This is not a scoop, public IPv4 address space melts like snow in the sun. According to current estimates, only 5% of all addresses would be available
One day or another, the transition to IPv6 will be inevitable, so be prepared ... 
This article explain what is IPv6 and how it works.
IPv6 Goals
  • Support an adequate address space for future developments
  • Reduce the size of routing tables
  • Simplify protocols
  • Improving security
  • Facilitating Homelessness
  • Cohabitation and possible transition with IPv4
How IPv6 Works
If we had to summarize the operation of IPv6 in one sentence, it would certainly be something like "IPv6, just a few more bits ... or almost".
For example, the majority of protocols based on IPv4 work on IPv6, sometimes with some modifications but no more, it is the case of TCP, UDP, ICMP, DNS, ... as well as the majority of routing protocols like RIP , OSPF, BGP, ...
The real difference lies in the length and types of addresses as well as the structure of the header.
The IPv6 header
IPv6 Header
IPv6 Header
  • Version: IP version.
  • Traffic Class: Sets traffic priority to resolve congestion issues.
  • Flow Label: Indicator of flow, used to facilitate the task to the routers. Identifies the flows of an application.
  • Payload Length: Content size of the IPv6 packet out of header.
  • Next Header: Identifies the following headers (upper layer protocols or simple IPv6 extension).
  • Hop Limit: Field Equivalent to TTL in IPv4
Compared to the IPv4 header, the number of fields is greatly reduced, which on the one hand alleviates the task of routers, since there is less information to be processed but also increases security since there are fewer Vital information in the header.


IPv6 addresses
The vital point lies in the size of the IPv6 addresses which passes from 32bits (IPv4) to 128bits. These addresses are expressed as 8 groups of 4 hexadecimal characters, ie 8 groups of 16 bits (16 × 8 = 128).
Example:
  2001: 0abc : 0001 : 5400 : 0000: 0000: 0123 : ab58
In order to simplify the writing two rules of simplification can be used:
  1. Non-significant "zeros" can be omitted. (0001 is the same as 1).
  2. Only once per address can replace the groups of consecutive zeros by "::" (...: 0000: 0000: ... is identical to ... :: ...)
This gives as abbreviated notation:
  2001: abc : 1 : 5400 :: 123 : ab58
IPv6 networks are noted using CIDR notation, this number indicating the number of "strong" bits assigned to the network address.
For example, / 64 indicates that the first 64 bits of the address indicate the network to which it belongs.

IPv6 Address Types
In IPv4 one finds addresses unicast (1 to 1), multicast (1 to several) and broadcast (1 to all). In IPv6 it is somewhat different.
  • Unicast Addresses: is used to deliver a packet to a single interface.
  • Multicast Addresses: is used to deliver a packet to multiple interfaces.
  • Anycast Addresses: is used to deliver a packet to the closest to a group of interfaces in terms of routing. (One assigns the same Anycast address to several hosts, depending on the routing, the one that is the "nearest" will be used).
There is no more broadcasting in IPv6. This implies that some protocols have to evolve.
In the "unicast" addresses, there are 3 subcategories:
  1. Global Addresses: Routable addresses on Internet version 6.
  2. Site-local addresses: addresses recognized within an organization. (A notion that is no longer used at present).
  3. Link-local addresses: addresses that are valid only on a local network (the principle is comparable to addresses 169.254.xx / 16 obtained in IPv4 in the absence of a DHCP server and static configuration).
Assigning Global Addresses
For the moment, the set of distributed addresses are taken in block 2000 :: / 3. This means that from a binary point of view all addresses begin with 001.
of
  001 0000000000000: ... what gives 2000 ::
at
  001 1111111111111: FFFF: FFFF: FFFF: FFFF: FFFF: FFFF: FFFF ... 3FFF: FFFF: ....
In this block of addresses, the IANA (Internet Assigned Numbers Authority) assigns / 23 blocks to the regional Internet registers (Europe, Asia, ...). They assign in the received blocks portions of / 32 to the local bodies which ultimately assign blocks in / 48 or / 64 to the clients.
Special addresses
2000 :: / 3 Global unicast addresses
FC00 :: / 7 Unique Local Addresses
FE80 :: / 10 Addresses link-local
FF00 :: / 8 Multicast Addresses
:: 1/128 Loopback address (equivalent to 127.0.0.1)
:: / 128 Unspecified address (used as source address in special cases such as acquiring a network address).
2001 :: / 32 Used for Teredo (transition method between an IPv4 to IPv6 network).
Link-Local Addresses
The link-local address is generated automatically when an interface is activated in IPv6. This address will, by definition, communicate directly with any machine on the same network.
This address is generated based on the MAC address of the interface (if it is an ethernet interface) or based on the MAC address of another interface (if you configure a serial interface for example).
Format of the link-local address:
FE80 :: MMMM : MM FF : FE MM : MMMM
The Ms represent the MAC address used. Since the principle is to use 64 bits to define the host, and the MAC address is composed of only 48 bits, the FFFE sequence (ie 16 bits) is inserted in the middle of the MAC address.
Example:
  R1 # sh ipv6 interface fa0 / 0

 FastEthernet0 / 0 is up, line protocol is up

 IPv6 is enabled, link-local address is FE80 :: C000 : C FF : FE F4 : 0

  No Virtual link-local address (es):

 Global unicast address (es):

 2001:1111:2222:3333:4444:5555:6666:7777, subnet is 2001: 1111: 2222:3333:: / 64
     

 Joined group address (es):

 FF02 :: 1

 FF02 :: 1: FFF4: 0

 MTU is 1500 bytes

 ICMP error messages limited to one every 100 milliseconds

 ICMP redirects are enabled

 ICMP unreachables are sent

 ND DAD is enabled, number of DAD attempts: 1

 ND reachable time is 30000 milliseconds

 R1 #

 R1 # sh int fa0 / 0

 FastEthernet0 / 0 is up, line protocol is up

 Hardware is Gt96k FE, address is c000.0cf4.0000 (bia c000.0c f4.0000 )

 MTU 1500 bytes, BW 10000 Kbit / sec, DLY 1000 usec,

 Reliability 255/255, txload 1/255, rxload 1/255
Global Addresses
These addresses are routable addresses in IPv6.
At present, 85% of the IPv6 space is reserved for the future, only the addresses of the range
2000 :: / 3 are intended to be used. In addition, the second generation Internet (ie IPv6 Internet) is supposed to be composed of addresses included in the range 2001 :: / 16 (ie about 5 × 10 ^ 33 possibilities).
In general, an IPv6 address is composed of 3 elements:
  • A global routing prefix (on x bits, maximum 48 bits)
  • A subnet identifier (on 64-x bits)
  • An identifier of the interface (on 64 bits)
Example: 2001: AB01: CD02: 0000: ABCD: 01FF: FE02: 1234/48
It is expected that the providers will allocate a maximum network / 48. Knowing that there are 64 bits normally reserved for the identifier of the interface, this leaves (128-48-64) 16 bits (65536 possibilities) to define the subdivision of the subnets.
The interface identifier should normally always be self-configuring (this is not an obligation). The principle is the same as for the link-local address. Once the interface receives a network address, it is enough to add the identifier of the interface composed of the MAC address in which the sequence FFFE is inserted in the middle to obtain the 64 bits (called EUI-64 For Extended Unique Identifier 64bits).
Manually Configuring an IPv6 Address on an Interface:
  R1 (config) #int fa0 / 0

 R1 (config-if) # ipv6 address 2001: aa11 :: 1/64

 R1 (config-if) # ^ Z

 R1 # sh ipv6 int fa0 / 0

 FastEthernet0 / 0 is up, line protocol is up

 IPv6 is enabled, link-local address is FE80 :: C200: CFF: FEF4: 0

 No Virtual link-local address (es):

 Global unicast address (es):

  2001: AA11 :: 1, subnet is 2001: AA11 :: / 64

 Joined group address (es):

 FF02 :: 1

 FF02 :: 2

 FF02 :: 1: FF00: 1

 FF02 :: 1: FFF4: 0

 MTU is 1500 bytes

 ICMP error messages limited to one every 100 milliseconds

 ICMP redirects are enabled

 ICMP unreachables are sent

 ND DAD is enabled, number of DAD attempts: 1

 ND reachable time is 30000 milliseconds

 ND advertised reachable time is 0 milliseconds

 ND advertised retransmit interval is 0 milliseconds

 ND router advertisements are sent every 200 seconds

 ND router advertisements for 1800 seconds

 ND advertised default router preference is

 Hosts use stateless autoconfig for addresses.

 R1 #
Configuring an IPv6 address by specifying only the subnet ID:

 R1 (config-if) # ipv6 address 2001: aa11 :: / 64 eui-64

 R1 (config-if) # ^ Z

 R1 # sh ipv6 int fa0 / 0

 FastEthernet0 / 0 is up, line protocol is up

 IPv6 is enabled, link-local address is FE80 :: C200: CFF: FEF4: 0

 No Virtual link-local address (es):

 Global unicast address (es):

  2001: AA11 :: C200: CFF: FEF4: 0 , subnet is 2001: AA11 :: / 64 [EUI]

 Joined group address (es):

 FF02 :: 1

 FF02 :: 2

 FF02 :: 1: FFF4: 0

 MTU is 1500 bytes

 ICMP error messages limited to one every 100 milliseconds

 ICMP redirects are enabled

 ICMP unreachables are sent

 ND DAD is enabled, number of DAD attempts: 1

 ND reachable time is 30000 milliseconds

 ND advertised reachable time is 0 milliseconds

 ND advertised retransmit interval is 0 milliseconds

 ND router advertisements are sent every 200 seconds

 ND router advertisements live for 1800 seconds

 ND advertised default router preference is Medium

 Hosts use stateless autoconfig for addresses.

 R1 #
Using the eui-64 option, the router is instructed to complete the interface address using the MAC address of the interface (or that of an available interface if configured Is not an ethernet interface).
IPv6 ND (Neighbor Discovery)
In IPv6, there is no ARP protocol !!! Instead IPv6 ND ... a neighbor discovery protocol based on ICMPv6 (the IPv6 version of ICMP).
IPv6 ND fulfills a significant set of features:
  • Detection of duplicates in addressing.
  • Announcement of the link-local address
  • Discovery of the neighborhood
  • Address Resolution
  • Etc.
The principle of duplicate detection is simple. As soon as an interface becomes active in IPv6, the machine queries to see if someone on the network has the same address (Neighbor Solicitation). If no one answers, the machine confirms that it is using it by announcing itself (Neighbor Advertisment). And this for each address configured on the interface (link-local, global ...).
Address resolution is a bit more complex to explain, but works in a very simple way. As soon as an interface is configured the machine joins a series of multicast groups. Here is an example:
 R1 # sh ipv6 int fa0 / 0

 FastEthernet0 / 0 is up, line protocol is up

 IPv6 is enabled, link-local address is FE80 :: C200: CFF: FEF4: 0

 No Virtual link-local address (es):

 Global unicast address (es):

 2001: AA11 :: 1, subnet is 2001: AA11 :: / 64

 Joined group address (es):

 FF02 :: 1

  FF02 :: 2

  FF02 :: 1: FF00: 1

  FF02 :: 1: FFF4: 0

 MTU is 1500 bytes

 ICMP error messages limited to one every 100 milliseconds

 ICMP redirects are enabled

 ICMP unreachables are sent

 ND DAD is enabled, number of DAD attempts: 1

 ND reachable time is 30000 milliseconds

 ND advertised reachable time is 0 milliseconds

 ND advertised retransmit interval is 0 milliseconds

 ND router advertisements are sent every 200 seconds

 ND router advertisements live for 1800 seconds

 ND advertised default router preference is Medium

 Hosts use stateless autoconfig for addresses.
 R1 #
FF02 :: 1 is the replacement of the broadcast, it is the multicast group to which any machine of the local network joins.
FF02 :: 2 is the multicast group "All LAN routers".
FF02 :: 1: FF00: 1 is the multicast group specific to the global address configured on the interface. Composed of FF02 :: 1: FF ... followed by the last 24 bits of the global address.
FF02 :: 1: FFF4: 0 is the multicast group specific to the interface, this address always starts with FF02 :: 1: FF ... and is completed by the last 24 bits (the unique identifier of a machine). The MAC address used in the composition of the address.
Since the last two multicast groups are generated according to the addresses of the interface, it is therefore possible to directly address a machine by knowing its IPv6 address through its own multicast group.
For example, if I want to ping 2001: 11aa :: 1 , to get its MAC address I will send a request to the multicast group FF02 :: 1: FF 00: 1 (where 00: 1 comes from the last 24 bits Of the gobal address specified by the ping command). The advantage is that instead of sending a broadcast request when using ARP in IPv4, IPv6 is sent a request directly to the machine concerned, which avoids annoying machines not concerned.
Here is a snapshot of an IPv6 ping from R1 (2001: 11aa :: 1) to R2 (2001: 11aa :: 2) to illustrate this:


R1 sends an NS (Neighbot Solicitation) to FF02 :: 1: FF00: 2
R2 responds with a NA (Neighbor Advertisement) to 2001: 11aa :: 1
R1 and R2 having exchanged information have doc necessarily learned their respective MAC addresses .... The suite is a suite of ICMPv6 Echo Request ... ICMPv6 Echo Reply (as in IPv4).
Other features of IPv6
Auto-configuration
Based on the Neighbor Discovery, a machine can discover on which network it is by sending a solicitation to which a router will respond by an Advertisement. Once the network address is obtained, the machine can then self-configure itself by completing the address by the EUI-64 (Mac address + FFFE in the middle).
Hence the role of a DHCP server is reduced to its bare minimum. However, there are two taps of DCHP servers. The DHCP statefull that provide full configuration and Stateless DHCPs which are basically only providing an address for a DNS server since the rest is self-configured.
Security
IPsec is an integral part of IPv6. Originally IPsec was developed for IPv6 but first applied on IPv4. We thus find all the components of IPsec in native in IPv6.

0 comments:

Post a Comment

 
Top