Introduction to IPv6 Last modified 2-28-11. Motivation Last modified 7 am 6-4-11.

Introduction to IPv6Introduction to IPv6

Last modified 2-28-11

MotivationMotivation

Last modified 7 am 6-4-11

IPv4 ExhaustionIPv4 Exhaustion

TheThe

EndEnd

OfOf

TheThe

World!World!

IPv4 Addresses: 32 BitsIPv4 Addresses: 32 Bits

IPv4 address: IPv4 address: 192.168.1.10192.168.1.10 Four bytesFour bytes

In Binary:In Binary: 11000000 10101000 00000001 0000101011000000 10101000 00000001 00001010

2^32 total addresses2^32 total addresses 4 billion4 billion

Internet Registry RegionsInternet Registry Regionshttp://www.iana.org/numbers/

IPv4 Address DepletionIPv4 Address Depletion

No Reprieve IANA will not re-purpose

class D or E addresses for general use

People who ask for IPv4 addresses after exhaustion will not get them Hoarding, scalping, and simple

direct sale of used IPv4 addresses will begin soon

IPv6IPv6

The SolutionThe Solution

IPv6 Addresses: 128 BitsIPv6 Addresses: 128 Bits

IPv6 addressIPv6 address 2001:05c0:1000:000b:0000:0000:0000:66fb2001:05c0:1000:000b:0000:0000:0000:66fb

Omitting unnecessary zeroes;Omitting unnecessary zeroes; 2001:5c0:1000:b::66fb2001:5c0:1000:b::66fb

Eight fields, each 16 bits longEight fields, each 16 bits long 4 hexadecimal characters4 hexadecimal characters

2^128 total addresses2^128 total addresses 340 billion billion billion billion340 billion billion billion billion Enough for a whileEnough for a while

Link BayThreat-10Link BayThreat-10

Federal IPv6 Transition Timeline

From Cisco (link BayThreat-11)

Migration to IPv6Migration to IPv6

Methods of IPv6 Migration

Ignore IPv6: Stay on IPv4-only Gateways: Devices that convert IPv6 to

IPv4 Tunnel: IPv6 over IPv4 Dual-Stack: IPv4 and IPv6 together Nirvana: IPv6-only

IPv6 Tunnels

Fast and easy to set up--best for n00bs Not the best for security or performance Free IPv4-to-IPv6 Tunnels

Gogo6.com Sixxs.net Tunnelbroker.com

GoGo6

Easiest

DemonstrationDemonstration

Companies Already on IPv6Companies Already on IPv6

ipv6.google.comipv6.google.com www.v6.facebook.comwww.v6.facebook.com comcast6.netcomcast6.net ipv6.cnn.comipv6.cnn.com

More at link Baythreat-12More at link Baythreat-12

IPv6 Certifications

Fun, realistic projects He.net

Link BayThreat-13

IPv6 Sages

As of 12-9-10 Link BayThreat-18

IPv6 Sages at CCSF

22 IPv6 Sages at CCSF so far (12-9-10) Link BayThreat-19

T-ShirtT-Shirt

#1 motivator for IPv6 Certification#1 motivator for IPv6 Certification Link Baythreat-9Link Baythreat-9

Security ProblemsSecurity Problems

Used by Ethernet

Privacy Risk

Anyone who has your IP address also has your MAC address!

There is a "Privacy Extensions" technique to avoid this, enabled by default in Vista and Windows 7

ICMPv6

Required for all networks Cannot be blocked Replaces ARP "Neighbor Discovery" is trivial

THC-IPv6

Hacker's Toolkit Runs fine on

Ubuntu, even in VMware on Windows 7

Instructions: link BayThreat-14

Other Risks

Many security appliances are not ready for IPv6, so it often bypasses them Torrents run over IPv6

Link BayThreat-15

Some VPN appliances are not ready, so IPv6 connections must bypass them

Packet Amplification Attacks Routing Header Zero Ping-pong

Links BayThreat-16 and 17

Class OverviewClass Overview

IPv6 CertificationIPv6 Certification

Every student should be a Certified IPv6 Every student should be a Certified IPv6 Guru by the end of the classGuru by the end of the class

Many extra credit projects go beyond thatMany extra credit projects go beyond that Cisco routing for students who know Cisco Cisco routing for students who know Cisco

routingrouting Windows: Router advertisementsWindows: Router advertisements Linux: IPv6-to-IPv4 Reverse ProxyLinux: IPv6-to-IPv4 Reverse Proxy

Hurricane Electric IPv6 Hurricane Electric IPv6 Certification (Part 1)Certification (Part 1)

1.1. Registering at Hurricane ElectricRegistering at Hurricane Electric

2.2. Newb TestNewb Test Demonstrate basic knowledge of IPv6Demonstrate basic knowledge of IPv6 Become an IPv6 Become an IPv6 NewbieNewbie

3.3. Connecting as an IPv6 Client with the Connecting as an IPv6 Client with the Gogo6 TunnelGogo6 Tunnel IPv6 over UDP over IPv4IPv6 over UDP over IPv4 Connect to a Web server as a client over IPv6Connect to a Web server as a client over IPv6 Become an IPv6 Become an IPv6 ExplorerExplorer


4.4. IPv6 Web ServerIPv6 Web Server You need to buy a domain name from You need to buy a domain name from

GoDaddy ($2.17)GoDaddy ($2.17) Apache will NOT work on Windows--use IIS Apache will NOT work on Windows--use IIS

insteadinstead DNS: Creating an AAAA RecordDNS: Creating an AAAA Record Become an IPv6 Become an IPv6 EnthusiastEnthusiast


5.5. IPv6 Email ServerIPv6 Email Server Use the Apache James Java SMTP serverUse the Apache James Java SMTP server Adding an MX Record to your DNS Zone Adding an MX Record to your DNS Zone Installing the Thunderbird Email ClientInstalling the Thunderbird Email Client Becoming an IPv6 Becoming an IPv6 AdministratorAdministrator


DNS ConfigurationsDNS Configurations Reverse DNS Servers Reverse DNS Servers Routing AdvertisementsRouting Advertisements

Getting your own public IPv6 address blockGetting your own public IPv6 address block Forward DNS Zone at Hurricane ElectricForward DNS Zone at Hurricane Electric Reverse DNS Zone at Hurricane ElectricReverse DNS Zone at Hurricane Electric Authoritative DNS ServersAuthoritative DNS Servers Passing the Reverse DNS TestPassing the Reverse DNS Test


Becoming an IPv6 Becoming an IPv6 ProfessionalProfessional Becoming an IPv6 Becoming an IPv6 GuruGuru Becoming an IPv6 Becoming an IPv6 SageSage

Get the T-ShirtGet the T-Shirt Fame, Fortune, GloryFame, Fortune, Glory

The Hardest PartThe Hardest Part

You need to make THREE accountsYou need to make THREE accounts Hurricane ElectricHurricane Electric Gogo6Gogo6 Freenet6Freenet6

Each one has a name and password you Each one has a name and password you need to write downneed to write down

Introduction to IPv6 Last modified 2-28-11. Motivation Last modified 7 am 6-4-11.

Documents

Transcript of Introduction to IPv6 Last modified 2-28-11. Motivation Last modified 7 am 6-4-11.