IPv6 address configuration and local operation

Similar documents
It's the economy, stupid: the transition from IPv4 to IPv6

The state of IPv6 (and IPv4)

IPv6 Neighbor Discovery

Configuring IPv6 for Gigabit Ethernet Interfaces

IPv6 Neighbor Discovery

IPv6 Neighbor Discovery

Introduction to IPv6 - II

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

Rocky Mountain IPv6 Summit April 9, 2008

IPv6 Neighbor Discovery

IPv6 Neighbor Discovery

Configuring IPv6 basics

Guide to TCP/IP Fourth Edition. Chapter 6: Neighbor Discovery in IPv6

IPv6 Protocol Architecture

Setup. Grab a vncviewer like: Or

IPv6 Protocol & Structure. npnog Dec, 2017 Chitwan, NEPAL

Table of Contents 1 IPv6 Basics Configuration 1-1

IPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

Configuring IPv6. Information About IPv6. Send document comments to CHAPTER

OSI Data Link & Network Layer

TCP/IP Protocol Suite

IPv4 and IPv6 Commands

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

IPv6 Configuration Commands

Workshop on Scientific Applications for the Internet of Things (IoT) March

Internet Control Message Protocol

Introduction to IPv6

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

The Netwok Layer IPv4 and IPv6 Part 2

Juniper Netscreen Security Device. How to Enable IPv6 Page-51

tcp ipv6 timer fin-timeout 40 tcp ipv6 timer syn-timeout 40 tcp ipv6 window 41

IPv6 Stateless Autoconfiguration

DHCPv6 Overview 1. DHCPv6 Server Configuration 1

IPv6 Client IP Address Learning

IPv6 Bootcamp Course (5 Days)

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Introduction to IPv6. IPv6 addresses

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

Chapter 7: IP Addressing CCENT Routing and Switching Introduction to Networks v6.0

IPv6 Technical Challenges

Network Working Group Request for Comments: W. Simpson Daydreamer H. Soliman Elevate Technologies September 2007

HPE FlexNetwork 5510 HI Switch Series

IPv6 ND Configuration Example

HPE 5920 & 5900 Switch Series

IPv6. (Internet Protocol version 6)

HPE FlexNetwork 5510 HI Switch Series

TSIN02 - Internetworking

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

Step 2. Manual configuration of global unicast and link-local addresses

HP FlexFabric 5930 Switch Series

ISO 9001:2008. Pankaj Kumar Dir, TEC, DOT

Planning for Information Network

Lecture Computer Networks

Internet Protocol v6.

ICS 451: Today's plan

HPE ArubaOS-Switch IPv6 Configuration Guide YA/YB.16.02

Step 2. Manual configuration of global unicast and link-local addresses

Configuring IPv6 First-Hop Security

IPv6 NEMO. Finding Feature Information. Restrictions for IPv6 NEMO

OSI Data Link & Network Layer

FiberstoreOS IPv6 Service Configuration Guide

ICS 351: Networking Protocols

"Charting the Course... IPv6 Bootcamp Course. Course Summary

Optimized Neighbor Discovery for 6LoWPANs: Implementation and Performance Evaluation

OSI Data Link & Network Layer

Network Management. IPv6 Bootcamp. Zhiyi Huang University of Otago

Internet Protocol, Version 6

Veryx ATTEST TM Conformance Test Suite

HPE FlexFabric 7900 Switch Series

Introduction to IPv6. IPv6 addresses

The Netwok Layer IPv4 and IPv6 Part 2

Foreword xxiii Preface xxvii IPv6 Rationale and Features

IPv6 Concepts. Improve router performance Simplify IP header Align to 64 bits Address hierarchy with more levels Simplify routing tables

ODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight

IPv6 associated protocols

ArubaOS-Switch IPv6 Configuration Guide for YA/YB.16.04

FiberstoreOS IPv6 Security Configuration Guide

Transitioning to IPv6

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

TD#RNG#2# B.Stévant#

Introduction to IPv6. IPv6 addresses

HP Switch Software. IPv6 Configuration Guide G-PoE Switch G-PoE Switch

IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo

IPv6 CONSORTIUM TEST SUITE Address Architecture Conformance Test Specification

HPE FlexFabric 5940 Switch Series

An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is sent to a unicast

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

IPv6 Autoconfiguration. Stateless and Stateful. Rabat, Maroc Mars 2007

Aeronautical Systems Center

The Internet. The Internet is an interconnected collection of netw orks.

IPv6 Source Addresses

IPv6 Protocols & Standards

CN1047 INTRODUCTION TO COMPUTER NETWORKING CHAPTER 5 OSI MODEL NETWORK LAYER

Implementing DHCP for IPv6

Ch.6 Mapping Internet Addresses to Physical Addresses (ARP)

MBC. Auto. Address. Networks. Mesh. uto- configuration for Wireless. Keecheon Kim. Konkuk University Seoul, Korea

Athanassios Liakopoulos

Default Router and Prefix Advertisement Options for DHCPv6

Transition to IPv6. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Transcription:

IPv6 address configuration and local operation Amsterdam, 16 february 2012 Iljitsch van Beijnum

Today's topics IPv6 address configuration stateless autoconfig DHCPv6 DAD, NUD, timers Router solicitations/advertisements Neighbor solicitations/advertisements Subnets and links

IPX and AppleTalk Conceptually very similar to IP But not suitable for global connectivity Used for local/private networks in the 1980s and 1990s Hosts autoconfigure and easy service discovery through broadcasts IP was all manual all the time (not even DNS until late 1980s!)

IPX and AppleTalk (2) Internetwork Packet Exchange addresses: 32-bit network number 48-bit host address (= ethernet MAC) AppleTalk addresses: 16-bit network number 8-bit host number (randomly generated) (8-bit socket number, like port number) Network number is broadcast by routers

CLNP CLNS: Connectionless Network Service CLNP: Connectionless Network Protocol By OSI/ISO (like OSI reference model) Very similar to IP but different terminology Variable length (max 160-bit) addresses called NSAP, usually has MAC address includes 8-bit NSEL (like port number)

IPv4 32-bit addresses n for (sub-) network, 32-n for host 8-bit protocol number Some protocols: 16-bit source and destination ports At first: manual configuration Starting in 1993: DHCP

IPv6 Includes all address configuration methods discussed so far: manual configuration router broadcast + MAC address router broadcast + random number (router broadcast + crypto hash) DHCPv6

Stateless autoconfig Routers send out "router advertisements" RAs contain one or more /64 prefixes Hosts add 64 bits derived from MAC address, random number or crypto hash Perform duplicate address detection (DAD) just in case Keep address until timer expires

Router advertisements RAs are multicast, not broadcast so only IPv6 hosts "see" them Routers send RAs periodically Or immediately after receiving a router solicitation router solicitations are sent by hosts to the all-routers multicast address

RA (2) From RFC 2461: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Code Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cur Hop Limit M O Reserved Router Lifetime +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reachable Time +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Retrans Timer +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Options... +-+-+-+-+-+-+-+-+-+-+-+-

RA (3) Prefix information option, from RFC 2461: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length Prefix Length L A Reserved1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Valid Lifetime +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Preferred Lifetime +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reserved2 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + Prefix + + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Prefix option flags L: on-link flag: this prefix should be considered locally reachable A: autonomous address-configuration flag: create an address using this prefix (if /64) L=1, A=1: normal stateless autoconfig L=0, A=1: autoconfig but not on-link L=1, A=0: no autoconfig, but on-link L=0, A=0:?

On-link With IPv4, every address has a (sub-)netmask all nodes with addresses matching the netmask are directly connected / on-link With IPv6, address may or may not have a prefix length that indicates what's on-link like CNLP! Reach off-link addresses through a router

IPv6 Address Creation 00:0a:95:cd:98:7a MAC 000a:95 ff:fe cd:987a EUI-64 Router Advertisement: 2001:db8:31:c000::/64 000a:95ff:fecd:987a 2 modified EUI-64 2001:db8:31:c000:20a:95ff:fecd:987a

Address Privacy Ugh, when you move around people can recognize your MAC address! RFC 4941 (was 3041): temporary addresses use random number to generate address generate new one every 24 hours or after disconnect/reconnect default for outgoing sessions in Windows Vista/7 and MacOS 10.7

Timers RA timer: how long router may be default gateway Prefix preferred lifetime: how long address is "preferred" Prefix valid lifetime: how long address can be used (al all) All count down unless restored by new RA

Duplicate address detection Before a node may use an address, see if nobody else has it Address is "tentative" Send out neighbor solicitations for tentative address source address: the unspecified address :: If no answer, use it If answers, don't use it (and...?)

Lifecycle of addresses Link-local Only Router Advertisement New Address: Tentative DAD Unsuccessful Duplicate DAD Successful Valid Preferred Preferred Lifetime Expired Deprecated Valid Lifetime Expired Invalid

RA flags "Managed config" (M bit) "stateful address configuration" ( = DHCPv6) is used on this subnet "Other stateful config" (O bit) other configuration information (such as DNS addresses) is available through stateful configuration mechanism

Multiple addresses What if 2 routers with 2 prefixes (A=1)? 4 different addresses! (what if RFC 4941 is in effect??) 5 if M=1 IPv6 systems always have link-local Usually dual stack, so also an IPv4 address Apps should try them all until one works

DHCPv6 Complete reinvention of DHCP for IPv6 Completely incompatible with DHCP Doesn't provide router address Doesn't provide subnet mask/length No MAC address or client identifier, but "DUID" = DHCPv6 Unique IDentifier

DHCPv6 (2) Two modes of operation: stateful: for address configuration etc stateless: for DNS configuration etc client has to choose... In addition to address configuration, also prefix delegation

Client implementations Windows Vista/7: address and other config, depends on M/O flags Linux: depends on distribution, sometimes address and/or other config, may not respect M/O flags Mac: in 10.7, not in 10.6 or earlier Routers, such as latest Cisco and Apple Airport Extreme base station: prefix delegation and other config

Stateless autoconfig versus DHCPv6 Stateless autoconfig always the same address without "state" (= a server with storage/config) sent by routers = fate sharing (David Clark, 1995) DHCPv6 can give specific address to specific host can log which host has which address

Exercise time! Router: ether 00:12:34:56:78:90 prefix: 2001:db8:dead:beef::/64 DHCPv6 server hands out..::10,...::11,... and DNS address 2001:4860:4860::8888 Host: ether 00:40:50:60:70:80

α: M=0/O=0/L=0/A=0 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)

β: M=0/O=0/L=1/A=0 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)

γ: M=0/O=0/L=1/A=1 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)

δ: M=0/O=1/L=1/A=0 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)

ε: M=1/O=1/L=1/A=0 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)

ζ: M=1/O=1/L=1/A=1 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)

η: M=1/O=0/L=1/A=1 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)

ICMPv6 Internet Control Message Protocol version 6 ICMPv6 Errors (codes below 128) ICMPv6 ICMPv6 Informational (codes above 127) 1 destination unreachable 2 packet too big 3 time exceeded 4 parameter problem 128 echo request 129 echo reply 133 router solicitation 134 router advertisement 135 neighbor solicitation 136 neighbor advertisement 137 redirect

Redirects (use case 1) R1 2001:db8:... H1 3ffe:4abc:... H2 Hosts have addresses in different prefixes They send their traffic through the router Router says: this destination is local

Redirects (use case 2) R1 R2 H1 R1 and R2 connect to different destinations H1 uses R1 as default gateway R1 says: for this destination, use R2

avian carrier IP packet RFC 1149 Photo by Vegard Engen

It's all a joke The most widely implemented April 1st RFC is not RFC 1149, but: Network Working Group Request for Comments: 894 STANDARD Errata Exist Charles Hornig Symbolics Cambridge Research Center April 1984 A Standard for the Transmission of IP Datagrams over Ethernet Networks Fortunately IPv6 has something better...

Neighbor discovery Does what ARP does for IPv4: I have a packet, but what MAC address goes with the packet's destination address? But: ND is ICMPv6, so not Ethernet-specific targeted multicasts instead of broadcasts room for options

Neighbor solicitation From RFC 2461: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Code Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reserved +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + Target Address + + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Options... +-+-+-+-+-+-+-+-+-+-+-+-

Neighbor solicitation (2) Addressed to the solicited node address: prefix FF02:0:0:0:0:1:FF00::/104 + lower 24 bits of target address May have source link-layer address option i.e., the Ethernet MAC address

Neighbor advertisement From RFC 2461: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Code Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ R S O Reserved +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + Target Address + + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Options... +-+-+-+-+-+-+-+-+-+-+-+-

Neighbor advertisement (2) Obviously holds source link-layer address Flags: R: router flag S: solicited flag 1 if response to neighbor solicitation O: override flag used with proxy ND and anycast

IPv6 multicasts on Ethernet For IPv4 IETF got its own OUI for Ethernet multicast For IPv6 the unique/local bit is simply set to "local": Ethernet destination is 33:33: + lower 32 bits of the IPv6 multicast address NICs may filter exact and/or using hash

Hop limit security trick Redirects etc could be abused by remote attackers Important to determine that they come from a local source So sender sets hop limit to 255 Receiver checks if hop limit is 255 Check fails if there was a router in the path

Neighbor unreachability detection Always between host-host, host-router and router-host, sometimes router-router Used when there is unicast communication look for "forward progress" by TCP etc or send neighbor solicitations to probe whether the neighbor/router is reachable When NUD fails, remove from neighbor cache, redo next hop resolution

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback