IPv6 address configuration and local operation Amsterdam, 16 february 2012 Iljitsch van Beijnum
Today's topics IPv6 address configuration stateless autoconfig DHCPv6 DAD, NUD, timers Router solicitations/advertisements Neighbor solicitations/advertisements Subnets and links
IPX and AppleTalk Conceptually very similar to IP But not suitable for global connectivity Used for local/private networks in the 1980s and 1990s Hosts autoconfigure and easy service discovery through broadcasts IP was all manual all the time (not even DNS until late 1980s!)
IPX and AppleTalk (2) Internetwork Packet Exchange addresses: 32-bit network number 48-bit host address (= ethernet MAC) AppleTalk addresses: 16-bit network number 8-bit host number (randomly generated) (8-bit socket number, like port number) Network number is broadcast by routers
CLNP CLNS: Connectionless Network Service CLNP: Connectionless Network Protocol By OSI/ISO (like OSI reference model) Very similar to IP but different terminology Variable length (max 160-bit) addresses called NSAP, usually has MAC address includes 8-bit NSEL (like port number)
IPv4 32-bit addresses n for (sub-) network, 32-n for host 8-bit protocol number Some protocols: 16-bit source and destination ports At first: manual configuration Starting in 1993: DHCP
IPv6 Includes all address configuration methods discussed so far: manual configuration router broadcast + MAC address router broadcast + random number (router broadcast + crypto hash) DHCPv6
Stateless autoconfig Routers send out "router advertisements" RAs contain one or more /64 prefixes Hosts add 64 bits derived from MAC address, random number or crypto hash Perform duplicate address detection (DAD) just in case Keep address until timer expires
Router advertisements RAs are multicast, not broadcast so only IPv6 hosts "see" them Routers send RAs periodically Or immediately after receiving a router solicitation router solicitations are sent by hosts to the all-routers multicast address
RA (2) From RFC 2461: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Code Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cur Hop Limit M O Reserved Router Lifetime +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reachable Time +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Retrans Timer +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Options... +-+-+-+-+-+-+-+-+-+-+-+-
RA (3) Prefix information option, from RFC 2461: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Length Prefix Length L A Reserved1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Valid Lifetime +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Preferred Lifetime +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reserved2 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + Prefix + + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Prefix option flags L: on-link flag: this prefix should be considered locally reachable A: autonomous address-configuration flag: create an address using this prefix (if /64) L=1, A=1: normal stateless autoconfig L=0, A=1: autoconfig but not on-link L=1, A=0: no autoconfig, but on-link L=0, A=0:?
On-link With IPv4, every address has a (sub-)netmask all nodes with addresses matching the netmask are directly connected / on-link With IPv6, address may or may not have a prefix length that indicates what's on-link like CNLP! Reach off-link addresses through a router
IPv6 Address Creation 00:0a:95:cd:98:7a MAC 000a:95 ff:fe cd:987a EUI-64 Router Advertisement: 2001:db8:31:c000::/64 000a:95ff:fecd:987a 2 modified EUI-64 2001:db8:31:c000:20a:95ff:fecd:987a
Address Privacy Ugh, when you move around people can recognize your MAC address! RFC 4941 (was 3041): temporary addresses use random number to generate address generate new one every 24 hours or after disconnect/reconnect default for outgoing sessions in Windows Vista/7 and MacOS 10.7
Timers RA timer: how long router may be default gateway Prefix preferred lifetime: how long address is "preferred" Prefix valid lifetime: how long address can be used (al all) All count down unless restored by new RA
Duplicate address detection Before a node may use an address, see if nobody else has it Address is "tentative" Send out neighbor solicitations for tentative address source address: the unspecified address :: If no answer, use it If answers, don't use it (and...?)
Lifecycle of addresses Link-local Only Router Advertisement New Address: Tentative DAD Unsuccessful Duplicate DAD Successful Valid Preferred Preferred Lifetime Expired Deprecated Valid Lifetime Expired Invalid
RA flags "Managed config" (M bit) "stateful address configuration" ( = DHCPv6) is used on this subnet "Other stateful config" (O bit) other configuration information (such as DNS addresses) is available through stateful configuration mechanism
Multiple addresses What if 2 routers with 2 prefixes (A=1)? 4 different addresses! (what if RFC 4941 is in effect??) 5 if M=1 IPv6 systems always have link-local Usually dual stack, so also an IPv4 address Apps should try them all until one works
DHCPv6 Complete reinvention of DHCP for IPv6 Completely incompatible with DHCP Doesn't provide router address Doesn't provide subnet mask/length No MAC address or client identifier, but "DUID" = DHCPv6 Unique IDentifier
DHCPv6 (2) Two modes of operation: stateful: for address configuration etc stateless: for DNS configuration etc client has to choose... In addition to address configuration, also prefix delegation
Client implementations Windows Vista/7: address and other config, depends on M/O flags Linux: depends on distribution, sometimes address and/or other config, may not respect M/O flags Mac: in 10.7, not in 10.6 or earlier Routers, such as latest Cisco and Apple Airport Extreme base station: prefix delegation and other config
Stateless autoconfig versus DHCPv6 Stateless autoconfig always the same address without "state" (= a server with storage/config) sent by routers = fate sharing (David Clark, 1995) DHCPv6 can give specific address to specific host can log which host has which address
Exercise time! Router: ether 00:12:34:56:78:90 prefix: 2001:db8:dead:beef::/64 DHCPv6 server hands out..::10,...::11,... and DNS address 2001:4860:4860::8888 Host: ether 00:40:50:60:70:80
α: M=0/O=0/L=0/A=0 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)
β: M=0/O=0/L=1/A=0 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)
γ: M=0/O=0/L=1/A=1 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)
δ: M=0/O=1/L=1/A=0 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)
ε: M=1/O=1/L=1/A=0 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)
ζ: M=1/O=1/L=1/A=1 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)
η: M=1/O=0/L=1/A=1 What are the host's addresses... if it's a MacOS 10.6 system? if it's a Windows Vista system? What if the host wants to connect to 2001:db8:dead:beef::a01? What if the host wants to connect to a02.deadbeef.nl? (2001:db8:dead:beef::a02)
ICMPv6 Internet Control Message Protocol version 6 ICMPv6 Errors (codes below 128) ICMPv6 ICMPv6 Informational (codes above 127) 1 destination unreachable 2 packet too big 3 time exceeded 4 parameter problem 128 echo request 129 echo reply 133 router solicitation 134 router advertisement 135 neighbor solicitation 136 neighbor advertisement 137 redirect
Redirects (use case 1) R1 2001:db8:... H1 3ffe:4abc:... H2 Hosts have addresses in different prefixes They send their traffic through the router Router says: this destination is local
Redirects (use case 2) R1 R2 H1 R1 and R2 connect to different destinations H1 uses R1 as default gateway R1 says: for this destination, use R2
avian carrier IP packet RFC 1149 Photo by Vegard Engen
It's all a joke The most widely implemented April 1st RFC is not RFC 1149, but: Network Working Group Request for Comments: 894 STANDARD Errata Exist Charles Hornig Symbolics Cambridge Research Center April 1984 A Standard for the Transmission of IP Datagrams over Ethernet Networks Fortunately IPv6 has something better...
Neighbor discovery Does what ARP does for IPv4: I have a packet, but what MAC address goes with the packet's destination address? But: ND is ICMPv6, so not Ethernet-specific targeted multicasts instead of broadcasts room for options
Neighbor solicitation From RFC 2461: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Code Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Reserved +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + Target Address + + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Options... +-+-+-+-+-+-+-+-+-+-+-+-
Neighbor solicitation (2) Addressed to the solicited node address: prefix FF02:0:0:0:0:1:FF00::/104 + lower 24 bits of target address May have source link-layer address option i.e., the Ethernet MAC address
Neighbor advertisement From RFC 2461: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type Code Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ R S O Reserved +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + Target Address + + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Options... +-+-+-+-+-+-+-+-+-+-+-+-
Neighbor advertisement (2) Obviously holds source link-layer address Flags: R: router flag S: solicited flag 1 if response to neighbor solicitation O: override flag used with proxy ND and anycast
IPv6 multicasts on Ethernet For IPv4 IETF got its own OUI for Ethernet multicast For IPv6 the unique/local bit is simply set to "local": Ethernet destination is 33:33: + lower 32 bits of the IPv6 multicast address NICs may filter exact and/or using hash
Hop limit security trick Redirects etc could be abused by remote attackers Important to determine that they come from a local source So sender sets hop limit to 255 Receiver checks if hop limit is 255 Check fails if there was a router in the path
Neighbor unreachability detection Always between host-host, host-router and router-host, sometimes router-router Used when there is unicast communication look for "forward progress" by TCP etc or send neighbor solicitations to probe whether the neighbor/router is reachable When NUD fails, remove from neighbor cache, redo next hop resolution
Questions?