementation with Cisco. Internetworking MS- Windows with IPv6.