My first book preview.
The published eBook willl have plenty of Hyperlinks to Flash movies to explain advanced topics. You can donate or order the books if you want.
2. Preface
1
This is why I wrote this
very first book and a great
tribute to my CISCO
Colleagues from who I
learned so many things!
Then it also gives a pointer
to the Web server that must
be used with this book and
the IPv6 Certifications.
Please read important
information at the End of
this Chapter!
3. Preface
to support ALL applications for EVERYONE! ! 12 years ago I decided to join the community of people
who are building the new Internet for everyone and for the new applications that IPv6 enables!
1
I joined the CISCO IPv6 IOS® Engineering Team to help the development of 6PE and 6VPE for about
3 years then Netflow for IPv6 and finally SeND and related IPv6 Security for about 3 years.
My name is Fred Bovy, CCIE #3013, and I have been in the Networking industry for
I would like to thank Eric Levy-Abegnoly, who was my IPv6 Team Leader and mentor (with Luc Revar-
more than 20 years, with a focus primarily on IPv6 and Service Provider issues for del), who designed and developed 6PE, 6VPE, SeND and more, Ole Troan, another Great IPv6 Team
about 10 years. Leader, who designed most of the IPv6 IOS Code, Benoit Lourdelet, who is the IPv6 Product man-
ager, Patrick Grossetete before him and many other great CISCO people I have been working with. I
In 1999 I joined CISCO as a Network Consultant. My initial long term project involved learned so much with them. I was a CCIE and a CCSI when I joined CISCO, but I learned more about
helping a Service Provider and an enterprise deploy brand new MPLS-VPN the Networks during the 10 years working for CISCO than all I had learned before. Special thanks to
backbones. Since then, I have been hooked, and have developed an expertise in Jim Guichard (my first mentor who went with me to the customers in my first 6 months within CISCO),
this subject. I later joined the CISCO IPv6 IOS Engineering Team as a dev-tester. Peter Psenak (who was the NSA Engineer for EQUANT before me and also helped me a lot during
the transition. He is now one of the best OSPF Engineers WorldWide. Networks are transparent for
For more than 3 years, I focused on 6PE and 6VPE testing. During that time, I devel- him.), Arjen Boers (The multicast man who hired me with Valerio), JP Vasseur (CISCO Fellow Guru
oped many TCL scripts to test 6PE and 6VPE functionalities, routing and switching who worked with me on the MPLS-TE Fast Re-Route project for EQUANT and such a nice guy !),
performance, scalability, High Availability, all the supported network design like Inter- Francois Le Faucheur (Another Brain, the Architects of QoS in MPLS Network who invented DiffServ-
TE, QoS Models in MPLS Networks), Robert Hanzl (The Customer support Engineer who helped me
net Access models, Carrier’s Carrier or Hub and Spoke and more. I also got deeply on my first crisis with a customer and then became an MPLS Team Leader), Robert Rasczuk (The
involved in testing Netflow for IPv6 and SeND. MPLS Deployment Engineer who helped me on my first big crisis with a customer facing a major Back-
bone instability), Luc Revardel (who taught me the basics of IPv6 Testing Automation), Greg Boland,
In 2009 I resumed teaching, keeping the focus on IPv6 with special attention on the Steve Glaus, Mandy Mac Diarmid, Mado Bourgoin and all my managers who helped me to focus on
transition to IPv6. I believe that we have finally hit the tipping point for IPv6, given my work starting with Valerio Muzzolini, Serge Dupouy, Nick Gale.... And all the good guys and girls
that all of the IPv4 addresses ran out in February. It’s time for everyone to realize, who I am forgetting, who are the CISCO Assets.
before companies and individuals lose their competitive edge, that IPv6 is fast be- These 10 years were the best school, university, experience and also basis for human values, not only
coming a requirement that will enable the Next Generation Internet. technical...
About This was not only a matter of knowledge and people, it was also a way to manage the people that I
had never found in any French companies or International companies not managed by Americans.
I have written this book to help anyone who needs to design, configure and trouble- During my interviews when I got hired, someone asked me what I was expecting from my manage-
ment. I answered support to keep me focused on my technical job, and I was correct! This was typi-
shoot IPv6 Networks because this is the experience I have gathered in my life as an cally what I found with all my managers with an exception of the French SE (Pre Sales) Manager I got
IPv6 Tester, Consultant and Trainer and also from my 20+ (almost 25) years of IP when I joined the Account Team to help the customer validation process for free as this was normally
and CISCO Routers. a service charged to the customer. But except this one, I only got great managers who always sup-
ported me when I was a Network Consulting and a Software Engineer. I was always supported to fo-
In this first book I will cover the Fundamentals. Following books will be about Routing cus on my job and didn't have to worry about the political cases that the French really enjoy in most
Protocols, Transition To IPv6, Multicast, Security and more... big companies. I had the benefit of working for a big company, but at the same time I was so free to
organize my work and received awards every time I was doing something good that I had the feeling I
The book must be used with the IPv6 TUTORIAL that can be found from was working for my own company. This was the first time that I was also working for a company where
the technical skills were considered and you did not have to become a (often bad) manager when you
http://www.ipv6forlife.com. were good in your Technical role as a reward! At last I found people like me, people working like me!
Working for CISCO was my best experience in my carreer.
After CISCO I resumed my trainer and consultant life and started to teach what I had learned with my
CISCO masters and more! I am a self-employed IPv6 Expert working as a Fast Lane IPv6 Course
Subject Matter Expert with other CISCO partners and for myself as well.
1.1 Tribute
to
C ISCO
and
to
the
U SA!
IPv6 is more than a Job to me; it is a hobby and a philosophy; it is a Community. It is open, and every-
body is welcome to bring something!
IPv6 was designed about 20 years ago by people who thought that the Internet should be for every-
body and not only for the lucky ones who can get a Class A or whatever IPv4 block... It was designed
2
4. About the book
You need to have a host connected to the Internet to do the proposed exer-
cises and to validate that you were able to provide the correct answers.
2
This is Free and very interesting certification.
2.1 IPv6
Fundamentals 2.2.3 CISCO
C CIE
Rou5ng
&
Switching
IPv6 cannot be understood if the Fundamentals are not. That's why the first Module of this book is Cisco has one main 5 days training course and a derivated training from this
essential. one I have designed for CISCO which is aimed at the SP Market
You can find some help in the "IPv6 For Life!" Tutorial from the home page: http://www.ipv6forlife.com.
This Tutorial has several chapters for the Fundamental Module:
Fundamentals #1. Introduction and IPv6 Addressing 2.3 Important
informa5on
Fundamentals #2. More about IPv6 Addressing. ICMPv6 and an Intro about Neighbor Discovery
Fundamentals #3. DHCPv6, DNS, MOBILE IPV6 and derived applications
THIS BOOK CAN BE READ COVER TO COVER OR YOU CAN PICK UP ANY
PAGE FROM ANY CHAPTER WHEN NEEDED.
Our first chapter will introduce the IPv6 basics.
Then we will study the IPv6 Addressing which is the main reason why IPv6 was developed, to provide
THIS E-BOOK IS ALIVE. MANY VIDEO LINKS ARE FLASH PRESENTATIONS
an addressing which will match the requirements of the Internet for the next century. AND YOU WILL NEED A LARGE SCREEN AND FLASH® (ADOBE) SOFTWARE
There was a day one missed requirement which was the Multihoming requirement. This should have
ENABLED BROWSER. PLEASE CHECK http://www.adobe.com.
been managed by the IPv6 Stack as a service like Mobile IPv6, but the Engineers just missed to ad- I AM ADDING NEW PRESENTATIONS ON A REGULAR BASIS AND I WILL UP-
dress this issue which is still not completely resolved with a long term solution commonly accepted.
DATE THE LINKS IN THIS BOOK. WHEN YOU GET A NEW VERSION OF THIS
The next chapter will be about the IPv6 header, the long addresses, the Extension Headers and other E-BOOK YOU WILL GET PLENTY OF NEW PRESENTATIONS.
interesting improvements for more efficiency.
Then ICMPv6 basics, quite close to IPv4 and more interesting, the Neighbor Discovery Protocol which FOR ALL THE LINKS YOU WILL NEED To ACCESS IPv6 FOR LIFE® WEB
is described in two separate RFCs. Many solutions are provided by ND like Autoconfiguration or SERVER: http://www.ipv6forlife.com
Router Discovery and more.
Despite I am based in France I have been speaking and writing more in English
Finally we will describe all the most important Services which are not implemented for all platforms. than French for the last 25 years but I still may do some mistakes that I need
Linux is the best platform to test and support all the IPv6 Services.
you to forgive me if it happens in this book!
2.2 IPv6
Cer5fica5ons The IPv6 Internet belongs to everybody. Thanks for reading me!
2.2.1 IPv6
Forum
Cer5fica5on
There are many certifications at the IPv6 Forum with 2 levels, Silver and Gold for
Engineer and Trainer. The Trainer is more advanced than the Engineers. Kindest Regards,
For the moment, all you need is to apply on the IPv6 Forum Web Server and provide
a few proof of achievements to get certified.
Fred Bovy
2.2.2 Hurricane
Electric
Hurricane Electric propose a very challenging certification with multiple levels up to
Sage Level.
Each step requires both theory and practical exercise.
3
5. Introduction to IPv6
2
This chapter how we
arrived to IPv6 in 2012 and
the long path we walked by
since the 80s!
Address depletion is not a
new issue and IPv4 was
never intended to scale a
Global Public Internet!
6. Chapter 2
Introduction to IPv6
1 Introduction to IPv6
1.1 History
IPv4 was developed in the 80s for a military network with a few thousands hosts maximum by the
DoD of the USA.
There was no need for security as it was a private network in the DoD Buildings. There was no need
for Autoconfiguration or Mobility and many things.
IPv4 Addresses were widely distributed until they were no more enough for everyone. In the early 90s,
IPv4 Address depletion started to be a problem.
Digital Equipment thought that OSI would replace IPv4 and that DecNET Phase V was actually OSI
I posted something about it in my blog about this history: Protocols.
http://ipv6forlife.net/wordpress/?p=61
1.1.1 OSI
Protocols 1.1.2 ATM
and
Frame-‐relay
The first serious candidate to replace TCP/IP was the OSI Protocols. The Open Systems Interconnec- But at the same time the convergence of Data and Voice Networks had started since the middle of the
tion (OSI) protocols are a family of information exchange standards developed jointly by the ISO and 80s, and we were looking for a network which could manage both Real Time (Voice, Video) and Non-
the ITU-T starting in 1977. Real Time data with multiple levels of Precedence as IPv4 was already doing. Some people were
working very hard for a converged network and they came up with a new protocol called ATM (Asyn-
OSI defined a Layered Model with 7 Layers while TCP/IP just had 5 since OSI Layers 5, 6 and 7 were chronous Transfer Mode).
actually managed by the TCP/IP Application Layer.
ATM could manage any kind of Traffic: Voice, Video, Business Data, Bulk Data. ATM was really a Net-
OSI Protocols was providing a Datagram Service like IP called Connectionless Network Service work Scientist Protocol Architecture, its routing protocol PNNI was able to react in Real-Time to any
(CLNS) with an address of up to 20 bytes (160 bits) long. change in the Network to find paths which could match any Class of Service Traffic.
Its routing protocol, ISIS, very close to OSPF immediately interested many service providers since it ATM was based on 53 bytes cells at the Physical Level for Real-Time and Non Real-Time traffic to be
was an Integrated routing protocol which could support IPv4 as well (RFC1195). Actually it was more interleaved.
SP Oriented and could support many more routers in the same area. It is also a much easier protocol
to troubleshoot. A simple look at its Database will convince any Network Engineer in 5 minutes. ATM was designed for 155 Mbps Sonet SDH Fiber links minimum, and this was not really widely avail-
able at this time. Also, the ASICS to manage the 53 Bytes Cells were not yet available or very expen-
sive as it was not made at a sufficient large scale to get a reasonable price. So, an interim technology
5
7. was also created to transport Data and Voice while ATM was growing. This was Frame-Relay, a
stripped down version of X.25 with PVC only. SVCs came later, but they were never as popular as
PVC.
In the mid 90s ATM was the only serious candidate to support these converged Networks, and VoIP
was not an option in the networking business world.
At the end of the 90s, most people realized that ATM would not scale with MultiGigabit Links, which
were arriving slowly. Also, some ATM Protocols like LAN Emulations collapsed under traffic as the
Node dedicated to replicate the Broadcast and Multicast was too much solicited. ATM, which was
great on paper, proved to be not scalable, and a complex and expensive solution, so VoIP came back
as a viable solution.
But all this work made for ATM was not thrashed, and many protocols built for ATM are still in use in
many solutions. A lot of of the QoS, a protocol like NHRP, which was developed for ATM Classical IP,
is now used for CISCO DMVPN.
1.1.3 MPLS
And also, there was the idea to replace a long address by a label that was already used by the old
X.25, then ATM networks gave the idea of replacing the IPv4 header with a short label! Epsilon's IP
Switching, Cisco's tag switching and many other Vendors provided such a solution with an initial moti-
vation to make faster routers.
Then CISCO also saw that with Tag Switching it was possible to add some services which were not
possible with IP like Tag-VPN. Tag-VPN permitted providing each connected customer with a Virtual
Private Network having its own IPv4 Addresses.
Tag-VPN was based on a Multi-Protocol BGP Extension with a new BGP vpnv4 address family as it
was adding a 32 bit prefix to the the IPv4 address, called a Route Distinguisher (RD) for the BGP pre- !
fix to be unique in the Service Provider Backbone BGP Table.
In addition to the RD, an Extended Community BGP Attribute was added to the BGP Prefix before it 1.1.4
was advertised to a remote BGP Router. This Extended Attribute was then used to recognize a prefix IPv6
and import it into the Customer Virtual Routing Table.
Later, in the early Y2Ks when IPv6 became the next version approved by the IETF and more and
The Benefits of Tag-VPN on the previous Layer 3 VPN based on IP were that: more requested by the Customers, CISCO's reply was to provide an IPv6 Service over IPv4/MPLS
The Backbone routers (P) did not have to know any of the the Customers Route. Only the BGP Next- without any need to upgrade the backbone.
Hop, the exit point host route for each Provider Edge (PE) Router which was connecting to the Cus- They invented 6PE designed and developed in the South of France from an Architecture (RFC) of
tomer Edge (CE) Router was enough. Francois Le Faucheur and other companies and then designed and coded by Eric Levy-Abegnoly.
Before Tag-VPN, in the SP Point of Presence, each Customers needed to have a dedicated router In the early Y2K, the first large scale IPv6 offers from SPs were mostly brought by 6PE in Asia and in
which was importing all the BGP Routes with a given Community Attribute. With Tag-VPN. the same the USA.
PE could be shared by all the customers with each customer having its own Virtual Route.
Later came 6VPE which was actually 6PE in the VRF, allowing the customers to have a dual-stack
Customers could have overlapping addresses without any problem. VPN supporting both IPv4 and IPv6.
The provisoning and the management of the VPN were very much simplified. We will cover 6PE and 6VPE later with all details...
Traffic Engineering was another great service of Tag-VPN, allowing the SP to use more than the best
route links in their backbone to use all the available bandwidth of the core.
Tag-Switching was then standardised by the IETF to MPLS,
So in the late 90s and in the early y2k, most service providers were upgrading their backbone to 1.2
I Pv4
Address
Deple5on
MPLS!
As we have seen earlier, the IPv4 address Depletion started to be a problem in the 90s, and while
some people were working on new protocols to replace IPv4, some others were working on a work-
around to keep on working longer with IPv4.
6
8. They came up with NAT and Private Addresses (RFC1918). Before
RFC1918, some people were already doing some private addressing,
but it was at their own risk if they were choosing an address already
in use, and they could need one day to join like for instance 7.0.0.0/8
or 9.0.0.0/8. One of these was used in my company in the early 90s
with Proxies to reach the Internet for http or ftp protocols.
Now with RFC1918, some block were reserved for private address-
ing, and with NATPT aka PAT, it was possible to use one public ad-
dress for a whole building or all the PCs of a residential user.
Let's take a shortcut and call NAT: NAT, NATPT or PAT.
NAT immediately solved the problem for many years, but at the same
time, it killed some concepts which created the popularity of the Inter-
net like the End-to-End Addressing or peer to peer capabilities.
In the 90s, this was the time for Downsizing and Client-Server Applica-
tions. Many companies moved to TCP/IP for this reason.
Downsizing was the migration of Applications from Mainframes to
Servers running on RISC Workstations, Mini Computers (AS/400) or
even PCs and PS/2s.
Client-Server Applications was the migration from hierarchical Applica-
tions runnning on a Mainframe and accessed by dumb terminals to
Applications on Servers accessed by smart Clients, mostly micro com-
puters or Unix Plaforms, PCs or RISC based.
To keep on working with NAT, now we have to provision a public ad-
dress for each server and configure a Static NAT Translation for each
Server. This can become tedious when you have a lot of servers to
manage. And we cannot save anymore addresses. Still each server
requires a Public Address. !
NAT introduced many states in the IP Network, which was a datagram
best-effort model, and this has many Architectural Implications. Just And even if the Service Provider was running NAT a second time in the SP Backbone to share an
make a search in the IETF Server for all the RFCs about NAT or PAT IPv4 Address among multiple Customers (NAT444), this could not give enough addresses to match
or NAPT, and you will find more than 80 documents explaining the the need of all the emerging countries, the need for more than one IPv4 address per user. We must
limitations, how to workaround NAT to support most of the Network now support plenty of new connected devices which did not exist in the 90s: Smartphones, iPADs,
Applications. and so on...
NAT seems an easy and cheap solution, but when you look into it, So today the question is no more if we need to move to IPv6 but when!
you find that it actually cost a fortune in hidden costs and thousands
of lines of code to support it!
To support Voice application, Skype workaround is to use a Server in the middle of your connection,
and your Smartphone must send keepalive on a regular basis to keep the NAT States up draining
your batteries.
1.3 The
Current
Market
Needs
Skype makes it with the cost of a server and keepalives, but many voice applications are still impossi- We have seen that IPv4 even with double NAT could not provide enough addresses for all the Emerg-
ble because of NAT! ing Countries, new devices and new applications which require more and more addresses and even
more and more ports (Ajax)!
A 10.0.0/8 block looks like a big block for the needs of most companies, but it is still too small for
some very large companies or some Service Providers. That's why the Cable SPs requested that The Cable Networks Operators have requested that the last DOCSIS Cable standard MUST support
DOCSIS 3.0 supports IPv6! IPv6.
Today, even with the use of NAT, we are now running out of IPv4 Addresses in most regions of the Voice Applications suffer more and more from the NAT limitations and Mobile IPv6 or Proxy Mobile
World! IPv6 can bring solutions impossible to solve for IPv4.
7
9. All IPv6 Addresses of a building Xlate to one IPv4 Addresses:
2001:DB8:678:1000::/48 -> IP 10.12.13.2/24
2001:DB8:678:1000::/48 -> IP 10.12.13.3/24
We 2001:DB8:678:1000::/48 -> IP 10.12.13.4/24
need
NAT44
(CGN/LSN) NAT44
10.0.0.0 -> 202.45.3.0 172.19.0.0 -> 10.0.0.0 1 IPv4 Only Host
IPv4 172.19.0.0/12
2001:db8:678::1/64
(SLAAC) STATEFUL
2
Internet DHCPv6 Client
DHCPv6-PD Client
Use LL for the p2p Link Address to SP
NAT64
ISP Control IPv6
RFC 1918 Internet
172.16.0.0/12
101.12.13.1/24
ISP
NAT44 First Subnet
172.17.0.0/12 IPv4 Private 2001:db8:678::/64 2001:db8:678:3::/56
8 bits for Subnets
Network
10.0.0.0/8 IPv6 Private
2001:db8:678:1::/56
8 bits for Subnets Network 10.12.13.3/24
NAT44 2001:db8:658::/48
2001:db8:678:30::/64
2001:db8:678:31::/64
10.12.13.1/24 2001:db8:678:2::/56
...
8 bits for Subnets
2001:db8:678:10::/64
172.18.0.0/12 2001:db8:678:11::/64 2001:db8:678:20::/64
... 2001:db8:678:21::/64
...
autono- 10.12.13.2/24
mous devices which not only do autoconfiguration, but also can form Networks dynamically after they
automatically discover neighbors. This is Wireless Sensors Networks (6LowPAN) applications.
The current solutions to address this problem are the Stateful Carrier Grade NAT (CGN) aka
1.4 Transi5on
Richness Large Scale NAT (LSN) and the Stateless dIVI-pd or A+P Solutions.
Since the IPv6 introduction, tools for a soft transition were provided. They have evolved with the time
and the demand. • SPs with IPv4 Backbones need to provide IPv6 Access to the IPv6 Internet or among IPv6
customers. This is based on 6PE or 6VPE for MPLS/IPv4 or 6RD for IPv4 Backbone.
In 1996, IPv6 was shipped with a dual-stack and static tunnels.
While the Internet is still growing very fast with more connected devices every day, the available IPv4 • SPs with IPv6 Backbone need to provide IPv4 Access to the IPv4 Internet or among IPv4 Cus-
addresses have declined and IANA has been completely depleted since February 2011. As IPv6 has tomers.
been now implemented for more than 15 years and available on most Operating Systems and Net-
work vendors, most Service Providers and even more companies have not yet switched to the next This is based on DS-Lite or 4RD based Solutions.
generation Internet protocol. As a consequence we still need to buy some time to allow a smooth tran- • To Provide access to IPv4 Resources for IPv6 ONLY Customers.
sition to IPv6. It is planned that we will need to support mixed IPv4 and IPv6 networks.
This is based on Address Family Translators with NAT64 and DNS64 as currently the best solu-
Clearly, maximum performances, security and other benefits we can think about with running IPv6 will tions. These translators permit to translate IPv6 to IPv4 packets originating from the IPv6 side.
be achieved when the transition is complete.
With Stateless it is a One-to-One translation using a reserved IPv6 prefix.
During the transition we will need to compromise features, performances and security for the With Stateful NAT64, multiple IPv6 addresses can be translated to one IPv4 addresses
benefit of supporting old IPv4 nodes and applications.
.
We have to address the four following problems:
There is a Stateless implementation on Linux called TAYGA. They say on theire Web site that to get a
• To Support a maximum of new IPv4 customers with the few remaining IPv4 Public Addresses. stateful NAT64 one just needs to combine their TAYGA with a Statefull NAT44 also available on Linux.
This implies more sharing of the remaining addresses.
8
10. This will be more developed in the next book with a module or a full book about Translation to IPv6. 1.5.3 More
Efficient
Packets
Switching
There are so many possibilies and so many technologies being tested if we really want to cover all the
experience currently or lately performed. No more Header Checksum in IPv6. This field has been completely removed.
SP are not very happy with the CGN or LSN based solutions since they have to run a stateful protocol Header aligned on 64 bits for more efficient access.
in their backbone. The Capacity Planning is almost impossible in most cases so they may have to
over provision the NAT64 or NAT444 with big CPU and a lot of RAM just in case you have to manage Routers are no more responsible for fragmentation. If fragmentation must be done, it must be
twice more translation for an occasion like a global sport event like the Olympic Games. If TV is not done by the source. The fragmentation information are no more carried in each packet but in
working for the Olympic Games or a Mundial soccer event it would be a reason for many users to an Extension Header if needed.
move to a competitor! Protocol like 4RD, dIVI-PD.
With CGN/LSN the SP must keep the logs which represent some Tera Bytes of Data each month.
Transition protocols are expensive and as all SPs are transitioning to IPv6, I have serious doubts now
that dual-stack will be supported for a long time. The "Good" Internet User who complies with IPv6 will
not want to pay the bill of the one who is doing nothing for 15 years?
1.5 What
are
the
I Pv6
improvements?
1.5.1 128
bits
Addresses
1.5.1.1 IPv6
addresses
-‐
how
many
is
that
in
numbers?
IPv6 is our Word of the Day today. The big difference between it and IPv4 is the increase in address
space. IPv4 addresses are 32 bits; IPv6 addresses are 128 bits. That’s a lot more, for sure, but what
does it look like in numbers? What could we compare it to in real-world terms?
DevDevin did the math:
How many IP addresses does IPv6 support? Well, without knowing the exact implementation details,
we can get a rough estimate based on the fact that it uses 128 bits. So 2 to the power of 128 ends up
being 340,282,366,920,938,000,000,000,000,000,000,000,000 unique IP addresses.
How do you say that, though? 340 trillion, 282 billion, 366 million, 920 thousand, 938 — followed by
24 zeroes. There’s no short way to say it in numbers without resorting to math.
Here’s how Wikipedia expresses it:
The very large IPv6 address space supports a total of 2128 (about 3.4×1038) addresses - or approxi-
mately 5×1028 (roughly 295) addresses for each of the roughly 6.5 billion (6.5×109) people alive to-
day. In a different perspective, this is 252 addresses for every observable star in the known universe.
Steve Leibson takes a shot at putting it in real world terms. It’s big — grains of sand don’t even enter
into it. No, he’s got to take it to the atomic level. Here’s his conclusion:
So we could assign an IPv6 address to EVERY ATOM ON THE SURFACE OF THE EARTH, and still
have enough addresses left to do another 100+ earths. It isn’t remotely likely that we’ll run out of IPV6
addresses at any time in the future.
1.5.2 Extension
Headers
In IPv4 we had a limited amount of Option which could not provide for any new Extension. In IPv6 we
have Extension Headers instead. These Extension Headers can be daisy chained so it is now possi-
ble to put as many Options as we want in an IPv6 packet to support any new IPv6 Level Applications.
The first great example of what we can do with Extension Headers is Mobile IPv6 and all derived appli-
cations: Mobile router (NEMO), MANET, Wireless Sensors Networks (6LowPAN), PMIPv6. As we can
tweak Addresses at the Network Layer it becomes transparent for the Transport or Application Level.
9
11. IPv6 Addresses
Addresses
3
This chapter introduces the
key feature of IPv6 which is
an address that scales the
Internet requirements of
2012 until we all die!
12. Chapter 2
IPv6 Addresses 1 IPv6 Addresses
1.1 Introduc5on
IPv6 not only makes longer addresses, but also makes a better use of addresses and how to manage
them. For instance if you have a small LAN without any routers, the workstations will be able to pick
up an address automatically, which will only be valid on this LAN (Link-local) and will permit the Node
to be automatically configured with a local address. Then if a router comes up, new prefixes will be
advertised by the router, and the Workstation will automatically configure addresses derived from
these prefixes. The most important things are:
There is no more Broadcast, only Multicast!
• Link-Local addresses only valid on the link where it is configured. This leads to the concept of
Topics Zone. This Link-local address belongs to a zone with its own routing table.
• Anycast Addresses which is an address to the nearest Service. This was already existing in
IPv4 but now it is fully managed.
• Routers are discovered Automatically
1. Introduction • ARP has been dramatically improved in the Neighbor Discovery protocol. There is no more
just a TImeout for the MAC to IP Address cache, but the Neighbors are Managed in the cache
by a Finite State Machine. Useless entries of dead neighbors are cleared. When a Timer ex-
2. What does 128 bit represent? pires, a few probes are sent to the neighbor (About 35 seconds with default).
• The concept of zone is also important in IPv6. For the moment it mostly applies to Multicast
and Link-local Addresses, but it could be used to creat VPN. Still each zone has its own Rout-
3. All types of IPv6 Addresses: ing Table (Please see RFC4007 "Scoped Zone Architecture" for more details).
See RFC4291 for IPv6 Address Architecture
1. Unicast
1.2 What
does
128
bit
represent?
1. Unique Local Unicast
We could assign an IPv6 address to EVERY ATOM ON THE SURFACE OF THE EARTH, and still
2. Global Unicast Addresses have enough addresses left to do another 100+ earths.
It isn’t remotely likely that we’ll run out of IPV6 addresses at any time in the future!
3. Special Addresses So we must change the way we design networks and stop trying to save IP Addresses!
We must give large blocks when needed as wasting IPv6 Addresses is not to use the huge amount of
available address to make scalable Networks rather than saving each single bit of Address! Wasting
2. Multicast Addresses does not mean the same thing in IPv6 as in IPv4!
3. Anycast 1.3 How
to
write
an
I Pv6
Address?
The 128 bits Address is written as 8 16 bits digits written in Hexa and separated by a colon :.
Leading zeros can be ignored. You can write:
11
13. 2001:db8:1:459d:f123:98ab:d0:e1 IPv6 addresses are made of 128 bits, but we still find the same 3 parts that we have in an IPv4
Address:
instead of:
9 bits 36 bits 16 Bits Host. 64 bits
2001:0db8:0001:459d:f123:98ab:00d0:00e1. 3
Once in the address you can replace a long list of zeroes with double colons :: 001 ARIN RIR or ISP Subnet ID Interface ID
You can write: 16bits
2001:db8::1 IPv6 Unicast Addresses
instead of:
2001:db8:0:0:0:0:0:1
1.4.1.1 Global
Rou>ng
Prefix
An ISP Customer Prefix used to route the packet to the customer. This Prefix itself is built of a com-
1.3.1 The
I Pv6
Addresses
are: mon prefix for all the Global Unicast Addresses 0010 or 2000::/3. Then you have a prefix matching a
Regional Internet Registry, a RIR and then the part of the Address which addresses the customer. The
• Unicast: One to One most common prefixes are typically a /48 Prefix for each site. This may seem overkill, but we do not
waste addresses if we use them. We waste them if we don't!
• Global Unicast Addresses (Public)
2001:db8::/16 is reserved for documentation and labs!
• Unique Local Addresses (Private)
• Link-Local Address 1.4.1.2 The
Subnets
bits
These bits can be used by the customer to address many subnets for each site. We may find that us-
• Special addresses: loopback, unspecified, IPv4 Mapped ing a /48 prefix for each site may be a waste of Addresses with our IPv4 reflexes, but this is actually
• Anycast: One to Any the other way around as we have so many addresses available that it would be wasting addresses if
we were trying to save addresses instead of using them generously to maximize the scalability of the
• Multicast: One to Many addressing and allow easy growing of the sites.
1.4.1.3 The
Interface
I D
1.4 IPv6
Unicast
Addresses The Interface ID is similar to the IPv4 Host Address. It is used to identify the Host itself.
1.4.1.3.1EUI-‐64
or
Modified
E UI-‐64
1.4.1 Global
Unicast
Addresses
(Public) This address is generally derived from the Interface MAC Address which is 48 bit. 0xFFFFE is added
in the middle of the MAC address to make a 64 bits address:
The Global Unicast Addresses are similar to the Public IPv4 addresses and are routable in the IPv6
Internet.
Provider . 48 bits Site . 16 bits Host. 64 bits
00 90 59 02 E0 F9
Global Routing Prefix SLA Interface ID
Global Unicast Address
00 90 59 FF FE 02 E0 F9
In the Internet 2000::/3 (binary 0010) is reserved by IANA for the global unicast address. You will find
more details on the Internet here and RFC4291 for IPv6 Address Architecture:
ThAs the Global Routing Prefix contains the IANA prefix for Global Unicast Adddress, a prefix
which identifies the Regional Internet Registries (RIPE in Europe for instance) and eventually
another prefix which identifies the ISP:
000000X0
http://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xml EUI-64 Address
In this example, the MAC Address is 00-90-59-02-E0-F9.
http://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xml The EUI-64 Address will be: 90:59ff:ff02:e0f9
And the Modified EUI-64 Address will be: 290:59ff:fe02:e0f9
12
15. fe80::34f:a011:2:d78%15 on Microsoft Windows, 15 is the interface index. These addresses do not have any reserved prefix so you cannot recognize an Anycast Address from
a Unicast.
In IPv4 it is similar to the 169.254.0.0/16 address (RFC 3927).
All the Next Hop but recursive static or BGP routes use a Link-local address.
1.4.4 Special
Addresses 1.6
I Pv6
Mul5cast
Addresses
1.4.4.1 Unspecified
Address
is
::/0 This is a one to many addressing.
The Unspecified is only used as a source address when a node is booting, and it is verifying its Link-
local Address. There is no Broadcast in IPv6 only Multicast. But you have an address for all IPv6 nodes (ff02::1) as in
IPv4 an address for all IPv4 nodes (224.0.0.1). The prefix ff02:: is reserved just like 224.0.0.x for IPv4.
A router MUST NOT route a packet with an unspecified source address.
Multicast Addresses are used like in IPv4, when a source needs to send a packet to a Group of Re-
1.4.4.2 Loopback
Address
is
::1 ceivers.
The loopback address is a Link-local address to the node itself. It must not be assigned to any physi-
cal interface. It is similar to the IPv4 127.0.0.1 address.
1.4.4.3 IPv4
Mapped
Address
This is used when you need to code an IPv4 address in the IPv6 format. For instance with 6PE or
6VPE, the destination IPv6 Address will have the Egress PE IPv4 Loopback interface. This is illegal
for BGP to advertise a destination with a next hop of another Address Family. So the Next Hop is
coded as an IPv4 Mapped Address. The Flags are used for the Embedded RP Address. This is new in IPv6 and
allows the RP Address to be embedded in the Group Address. We will study
You got 80 bit set to 0, then 16 bits set to ffff and then the 32 bits of your IPv4 address: the Flags when we cover the Multicast in detail.
If the next hop was 192.9.0.1, it would be coded: The Scope is also new in IPv6 and allowed to set the Scope of the Mul-
0:0:0:0:0:ffff:<32 bits IPv4 Address> ticast Group:
::ffff:192.9.0.1 or
::ffff:c009:1 1 is Node Local
2 is Link-local scope. Example:ff02::1
4 is Admin-local
1.4.4.4 Encapsula>on
of
I Pv6
in
Ethernet 5 is Site-local
8 is Organization-local
IPv6 Protocol is 0x86dd E is a Global Group
Example:
Dest Ethernet Source Ethernet
Adress Adress 0x86DD IPv6 Header and charge ff02::1:2 All DHCP Servers and Relay. Link-local Scope
ff05::1:3 All DHCP Servers. Site-local Scope (used by Relays)
IPv6 in Ethernet
ff02::2 All IPv6 Routers. Link-local Scope
ff02::5 All IPv6 OSPFv3 Routers. Link-local Scope
1.5
I Pv6
Anycast
Addresses ff02::6 All IPv6 OSPFv3 DR Routers. Link-local Scope
This is a one to any addressing. ff02::9 All IPv6 RIPng Routers. Link-local Scope
Anycast Addresses are like duplicated Unicast Addresses. The goal is to find the nearest server imple- ff02::A All IPv6 EIGRP Routers. Link-local Scope
menting a function.
It was already existing in IPv4 for the DNS Root Servers. We have only 13 addresses, which repre-
Only the Link-local Scope is automatically filtered and not forwarded by Routers. All the other Scopes
sent more than 200 physical servers.
must be implemented with ACLs.
In IPv4 it was also used by Anycast RP to find the nearest RP in a redundant RP mode using MSDP
to make the RPs communicate with each other.
14
16. For each unicast or anycast address configured, the IPv6 node automatically configures a Solicited
Node Multicast Address derived address. This address is setup with a common Multicast Prefix and
the last 24 bits of the Unicast Address.
Example:
Unicast Address
2001:DB8:DC28::FC57:D4C8:1FFF
Solicited Node Multicast Prefix
FF02:0:0:0:0:1:FF
Solicited-node multicast address
FF02:0:0:0:0:1:FFC8:1FFF
The solicited node multicast address derived from the unicast
Préfixe Interface Identifier
FF02 O 0001 FF 24 bits
128 bits
IPv6
Address Plan Example
1.7 IPv6
Address
Plan
Example
2001:db8:abcd::/48 has been assigned for the USA offices of this company.
Each Regional largest office aggregates the traffic for the area as a /52 route. In the address
2001:db8:abcd::/48 has been assigned for the USA offices of this company. 2001:db8:abcd:9000::/52, 9 identifies the West Coast.
Each Regional largest office aggregates the traffic for the area as a /52 route. In the address Each office has a /56 prefix. In the address 2001:db8:abcd:9100::/56, 91 identifies the San Francisco
2001:db8:abcd:9000::/52, 9 identifies the West Coast. Office.
Each office has a /56 prefix. In the address 2001:db8:abcd:9100::/56, 91 identifies San Francisco Of- Then 2001:db8:abcd:9101::/64 may be the first LAN in SF.
fice.
Then 2001:db8:abcd:9101::/64 may be the first LAN in SF.
15
17. Internet Admin hierarchy
1.8 The
Mul5homing
Issue http://www.ripe.net/ripe/docs/ripe-512
1.8.1 IPv6
Addressing
Hierarchy Regional Internet Registries EU/ISP
(ARIN, APNIC, RIPE, NCC)
Cust1 ISP/
RIR
21ae:db8:1::/48
ISP1 LIR EU
21ae:db8::/32
RIR1
IANA
21ae::/8 ISP/
RIR NIR EU
Cust2 ISP2
LIR
21ae:db9:1::/48
National
21ae:db9::/32 IANA Internet Local Internet
End Users
2000::/3
Registries Registries
Cust3
2001:db8:1::/48
RIR2 1.8.2 Mul5homing
Issue
and
solu5ons
ISP3 2001::/8
Cust4 2001:db8::/32 This works very well as long as a customer does not want to use more than one SP for Redundancy
2001:db8:2::/48 or other reasons like best price in different regions of the world for instance.
In this case, the customer will have to deal with multiple Prefixes. This is not a problem again as any
IPv6 Addressing Aggregation IPv6 interface can be configured with multiple Prefixes.
Having an address 4 times bigger, the IPv6 designers didn't want to need 4 times more memory! So The problem is for resiliency and load-balancing.
they designed a model to maximize Aggregation.
There is a Flash animation in my Free On-Line Tutorial Fundamentals #2.
IANA has allocated the block 2000::/3 for Global Unicast Addresses. Then in your address you will
have a Prefix which identifies each Regional Internet Registry: RIPE-NCC, ARIN, APNIC, AfricNIC,
LACNIC. And a Prefix for each SP ISP2
ISP1 2001:db9::/32
The end user does not own a Prefix, and if he changes the SP, he will have to renumber its Network 2001::db8::/32 2001:db9:100::/48
with a new Prefix. 2001:db8:1::/48
The goal is to maximize route Aggregation, allowing each SP to summarize all its client with one or a
few Prefixes. This is what we call Provider Assigned (PA) Prefixes.
2001:db8:1::/48 2001:db9:100::/48
2001:db8:1::/48
2001:db9:100::/48
Provider Assigned Address
16
18. 1.8.3 Provider
Independant
Addresses
Dest thru ISP2 is no longer reachable
The session fails
ISP1 ISP2 ISP1
ISP2
2001:db8:100::/48
2001:db8:1::/48
2001:db8:66::/48
2001:db8:66::/48
2001:db8:1::/48
2001:db8:1::/48 2001:db8:100::/48 2001:db9:100::/48
2001:db9:100:99:42:345F:1:1/64
2001:db8:66::/48 2001:db8:1:99:42:345F:1:1/64
2001:db8:1::/48
2001:db8:100::/48
2001:db8:66::/48
In this case your RIR will allocate a Prefix to the end-user who is authorized to advertise its own prefix
to multiple SPs. Below is an example. 2001:678:e01::/48 has been assigned to this company and the
same prefix is advertised to SP ACME and
The best solution, which may be expensive in some regions, is the P
ABC! So each of these SPs will have to advertise this Prefix in the IPv6 Internet if it does not fall under
Provider Indendant (PI) Prefixes. the summaries of each SP.
They have been available since 2009, and we can see that the number of IPv6 prefixes has started to It is seen as a short term solution as a long term solution should permit maximum aggregation and
increase tremendously since this date. First, because there was no solution to this problem before and must be managed by Hosts or Routers.
then because we cannot Aggregate the PI PRefix since it punched a hole in the summary address for
each SP where it does not fall into one of its summary and must be advertised independantly.
A new session must be started
Better route from ISP2
A session is started ISP2
ISP1
ISP1 ISP2
2001:db8:1::/48
2001:db9:100::/48
2001:db8:1::/48
2001:db9:100::/
48 2001:db9:100:99:42:345F:1:1/64
2001:db8:1:99:42:345F:1:1/64
2001:db9:100:99:42:345F:1:1/64
2001:db8:1:99:42:345F:1:1/64
17
19. Internet 2001:678:e01:3000::/52
2001:678:e01::/48
2001:db8:1001:f000::/52 Campus 3
BB Router
Campus 1 Backbone Router ISP ABC
ISP ACME
Bldg 3-2
2001:678:e01::/48
2001:678:e01:3200::/52
2001:db8:1001:f1000::/52
2001:678:1001:f000::/52
Campus 2
BB Router
Bldg 3-2
2001:678:1001:f100::/56 2001:678:1001:f1000::/52 2001:678:e01:3100::/52
255 user /64 LANs per Building
2001:678:1001:f101::/64
Bldg 2-2
Bldg 2-1
2001:678:1001:f1200::/52
2001:678:1001:f1100::/52
Bldg B 1-1
2001:678:1001:f102::/64
1.8.4 Other
Solu5ons
There are some host based and routers based solutions to solve this problem without losing the maxi-
mum Aggregation of the PA Prefixes. Some solutions are host based like shim6 or HIP, which also
managed Mobility, and some others are managed by the routers like LISP.
"The basic idea behind the Loc/ID split is that the current Internet routing and addressing architecture
combines two functions: Routing Locators (RLOCs), which describe how a device is attached to the
network, and Endpoint Identifiers (EIDs), which define 'who'
the device is, in a single numbering space, the IP address. Proponents of the Loc/ID split argue that
this "overloading" of functions makes it virtually impossible to build an efficient routing system without
forcing unacceptable constraints on end-system use of addresses. Splitting these functions apart by
using different numbering spaces for EIDs and RLOCs yields several advantages, including improved
scalability of the routing system through greater aggregation of RLOCs. To achieve this aggregation,
we must allocate RLOCs in a way that is congruent with the topology of the network ("Rekhter's Law").
Today's 'provider-allocated' IP address space is an example of such an allocation scheme. EIDs, on
the other hand, are typically allocated along organizational boundaries. Because the network topology
and organizational hierarchies are rarely congruent, it is difficult (if not impossible) to make a single
numbering space efficiently serve both purposes without imposing unacceptable constraints (such as
requiring renumbering upon provider changes) on the use of that space.
LISP, as a specific instance of the Loc/ID split, aims to decouple location and identity. This decoupling
will facilitate improved aggregation of the RLOC space, implement persistent identity in the EID space,
and, in some cases, increase the security and efficiency of network mobility."
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_11-1/111_lisp.html
18
20. IPv6 Header
4
To summarize the IPv6
Header we could say:
longer addresses and a
simple efficient versatile,
flexible, powerful Network
Layer!
The daisy chained IPv6
Extension header is a
major important step for
any application in the
future! Mobile IPv6 is the
first example of this power!
21. Section 1
IPv6 Header
Topics
1. IPv6 versus IPv4 headers
2. Path MTU discovery
3. Extension Headers
4. Encapsulations of Packets in Layer 2
20
22. .1 IPv6
vs
I Pv4
Headers
• No more Fragmentation fields (Fragment ID, Frag Offset, Flags). Fragmentation is no
longer performed by Routers but only the source of the Traffic and an Extension Header will
be used for the Fragmentation information
• No more Header Checksum as it was redundant with the Link Layer and Transport Check-
sum
• Other fields have been renamed with more explicit names like Hop Limit instead of TTL
• The Traffic Class used instead of ToS/Precedence but still transports a DSCP for QoS
• IPv6 Addresses are 4 times larger.
• The Protocol field is replaced with a Next Header as now the Headers can be daisy
chained to add several options to a packet!
• A new field pretty much unused so far: the Flow Label. It should be used to identify a flow with
the Source and Destination Addresses. It is not used for two reasons:
There is no common agreement to use it in a standard way.
People are scared that a non default Flow Label (0) would give information to hackers about the sensi-
tive traffic!
The data are aligned on 64 bits for better memory access
.2 Path
M TU
Discovery
Fragmentation is expensive as it consumes resources on the Router or the Host which fragments the
packet, and it also consumes resources on the destination host which reassembles the packets.
The biggest improvement which really gives IPv6 more Flexibility and Versatility is the use of daisy
Some Firewall or NAT devices do the reassembly as they need the information contained in the first chained Extension Headers. Now, it becomes possible to push many headers in an IPv6 packet and
fragment like the Port numbers. as these Headers are TLV (Type, Length, Value) you can add a new Header Extension to support a
Fragmentation is also a very easy to initiate DoS Attack, as a station sending traffic requiring a lot of new Network Layer Application.
Fragmentation or Reassembly can kill this station overwhelming its CPU! The first great example of what we can do will be introduced in a later Module. This is for Mobile IPv6
So Fragmentation is avoided in IPv4 already systematically for all TCP Traffic with a protocol called and the derived applications.
Path MTU Discovery!
An IPv6 router is not allowed to fragment a packet, only a source of a connection can, including a The Extension Headers are the following and SHOULD follow this order:
router is it is the head-end of a tunnel and it encapsulates IPv6 in IPv6 but this is a special case.
• Hop-by-hop. This Option MUST be checked by each router in the path. In IPv4 we had the
The principle is that the station starts sending at the maximum MTU, and every time a Router cannot Router Alert to do the same, and this Router Alert is transported in this Option when needed.
route the packet because of MTU it drops the packet rather than fragmenting and sends an ICMP Re- It is used by Multicast (IGMP or PIM), RSVP and other applications.
port providing the next Link MTU. The source sends the next packet at this MTU, and the operation
may eventually be repeated. Router Alert Option
MINIMUM MTU FOR IPv6 IS 1280 BYTES The Router Alert Option (RFC2711) tells the router that it must take a look at the packet. It is car-
ried in an hop-by-hop option.
Example :
Frame 3836 (90 bytes on wire, 90 bytes captured)
.3 Extension
Headers Ethernet II, Src: ca:00:06:a9:00:1c (ca:00:06:a9:00:1c), Dst: IPv6mcast_00:00:00:01
(33:33:00:00:00:01)
Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
Source: ca:00:06:a9:00:1c (ca:00:06:a9:00:1c)
Type: IPv6 (0x86dd)
21
23. Internet Protocol Version 6
0110 .... = Version: 6
.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 36 Routing Header. 3 Types. Type 0 and 1 are now deprecated and should not be used anymore, too
Next header: IPv6 hop-by-hop option (0x00) dangerous. Type 2 is still used by Mobile IPv6.
Hop limit: 1 o Type 0. There is a list of addresses in the header, and the packet must go through
Source: fe80::c800:6ff:fea9:1c (fe80::c800:6ff:fea9:1c)
each of the routers listed. There is a pointer for the router to know where in the list we
Destination: ff02::1 (ff02::1)
Hop-by-Hop Option are. The destination IP address of the IP packet is the next hop of the source routing
Next header: ICMPv6 (0x3a) header. This was not the case in IPv4 where the IP source and destination IP ad-
Length: 0 (8 bytes) dresses were not modified by source routing. It is now deprecated since RFC5095.
Router alert: MLD (4 bytes) o Type 1 is deprecated for a long time.
PadN: 2 bytes
Internet Control Message Protocol v6 o Type 2 are used by Mobile IPv6. It is used to specify the home address of the mobile
Type: 130 (Multicast listener query) node. Only one hop!
Code: 0
Checksum: 0x88d1 [correct] Example of a capture. Note that the addresses used are the deprecated site-local addresses :
Maximum response delay[ms]: 10000
Multicast Address: :: Frame:
S Flag: OFF + Ethernet: Etype = IPv6
Robustness: 2
QQI: 125 - Ipv6: Next Protocol = ICMPv6, Payload Length = 64
+ Versions: IPv6, Internet Protocol, DSCP 0
PayloadLength: 64 (0x40)
NextProtocol: IPv6 Routing header, 43(0x2b)
HopLimit: 127 (0x7F)
• Destination options. This Option is only checked by the Destination of the packet. Mobile SourceAddress: FEC0:0:0:2:2B0:D0FF:FEE9:4133
IPv6 uses this Option. DestinationAddress: FEC0:0:0:2:260:97FF:FE02:578F
- RoutingHeader:
If a routing header is present it tells what to do to each intermediary router. If there is no routing
NextHeader: ICMPv6
header, it is only for the final destination. ExtHdrLen: 2(24 bytes)
Example: RoutingType: 0 (0x0)
SegmentsLeft: 1 (0x1)
Frame 609 (114 bytes on wire, 114 bytes captured) Reserved: 0 (0x0)
Ethernet II, Src: ca:00:06:a9:00:1c (ca:00:06:a9:00:1c), Dst: ca:01:06:a9:00:1c RouteAddress: FEC0:0:0:1:260:8FF:FE32:F9D8
(ca:01:06:a9:00:1c) Icmpv6: Echo request, ID = 0x0, Seq = 0x3d1a
Internet Protocol Version 6
0110 .... = Version: 6
.... 1010 0000 .... .... .... .... .... = Traffic class: 0x000000a0 o Fragment. If the Source must fragment the packet.
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 60 o IPSec Authentication (AH)
Next header: IPv6 hop-by-hop option (0x00) o IPSec Authentication and Encryption (ESP)
Hop limit: 64
Source: 2001:db8:c0a8:b:c800:6ff:fea9:1c (2001:db8:c0a8:b:c800:6ff:fea9:1c) o Mobility. Used for the signaling of Mobile IPv6.
Destination: 2001:db8:c0a8:b:c801:6ff:fea9:1c
(2001:db8:c0a8:b:c801:6ff:fea9:1c) o Destination option (if routing absent)
Hop-by-Hop Option
o Jumbo Payload option
Next header: IPv6 destination option (0x3c)
Length: 0 (8 bytes) The Jumbo payload option allow for larger datagram than the 65,536 permitted by plain IPv6. With
PadN: 6 bytes Jumbo payload option, it can be up to 4,294,967,295 octets (RFC2675).
Destination Option
Next header: UDP (0x11) Upper layer
Length: 0 (8 bytes)
PadN: 6 bytes
User Datagram Protocol, Src Port: 57768 (57768), Dst Port: echo (7)
Echo
22
24. .4 MAC
Encapsula5on
of
I Pv6
Packets
Ethernet Protocol Encapsulation
Dest Ethernet Source Ethernet
Address Address 0x86DD IPv6 Datagram
Protocol: 0x86dd
In IPv4 it was 0x800 and 0x806 for ARP
.4.1 Mul5cast
M AC
Address
Mapping
! IPv6 Multicast Address
! FF02:0:0:0:0:1:FF90:FE53
FF02:0:0:0:0:1:FF90:FE53
! 128 bits
! Mac Address
! 33:33:FF:90:FE:53 33:33:FF:90:FE:53
! 48 bits
23