Post on 14-Dec-2015
Introduction to IPv6Introduction to IPv6
Last modified 2-28-11
MotivationMotivation
Last modified 7 am 6-4-11
IPv4 ExhaustionIPv4 Exhaustion
TheThe
EndEnd
OfOf
TheThe
World!World!
IPv4 Addresses: 32 BitsIPv4 Addresses: 32 Bits
IPv4 address: IPv4 address: 192.168.1.10192.168.1.10 Four bytesFour bytes
In Binary:In Binary: 11000000 10101000 00000001 0000101011000000 10101000 00000001 00001010
2^32 total addresses2^32 total addresses 4 billion4 billion
Internet Registry RegionsInternet Registry Regionshttp://www.iana.org/numbers/
IPv4 Address DepletionIPv4 Address Depletion
No Reprieve IANA will not re-purpose
class D or E addresses for general use
People who ask for IPv4 addresses after exhaustion will not get them Hoarding, scalping, and simple
direct sale of used IPv4 addresses will begin soon
IPv6IPv6
The SolutionThe Solution
IPv6 Addresses: 128 BitsIPv6 Addresses: 128 Bits
IPv6 addressIPv6 address 2001:05c0:1000:000b:0000:0000:0000:66fb2001:05c0:1000:000b:0000:0000:0000:66fb
Omitting unnecessary zeroes;Omitting unnecessary zeroes; 2001:5c0:1000:b::66fb2001:5c0:1000:b::66fb
Eight fields, each 16 bits longEight fields, each 16 bits long 4 hexadecimal characters4 hexadecimal characters
2^128 total addresses2^128 total addresses 340 billion billion billion billion340 billion billion billion billion Enough for a whileEnough for a while
Link BayThreat-10Link BayThreat-10
Federal IPv6 Transition Timeline
From Cisco (link BayThreat-11)
Migration to IPv6Migration to IPv6
Methods of IPv6 Migration
Ignore IPv6: Stay on IPv4-only Gateways: Devices that convert IPv6 to
IPv4 Tunnel: IPv6 over IPv4 Dual-Stack: IPv4 and IPv6 together Nirvana: IPv6-only
IPv6 Tunnels
Fast and easy to set up--best for n00bs Not the best for security or performance Free IPv4-to-IPv6 Tunnels
Gogo6.com Sixxs.net Tunnelbroker.com
GoGo6
Easiest
DemonstrationDemonstration
Companies Already on IPv6Companies Already on IPv6
ipv6.google.comipv6.google.com www.v6.facebook.comwww.v6.facebook.com comcast6.netcomcast6.net ipv6.cnn.comipv6.cnn.com
More at link Baythreat-12More at link Baythreat-12
IPv6 Certifications
Fun, realistic projects He.net
Link BayThreat-13
IPv6 Sages
As of 12-9-10 Link BayThreat-18
IPv6 Sages at CCSF
22 IPv6 Sages at CCSF so far (12-9-10) Link BayThreat-19
T-ShirtT-Shirt
#1 motivator for IPv6 Certification#1 motivator for IPv6 Certification Link Baythreat-9Link Baythreat-9
Security ProblemsSecurity Problems
Used by Ethernet
Privacy Risk
Anyone who has your IP address also has your MAC address!
There is a "Privacy Extensions" technique to avoid this, enabled by default in Vista and Windows 7
ICMPv6
Required for all networks Cannot be blocked Replaces ARP "Neighbor Discovery" is trivial
THC-IPv6
Hacker's Toolkit Runs fine on
Ubuntu, even in VMware on Windows 7
Instructions: link BayThreat-14
Other Risks
Many security appliances are not ready for IPv6, so it often bypasses them Torrents run over IPv6
Link BayThreat-15
Some VPN appliances are not ready, so IPv6 connections must bypass them
Packet Amplification Attacks Routing Header Zero Ping-pong
Links BayThreat-16 and 17
Class OverviewClass Overview
IPv6 CertificationIPv6 Certification
Every student should be a Certified IPv6 Every student should be a Certified IPv6 Guru by the end of the classGuru by the end of the class
Many extra credit projects go beyond thatMany extra credit projects go beyond that Cisco routing for students who know Cisco Cisco routing for students who know Cisco
routingrouting Windows: Router advertisementsWindows: Router advertisements Linux: IPv6-to-IPv4 Reverse ProxyLinux: IPv6-to-IPv4 Reverse Proxy
Hurricane Electric IPv6 Hurricane Electric IPv6 Certification (Part 1)Certification (Part 1)
1.1. Registering at Hurricane ElectricRegistering at Hurricane Electric
2.2. Newb TestNewb Test Demonstrate basic knowledge of IPv6Demonstrate basic knowledge of IPv6 Become an IPv6 Become an IPv6 NewbieNewbie
3.3. Connecting as an IPv6 Client with the Connecting as an IPv6 Client with the Gogo6 TunnelGogo6 Tunnel IPv6 over UDP over IPv4IPv6 over UDP over IPv4 Connect to a Web server as a client over IPv6Connect to a Web server as a client over IPv6 Become an IPv6 Become an IPv6 ExplorerExplorer
Hurricane Electric IPv6 Hurricane Electric IPv6 Certification (Part 1)Certification (Part 1)
4.4. IPv6 Web ServerIPv6 Web Server You need to buy a domain name from You need to buy a domain name from
GoDaddy ($2.17)GoDaddy ($2.17) Apache will NOT work on Windows--use IIS Apache will NOT work on Windows--use IIS
insteadinstead DNS: Creating an AAAA RecordDNS: Creating an AAAA Record Become an IPv6 Become an IPv6 EnthusiastEnthusiast
Hurricane Electric IPv6 Hurricane Electric IPv6 Certification (Part 1)Certification (Part 1)
5.5. IPv6 Email ServerIPv6 Email Server Use the Apache James Java SMTP serverUse the Apache James Java SMTP server Adding an MX Record to your DNS Zone Adding an MX Record to your DNS Zone Installing the Thunderbird Email ClientInstalling the Thunderbird Email Client Becoming an IPv6 Becoming an IPv6 AdministratorAdministrator
Hurricane Electric IPv6 Hurricane Electric IPv6 Certification (Part 2)Certification (Part 2)
DNS ConfigurationsDNS Configurations Reverse DNS Servers Reverse DNS Servers Routing AdvertisementsRouting Advertisements
Getting your own public IPv6 address blockGetting your own public IPv6 address block Forward DNS Zone at Hurricane ElectricForward DNS Zone at Hurricane Electric Reverse DNS Zone at Hurricane ElectricReverse DNS Zone at Hurricane Electric Authoritative DNS ServersAuthoritative DNS Servers Passing the Reverse DNS TestPassing the Reverse DNS Test
Hurricane Electric IPv6 Hurricane Electric IPv6 Certification (Part 2)Certification (Part 2)
Becoming an IPv6 Becoming an IPv6 ProfessionalProfessional Becoming an IPv6 Becoming an IPv6 GuruGuru Becoming an IPv6 Becoming an IPv6 SageSage
Get the T-ShirtGet the T-Shirt Fame, Fortune, GloryFame, Fortune, Glory
The Hardest PartThe Hardest Part
You need to make THREE accountsYou need to make THREE accounts Hurricane ElectricHurricane Electric Gogo6Gogo6 Freenet6Freenet6
Each one has a name and password you Each one has a name and password you need to write downneed to write down