Академический Документы
Профессиональный Документы
Культура Документы
Addressing
NAT can be used to extend address Does not support NAT by design
space limitations
Administrators must use the Hosts use stateless address
Dynamic Host Configuration Protocol autoconfiguration and DHCPv6 to
or static configuration to assign assign an IP address to themselves
IP addresses to hosts
IPsec support is optional IPsec support is necessary
Options are integrated into the base Improved support for options using
header extension headers and overall
simplification of the header format
Traffic
Version (4) Flow Label (20)
Class (8)
Payload Length (16) Next Header (8) Hop Limit (8) 40
bytes
Source Address (128)
Destination Address (128)
§ Routing header
•Indicated by a Next Header value of 43
•Defines strict source routing and loose source routing for an
IPv6 packet
• With strict source routing, each intermediate destination device
must be a single hop away
• With loose source routing, intermediate destination devices can be
one or more hops away
§ Fragment header:
•Indicated by a Next Header value of 44
•Fragmentation is handled at the source device
• Devices along the path do not fragment
Identification (32)
§ Fragmentation:
•Original packet is fragmented
• IPv6 header and hop-by-hop options are considered
unfragmentable
• Other extension headers, upper layer headers, and data can be
fragmented
Unfragmentable Fragment
First Fragment
Part Header
Unfragmentable Fragment
Second Fragment
Part Header
.
.
.
Unfragmentable Fragment
Last Fragment
Part Header
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 11
Authentication
§ Authentication header:
•Indicated by a Next Header value of 51
•Provides connectionless integrity and data origin
authentication for IP packets and protects against replays
Padding (0–2040)
IPv6 Address
2bfc:0000:0000:0000:0217:cbff:fe8c:5c85/64
16 16 16 16
bits bits bits bits
64-bit prefix
§ Address types:
•Unicast: Unique address that identifies an IPv6 node
•Multicast: Group of IPv6 interfaces
•Anycast: Assigned to multiple interfaces on multiple nodes
Internet
Company Company
ABC XYZ
R1
fe80::226:88ff:fe02:7481 fe80::226:88ff:fe02:7482
ge-0/0/1.0 ge-0/0/2.0
§ Interface ID:
•Uniquely identifies a host on a subnet
•Is 64 bits long
•Is constructed in modified EUI-64 format
•Is a permutation of the interface MAC address (if available)
Interface Identifier
Prefix Interface ID
Server 1
2001:100:100:100::1
R2
R3 Mirrored Server 1
BGP Announces 2001:100:100:100::1
2001:100:100:100::/64
BGP Announces
2001:100:100:100::/64
SA = 2001:200:200:200::1
DA = 2001:100:100:100::1
BGP Announces
2001:100:100:100::/64
R1 R4
Host 1 Mirrored Server 1
2001:100:100:100::1
2001:200:200:200::1
§ Format:
•IPv4-compatible
• 0:0:0:0:0:0:192.0.2.100
• = ::192.0.2.100
• = ::C000:0264
•IPv4-mapped
• 0:0:0:0:0:FFFF:192.0.2.100
• = ::FFFF:C000:0264
Internet
Addresses with local scope are used Addresses with global scope are
within the same routing domain. used between routing domains.
Company Company
ABC XYZ
2001:0867:5309:9abc:def0:0020:1111:ff00/64
Prefix Interface ID
(Network) (Host address)
2001:0867:5309:9abc:0000:0000:000:0001
2001:0867:5309:9abc:0000:0000:000:0002
2001:0867:5309:9abc:0000:0000:000:0003
.
Valid
. addresses
.
2001:0867:5309:9abc:ffff:ffff:ffff:ffff
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 37
Subnetting Example 2
2001:0867:5309:9abc:def0:0020:1111:ff00/122
1 1 1 1 : f f 0 0
0001 0001 0001 0001 1111 1111 0000 0000
bit
128 (1)
127 (2)
113
123 (32)
122 (64)
114
118
124 (16)
121 (128)
125 (8)
126 (4)
117
115
119
120
116
number
binary
value
§ ICMPv6
•Not compatible with IPv4 ICMP
• Completely new protocol specification
•Incorporates the IPv4 IGMP functionality
•Identified by a new protocol code: next-header type
• IPv4 ICMP is protocol code 1
• IPv4 IGMP is protocol code 2
• IPv6 ICMP is next-header type 58
•RFC 2463—Replaced by RFC 4443
Router Discovery
Redirects
32 bits
Type Length Prefix Length L A Reserved
Valid Lifetime
Preferred Lifetime
Reserved
Prefix
§ Router solicitation
•Sent by hosts to locate on-link routers
•Usually sent to the all-routers multicast group
•Source address can be unspecified or the local address
•Router solicitation message consists of five fields
Options Options
32 bits 32 bits
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 11
Neighbor Solicitation
Solicited node
multicast address
allows the host to
reach all nodes with
matching last 24 bits
(derived from
I need to reach IPv6 address destination address)
2001::2003:210:A4FF:FEA6:69D0
I have that address!
Neighbor Solicitation (ICMP Type 135)
Host 1 to Solicited Node Multicast Address Host 2
•All nodes with the same final 24 bits of their IPv6 addresses
receive packets to this multicast address
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 13
Multicast to Ethernet
FF02:0000:0000:0000:0000:0001:FFA6:69D0
Group ID (112 bits)
3333 + FFA6:69D0
Multicast Final 32 Bits
Prefix of the
Group ID
§ Redirect messages
•Inform a host of a better next-hop router to a particular
destination or an on-link neighbor
3 S1
Host 1 redirects traffic destined
to Host 3 through R4 Host 2 Host 3
R4 S2
§ IPv6 autoconfiguration
•IPv6 hosts can configure their own addresses automatically
• Similar in function to IPv4 DHCP
•Two methods:
• Stateless Address Autoconfiguration (SLAAC)
• Stateful autoconfiguration (DHCPv6)
•Common ICMPv6 messages to both methods:
• Router advertisements
• Router solicitations
§ SLAAC
•Basic host address configuration
•IPv6 Stateless Address Autoconfiguration
• Based on the standards outlined in RFC 4862
•Does not require a DHCPv6 server
•Can be used simultaneously with DHCPv6 service
§ CGAs
•Used to verify the identity of the sender of a neighbor
discovery message
•Each device generates a public-private key pair
• Stored in the /var/etc/rsa_key directory
protocols {
router-advertisement {
interface interface-name {
current-hop-limit number;
default-lifetime seconds;
(managed-configuration | no-managed-configuration);
max-advertisement-interval seconds;
min-advertisement-interval seconds;
(other-stateful-configuration | no-other-stateful-configuration);
reachable-time milliseconds;
retransmit-timer milliseconds;
prefix prefix {
(autonomous | no-autonomous);
(on-link | no-on-link);
preferred-lifetime seconds;
valid-lifetime seconds;
}
}
}
}
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 24
Router Advertisement: Example 1
R1 ge-0/0/1
::1
fdcd:10:0:20::/64
ge-0/0/6 ge-0/0/1
::1 ::2
fdcd:10:0:10::/64
R3
ge-0/0/6
::2
R2 Host 1 Host 2
§ Sample configuration
[edit protocols router-advertisement]
Though not displayed, the R2 router is also
user@R1# show
configured to provide router advertisements
interface ge-0/0/6.0 {
to hosts on this LAN segment
prefix fdcd:10:10:0::/64;
}
§ Host 1 verification
[~]host1
root-> ip a s dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:00:00:01 brd ff:ff:ff:ff:ff:ff
inet 172.27.20.10/24 brd 172.27.20.255 scope global eth1
inet6 fdcd:10:10:0:250:56ff:fe00:1/64 scope global dynamic
valid_lft 2591822sec preferred_lft 604622sec
inet6 fe80::250:56ff:fe00:1/64 scope link
valid_lft forever preferred_lft forever
[~]host1
root-> ip -6 r s
fdcd:10:10::/64 dev eth1 proto kernel metric 256 expires 2146951sec mtu 1500 advmss 1440 hoplimit
4294967295
...
default via fe80::b2c6:9aff:fe73:2786 dev eth1 proto kernel metric 1024 expires 1519sec mtu 1500
advmss 1440 hoplimit 64
default via fe80::b2c6:9aff:fe73:3986 dev eth1 proto kernel metric 1024 expires 1594sec mtu 1500
advmss 1440 hoplimit 64
protocols {
router-advertisement {
traceoptions {
file name <replace> <size size> <files number> <no-stamp>
<(world-readable | no-world-readable)>;
flag flag <detail> <disable>;
}
}
}
}
IPv6 Internet
R1
Router ge-0/0/1
Advertisement
[edit protocols router-advertisement]
fdcd:10:0:24::/64 user@R2# show
interface ge-0/0/1.0 {
prefix fdcd:10:0:24::/64 {
Router valid-lifetime 2000;
Advertisement ge-0/0/1 preferred-lifetime 1800;
}
R2 }
interface ge-0/0/2.0 {
max-advertisement-interval 600;
Router ge-0/0/2
min-advertisement-interval 200;
Advertisement
prefix fdcd:10:0:16::/64 {
valid-lifetime 2000;
fdcd:10:0:16::/64 preferred-lifetime 1800;
}
}
IPv6 Internet
[edit protocols router-advertisement interface ge-0/0/1.0]
user@R1# set default-lifetime seconds
R1
0 = this router is not a default router.
Range = max. advertisement interval - 9000 seconds
Router ge-0/0/1 Default = 3 x max. advertisement interval value
Advertisement
fdcd:10:0:24::/64
Router
Advertisement ge-0/0/1
R2
Router ge-0/0/2
Advertisement
fdcd:10:0:16::/64
}
preferred-lifetime 0;
R1
prefix fdcd:10:0:36::/64 {
valid-lifetime 2000;
preferred-lifetime 1800;
}
} ge-0/0/1
Router Advertisement:
fdcd:10:0:24::/64 Preferred = 0; Valid=2000
fdcd:10:0:36::/64 Preferred = 1800; Valid=2000
root-> ip a s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:00:00:01 brd ff:ff:ff:ff:ff:ff
inet6 fdcd:10:0:24:250:56ff:fe00:1/64 scope global dynamic
valid_lft 2000sec preferred_lft 1800sec
inet6 fe80::250:56ff:fe00:1/64 scope link
valid_lft forever preferred_lft forever
R1 R2 R3 R4
Host 2
1500-Byte Packet
ICMPv6 Packet Too Big
1400-Byte Packet
§ Configuration
•Disable IPv6 path MTU discovery
[edit system internet-options]
user@R1# show
no-ipv6-path-mtu-discovery;
VRRP
User A Routers Internet
Switch
R2
User B
::2
Virtual Router
User A (.100) Internet
::1
Switch
::3
R2
User B (.101) Backup Router From end-user’s perspective, a
single gateway device exists
VRRP
Routers
Switch
R2
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 42
VRRP Communication Details
§ VRRP communications:
•Use multicast address FF02:0:0:0:0:0:0:12
• link-local scope multicast address
•Are confined to local network (TTL = 255)
•Use a set interval (every second by default)
•Require that speakers be configured with common settings
(for example, VRID)
•Use a virtual router MAC address for LAN communications
R1
VRRP
Routers
Switch
R2
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 43
Determining the Master Router
§ Master VRRP router is determined by the following:
•Priority value (higher is preferred)
• Default value is 100
•Router that owns virtual router’s IPv6 address is always
master
• Priority must be set to 255
•Preemption behavior is optional unless VIP address is owned
R1 Master Router
Higher Priority = More Preferred
Priority = 200
VRRP
Routers
Switch
Priority = 100
R1
VRRP Details Compared
R1 = Master
Switch
R2 = Backup
R2
::2
Virtual Router
User A (.100) Internet
::1
Switch
::3
R2
User B (.101) Backup Router
© 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net | 47
Monitoring VRRP Operations
§ Use the show vrrp commands to monitor VRRP
user@R1> show vrrp ? Include options to view additional
Possible completions: details or filter generated output
<[Enter]> Execute this command
brief Display brief output (default)
detail Display detailed output
extensive Display extensive output
interface Show VRRP interface
summary Display summary output
track Show VRRP track interfaces
| Pipe through a command
§ DHCP
•IPv4 DHCP does more than manage addressing
•Provides optional services:
• DNS
• WINS server
• Boot server
• NETBIOS node type
• Many others…
•Stateful autoconfiguration and DHCPv6 meet the demand
3) Join solicited node multicast group 8) Create global address using valid prefix
5) No response means link-local is unique 10) Create global address using valid prefix
R1 ge-0/0/1
::1
fdcd:10:0:20::/64
ge-0/0/6 ge-0/0/1
::1 ::2
fdcd:10:0:24::/64
R3
ge-0/0/6
::2
R2 Host 1 DHCP
Server
§ Sample configuration
[edit protocols router-advertisement]
user@R1# show Though not displayed, the R2 router is also
interface ge-0/0/6.0 { configured to provide identical router
other-stateful-configuration; advertisements to hosts on this LAN segment.
prefix fdcd:10:0:24::/64;
}
§ Monitoring and verification
user@R1> show ipv6 router-advertisement
Interface: ge-0/0/6.0
Advertisements sent: 4, last sent 00:00:11 ago
Solicits received: 0
Advertisements received: 1
Advertisement from fe80::b2c6:9aff:fe73:3986, heard 00:00:08 ago
Managed: 0
Other configuration: 1
Reachable time: 0 ms
Default lifetime: 1800 sec
Retransmit timer: 0 ms
Current hop limit: 64
Prefix: fdcd:10:0:24::/64
Valid lifetime: 2592000 sec
Preferred lifetime: 604800 sec
On link: 1
Autonomous: 1
...
2001::/48 *[Aggregate/130] 00:03:28
Reject
2001:0:0:2003::/64 *[Direct/0] 00:10:31
> via ge-0/0/1.0
2001:0:0:2003::1/128
*[Local/0] 00:10:31
Local via ge-0/0/1.0
Company ABC
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0
Company ABC
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0
static {
(defaults | route) {
(active | passive);
metric metric <type type>;
(preference | preference2 | color | color2) preference;
(readvertise | no-readvertise);
}
}
Company ABC
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0
[edit routing-options]
user@R1# show
rib inet6.0 {
generate {
defaults {
generate-options;
}
route destination-prefix {
policy policy-name;
generate-options;
}
}
}
Company ABC
EBGP
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0
R1 R2
::1 2001:0:0:2003::/64 ::2
Internet
ge-0/0/1.0 ge-0/0/1.0
10.0.3.0/24
• Configuration examples fdcd:10:0:3::/64
R5
• IBGP session with R2 lo0: 192.168.8.1/32
lo0: fdcd:192:168:8::1/128
§ Initial parameters
•Set the AS number of the router
•Might need the RID if no IPv4 addresses are configured
[edit routing-options]
user@R1# show
router-id 192.168.16.1;
autonomous-system 64513;
[edit]
user@R1# show protocols
bgp {
group external {
type external;
peer-as 64512;
neighbor fdcd:10:0:1::2;
}
group internal {
type internal;
local-address fdcd:192:168:16::1;
neighbor fdcd:192:168:20::1;
}
}
...
§ Verify routes:
•Verify both IPv4 and IPv6 routes are present
• Only the inet route is present
user@R2> show route protocol bgp
•The IPv6 route does not pass the default sanity check
• The advertised next hop is defined as the IPv4-mapped IPv6
address (::ffff:IPv4-Address)
[edit protocols] R1 R2
user@R2# show bgp lo0: 192.168.5.1 lo0: 192.168.16.1/32
group to-R1 { lo0: fdcd:192:168:5::1/128 lo0: fdcd:192:168:16::1/128
type external; aggregate: 2001:240:160::/48 aggregate: 2001:240:161::/48
family inet { static: 15.1.1.0/24
unicast;
}
family inet6 {
unicast;
}
export export-aggregate;
peer-as 64512;
neighbor 10.0.1.2;
}
Note: We are not going to cover the entire process step-by-step on R1. We skip
the process and review the final route that was installed in inet6.0 on R2.