EUChinaGRID IPv6 Tutorial Cataniav2 1
-
Upload
ivano-spina -
Category
Documents
-
view
224 -
download
0
Transcript of EUChinaGRID IPv6 Tutorial Cataniav2 1
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
1/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20071
IPv6 TutorialIPv6 TutorialCataniaCatania
0066/0/066/2007/2007Gabriella Paolini
GARR
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
2/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20072
Why do we need IPv6 ? (1/2)
A bigger address space
From 32 bits to 128 bits: A true global connectivity
No more hidden networks or hosts
All the hosts can be reachable (From Client-only to Server!)
Security systems End-to-end
Auto configuration Opportunity to use 64 bits for host (uniqueness guarantee)
"plug and play"
Opportunity to manage Multihoming in an easy way Renumbering in an easy way
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
3/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20073
Why do we need IPv6 ? (2/2) IP Header efficient and extensible:
Less fields in the basic header Routing efficiency Performance Header extendibility Better options management
No more packet fragmentation during routerstransitReal implementation of:
Security
Mobility Multicast Replace broadcast
More efficient use of the network
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
4/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20074
IPv4 Header(1/3) 20 bytes without options field
Ver IHL TOS. Total length
Identification
TTL
32 bits Source Address
32 bits Destination Address
Protocol
Flag Fragment offset
Checksum
In yellow fields that are no more included in IPv6
IP Options Padding
4Bytes
4Bytes
4Bytes
4Bytes
4Bytes
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
5/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20075
IPv4 Header(2/3) Version. 4 bit.
IP header format
4 - IP, Internet Protocol. IHL, Internet Header Length. 4 bit.
Packet Header length in 32 bits groups. Minimum value is 5. TOS, Type of Service. 8 bit.
Type of Service required. To define the packet management
during its transport. Total length. 16 bit.
Total packet length. Identification. 16 bit.
To identify packet fragment during fragmentation.
Flags. 3 bit. To control packet fragmentation
Fragment Offset. 13 bit. To order fragmented packet rebuilding.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
6/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20076
IPv4 Header(3/3) TTL, Time to Live. 8 bit.
To track packet Time to live.
Protocol. 8 bit. Next protocol used in the higher level.
Header checksum. 16 bit. IP header Checksum, options included .
Source IP address. 32 bit. Source IP address. Destination IP address. 32 bit.
Destination IP address.
Options. Variable length. Padding. Variable length.
Useful to create a 32 bit compliant packet header.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
7/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20077
IPv6 Header(1/3) 40 byte without other header extensions
Ver Traffic Class Flow Label
Payload Length
128 bits Source Address
128 bits Destination Address
Next Header Hop Limit
In yellow fields that are already present in IPv4
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
8/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20078
IPv6 Header(2/3)
Version. 4 bit.
6 - IPv6. Traffic Class. 8 bit.
To identify packets priority (IPv4 TOS)
Flow Label. 20 bit.
To identify flow. Mobile IPv6.Payload Length. 16 bit.
Data Length in the packet
Max size 64 KB. For packets bigger than 64K, use Jumbo
Payload option.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
9/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/20079
IPv6 Header(3/3)
Next Header. 8 bit.
Next header value. If its a higher level protocol, value is thesame that in IPv4.
To identify extension header.
Hop Limit. 8 bit.
Replace the IPv4 TTL.Source address. 16 byte.
Source IPv6 address.
Destination address. 16 byte.
Destination IPv6 address.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
10/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200710
Extension Headers (1/6)
A new method for implementing options
After the IPv6 header
IPv6 Header
Next Header
= TCP
TCP Header Data
DataTCP Header
IPv6 Header
Next Header
= Routing
Routing Header
Next Header
= TCP
DataTCP Header
IPv6 Header
Next Header= Routing
Routing Header
Next Header= ESP
ESP Header
Next Header= TCP
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
11/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200711
Extension Headers (2/6)
00 = Hop-by-Hop Options
43 = Routing 44 = Fragment
51 = Authentication 60 = Destination Options 50 = Encapsulating Security Payload xx = Higher level protocols, like in IPv4 58 = Internet Control Message Protocol (ICMPv6)
59 = No next header
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
12/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200712
Extension Headers (3/6)
Hop-by-hop options (00)
All the information will be managed by each node duringpacket path.
Some options: Router Alert
Jumbo Payload
Routing (43) Like IPv4 option Loose Source Route
It specifies a list of routers to jump
mobile IPv6 & multihoming Header valued only by routers in the list
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
13/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200713
Extension Headers (4/6)
Fragment (44)
Used only by host (not by Routers!!) Minimum MTU of 1280 byte (68 byte in IPv4) Link without this capacity have to manage fragmentation at data-link level
Destination Options (60) Used to transport optional information (managed only by
destination host)
In the Daisy Chain: Before Routing Header
Or at the end of Daisy Chain
Used for Mobile IPv6 With the Routing header
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
14/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200714
Extension Headers (5/6)
Security is embedded in IPv6:
IPsec native on IPv6
Authentication Header (51) To manage authentication: verifying source address and
integrity of the packet during the pathEncapsulating Security Payload (50)
Only the destination host will be grant to open the packet
Like IPv4 there is two model: transport or tunnel
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
15/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200715
Extension Headers (6/6)
An example:
IPv6
Hop by hop
Destination
Routing
Fragmentation
Authentication
Security
Destination
Upper Layer
}
}}
}}
}
}
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
16/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200716
Addresses IPv4 = 32 bits
IPv6 = 128 bits 4 times the numbers of bits! ~3,4 * 1038 of usable hosts (theoretical max)
1030 addresses for each person in the world
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
17/111
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
18/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200718
IPv6 Address Format (2/2)
More close fields only with zero are represented by
a :: (double colon symbol) but only once in anaddress. Es:2001:0:1234::D0:ABCD:532
This notation is not valid:
2001::1234::C1C0:ABCD:876 This notation is valid:
2001:760:2:0:0:0:0:0 => 2001:760:2::
FF02:0:0:0:0:0:0:1 => FF02::1
0:0:0:0:0:0:0:1 => ::1 0:0:0:0:0:0:0:0 => ::
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
19/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200719
IPv6 address in a URL In an URL IPv6 addresses have to be represented
between square brackets. http://[2001:1:4F3A::206:AE14]:8888/index.html
Software that uses URL (browser, etc.) has been
modified to be IPv6 compliant, but: uncomfortable for the users Used only for diagnostic
More useful with a domain name.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
20/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200720
Type of Addresses
IPv6 divides addresses in:
Unicast: node addresses
Multicast: group of nodes addresses
Anycast: services addresses
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
21/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200721
IPv6 addresses architecture (1/2)
To calculate on the first 16 bit
es. 2000-3FFF --> 0010 0000 0000 0000 0011 1111 1111 1111
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
22/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200722
IPv6 addresses architecture (2/2)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
23/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200723
Unicast AddressesUnspecified
Loopback IPv4 Compatible
IPv4 MappedScoped Addresses :
Link-local Site-local
Aggregatable Global Addresses
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
24/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200724
Unspecified 0:0:0:0:0:0:0:0 or simply ::
Its used to specify the absence of an address
It can be used in the initial request for DHCP toobtain an address
Duplicate Address Detection (DAD)
Like 0.0.0.0 in IPv4 ::/0 is the default route
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
25/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200725
Loopback 0:0:0:0:0:0:0:1 or simply ::1
To identify node itself
Like 127.0.0.1 in IPv4 (localhost)
To test if IPv6 stack is working : ping6 ::1
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
26/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200726
IPv4 compatibleUsed to insert IPv4 addresses in IPv6 addresses
The first 96 bits are equal to zero, the other 32 bitsspecify the IPv4 address 0:0:0:0:0:0:192.168.0.1
::192.168.0.1
::C0A8:1E01Used for IPv4-IPv6 transition
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
27/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200727
IPv4 mapped They permit to define IPv6 addresses for nodes that
support only IPv4 The first 80 bits are equal to zero, the next 16 bits
are equal to 1 (FFFF) and, the last 32 bits specifythe IPv4 address
0:0:0:0:0:FFFF:192.168.0.1 ::FFFF:192.168.0.1
::FFFF:C0A8:1E01
Used for IPv4-IPv6 transition
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
28/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200728
Subnet Prefix and Host Identifier IPv6 unicast addresses are divided in two parts:
Subnet Prefix (first 64 bits)
Host Identifier (last 64 bits)
The host can be identified : Manually.
Using the Interface ID (mac address): the mac address (or
EUI 48/64) is ricalculated and used as host identifier in theIPv6 address.
XXXX:XXXX:XXXX:XXXX XXXX:XXXX:XXXX:XXXX
Subnet Prefix (64 bit) Host Identifier(64 bit)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
29/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200729
EUI-64 format The Interface ID :
Identifies univocally an interface
Has to be univocal on a link
Can be obtained starting from EUI-64 identifier.
EUI-64 identifier is based on the same base of MAC
address (Its an evolution) It identifies the manufacturer and the serial number of aninput/output interface using 64bits
There is a procedure to move from EUI-48 ID (mac-
address) to EUI-64 ID
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
30/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200730
Interface ID from mac-address From MAC address (EUI-48 ID) insert the sequence
FF-FE after the first 24 bits.
cccccc00 cccccccc cccccccc xxxxxxxx xxxxxxxx xxxxxxxx
24 bit 24 bit
11111111 11111110cccccc00 cccccccc cccccccc xxxxxxxx xxxxxxxx xxxxxxxx
0xFF 0xFE
cccccc1c cccccccc cccccccc 11111111 11111110 xxxxxxxx xxxxxxxx xxxxxxxx Interface ID
EUI-64 Address
IEEE 802 Address
MAC Address: 00-AA-00-3F-2A-1CEUI-64 Address: 00-AA-00-FF-FE-3F-2A-1CU/L complementation: 02-AA-00-FF-FE-3F-2A-1CIn IPV6 notation: 02AA:00FF:FE3F:2A1C
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
31/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200731
Link and Site For link we mean a unique physical network like a
LAN or a point-to-point connection. Nodes on thesame link are named neighbor.
A site is a group of link managed by a unique
authority (ex. A University campus)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
32/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200732
Link-local (1/2) Its a Scoped address (new with IPv6)
Scope = local link (i.e. LAN, VLAN) It can be used only between nodes in the same link No routing
Automatically configured for each interface good to start communication. Using the interface identifier
Format:
FE80:0:0:0:
1111111010 0 interface ID
10 bit 54 bit 64 bit
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
33/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200733
Link-local (2/2)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
34/111
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
35/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200735
Site-local (2/3)Used for an address plan in a whole site
Examples : Numbering for a site before to be connected to the Internet. Privet addressing (ex. Local printers)
Format: FEC0:0:0::
Subnet id = 16 bits = 64K subnets
1111111011 0 subnet ID interface ID
10 bit 38 bit 16 bit 64 bit
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
36/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200736
Site-local (2/3)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
37/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200737
Aggregatable Global IPv6Addresses
TLA Registry
Sub-TLA Registry
NLA Registry
SLA Registry
End-User (LAN)
/23 Regional Registries
/32 Local Internet Registries
/48 Site
/64 Link IANA
ARINRIPENCC APNIC
GARR
CASPUR Roma Tre
/23
/23/23
2000::/3
RIR RIR RIR
/32
/48 /48
/64/64/64/64/64/64
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
38/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200738
Multicast (1/3)Multicast = one to many
No broadcast in IPv6. Multicast is used instead ofbroadcast, above all in the local links.
Scoped addresses: it substitutes TTL in IPv4
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
39/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200739
Multicast (2/3) Format:
FF::
Identify by FP 11111111 (=FF)
Flag = 0 permanent / 1 temporary
Scope: node (1), link (2), site (5), organization (8), global(E)
Group ID: It identifies a multicast group in a specific scope.
1111-1111 Flag Scope Group ID
8 4 4 112
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
40/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200740
Multicast (3/3) For example:
Considering the Group ID All-Nodes (1) :
The address FF01::1 affects all the interfaces on the samenode
The address FF02::1 affects all the interfaces on the samelink
The address FF05::1 affects all the interfaces on the samesite
The address FF0E::1 affects all the interfaces in Internet
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
41/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200741
Multicast addressesSome reserved multicast addresses :
ADDRESS SCOPE Type
FF01::1 Node All Nodes
FF02 ::1 Link All Nodes
FF01::2 Node All Routers
FF02 ::2 Link All Routers
FF05 ::2 Site All Routers
FF02 ::1: FFXX :XXXX Link Solicited-Node
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
42/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200742
AnycastOne-to-any The Anycast addresses are not distinguishable from
unicast addresses
They are unicast addresses assigned to a group ofinterfaces (usually in different nodes)
They help to find the server closer to the source.
Some anycast addresses are reserved for specific
use: Router subnet
Mobile IPv6 home-agent discovery
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
43/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200743
Addresses for each hostEach IPv6 host has to recognize as its own this
addresses: One link-local address for each interface
Assigned unicast/anycast addresses (manually orautomatically)
Loopback address
All-Nodes group multicast address Solicited-node multicast addresses for each assigned
unicast/anycast address
All the other multicast addresses for each group it joins
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
44/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200744
How to select an addressOne node can use different network connections
Its possible to have more IPv6 addresses assigned on the
same interface (more than one global address)
For each flow node has to select source anddestination address.
The choice is done following this rules : To use the right scope following the destination (global, site,
local)
To use the address more similar to the destination (IPv4,IPv6)
The algorithm of choice can be overwritten by thestack or the application.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
45/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200745
DNS The use of IPv6 is not changing basic mechanism of
Domain Name System This new record are introduced to manage IPv6
addresses: A new resource record to associate IPv6 address to a name
A new domain for reverse resolution of IPv6 addresses.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
46/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200746
A name for an IPv6 addressAAAA record
To define mapping between a domain name and an IPv6
address Like A record in IPv4
Supported in Bind from 4.9.5 version.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
47/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200747
An IPv6 address for a namePTR record
To define mapping between an IPv6 address and a domain
name The same record used in IPv4
A new Top Level domain used for IPv6: from ip6.int
to ip6.arpa Divided by 4 bits. In IPv4 classful division. Easier to
delegate.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
48/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200748
BIND configurationAAAA record $ORIGIN 6net.garr.itwww IN AAAA 3ffe:b00:c18:1:290:27ff:fe17:fc1d
PTR record (ip6.arpa) $ORIGIN 1.0.0.0.8.1.c.0.0.0.b.0.e.f.f.3.ip6.arpa d.1.c.f.7.1.e.f.f.f.7.2.0.9.2.0 IN PTR www.6net.garr.it
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
49/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200749
ICMPv6 protocol It is the IPv6 version of ICMP with the same basic
features Error discovery, control, debugging
Add new functionalities Neighbor discovery
Neighbor Solicitation, Unreachability, Autoconfiguration
Multicast group management
It has the same functionalities of ICMP, ARP, eIGMP protocols for IPv4.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
50/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200750
ICMPv6: Message type Two class of messaged:
From type 0 to 127 Error Messages
From type 128 to 255 Informational Messages
The most common error messages are: Destination Unreachable (1)
Packet Too Big (2)
Time Exceeded (3)
Parameter Problem (4)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
51/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200751
Path MTU Discovery (1/2) IPv6 fragmentation management is end-to-end
Routers dont fragmented packets
The fragmentation process is managed by host
The host use Path MTU Discovery to know themaximum MTU available on the link. Based on ICMPv6 Packet too big messages
A router creates a packet too big message when the MTUused is too large for the path
Specifies the new MTU in the data field.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
52/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200752
Path MTU Discovery (1/2) How MTU path discovery works:
The host sends the first packet with the same dimension as
MTU of its link If a Packet Too Big is reached the host sends another
message with the new MTU
The host repeats the process until no error is found
The host sends packets periodically, to check if thepath has changed
Minimum MTU for IPv6 is 1280 byte
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
53/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200753
Neighbor Discovery Uses ICMPv6
Manages the control information within a link
Address resolution Neighbor Solicitation and Neighbor Advertisement
Neighbor Unreachability Detection
Autoconfiguration Router Solicitation e Router Advertisement
Redirect
Messages cannot be sent outside the link Valid messages have Hop Limit = 255
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
54/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200754
Stateless Autoconfiguration Allows the IPv6 hosts to connect to the network without manual
configuration
No need to use DHCP Uses specific multicast group
Addresses are based on Interface ID
On the link, hosts can communicate among them using link-
local addresses Unlike DHCP, the DNS must be configured manually
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
55/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200755
Stateful Configuration Addresses and other network parameters (ex. DNS)
can be configured manually: Entirely manual configuration
DHCPv6
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
56/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200756
Configuration Basics
Linux
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
57/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200757
Configuration Basics Linux (1/3) IPv6 support is available since Linux kernel release
2.4.
The current support does not implement all RFCfeatures
A patch (USAGI patch) is available to provide allextensions to the kernel.
Further information:
USAGI Project http://www.linux-ipv6.org/
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
58/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200758
Configuration Basics Linux (2/3) If the IPv6 support is available on our kernel, the file
/proc/net/if_inet6
must be present. If not, we can try to load the IPv6
kernel module,
# modprobe ipv6
and then test it again. If the module is not available we must rebuild our
kernel.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
59/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200759
Configuration Basics Linux (3/3)Resources:
Kernel documentation
Linux Kernel HOWTO
(http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html).
I t f C fi ti Li
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
60/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200760
Interface Configuration Linux
(1/2) The configuration syntax for IPv6 is similar to IPv4.In the
following examples, we will use ifconfig.
Add an IPv6 address to an interface
# /sbin/ifconfig inet6 add
/# /sbin/ifconfig eth0 inet6 add 2001:760:ffff::126/64
Delete an IPv6 address from an interface
# /sbin/ifconfig inet6 del /
# /sbin/ifconfig eth0 inet6 del 2001:760:ffff::126/64
I t f C fi ti
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
61/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200761
Show the interface configuration#ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:10:B5:DA:59:B8
inet addr:193.206.158.126 Bcast:193.206.158.255Mask:255.255.255.0inet6 addr: 2001:760:ffff::126/64 Scope:Globalinet6 addr: fe80::210:b5ff:feda:59b8/10 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6262494 errors:0 dropped:0 overruns:0 frame:0TX packets:7971062 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:100
Interrupt:5 Base address:0xc000Global unicast address
Link local address
MAC ADDRESS EUI-64 format
Interface Configuration
Linux(2/2)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
62/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200762
Show the routing table
#route --inet6Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::1/128 :: U 0 0 0 lo
2001:760:ffff::126/128 :: U 0 0 0 lo
2001:760:ffff::/64 :: UA 256 0 0 eth0 ;route for the global address
fe80::210:b5ff:feda:59b8/128 :: U 0 0 0 lo
fe80::250:56ff:fec0:1/128 :: U 0 0 0 lofe80::250:56ff:fec0:8/128 :: U 0 0 0 lo
fe80::/10 :: UA 256 0 0 eth0 ;route for the link-local
ff00::/8 :: UA 256 0 0 eth0 ;generic route for multicast
::/0 :: UDA 256 0 0 eth0 ; automatic default route
Routing table Linux (1/2)
As for IPv4 we can operate on the routing table.
We will use for these functions the route command.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
63/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200763
#route --inet6 add|del / gw [dev ]#route --inet6 add|del / [dev ]
#route --inet6 add default gw 2001:760:ffff::11
#route --inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 2001:760:ffff::11 UG 1 0 0 eth0 ;default route
::/0 :: UDA 256 0 0 eth0 ; automatic default route
Routing table Linux (2/2)
Add or delete an entry on the routing table
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
64/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200764
Host Configuration Fedora CoreLinuxEdit the file/etc/sysconfig/network-scripts/ifcfg-
(ifcfg-eth0for the first ethernet interface)Add the following lines
IPV6INIT=yes
IPV6ADDR=
Adding the following configuration to/etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_DEFAULTGW=
Restart the network
#service network restart
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
65/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200765
Host Configuration Generic Linux
The following configuration should be used if the IPv6 scripts are
not available on the operating systemAdd the following lines to/etc/rc.local(it could be /etc/rc.d/rc.localon many distributions)
IPV6_ADDRESS=IPV6_GW=
/sbin/ifconfig eth0 inet6 add $IPV6_ADDRESS
/sbin/route --inet6 add default gw $IPV6_GW
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
66/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200766
Configuration BasicsMicrosoft Windows
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
67/111
Configuration Basics Microsoft
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
68/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200768
Configuration Basics Microsoft
Windows (2/2)Windows IPv6 implementation supports:
Autoconfiguration Tunnel
Teredo
Windows software is IPv6 ready: Internet Explorer.
Ping, traceroute e telnet.
Firewall
Configuration Basics Microsoft
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
69/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200769
Configuration Basics Microsoft
Windows 2000 On Windows 2000 you need to install Service Pack-1,2 o 3.
The installation kit must be modified as follow:
Download the IPv6 kit from URLhttp://msdn.microsoft.com/downloads/sdks/platform/tpipv6/download.asp
Extract the archive content to a temporary folder (e.g.C:\>ipv6kit);
From this folder, execute setup.exe -x, A folder called files will be created; Edit the file Hotfix.inf and modify the key
NTServicePackVersion:
For SP2 NTServicePackVersion=512 For SP3 NTServicePackVersion=768
Run Hotfix.exe and restart the computer.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
70/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200770
Running IPv6 Microsoft Windows 2000/XPWe can activate or deactivate the IPv6 stack using the
command net
net stop tcpip6
Disable the IPv6 support and remove the related kernel moduleThe net command cannot deactivate IPv6 if an IPv6 socket is inuse.
net start tcpip6
Load the IPv6 kernel module (tcpip6.sys) and activate the IPv6support.
Microsoft Windows 2000
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
71/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200771
C:>ipv6 if 4
Interface 4 (site 1):uses Neighbor Discoverylink-level address: 00-50-56-a3-00-01
preferred address 2001:760::196, infinite/infinitepreferred address fe80::250:56ff:fea3:1, infinite/infinitemulticast address ff02::1, 1 refs, not reportablemulticast address ff02::1:ffa3:1, 1 refs, last reportermulticast address ff02::1:ff00:0, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)current hop limit 128reachable time 36000ms (base 30000ms)
retransmission interval 1000msDAD transmits 1
Running IPv6 Microsoft Windows 2000
(1/3)
The ipv6 command manage the windows IPv6 stack.
The following command show the interfaces configuration:
Microsoft Windows 2000
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
72/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200772
Running IPv6 Microsoft Windows 2000
(2/3)
The ipv6.exe command is also used to:
Add and delete IPv6 addresses on the network interfaces.View and modify the some protocol attributes(router advertisement, forward options etc.)Add or delete an interface
Show and manage the routing table
Microsoft Windows 2000
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
73/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200773
C:\>ipv6usage: ipv6 if [ifindex]
ipv6 ifc ifindex [forwards] [-forwards] [advertises] [-advertises] [mtu #bytes] [site site-identifer]
ipv6 ifd ifindexipv6 adu ifindex/address [lifetime validlifetime[/preflifetime]] [anycast
] [unicast]ipv6 nc [ifindex [address]]ipv6 ncf [ifindex [address]]ipv6 rc [ifindex address]ipv6 rcf [ifindex [address]]ipv6 bcipv6 rtipv6 rtu prefix ifindex[/address] [lifetime L] [preference P] [publish] [
age] [spl SitePrefixLength]ipv6 sptipv6 spu prefix ifindex [lifetime L]
Running IPv6 Microsoft Windows 2000
(3/3)
Microsoft Windows XP
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
74/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200774
Running IPv6 Microsoft Windows XP
(1/3)
In Windows XP the use of the netsh utility instead ofipv6.exe is
suggestedA complete reference to migrate ipv6.exe command to netsh isavailable at the URL:http://www.microsoft.com/technet/itsolutions/network/ipv6/ipv62netshtable.mspx
To install the IPv6 support type the following command in a
command windownetsh interface ipv6 install
Microsoft Windows XP
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
75/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200775
Running IPv6 Microsoft Windows XP
(2/3)Show the interface table
C:>netsh interface ipv6 show interfaceIdx Met MTU State Name
--- ---- ----- ------------ -----6 0 1500 Disconnected Wireless Network Connection5 0 1500 Connected Local Area Connection4 2 1280 Disconnected Teredo Tunneling Pseudo-Interface3 1 1280 Connected 6to4 Pseudo-Interface2 1 1280 Connected Automatic Tunneling Pseudo-Interface
1 0 1500 Connected Loopback Pseudo-Interface
Add the IPv6 address to the Local Area Connection Interface
C:>netsh interface ipv6 add address interface=5 address=
Add the default gateway route through the same interface
C:>netsh interface ipv6 add route ::/0 5
Microsoft Windows XP
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
76/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200776
Running IPv6 Microsoft Windows XP
(3/3)
Check the routing table
C:>netsh interface ipv6 show routeQuerying active state...
Publish Type Met Prefix Idx Gateway/Interface Name------- ----- ---- ------------------ --- ---------------------no Manual 0 ::/0 5 2001:760::11
Microsoft Windows
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
77/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200777
Running IPv6 Microsoft Windows
Vista (1/3)IPv6 is enabled by default !!!
Includes GUI configuration
New features: Complete IPsec support
MLD v2
IPv6 over PPP DHCPv6
Teredo with symmetric NAT support
Cant be uninstalled Can be disabled for a given interface
Microsoft Windows
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
78/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200778
Running IPv6 Microsoft Windows
Vista (2/3)
Running IPv6 Microsoft
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
79/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200779
g
Windows Vista (3/3)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
80/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200780
Running IPv6 Microsoft WindowsThe ping6 command is used to check the IPv6 connectivity
C:>ping6 www.kame.net
Pinging www.kame.net [2001:200:0:8002:203:47ff:fea5:3085]
from 2001:760::73 with 32 bytes of data:
Reply from 2001:200:0:8002:203:47ff:fea5:3085: bytes=32 time=310ms
Reply from 2001:200:0:8002:203:47ff:fea5:3085: bytes=32 time=310msReply from 2001:200:0:8002:203:47ff:fea5:3085: bytes=32 time=310ms
Reply from 2001:200:0:8002:203:47ff:fea5:3085: bytes=32 time=310ms
Ping statistics for 2001:200:0:8002:203:47ff:fea5:3085:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:
Minimum = 310ms, Maximum = 310ms, Average = 310msnetsh interface ipv6 add addressinterface=5 address=
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
81/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200781
IPv4-IPv6 transition
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
82/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200782
Step 1
Network Design Define Wide and Local network segments
Define special areas (due to requirements and operations) -VLANs, DMZs etc.
Define management entities and their areas of responsibility
Network management information flow
Security requirements: For users and applications
For the network itself (protection of the management information,protection of network devices, security of management procedures)
Plan the steps to transition to the new protocol. Examine the
possibility of deploying transition mechanisms (for communicationsbetween IPv6 areas within an IPv4 network and vise-versa)
A General Transition Roadmap(1/2)
A General Transition Roadmap
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
83/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200783
p(2/2)Step 2
Implementation of a mixed IPv4/IPv6 environment
Gradual transition of non-critical systems to IPv6 Allows the evaluation of the operation and stability of the network
devices and non-critical systems under IPv6
Develops the transition procedures
Disseminates the usages of transition mechanisms (tunnels,
gateways, etc.) for communications between exclusive IPv6 areasStep 3
Transition of all systems to IPv6
Exclusive usage of IPv6 in the network
Maintaining transition mechanisms for legacy systems and contactswith IPv4 networks
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
84/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200784
Transition mechanisms Three categories:
Implemented on the host
Dual Stack Host BIS, BIA, ...
Implemented on the network layer Tunnel
> Manuals,> ISATAP, Teredo, ...
Dual Stack Network
Based on protocol translators SIIT and NAT-PT
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
85/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200785
Dual Stack Host (1/2)
Its easyA dual stack node :
Implements both the protocols
Has IPv4 and IPv6 addresses on the same interface
The IPv4-only applications use IPv4 For the application that support IPv6:
DNS resolves both IPv4 and Ipv6 addresses If destination has an IPv6 address, the host uses IPv6
If destination has only an IPv4 address, the host uses IPv4
Applicazione
TCP,UDP
IPv4 IPv6
Ethernet
0x86DD0x0800
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
86/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200786
Dual Stack Host (2/2)Advantages:
Easy
No particular support Limitations:
No reduces the need of IPv4 addresses
Needs a dual stack network
Doesnt integrate the IPv6 network with IPv4 The two networks are completely separate
Its a compatibility mechanism more than a transition one
At present almost all of the IPv6 nodes are dual
stack host.
6 i 4 l (1/3)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
87/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200787
IPv6-in-IPv4 Tunnel (1/3) Tunnels are usually used to
transport a protocol through a
network based on anotherprotocol IPv6-in-IPv4 tunnels permits
to use IPv6 without a native
IPv6 infrastructure IPv6 packets are
encapsulated in IPv4 packetsadding an IPv4 Header
The Protocol field in the IPv4header is 41 I
IPv6 Packet
IHL LengthVerIdentification F Fragment Offset
TOS
TTL Protocol Hdr checksumSource Address
Destination Address
IPv4 Header
Ver Class Flow LabelLength Next Hdr Hop Limit
Source Address
Data
Destination Address
IP 6 i IP 4 T l (2/3) Li k IP 4
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
88/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200788
IPv6-in-IPv4 Tunnel (2/3)
On the tunnel Ingress interface IPv6 packets are encapsulatedin IPv4 packets
The obtained IPv4 packets are routed over the IPv4 networksas all the other IPv4 packets
At the tunnel egress interface packets are decapsulated
The IPv6 packets are elaborated as they are arrived from anative IPv6 network.
Router IPv4
Router IPv6
Router dual stack
Link IPv4
Link IPv6
Tunnel IPv6 su IPv4
Example of IPv6-in-IPv4 tunnel
IP 6 i IP 4 T l (3/3)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
89/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200789
IPv6-in-IPv4 Tunnel (3/3) The end points have to be dual stack nodes In the path, tunnel is only an IPv6 hop
From IPv6 point of view, the IPv4 network issomething like a layer 2 technology
Tunnet MTU is - 20 byte for the IPv4 header
Tunnels can be : Router to router
Host to router
Host to host
Very useful for first experiences with IPv6 and in thefirst phase of transition
T l B k (1/2)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
90/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200790
Tunnel Broker(1/2)
Web service in IPv4 It helps the host to create dynamically a tunnel with a preconfigured
end point.
A user asks for a tunnel using a web page
The tunnel broker identifies the user The tunnel broker configures a router as tunnel end-point and sendsparameters to the user
For occasional users
IPv4
IPv6Client
Broker
Router
T l B k (2/2)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
91/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200791
Tunnel Broker(2/2) http://www.go6.net/4105/freenet.asp
http://www.coredumps.org/
http://www.ngnet.it/i/privati.php (solo per gli utentiTelecom Italia)
http://www.fast-labs.net/tb/ (solo per gli utentiFastweb)
A t ti T li M h i
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
92/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200792
Automatic Tunneling Mechanisms ISATAP
Intra-Site Automatic Tunnel Addressing Protocol
To connect nodes and routers IPv6 over an IPv4 onlyinfrastructure
Teredo Tunneling IPv6 over UDP Through NATs
Encapsulated IPv6 packets in UDP IPv4 packets instead oftunnel IPv4 packets
To permit to use tunnel also behind IPv4 NAT
T d (1/2)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
93/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200793
Teredo (1/2) Useful for hosts behind NAT
Encapsulates the IPv6 packets within UDP v4 packets tobypass the problem of NAT in many cases restricting protocol41 (IP encapsulated) packets
The encapsulation takes place at the communicating nodeitself rather than at a border router (like it happens in 6to4)
The Teredo-relay then forwards the packets to the native IPv6
network Issues:
Complex implementation
Can operate only with specific NAT types
Limited number of Teredo-relays available in the Internet Used only if there is no other available solution
T d (2/2)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
94/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200794
Teredo (2/2)
IPv6Private IPv4
NAT
Teredo tunnel: IPv6 in UDPv4
Public IPv4
Private IPv4
NAT
Client
Public IPv4
Server
Relay
6
3
2
1
4
5
Public IPv6
Teredo address format
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
95/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200795
Teredo address format
Teredo IPv6 prefix
IPv4 address: global address of the server Flags: Cone or Symmetric NAT
Port: port number to be used with the IPv4 address
The client IPv4 field contains the global address of the NAT
Teredoprefix
32 bits
IPv4 @
32 bits
Flags
16 bits
Client IPv4
32 bits
Port
16 bits
Teredo limitations
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
96/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/200796
Teredo limitationsVulnerability to DoS attacks on relay, The entity that operates the Teredo relay has little
means in order to control who is using the serviceSome NATs are not supported Teredo relays are not deployed!
Lack of implementation in routers
Teredo prefix is not advertised in the IPv6 Internet
Protocol Translators
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
97/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/200797
Protocol Translators Its a method to permit communication between IPv4-only
nodes with IPv6-only nodes
An alternative to Dual Stack nodes
Dual Stack needs an IPv4 address for each node
Where ?
All the traffic (IPv4-to-IPv6 and vice versa) runs on the translatornode
Limitations : Robustness
Security
Accountability
Traffic
NAT PT
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
98/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/200798
NAT-PT Like NAT in IPv4
The translator node has a pool of IPv4 addresses that can be assigned tothe nodes that ask for it
The translator maintains IPv4-IPv6 connections table IPv4 address is represent by IPv6 address adding the 32 bits IPv4
address to a 96 bits prefix
IPv6 mapping dynamic IPv4, IPv4 deterministic IPv6
Needs a translation mechanism for DNS queries (DNS ALG)
In a static configuration, it can be used from IPv4 to IPv6.
NAT PT : an example (1/4)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
99/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/200799
NAT-PT : an example (1/4)
A is an IPv6-only node that want to be connected to the webserver www.garr.it, that is using IPv4 only
IPv6
NAT-PT
www.garr.it193.206.158.2A2001:760:4:f005::2
DNS
IPv4
NAT PT : an example (2/4)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
100/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/2007100
NAT-PT : an example (2/4)
A ask for a DNS query for the IPv6 address www.garr.it DNS ALG of the NAT-PT resolves the query in the following
way: It does the DNS query for the IPv4 address : 193.206.158.2
It sends to A an IPv6 address : ::f00f:c1ce:9e02
IPv6
www.garr.it193.206.158.2
DNS
IPv4
A2001:760:4:f005::2
NAT-PT
NAT-PT : an example (3/4)1 9 02 193 206 1 8 2
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
101/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/2007101
NAT-PT : an example (3/4)
A sends a packet to ::f00f:c1ce:9e02 NAT-PT elaborates the request
Associated to A an dynamic IPv4 address from the pool:2001:760:4:f005::2 193.204.161.12
Maintain the association information in a table Sends packets over the IPv4 network to 193.206.158.2 using as
source address 193.204.161.12
IPv6
www.garr.it193.206.158.2
DNS
IPv4
A2001:760:4:f005::2
NAT-PT
2001:760:4:f005::2 ::f00f:c1ce:9e02 193.206.158.2193.204.161.12
NAT-PT : an example (4/4)2001:760:4:f005::2 ::f00f: c1ce:9e02 193 206 158 2193 204 161 12
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
102/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/2007102
NAT-PT : an example (4/4)
Reply packets to A are routed to NAT-PT and translated inIPv6 to be sent to A
A received the IPv6 packets with the source address::f00f:c1cd:8be5
IPv6
www.garr.it
193.206.158.2
DNS
IPv4
A2001:760:4:f005::2
NAT-PT
2001:760:4:f005::2 ::f00f: c1ce:9e02 193.206.158.2193.204.161.12
NAT-PT: limitations and
advantages
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
103/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/2007103
advantages Advantages:
Transparent to the nodes
Limitations: The same problems of IPv4 NAT Fragility
Need of DNS ALG
No direct connectivity
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
104/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/2007104
IPv4-IPv6 transitionConfiguration
How to configure a tunnel (Linux)(1/4)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
105/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/2007105
(1/4)
IPv4 Network
192.168.1.10 192.168.10.2
2001:760:ffff::10/127
IPv6 in IP
2001:760:ffff::11/127
How to configure a tunnel (Linux)(2/4)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
106/111
Gabriella Paolini - GARR
IPv6 Tutorial
Catania, 06/06/2007106
(2/4)
To configure use the iptunnel command that permits
to create, to delete and to modify a tunnel ip-over-ip,gre, sit.
iptunnel {add|change|del|show} NAME mode
{ipip|gre|sit} remote local [ ttl TTL ] [ tos TOS ] [ nopmtudisc ] [ devPHYS_DEV ]
How to configure a tunnel (Linux)(3/4)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
107/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/2007107
( ) Tunnel configuration and creation of the tunnel interface;
#iptunnel add sit1 remote 192.168.10.2 local 192.168.1.10 mode sit ttl 64
IPv6 address configuration on the tunnel interface
#ifconfig sit1 inet6 add 2001:760:ffff::10/127
Tunnel interface activation
#ifconfig sit1 up
Creation of a static route to the tunnel interface
#route --inet6 add default gw 2001:760:ffff::11
With this route, traffic is routed by default to the tunnel.
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
108/111
How to configure a tunnel
(Windows)
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
109/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/2007109
(Windows)
IPv6 in IP192.168.1.10 192.168.10.2
2001:760:ffff::10 2001:760:ffff::11
c>ipv6 rtu ::0 2/::192.168.10.2 pubc>ipv6 adu 2/2001:760:ffff::10
interface tunnel0ipv6 address 2001:760:ffff::11tunnel source 192.168.10.2
tunnel destination 192.168.1.10tunnel mode ipv6ip
IPv6 enabled applications
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
110/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/2007110
v6 e ab ed app cat o s http://6net.iif.hu/ipv6_apps
http://www.deepspace6.net/docs/ipv6_status_page_apps.html
(Linux only)
Sendmail, Qmail, Postfix, Thunderbird,Bind, VLC, SSH, Apache, Mozilla,Firefox , Internet Explorer, Irc, Xchat
References
-
8/14/2019 EUChinaGRID IPv6 Tutorial Cataniav2 1
111/111
Gabriella Paolini - GARR IPv6 Tutorial Catania, 06/06/2007111
http://www.ipv6ready.org/
http://www.ipv6tf.org/
http://www.go6.net/
http://www.deepspace6.net/
http://www.6diss.org/
http://www.sixxs.net/