SlideShare uma empresa Scribd logo

Exploring I Pv6

Gratien D'haese
Gratien D'haese

The End of the Internet as we know it today? presented at T-Dose 2011, Eindhoven, NL (6 Nov. 2011)

1 de 42
Baixar para ler offline
Exploring IPv6 The end of the Internet as we know today? Gratien D'haese IT3 Consultants gratien.dhaese@it3.be
Conclusion ● The end of the Internet as we know today? ● IPv4 address space is getting scarce ● IPv4 will still be available for a long time ● IPv6 is getting slowly deployed ● IPv6 will boost from this year on – Not because we like it, but because we have no choice – No need to be afraid of IPv6 (after this talk :) – Dual stack with IPv4, or 6to4 tunnels 2011-11-06 | Gratien D'haese Exploring IPv6 2
Abbreviations ● IPv4/6: Internet Protocol 4/6 ● ISC: Internet Systems Consortium ● IANA: Internet Assigned Numbers Authority ● RIR: Regional Internet Number Registries ● CIDR: Classless Inter-domain Routing ● NAT: Network Address Translation ● AS: Autonomous System 2011-11-06 | Gratien D'haese Exploring IPv6 3
IPv6 history ● Designed in 1994 [RFC 1752 and many more] ● In the nineties estimated run-out of IPv4 addresses was expecting between 2000-2008 ● The usage of CIDR and NAT slowed down the depletion of IPv4 addresses, but also ● The dot com crisis, and ● Financial crisis in 2008-2009 ● The Internet still grows rapidly (mobile devices,...) 2011-11-06 | Gratien D'haese Exploring IPv6 4
The IPv4 host count 'till today (data coming from ISC) 2011-11-06 | Gratien D'haese Exploring IPv6 5
IPv4 Address Space ● 32-bit number => 232 (4.294.967.296) ● 4 dotted decimal notation, e.g. 18.2.45.78 ● Divided into classes ●A Class: 8-bit network (128 * 16,8 million) ● B Class: 16-bit network (16.384 * 65.536) ● C Class: 24-bit network ( 2 million * 256) ● 70% of A and B Classes are allocated to big companies and incredible under-used (approx. 3 billion addresses wasted) 2011-11-06 | Gratien D'haese Exploring IPv6 6
IPv4 Depletion rate www.potaroo.net/tools/ipv4/ 2011-11-06 | Gratien D'haese Exploring IPv6 7
IPv6 history ● Backbone routers (vendors): took time to become IPv6 ready ● Today these limitations are behind us ● But, are all ISP's capable for serving IPv6 traffic? ● The main Operating Systems (Linux, Mac OS/X and Windows) now support IPv6 ● IPv6 has been implemented more widely in Europe and Asia than in the USA. 2011-11-06 | Gratien D'haese Exploring IPv6 8
IPv6 enabled ASs in global routing http://v6asns.ripe.net/ 2011-11-06 | Gratien D'haese Exploring IPv6 9
Is your ISP IPv6 ready ? ● Have a look at ● http://ripeness.ripe.net/4star/BE.html ● http://www.vyncke.org/ipv6status/detailed.php? country=be&type=ISP ● Most ISPs will deliver IPv6 to home consumers not before 2012 (or 2013?) ... ● Around 48% ISPs can provide IPv6 addresses – See http://ripeness.ripe.net/pies.html – Mostly through IPv6-to-IPv4 tunneling – One year ago it was only 31% 2011-11-06 | Gratien D'haese Exploring IPv6 10
IPv6 Addressing 128 38 ● 2 = 3.4 x 10 addresses (128 bits!!) = 340.282.366.920.938.463.463.374.607.431.768.211.456 ● IPv6 address is divided into Network ID Interface ID 64 bits 64 bits 3 45 16 64 Subnet 001 Global Routing Prefix ID Interface ID public topology site interface identifier topology 2011-11-06 | Gratien D'haese Exploring IPv6 11
IPv6 Addressing (cont.) ● Notation ● IPv6 address written as eight groups of four hexadecimal digits – 2001:0db9:85a6:07c4:1243:8a81:0301:7351 ● Leading zeros may be dropped – 2001:9a03:0000:12c2:0000:0000:0fa1:0001 – 2001:9a03:0:12c2:0:0:fa1:1 ● Up to one double colon substitution is permitted – 2001:9a03:0:12c2::fa1:1 – :: means one or more groups of 16 bits of zeroes 2011-11-06 | Gratien D'haese Exploring IPv6 12
IPv6 Addressing Types ● Unicast ● Identify one system on the Internet ● Globally routable ● Highest order bits are 001 (of Network Id) ● Multicast ● Deliver to an entire group of systems ● Anycast ● Deliver to any one of a group of systems ● Ideal for mobile devices 2011-11-06 | Gratien D'haese Exploring IPv6 13
Addressing Types Unique Link Global Local Local Multicast Multicast Unicast Anycast Aggregatable Assigned Solicited node Link Local Global Unique Local FF00::/8 FF02::1:FF00:0000/104 FF80::/10 2001::/16 FC00::/7 Unspecified Aggregatable Link Local Global Unique Local IPv4 Compatible Loopback ::/128 FF80::/10 2001::/16 FC00::/7 0:0:0:0:0:0::/96 ::1/128 2011-11-06 | Gratien D'haese Exploring IPv6 14
IPv6 Address Types (cont.) Address Type Binary Prefix Prefix unspecified 000...0 (128 bits) ::/128 loopback 000...01 (128 bits) ::1/128 link-local unicast 1111 1110 10 FE80::/10 multicast 1111 1111 FF00::/8 global unicast All other addresses 2011-11-06 | Gratien D'haese Exploring IPv6 15
Unicast Addresses ● Global Unicast addresses are in 2000::/3 block ● 2001:5c0:1400:b::9773/128 2011-11-06 | Gratien D'haese Exploring IPv6 16
Anycast Addresses ● The same anycast address is assigned to a group of interfaces (nodes) ● However, a packet sent to an anycast address is delivered to the nearest one having this address ● Assigned from unicast address range ● Usage in the area of DNS discovery and Universal Plug and Play, but also used for multiple name, web and mail servers 2011-11-06 | Gratien D'haese Exploring IPv6 17
Multicast Addresses ● In IPv6 multicast replaces IPv4 “broadcast” 11111111 flag scope Reserved (all zero's) Group ID 8 4 4 80 32 ● Identify a participating group of hosts ● Start with 0xFF (8 1-bits) ● One flag indicates transient (=1) or permanent (=0 or well-known address assigned) ● Must define a scope (global, site, link, node) ● Group ID: 1 = all nodes; 2 = all routers; etc 2011-11-06 | Gratien D'haese Exploring IPv6 18
Multicast Scope ● A 4-bit field ● Likely values are ● 1 : Node-local scope (interface) ● 2 : Link-local scope (e.g. LAN) ● 5 : Site-local (deprecated) ● 8 : Organization-local scope ● E : Global scope ● No broadcast address in IPv6, multicast to “all nodes on the local link” (scope 2; group-ID 1) FF02::1 2011-11-06 | Gratien D'haese Exploring IPv6 19
Well-known multicast group-numbers Multicast Address Meaning FF02::1 All nodes on this link FF02::2 All routers on this link FF02::5 All OSPF routers on this link FF02::9 All RIP routers on this link FF02::1:2 All DHCP agents on this link FF05::1:3 All DHCP servers on this link FF05::101 All NTP servers on this link FF02:0:0:0:1:FF::/104 combined with Solicited-node multicast group (used 24 low order bits from IPv6 address to map MAC addresses) 2011-11-06 | Gratien D'haese Exploring IPv6 20
Solicited node multicast addresses (for NDP) ● Multicast address built from unicast address ● Concatenation of FF02::1:FF00:0/104 and ● 24 low order bits of unicast address (interface id) ● Nodes build their own IPv6 solicited node multicast address ● Nodes can use this technique to find of a destination host its MAC address, e.g. ● 2001:001A:003F:1021:0100:0028:003F:0020 ● FF02:0000:0000:0000:0000:0001:FF00:0000/104 ● FF02:0000:0000:0000:0000:0001:FF3F:0020 ● 33-33-FF-3F-00-20 (multicast MAC address) 2011-11-06 | Gratien D'haese Exploring IPv6 21
Neighbor Discovery Protocol ● Used to discover other hosts and routers on local network (stateless autoconfiguration) ● Makes use of the IPv6 multicast addresses (no ARP anymore) ● Uses ICMPv6 messages ● Neighbor solicitation ● Neighbor advertisement ● Router solicitation ● Router advertisement ● redirect 2011-11-06 | Gratien D'haese Exploring IPv6 22
Address Autoconfiguration Process ● Create a Link Local Address (FE80::/10) ● No router or server required ● IPv6 address node configuration ● Network ID – Manual – Auto (stateful or stateless) – Pre-defined well known prefix (link-local unicast FF80::/10) ● Interface ID – Manual – Auto (stateful or stateless) 2011-11-06 | Gratien D'haese Exploring IPv6 23
Link-Local Address ● Each interface has a Link-Local Address based on their MAC Address (IEEE EUI-64 - Extended Unique Identifier) 2011-11-06 | Gratien D'haese Exploring IPv6 24
Stateless Address Autoconfiguration ● Routers advertise prefixes that identify the subnet(s) associated with a link ● Hosts generate an "interface token" that uniquely identifies an interface on a subnet ● Based on EUI-64 MAC address (security?) ● Privacy Extensions: echo 1 > /proc/sys/net/ipv6/conf/all/use_tempaddr ● An address is formed by combining the two 2011-11-06 | Gratien D'haese Exploring IPv6 25
Router Solicitation (RS) ● Host sends a multicast Router solicitation when an interface is enabled ● To discover IPv6 routers present on the link ● To request an immediate Router advertisement ● Sent to All-Router Multicast Address ● Source link layer address of sender may be sent as an option ● IPv6 address ● Source: unspecified (all zeros, ::/128) ● Destination: sollicited-node multicast 2011-11-06 | Gratien D'haese Exploring IPv6 26
Router Advertisement (RA) ● Router multicasts periodically (or on demand) its availability ● Router advertisements carry ● Lifetime as a default router ● Managed flag to inform hosts how to perform Address Autoconfiguration ● List of prefixes used for a link ● Link-layer address ● Advertise an MTU for hosts to use on the link 2011-11-06 | Gratien D'haese Exploring IPv6 27
Radvd daemon ● Stateless autoconfiguration with “router advertisement daemon (radvd)” # cat /etc/radvd.conf interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 30; MaxRtrAdvInterval 100; prefix 2001:470:1f09:11b8::/64 # IPv6 address received for tunnel { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; }; # echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 2011-11-06 | Gratien D'haese Exploring IPv6 28
Stateful Address Autoconfiguration ● Clients obtain address and other optional parameters from DHCPv6 server ● DHCP server maintains the database and controls the address assignment ● Clients send DHCP solicit (DHCPv6 multicast address) ● Server responds with a DHCPv6 advertisement 2011-11-06 | Gratien D'haese Exploring IPv6 29
Domain Name Server ● Using ISC BIND ● A system can now have an IPv4 and IPv6 address ● sloeber IN A 192.168.0.13 sloeber IN AAAA 2001:470:1f09:11b8::1 ● Reverse delegation ● 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.1.1.9.0.f.1.0.7.4.0 .1.0.0.2.ip6.arpa. IN PTR ● $ORIGIN 8.b.1.1.9.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR 2011-11-06 | Gratien D'haese Exploring IPv6 30
DNS/Service Discovery @home ● How do I find my local file server? ● Multicast DNS (mDNS) = serverless DNS ● DNS queries over IP Multicast in a small network where no DNS server is installed ● Network prefix can change after modem reboots (no need to update /etc/hosts file!) ● mDNS doesn't cross router boundary ● Service Discovery ● DNS Service Discovery (mDNS/DNS-SD) ● Universal Plug and Play (UPnP) 2011-11-06 | Gratien D'haese Exploring IPv6 31
Multicast DNS (mDNS) @home (1) mDNS Query to FF02::FB, port 5353, Asking for AAAA record for fileserverHome Implementations fileserverHome Apple: Bonjour Linux: Avahi (2) mDNS responder on 'fileserverHome' responds To Multicast Group with AAAA record 2011-11-06 | Gratien D'haese Exploring IPv6 32
Transition Mechanisms ● Transition mechanisms are needed for IPv6 only host to reach IPv4 services. ● In the future we will see also IPv4 hosts need to be able to reach IPv6 services. ● Dual Stack ● Tunneling ● Translation 2011-11-06 | Gratien D'haese Exploring IPv6 33
Dual Stack ● Dual stack host can speak both IPv4 and IPv6 ● Communicate with IPv4 host by IPv4 ● Communicate with IPv6 host by IPv6 2011-11-06 | Gratien D'haese Exploring IPv6 34
Tunneling ● Through an IPv4 tunnel we can connect two IPv6 networks ● Ideal to start experimenting with IPv6 topology H1 H2 TUNNEL R1 R2 IPv6 network IPv6 network IPv4 network ● Packet-structure with tunneling IPv4 header IPv6 header TCP header Application Data R1 → R2 H1 → H2 2011-11-06 | Gratien D'haese Exploring IPv6 35
Tunnel brokers ● There are 'free' tunnel brokers available ● Require user registration ● Request an IPv6 address (128 and 48 prefix) ● Perfect to experiment with real IPv6 networking ● Hurricane Electronic ● http://www.tunnelbroker.net/ ● SixXS ● http://www.sixxs.net/main/ ● GogoNET Freenet6 ● http://gogonet.gogo6.com/ 2011-11-06 | Gratien D'haese Exploring IPv6 36
Translation ● An extension to NAT techniques to translate header formats as well as addresses ● Translate IPv6 only host to IPv4 host (vice versa is not trivial) ● Protocol translation ● Mapping address ● Unreliable and try to avoid it 2011-11-06 | Gratien D'haese Exploring IPv6 37
Security: protect yourself ● Once you start with IPv6 you must turn on ip6tables ● The radvd daemon will automatically configure interfaces on Windows (vista/windows7), Mac OS/X and Linux ● Your IPv6 tunnel will open the gate to the IPv6 world ● Attacker can send a Router Advertisement and gain access to your internal network (even you're safe on the IPv4 side) 2011-11-06 | Gratien D'haese Exploring IPv6 38
Security Considerations ● MAC addresses are globally unique (?) ● SLAAC – Interface ID is derived from MAC addr ● Users are mobile (home, office, hotel rooms,...) ● Network prefixes are changing ● Interface ID remains constant over time ● User can be identified and tracked ● Use Privacy Extensions (if required) 2011-11-06 | Gratien D'haese Exploring IPv6 39
How to become IPv6 ready? ● Buy only new equipment that is IPv6 compliant ● New software must be IPv6 capable ● Make an inventory of all current hard- and software ● Educate yourself via books, courses, and setup a lab environment ● Replace hard- and software were required ● Setup IPv6 DNS servers for public servers ● Get connected natively or via tunneling ● Use IPv6 for internal/external traffic (dual stack with IPv4) 2011-11-06 | Gratien D'haese Exploring IPv6 40
Do and Don'ts ● Phased approach ● Don't separate IPv6 ● Change requirements features from IPv4 for new hardware ● Don't do everything in ● Work outside-in; then one go inside-out ● Don't appoint an IPv6 ● Dual stack; tunnels specialist ● Think about possible ● Don't buy from future renumbering vendors unless they support IPv6 2011-11-06 | Gratien D'haese Exploring IPv6 41
Make software IPv6 aware ● If you maintain an Open Source project invest time to make it IPv6 aware (if it uses IPv4 today)! ● Do what you preach: ● Relax and recover (rear) is IPv6 ready since 1.11.0 2011-11-06 | Gratien D'haese Exploring IPv6 42

Recomendados

Routing
RoutingRouting
Routingtoolzsmoile
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoDigicomp Academy AG
 
IPv6
IPv6IPv6
IPv6Deepraj Bhujel
 
Introduction of ipv6
Introduction of ipv6Introduction of ipv6
Introduction of ipv6KaushikMajumder22
 
Ipv6
Ipv6Ipv6
Ipv6maha5960
 
IPv6 By Vipin
IPv6 By VipinIPv6 By Vipin
IPv6 By VipinVipin Mundayad
 
Ipv6 course
Ipv6 courseIpv6 course
Ipv6 courserinnocente
 
Cisco presentation2
Cisco presentation2Cisco presentation2
Cisco presentation2ehsan nazer
 

Recomendados

Routing
RoutingRouting
Routingtoolzsmoile
 
IPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoIPv6 Security - Workshop mit Live Demo
IPv6 Security - Workshop mit Live DemoDigicomp Academy AG
 
IPv6
IPv6IPv6
IPv6Deepraj Bhujel
 
Introduction of ipv6
Introduction of ipv6Introduction of ipv6
Introduction of ipv6KaushikMajumder22
 
Ipv6
Ipv6Ipv6
Ipv6maha5960
 
IPv6 By Vipin
IPv6 By VipinIPv6 By Vipin
IPv6 By VipinVipin Mundayad
 
Ipv6 course
Ipv6 courseIpv6 course
Ipv6 courserinnocente
 
Cisco presentation2
Cisco presentation2Cisco presentation2
Cisco presentation2ehsan nazer
 
IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandIPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandAPNIC
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
IPv6 Autoconfig
IPv6 AutoconfigIPv6 Autoconfig
IPv6 AutoconfigFred Bovy
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalIKT-Norge
 
IPV6 Hands on Lab
IPV6 Hands on Lab IPV6 Hands on Lab
IPV6 Hands on Lab Cisco Canada
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Introduction to IPv6
Introduction to IPv6Introduction to IPv6
Introduction to IPv6Sara Q. Abedulridha
 
IPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanIPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanJumping Bean
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYIKT-Norge
 
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...IKT-Norge
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6RIPE NCC
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Karunakant Rai
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedFaelix Ltd
 
Samba and Vista with IPv6
Samba and Vista with IPv6Samba and Vista with IPv6
Samba and Vista with IPv6dinomasch
 
IPv6 theoryfinalx
IPv6 theoryfinalxIPv6 theoryfinalx
IPv6 theoryfinalxPawan Sharma
 
IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6Suministros Obras y Sistemas
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoFebrian ‎
 
Swiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router FlagsSwiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router FlagsDigicomp Academy AG
 
IPv6 The Big Move
IPv6 The Big MoveIPv6 The Big Move
IPv6 The Big Movefrenildand
 
The introduction to_ipv6
The introduction to_ipv6The introduction to_ipv6
The introduction to_ipv6mnihsanmz
 

Mais conteúdo relacionado

Mais procurados

IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandIPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandAPNIC
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
IPv6 Autoconfig
IPv6 AutoconfigIPv6 Autoconfig
IPv6 AutoconfigFred Bovy
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalIKT-Norge
 
IPV6 Hands on Lab
IPV6 Hands on Lab IPV6 Hands on Lab
IPV6 Hands on Lab Cisco Canada
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
IPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanIPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanJumping Bean
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYIKT-Norge
 
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...IKT-Norge
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6RIPE NCC
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Karunakant Rai
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedFaelix Ltd
 
Samba and Vista with IPv6
Samba and Vista with IPv6Samba and Vista with IPv6
Samba and Vista with IPv6dinomasch
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoFebrian ‎
 
Swiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router FlagsSwiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router FlagsDigicomp Academy AG
 

Mais procurados (20)

IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadbandIPv6 Transition & Deployment, including IPv6-only in cellular and broadband
IPv6 Transition & Deployment, including IPv6-only in cellular and broadband
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
 
IPv6 Autoconfig
IPv6 AutoconfigIPv6 Autoconfig
IPv6 Autoconfig
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in general
 
IPV6 Hands on Lab
IPV6 Hands on Lab IPV6 Hands on Lab
IPV6 Hands on Lab
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
Introduction to IPv6
Introduction to IPv6Introduction to IPv6
Introduction to IPv6
 
IPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 LanIPv6 How To Set Up a Linux IPv6 Lan
IPv6 How To Set Up a Linux IPv6 Lan
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHY
 
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6
 
Introduction to ipv6 v1.3
Introduction to ipv6 v1.3Introduction to ipv6 v1.3
Introduction to ipv6 v1.3
 
Things I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I startedThings I wish I had known about IPv6 before I started
Things I wish I had known about IPv6 before I started
 
Samba and Vista with IPv6
Samba and Vista with IPv6Samba and Vista with IPv6
Samba and Vista with IPv6
 
IPv6 theoryfinalx
IPv6 theoryfinalxIPv6 theoryfinalx
IPv6 theoryfinalx
 
IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6IPv6 Transition,Transcición IPv6
IPv6 Transition,Transcición IPv6
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address Planning
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by Hinwoto
 
Swiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router FlagsSwiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router Flags
 

Semelhante a Exploring I Pv6

IPv6 The Big Move
IPv6 The Big MoveIPv6 The Big Move
IPv6 The Big Movefrenildand
 
The introduction to_ipv6
The introduction to_ipv6The introduction to_ipv6
The introduction to_ipv6mnihsanmz
 
IPv6 - Jozi Linux User Group Presentation
IPv6 - Jozi Linux User Group PresentationIPv6 - Jozi Linux User Group Presentation
IPv6 - Jozi Linux User Group PresentationJumping Bean
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn FortinetDigicomp Academy AG
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6Syed Arshad
 
I pv6(internet protocol version 6)
I pv6(internet protocol version 6)I pv6(internet protocol version 6)
I pv6(internet protocol version 6)Subrata Kumer Paul
 
Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6 Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6 Ceph Community
 
IPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToIPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToGary Wilhelm
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Erik Ginalick
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Erik Ginalick
 
what/why/how of IPv6 || 2002:3239:43c3::1
what/why/how of IPv6 || 2002:3239:43c3::1what/why/how of IPv6 || 2002:3239:43c3::1
what/why/how of IPv6 || 2002:3239:43c3::1Anshu Prateek
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60RIPE Meetings
 
Ipv6 presentation
Ipv6 presentation Ipv6 presentation
Ipv6 presentation Alee Hassan
 

Semelhante a Exploring I Pv6 (20)

IPv6 The Big Move
IPv6 The Big MoveIPv6 The Big Move
IPv6 The Big Move
 
The introduction to_ipv6
The introduction to_ipv6The introduction to_ipv6
The introduction to_ipv6
 
IPv6 - Jozi Linux User Group Presentation
IPv6 - Jozi Linux User Group PresentationIPv6 - Jozi Linux User Group Presentation
IPv6 - Jozi Linux User Group Presentation
 
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
4. IPv6 Security - Workshop mit Live Demo - Marco Senn Fortinet
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi Palet
 
I pv6(internet protocol version 6)
I pv6(internet protocol version 6)I pv6(internet protocol version 6)
I pv6(internet protocol version 6)
 
Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6 Ceph Day Amsterdam 2015 - Ceph over IPv6
Ceph Day Amsterdam 2015 - Ceph over IPv6
 
IPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have ToIPv6: We Care So You Don't Have To
IPv6: We Care So You Don't Have To
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
 
Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504Ipv Technical White Paper Wp111504
Ipv Technical White Paper Wp111504
 
what/why/how of IPv6 || 2002:3239:43c3::1
what/why/how of IPv6 || 2002:3239:43c3::1what/why/how of IPv6 || 2002:3239:43c3::1
what/why/how of IPv6 || 2002:3239:43c3::1
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
 
Ipv6 presentation
Ipv6 presentation Ipv6 presentation
Ipv6 presentation
 
IPv6
IPv6IPv6
IPv6
 
IPV6
IPV6 IPV6
IPV6
 
IPv6
IPv6IPv6
IPv6
 
PACE-IT: Introduction to IPv6 - N10 006
PACE-IT: Introduction to IPv6 - N10 006 PACE-IT: Introduction to IPv6 - N10 006
PACE-IT: Introduction to IPv6 - N10 006
 
Ipv6^ new
Ipv6^ newIpv6^ new
Ipv6^ new
 

Mais de Gratien D'haese

Open Technology Assemby Open Source Support Program
Open Technology Assemby Open Source Support ProgramOpen Technology Assemby Open Source Support Program
Open Technology Assemby Open Source Support ProgramGratien D'haese
 
Rear automated testing with Bareos
Rear automated testing with BareosRear automated testing with Bareos
Rear automated testing with BareosGratien D'haese
 
Relax-and-Recover Automated Testing
Relax-and-Recover Automated TestingRelax-and-Recover Automated Testing
Relax-and-Recover Automated TestingGratien D'haese
 
Business Continuity Planning with Bareos and rear (Loadays 2015)
Business Continuity Planning with Bareos and rear (Loadays 2015)Business Continuity Planning with Bareos and rear (Loadays 2015)
Business Continuity Planning with Bareos and rear (Loadays 2015)Gratien D'haese
 
Upgrade ux-fosdem-2015-gdhaese
Upgrade ux-fosdem-2015-gdhaeseUpgrade ux-fosdem-2015-gdhaese
Upgrade ux-fosdem-2015-gdhaeseGratien D'haese
 
Linux Disaster Recovery Best Practices with rear
Linux Disaster Recovery Best Practices with rearLinux Disaster Recovery Best Practices with rear
Linux Disaster Recovery Best Practices with rearGratien D'haese
 
Linux Disaster Recovery Solutions
Linux Disaster Recovery SolutionsLinux Disaster Recovery Solutions
Linux Disaster Recovery SolutionsGratien D'haese
 

Mais de Gratien D'haese (11)

Open Technology Assemby Open Source Support Program
Open Technology Assemby Open Source Support ProgramOpen Technology Assemby Open Source Support Program
Open Technology Assemby Open Source Support Program
 
What did you inspec?
What did you inspec?What did you inspec?
What did you inspec?
 
Rear automated testing with Bareos
Rear automated testing with BareosRear automated testing with Bareos
Rear automated testing with Bareos
 
Relax-and-Recover Automated Testing
Relax-and-Recover Automated TestingRelax-and-Recover Automated Testing
Relax-and-Recover Automated Testing
 
Business Continuity Planning with Bareos and rear (Loadays 2015)
Business Continuity Planning with Bareos and rear (Loadays 2015)Business Continuity Planning with Bareos and rear (Loadays 2015)
Business Continuity Planning with Bareos and rear (Loadays 2015)
 
Upgrade ux-fosdem-2015-gdhaese
Upgrade ux-fosdem-2015-gdhaeseUpgrade ux-fosdem-2015-gdhaese
Upgrade ux-fosdem-2015-gdhaese
 
Cfg2html fosdem2014
Cfg2html fosdem2014Cfg2html fosdem2014
Cfg2html fosdem2014
 
Adhocr T-dose 2012
Adhocr T-dose 2012Adhocr T-dose 2012
Adhocr T-dose 2012
 
LinuxTag2012 Rear
LinuxTag2012 RearLinuxTag2012 Rear
LinuxTag2012 Rear
 
Linux Disaster Recovery Best Practices with rear
Linux Disaster Recovery Best Practices with rearLinux Disaster Recovery Best Practices with rear
Linux Disaster Recovery Best Practices with rear
 
Linux Disaster Recovery Solutions
Linux Disaster Recovery SolutionsLinux Disaster Recovery Solutions
Linux Disaster Recovery Solutions
 

Exploring I Pv6

  • 1. Exploring IPv6 The end of the Internet as we know today? Gratien D'haese IT3 Consultants gratien.dhaese@it3.be
  • 2. Conclusion ● The end of the Internet as we know today? ● IPv4 address space is getting scarce ● IPv4 will still be available for a long time ● IPv6 is getting slowly deployed ● IPv6 will boost from this year on – Not because we like it, but because we have no choice – No need to be afraid of IPv6 (after this talk :) – Dual stack with IPv4, or 6to4 tunnels 2011-11-06 | Gratien D'haese Exploring IPv6 2
  • 3. Abbreviations ● IPv4/6: Internet Protocol 4/6 ● ISC: Internet Systems Consortium ● IANA: Internet Assigned Numbers Authority ● RIR: Regional Internet Number Registries ● CIDR: Classless Inter-domain Routing ● NAT: Network Address Translation ● AS: Autonomous System 2011-11-06 | Gratien D'haese Exploring IPv6 3
  • 4. IPv6 history ● Designed in 1994 [RFC 1752 and many more] ● In the nineties estimated run-out of IPv4 addresses was expecting between 2000-2008 ● The usage of CIDR and NAT slowed down the depletion of IPv4 addresses, but also ● The dot com crisis, and ● Financial crisis in 2008-2009 ● The Internet still grows rapidly (mobile devices,...) 2011-11-06 | Gratien D'haese Exploring IPv6 4
  • 5. The IPv4 host count 'till today (data coming from ISC) 2011-11-06 | Gratien D'haese Exploring IPv6 5
  • 6. IPv4 Address Space ● 32-bit number => 232 (4.294.967.296) ● 4 dotted decimal notation, e.g. 18.2.45.78 ● Divided into classes ●A Class: 8-bit network (128 * 16,8 million) ● B Class: 16-bit network (16.384 * 65.536) ● C Class: 24-bit network ( 2 million * 256) ● 70% of A and B Classes are allocated to big companies and incredible under-used (approx. 3 billion addresses wasted) 2011-11-06 | Gratien D'haese Exploring IPv6 6
  • 7. IPv4 Depletion rate www.potaroo.net/tools/ipv4/ 2011-11-06 | Gratien D'haese Exploring IPv6 7
  • 8. IPv6 history ● Backbone routers (vendors): took time to become IPv6 ready ● Today these limitations are behind us ● But, are all ISP's capable for serving IPv6 traffic? ● The main Operating Systems (Linux, Mac OS/X and Windows) now support IPv6 ● IPv6 has been implemented more widely in Europe and Asia than in the USA. 2011-11-06 | Gratien D'haese Exploring IPv6 8
  • 9. IPv6 enabled ASs in global routing http://v6asns.ripe.net/ 2011-11-06 | Gratien D'haese Exploring IPv6 9
  • 10. Is your ISP IPv6 ready ? ● Have a look at ● http://ripeness.ripe.net/4star/BE.html ● http://www.vyncke.org/ipv6status/detailed.php? country=be&type=ISP ● Most ISPs will deliver IPv6 to home consumers not before 2012 (or 2013?) ... ● Around 48% ISPs can provide IPv6 addresses – See http://ripeness.ripe.net/pies.html – Mostly through IPv6-to-IPv4 tunneling – One year ago it was only 31% 2011-11-06 | Gratien D'haese Exploring IPv6 10
  • 11. IPv6 Addressing 128 38 ● 2 = 3.4 x 10 addresses (128 bits!!) = 340.282.366.920.938.463.463.374.607.431.768.211.456 ● IPv6 address is divided into Network ID Interface ID 64 bits 64 bits 3 45 16 64 Subnet 001 Global Routing Prefix ID Interface ID public topology site interface identifier topology 2011-11-06 | Gratien D'haese Exploring IPv6 11
  • 12. IPv6 Addressing (cont.) ● Notation ● IPv6 address written as eight groups of four hexadecimal digits – 2001:0db9:85a6:07c4:1243:8a81:0301:7351 ● Leading zeros may be dropped – 2001:9a03:0000:12c2:0000:0000:0fa1:0001 – 2001:9a03:0:12c2:0:0:fa1:1 ● Up to one double colon substitution is permitted – 2001:9a03:0:12c2::fa1:1 – :: means one or more groups of 16 bits of zeroes 2011-11-06 | Gratien D'haese Exploring IPv6 12
  • 13. IPv6 Addressing Types ● Unicast ● Identify one system on the Internet ● Globally routable ● Highest order bits are 001 (of Network Id) ● Multicast ● Deliver to an entire group of systems ● Anycast ● Deliver to any one of a group of systems ● Ideal for mobile devices 2011-11-06 | Gratien D'haese Exploring IPv6 13
  • 14. Addressing Types Unique Link Global Local Local Multicast Multicast Unicast Anycast Aggregatable Assigned Solicited node Link Local Global Unique Local FF00::/8 FF02::1:FF00:0000/104 FF80::/10 2001::/16 FC00::/7 Unspecified Aggregatable Link Local Global Unique Local IPv4 Compatible Loopback ::/128 FF80::/10 2001::/16 FC00::/7 0:0:0:0:0:0::/96 ::1/128 2011-11-06 | Gratien D'haese Exploring IPv6 14
  • 15. IPv6 Address Types (cont.) Address Type Binary Prefix Prefix unspecified 000...0 (128 bits) ::/128 loopback 000...01 (128 bits) ::1/128 link-local unicast 1111 1110 10 FE80::/10 multicast 1111 1111 FF00::/8 global unicast All other addresses 2011-11-06 | Gratien D'haese Exploring IPv6 15
  • 16. Unicast Addresses ● Global Unicast addresses are in 2000::/3 block ● 2001:5c0:1400:b::9773/128 2011-11-06 | Gratien D'haese Exploring IPv6 16
  • 17. Anycast Addresses ● The same anycast address is assigned to a group of interfaces (nodes) ● However, a packet sent to an anycast address is delivered to the nearest one having this address ● Assigned from unicast address range ● Usage in the area of DNS discovery and Universal Plug and Play, but also used for multiple name, web and mail servers 2011-11-06 | Gratien D'haese Exploring IPv6 17
  • 18. Multicast Addresses ● In IPv6 multicast replaces IPv4 “broadcast” 11111111 flag scope Reserved (all zero's) Group ID 8 4 4 80 32 ● Identify a participating group of hosts ● Start with 0xFF (8 1-bits) ● One flag indicates transient (=1) or permanent (=0 or well-known address assigned) ● Must define a scope (global, site, link, node) ● Group ID: 1 = all nodes; 2 = all routers; etc 2011-11-06 | Gratien D'haese Exploring IPv6 18
  • 19. Multicast Scope ● A 4-bit field ● Likely values are ● 1 : Node-local scope (interface) ● 2 : Link-local scope (e.g. LAN) ● 5 : Site-local (deprecated) ● 8 : Organization-local scope ● E : Global scope ● No broadcast address in IPv6, multicast to “all nodes on the local link” (scope 2; group-ID 1) FF02::1 2011-11-06 | Gratien D'haese Exploring IPv6 19
  • 20. Well-known multicast group-numbers Multicast Address Meaning FF02::1 All nodes on this link FF02::2 All routers on this link FF02::5 All OSPF routers on this link FF02::9 All RIP routers on this link FF02::1:2 All DHCP agents on this link FF05::1:3 All DHCP servers on this link FF05::101 All NTP servers on this link FF02:0:0:0:1:FF::/104 combined with Solicited-node multicast group (used 24 low order bits from IPv6 address to map MAC addresses) 2011-11-06 | Gratien D'haese Exploring IPv6 20
  • 21. Solicited node multicast addresses (for NDP) ● Multicast address built from unicast address ● Concatenation of FF02::1:FF00:0/104 and ● 24 low order bits of unicast address (interface id) ● Nodes build their own IPv6 solicited node multicast address ● Nodes can use this technique to find of a destination host its MAC address, e.g. ● 2001:001A:003F:1021:0100:0028:003F:0020 ● FF02:0000:0000:0000:0000:0001:FF00:0000/104 ● FF02:0000:0000:0000:0000:0001:FF3F:0020 ● 33-33-FF-3F-00-20 (multicast MAC address) 2011-11-06 | Gratien D'haese Exploring IPv6 21
  • 22. Neighbor Discovery Protocol ● Used to discover other hosts and routers on local network (stateless autoconfiguration) ● Makes use of the IPv6 multicast addresses (no ARP anymore) ● Uses ICMPv6 messages ● Neighbor solicitation ● Neighbor advertisement ● Router solicitation ● Router advertisement ● redirect 2011-11-06 | Gratien D'haese Exploring IPv6 22
  • 23. Address Autoconfiguration Process ● Create a Link Local Address (FE80::/10) ● No router or server required ● IPv6 address node configuration ● Network ID – Manual – Auto (stateful or stateless) – Pre-defined well known prefix (link-local unicast FF80::/10) ● Interface ID – Manual – Auto (stateful or stateless) 2011-11-06 | Gratien D'haese Exploring IPv6 23
  • 24. Link-Local Address ● Each interface has a Link-Local Address based on their MAC Address (IEEE EUI-64 - Extended Unique Identifier) 2011-11-06 | Gratien D'haese Exploring IPv6 24
  • 25. Stateless Address Autoconfiguration ● Routers advertise prefixes that identify the subnet(s) associated with a link ● Hosts generate an "interface token" that uniquely identifies an interface on a subnet ● Based on EUI-64 MAC address (security?) ● Privacy Extensions: echo 1 > /proc/sys/net/ipv6/conf/all/use_tempaddr ● An address is formed by combining the two 2011-11-06 | Gratien D'haese Exploring IPv6 25
  • 26. Router Solicitation (RS) ● Host sends a multicast Router solicitation when an interface is enabled ● To discover IPv6 routers present on the link ● To request an immediate Router advertisement ● Sent to All-Router Multicast Address ● Source link layer address of sender may be sent as an option ● IPv6 address ● Source: unspecified (all zeros, ::/128) ● Destination: sollicited-node multicast 2011-11-06 | Gratien D'haese Exploring IPv6 26
  • 27. Router Advertisement (RA) ● Router multicasts periodically (or on demand) its availability ● Router advertisements carry ● Lifetime as a default router ● Managed flag to inform hosts how to perform Address Autoconfiguration ● List of prefixes used for a link ● Link-layer address ● Advertise an MTU for hosts to use on the link 2011-11-06 | Gratien D'haese Exploring IPv6 27
  • 28. Radvd daemon ● Stateless autoconfiguration with “router advertisement daemon (radvd)” # cat /etc/radvd.conf interface eth0 { AdvSendAdvert on; MinRtrAdvInterval 30; MaxRtrAdvInterval 100; prefix 2001:470:1f09:11b8::/64 # IPv6 address received for tunnel { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; }; # echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 2011-11-06 | Gratien D'haese Exploring IPv6 28
  • 29. Stateful Address Autoconfiguration ● Clients obtain address and other optional parameters from DHCPv6 server ● DHCP server maintains the database and controls the address assignment ● Clients send DHCP solicit (DHCPv6 multicast address) ● Server responds with a DHCPv6 advertisement 2011-11-06 | Gratien D'haese Exploring IPv6 29
  • 30. Domain Name Server ● Using ISC BIND ● A system can now have an IPv4 and IPv6 address ● sloeber IN A 192.168.0.13 sloeber IN AAAA 2001:470:1f09:11b8::1 ● Reverse delegation ● 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.1.1.9.0.f.1.0.7.4.0 .1.0.0.2.ip6.arpa. IN PTR ● $ORIGIN 8.b.1.1.9.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR 2011-11-06 | Gratien D'haese Exploring IPv6 30
  • 31. DNS/Service Discovery @home ● How do I find my local file server? ● Multicast DNS (mDNS) = serverless DNS ● DNS queries over IP Multicast in a small network where no DNS server is installed ● Network prefix can change after modem reboots (no need to update /etc/hosts file!) ● mDNS doesn't cross router boundary ● Service Discovery ● DNS Service Discovery (mDNS/DNS-SD) ● Universal Plug and Play (UPnP) 2011-11-06 | Gratien D'haese Exploring IPv6 31
  • 32. Multicast DNS (mDNS) @home (1) mDNS Query to FF02::FB, port 5353, Asking for AAAA record for fileserverHome Implementations fileserverHome Apple: Bonjour Linux: Avahi (2) mDNS responder on 'fileserverHome' responds To Multicast Group with AAAA record 2011-11-06 | Gratien D'haese Exploring IPv6 32
  • 33. Transition Mechanisms ● Transition mechanisms are needed for IPv6 only host to reach IPv4 services. ● In the future we will see also IPv4 hosts need to be able to reach IPv6 services. ● Dual Stack ● Tunneling ● Translation 2011-11-06 | Gratien D'haese Exploring IPv6 33
  • 34. Dual Stack ● Dual stack host can speak both IPv4 and IPv6 ● Communicate with IPv4 host by IPv4 ● Communicate with IPv6 host by IPv6 2011-11-06 | Gratien D'haese Exploring IPv6 34
  • 35. Tunneling ● Through an IPv4 tunnel we can connect two IPv6 networks ● Ideal to start experimenting with IPv6 topology H1 H2 TUNNEL R1 R2 IPv6 network IPv6 network IPv4 network ● Packet-structure with tunneling IPv4 header IPv6 header TCP header Application Data R1 → R2 H1 → H2 2011-11-06 | Gratien D'haese Exploring IPv6 35
  • 36. Tunnel brokers ● There are 'free' tunnel brokers available ● Require user registration ● Request an IPv6 address (128 and 48 prefix) ● Perfect to experiment with real IPv6 networking ● Hurricane Electronic ● http://www.tunnelbroker.net/ ● SixXS ● http://www.sixxs.net/main/ ● GogoNET Freenet6 ● http://gogonet.gogo6.com/ 2011-11-06 | Gratien D'haese Exploring IPv6 36
  • 37. Translation ● An extension to NAT techniques to translate header formats as well as addresses ● Translate IPv6 only host to IPv4 host (vice versa is not trivial) ● Protocol translation ● Mapping address ● Unreliable and try to avoid it 2011-11-06 | Gratien D'haese Exploring IPv6 37
  • 38. Security: protect yourself ● Once you start with IPv6 you must turn on ip6tables ● The radvd daemon will automatically configure interfaces on Windows (vista/windows7), Mac OS/X and Linux ● Your IPv6 tunnel will open the gate to the IPv6 world ● Attacker can send a Router Advertisement and gain access to your internal network (even you're safe on the IPv4 side) 2011-11-06 | Gratien D'haese Exploring IPv6 38
  • 39. Security Considerations ● MAC addresses are globally unique (?) ● SLAAC – Interface ID is derived from MAC addr ● Users are mobile (home, office, hotel rooms,...) ● Network prefixes are changing ● Interface ID remains constant over time ● User can be identified and tracked ● Use Privacy Extensions (if required) 2011-11-06 | Gratien D'haese Exploring IPv6 39
  • 40. How to become IPv6 ready? ● Buy only new equipment that is IPv6 compliant ● New software must be IPv6 capable ● Make an inventory of all current hard- and software ● Educate yourself via books, courses, and setup a lab environment ● Replace hard- and software were required ● Setup IPv6 DNS servers for public servers ● Get connected natively or via tunneling ● Use IPv6 for internal/external traffic (dual stack with IPv4) 2011-11-06 | Gratien D'haese Exploring IPv6 40
  • 41. Do and Don'ts ● Phased approach ● Don't separate IPv6 ● Change requirements features from IPv4 for new hardware ● Don't do everything in ● Work outside-in; then one go inside-out ● Don't appoint an IPv6 ● Dual stack; tunnels specialist ● Think about possible ● Don't buy from future renumbering vendors unless they support IPv6 2011-11-06 | Gratien D'haese Exploring IPv6 41
  • 42. Make software IPv6 aware ● If you maintain an Open Source project invest time to make it IPv6 aware (if it uses IPv4 today)! ● Do what you preach: ● Relax and recover (rear) is IPv6 ready since 1.11.0 2011-11-06 | Gratien D'haese Exploring IPv6 42