ilab 2
play

iLab 2 Internet Protocol version 6 Stefan Liebald - PowerPoint PPT Presentation

iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen October 18, 2017 Based on slides of Lukas Schwaighofer 1


  1. iLab 2 Internet Protocol version 6 Stefan Liebald liebald@net.in.tum.de Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München October 18, 2017 Based on slides of Lukas Schwaighofer 1

  2. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 2

  3. Motivation Figure: IPv6 exhaustion (source: https://xkcd.com/865) 3

  4. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 4

  5. Lab overview Internet IPv6-only ISP eth3: monitor eth0 eth2/vlan 12: 10.0.2.1/24 PC6 OSPF IPv6 area 0 fd52:fdee:a532:b64::1/64 eth0: PC3 10.0.2.2/24 eth0: 10.0.1.3/24 fd52:fdee:a532:b64::2/64 eth1: monitor port Webserver Probe & NAT64 eth0/vlan 10: eth0/vlan 10: eth1/vlan 11: 10.0.1.1/24 10.0.0.1/24 10.0.0.2/24 ISP client(s) link-local IPv6 link-local IPv6 fd52:fdee:a532:a00::/64 eui-64 IPv4 & IPv6 Cisco A Cisco B PC2 eth0: eth1/vlan 11: 10.0.1.2/24 fd52:fdee:a532:b00::/64 eui-64 fd52:fdee:a532:a00::/64 eui-64 PC5 fd52:fdee:a532:b53::1/64 eth0: Webserver fd52:fdee:a532:b00::/64 eui-64 eth2/vlan 12: User fd52:fdee:a532:a53::1/64 PC1 eth0: fd52:fdee:a532:d00::1/64 fd52:fdee:a532:a53::2/64 PC4 DNS Server eth0: fd52:fdee:a532:d00::1/64 fd52:fdee:a532:b53::2/64 DNS Server Figure: IPv6 lab setup 5

  6. Lab overview What will you do during the lab? ◮ SLAAC (Stateless Address Auto Configuration) ◮ DHCPv6 (Dynamic Host Configuration Protocol) ◮ OSPF (Open Shortest Path First) ◮ DNS (Domain Name System) 6

  7. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 7

  8. IPv4 and IPv6 Header 8

  9. IPv6 Differences ◮ 128 bit addresses compared to 32 bit in IPv4 ◮ Fragmentation only on endhosts ◮ Header: ◮ Fixed header length (40 byte) + extension headers ◮ Fewer fields (no checksum, fragmentation) ◮ Integrated IPsec via extension header ◮ No more broadcast → multicast ◮ NDP instead of ARP 9

  10. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 10

  11. IPv6 Address notation ◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 11

  12. IPv6 Address notation ◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened: ◮ replace longest sequence of blocks of zeros with :: ◮ ommit leading zeros ◮ e.g. 2001:db8::102:0:304 11

  13. IPv6 Address notation ◮ 8 blocks of 2 bytes, colon seperated: ◮ e.g.: 2001:0db8:0000:0000:0000:0102:0000:0304 ◮ can be shortened: ◮ replace longest sequence of blocks of zeros with :: ◮ ommit leading zeros ◮ e.g. 2001:db8::102:0:304 ◮ What about ports? ◮ use [IPv6-address]:port ◮ e.g.: [2001:db8::102:0:304]:80 11

  14. IPv6 Prefix and Interface Identifier ◮ 128 bit IPv6 address can be split in two parts: ◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface 12

  15. IPv6 Prefix and Interface Identifier ◮ 128 bit IPv6 address can be split in two parts: ◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface ◮ example 2001:db8::102:0:304 12

  16. IPv6 Prefix and Interface Identifier ◮ 128 bit IPv6 address can be split in two parts: ◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface ◮ example 2001:db8::102:0:304 ◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304 12

  17. IPv6 Prefix and Interface Identifier ◮ 128 bit IPv6 address can be split in two parts: ◮ 64 bit prefix ← identifies subnet, used for routing ◮ 64 bit interface identifier ← identifies host/interface ◮ example 2001:db8::102:0:304 ◮ prefix: 2001:db8::/64 ◮ interface identifier: 0:102:0:304 ◮ ISP could also assign you a /56 or other prefix ◮ → You can create 2 8 = 256 /64 subnets from that 12

  18. IPv6: Important well defined address prefixes Address (prefix) Type ::1/128 Loopback fe80::/10 Link-local unicast fc00::/7 Unique Local unicast 2001:db8::/32 Documentation ff00::/8 Multicast 13

  19. IPv6: Important multicast addresses ◮ Multicast prefix: ff00::/8 14

  20. IPv6: Important multicast addresses ◮ Multicast prefix: ff00::/8 Address Definition ff02::1 All nodes on local network segment ff02::2 All routers on local network segment All DHCPv6 servers on local network ff02::1:2 segment ff02::1:ff00:0/104 Solicited-node multicast prefix 14

  21. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 15

  22. Neighbor Discovery Protocol (NDP) 16

  23. Neighbor Discovery Protocol (NDP) ◮ Resolves MAC address of given IPv6 address to send packet over ethernet: ◮ Sender sends Neighbour Solicitation to target: ◮ IP dest: Solicitated Node Multicast IPv6 Address of target (prefix + last 3 octets of address) ◮ MAC dest: IPv6 multicast over ethernet address (33:33: + last 4 octets of v6 multicast address) ◮ Full IPv6 address of target as payload ◮ Target returns Neighbour Advertisment with MAC as payload 16

  24. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 17

  25. Stateless Address Auto Configuration (SLAAC) 18

  26. Stateless Address Auto Configuration (SLAAC) 1. Generate Link Local (LL) address 18

  27. Stateless Address Auto Configuration (SLAAC) 1. Generate Link Local (LL) address 2. Perform Duplicate Address Detection (DAD) ◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address 18

  28. Stateless Address Auto Configuration (SLAAC) 1. Generate Link Local (LL) address 2. Perform Duplicate Address Detection (DAD) ◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address 3. Send Router Solicitation (RS) to all routers 18

  29. Stateless Address Auto Configuration (SLAAC) 1. Generate Link Local (LL) address 2. Perform Duplicate Address Detection (DAD) ◮ Send Neighbour Solicitation to own LL address ◮ No response → assign address 3. Send Router Solicitation (RS) to all routers 4. Take information (prefix) from response (Router Advertisment (RA)) and configure global IP address 18

  30. Address Autogeneration Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64: 19

  31. Address Autogeneration Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64: ◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405 19

  32. Address Autogeneration Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64: ◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405 ◮ Stable privacy: ◮ Replacement for EUI-64 ◮ Add secret + subnet identifier to IPv6 address generation ◮ → stable IPv6 address per subnet, can’t be mapped to MAC 19

  33. Address Autogeneration Each host must have an Link Local address. Multiple Ways to generate host part: ◮ (Extended) EUI-64: ◮ Split MAC address (48 bit) ◮ Stuff ff:fe in the middle (16 bit) ◮ Flip second least significant bit in first octet ◮ example: MAC 00:01:02:03:04:05 → fe80::201:2ff:fe03:405 ◮ Stable privacy: ◮ Replacement for EUI-64 ◮ Add secret + subnet identifier to IPv6 address generation ◮ → stable IPv6 address per subnet, can’t be mapped to MAC ◮ Privacy extension as addition to one of the above methods: ◮ Use a randomized IPv6 address for communication ◮ Change Address regularly 19

  34. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 20

  35. ICMPv6 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Type Code Checksum Message body ◮ Relevant types: ◮ Echo request/reply ◮ Time exceeded ◮ Packet too big ◮ Destination unreachable 21

  36. Outline Motivation IPv6 Part 1 Lab overview IPv6 vs IPv4 IPv6 Addressing Neighbor Discovery Protocol (NDP) Stateless Address Auto Configuration (SLAAC) ICMPv6 IPv6 Part 2 Lab overview Transistion Mechanisms 22

Recommend


More recommend