Академический Документы
Профессиональный Документы
Культура Документы
Rick Graziani
Job title Cabrillo College
One Hex digit = 4 bits 2001:0DB8:AAAA:1111:0000:0000:0000:0100/64 2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100
16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits
16 bits
16 bits
16 bits
How many addresses does 128 bits give us? 340 undecillion addesses or 340 trillion trillion trillion addresses or IPv6 could provide each and every square micrometer of the earths surface with 5,000 unique addresses. Micrometer = 0.001 mm or 0.000039 inches or. A string of soccer balls would wrap around our universe 200 billion times! in other words I wont be presenting at a Cisco Academy Conference on IPv7.
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 4
Two rules for reducing the size of written IPv6 addresses. The first rule is: Leading zeroes in any 16-bit segment do not have to be written. 3ffe : 0404 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00 3ffe : 404 : 1 : 1000 : 0: 0 : ef0 : bc00
3ffe : 0000 : 010d : 000a : 00dd : c000 : e000 : 0001 3ffe : 0 : 10d : a : dd : c000 : e000 : 1
ff02 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0500 ff02 : 0: 0: 0: 0: 0: 0 : 500
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 5
The second rule can reduce this address even further: Any single, contiguous string of one or more 16-bit segments consisting of all zeroes can be represented with a double colon.
ff02::500
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 6
Only a single contiguous string of all-zero segments can be represented with a double colon. Both of these are correct 2001 : 0d02 : 0000 : 0000 : 0014 : 0000 : 0000 : 0095 2001 : d02 :: OR 2001 : d02 :
Cisco Networking Academy, U.S./Canada
14 : 0: 0 : 14 ::
0:
0 : 95 95
7
Using the double colon more than once in an IPv6 address can create ambiguity because of the ambiguity in the number of 0s. 2001:d02::14::95 2001:0d02:0000:0000:0014:0000:0000:0095 2001:0d02:0000:0000:0000:0014:0000:0095 2001:0d02:0000:0014:0000:0000:0000:0095
IPv4, the prefixthe network portion of the addresscan be identified by a dotted decimal netmask or bitcount. 255.255.255.0 or /24
16 32 48 64 bits
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 9
Assigned
FF00::/8
Solicited Node
FF02::1:FF00:0000/104
Global Unicast
2000::/3 3FFF::/3
Link-Local
FE80::/10 FEBF::/10
Loopback
::1/128
Unspecified
::/128
Unique Local
FC00::/7 FDFF::/7
Embedded IPv4
::/80
m bits
Subnet ID
128-n-m bits
Interface ID
001
12
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 12
*Site Prefix
Possible Home Site Prefix Subnet Prefix
32 bits
Fixed Subnet ID
Interface ID
128 bits
* 16-bit Subnet ID gives us 65,536 subnets. (Yes, you can use the all 0s and all 1s.) * 64-bit Interface ID gives us 18 quintillion (18,446,744,073,709,551,616) devices/subnet.
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 14
16 bits
16 bits
16 bits
16 bits
Subnet ID
16 bits
16 bits
Interface ID
16 bits
16 bits
15
4 specific subnets to be used inside Company1: 2340:1111:AAAA:0000::/64 2340:1111:AAAA:0001::/64 2340:1111:AAAA:0002::/64 2340:1111:AAAA:000A::/64 Note: A valid abbreviation is to remove the 3 leading 0s from the first shown quartet. 2340:1111:AAAA:1::/64
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 16
64 bits
Subnet ID
16bits
Prefix
Interface ID
Subnet-ID
Interface ID
2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0000 : 0000 2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0001 : 0000 2001 : 0DB8 : AAAA : 0000 : 0000 : 0000 : 0002 : 0000 thru 2001 : 0DB8 : AAAA : FFFF : FFFF : FFFF : FFFE : 0000 2001 : 0DB8 : AAAA : FFFF : FFFF : FFFF : FFFF : 0000
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 17
48 bits
Global Routing Prefix
20 bits
Subnet ID
60 bits
Interface ID
2001:0DB8:AAAA:0000:1000::/68
2001:0DB8:AAAA:0000:2000::/68 through 2001:0DB8:AAAA:FFFF:F000::/68
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 18
22 bits
Subnet ID
58 bits
Interface ID
Subnet Prefix /70 Four Bits: The two leftmost bits are part of the Subnet-ID, whereas the two rightmost bits belong to the Interface ID.
2001:0DB8:AAAA:0000:0000::/70
2001:0DB8:AAAA:0000:0400::/70 2001:0DB8:AAAA:0000:0800::/70
0000
0100 1000
2001:0DB8:AAAA:0000:0C00::/70
1100
bits
19
Manual
IPv6 Address
IPv6 Unnumbered
DHCPv6
Static
EUI-64
20
R2
Ser 0/0/1 .1
2001:0DB8:CAFE:A001::/64
Ser 0/0/0 .1
2001:0DB8:CAFE:A003::/64
Ser 0/0/1 .1
Ser 0/0/1 .2
Fa 0/0
R1
2001:0DB8:CAFE:0001::/64
2001:0DB8:CAFE:0003::/64
2001:0DB8:FACE:C0DE::/64
PC-1
Cisco Networking Academy, U.S./Canada
PC-3
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.
PC-4
21
R1(config-if)# exit
R1(config)#
Exactly the same as an IPv4 address only different. No space between IPv6 address and Prefix-length. IOS commands for IPv6 are very similar to their IPv4 counterpart. All 0s and all 1s are valid IPv6 host IPv6 addresses.
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 22
23
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 23
Link-local address automatically created when (before) the global unicast address is. We will discuss link-local addresses next.
24
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 24
25
26
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 26
. :
27
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 27
Global Unicast
IPv6 Address
DHCPv6
Static
EUI-64
R1(config)# interface fastethernet 0/0 R1(config-if)# ipv6 address 2001:0db8:cafe:0001::/64 ? eui-64 Use eui-64 interface identifier <cr> <<< All0s address is okay! R1(config-if)# ipv6 address 2001:0db8:cafe:0001::/64 eui-64 R1(config-if)#
R1
Fa0/0
2001:0DB8:CAFE:1::/64
Cisco Networking Academy, U.S./Canada
Routers global unicast address can be configured with: Statically configured prefix and EUI-64 generated Interface ID
29
OUI 24 bits
Hexadecimal
00
03
6B
E9
D4
80
Binary
Cisco Networking Academy, U.S./Canada
0000 0000
0000 0011
0110 1011
1110 1001
1101 0100
1000 0000
30
OUI 24 bits
00 03 6B E9
Hexadecimal
0110 1011
1111 1111
1111 1110
1110 1001
1101 0100
1000 0000
02
03
6B
FF
FE
E9
D4
80
31
0 0 0 3 . 6 b e 9 . D 4 8 0 0000 0000 0000 0011 . 0110 1011 1110 1001 . 0111 0100 1000 0000 1110 1001 . 0111 0100 1000 0000 1 0000 0000 0000 0011 . 0110 1011 2 0000 0000 0000 0011 . 0110 1011 11111111 11111110 1110 1001 . 0111 0100 1000 0000 3 0000 0010 0000 0011 . 0110 1011 11111111 11111110 1110 1001 . 0111 0100 1000 0000 0 2 0 3 . 6 b F F F E e 9 . D 4 8 0
2001:0DB8:AAAA:0001:0203:6BFF:FEE9:D480
Interface ID (EUI-64 format)
33
Global Unicast
IPv6 Address
DHCPv6
Static
EUI-64
35
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 35
RouterA
NDP Router Advertisement Im everything you need (Prefix, Prefix-length, Default Gateway) Or Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server. Or I cant help you. Ask a Cisco Networking Academy, U.S./Canada for all your DHCPv6 server
1
The routers Router Advertisement determines how the host gets its dynamic address configuration. ipv6 unicast-routing command enables router to send Router Advertisements.
36
RouterA
ipv6 unicast-routing 2 1
MAC: 00-19-D2-8C-E0-4C
EUI-64
Prefix: 2001:DB8:AAAA:1:: EUI-64 Interface ID: 02-19-D2-FF-FE-8C-E0-4C Global Unicast Address: 2001:DB8:AAAA:1:0219:D2FF:FE8C:E04C Prefix-length: /64 Default Gateway: FE80::1
37
Windows operating systems, Windows XP and Server 2003 use EUI-64. Windows Vista and newer do not use EUI-64; hosts create a random 64-bit Interface ID.
The %value following the link-local address is a Windows Zone ID and not part of IPv6.
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 38
RouterA
ipv6 unicast-routing
Stateless Addressing
NDP Router Advertisement Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server. Or I cant help you. Ask a DHCPv6 server for all your information.
DHCPv6 Server
DHCPv6 Addressing DHCPv6 Solicit Message I need a DHCPv6 Server. 4 DHCPv6 Advertise Message Im a DHCPv6 Server.
DHCPv6 Request Message I need addressing information. DHCPv6 Reply Message 6 Here is your address and other information.
39
Global Unicast
IPv6 Address
DHCPv6
Static
EUI-64
Stateful DHCPv6
40
RouterA
ipv6 unicast-routing
Stateful DHCPv6
DHCPv6 Server
1
DHCPv6 Addressing DHCPv6 Solicit Message I need a DHCPv6 Server. 2 DHCPv6 Advertise Message Im a DHCPv6 Server.
DHCPv6 Request Message I need addressing information. DHCPv6 Reply Message 4 Here is your address and other information.
41
Link-Local Unicast
IPv6 Addressing
Unicast
Multicast
Anycast
Assigned
FF00::/8
Solicited Node
FF02::1:FF00:0000/104
Global Unicast
2000::/3 3FFF::/3
Link-Local
FE80::/10 FEBF::/10
Loopback
::1/128
Unspecified
::/128
Unique Local
FC00::/7 FDFF::/7
Embedded IPv4
::/80
43
Link-local unicast
10 bits 1111 1110 10xx xxxx Remaining 54 bits /64 64 bits
Interface ID
FE80::/10
44
44
Link-local unicast
10 bits 1111 1110 10xx xxxx Remaining 54 bits /64 64 bits
Interface ID
FE80::/10
Used to communicate with other devices on the link. Are NOT routable off the link. An IPv6 device must have at least a link-local address. Used by: Hosts to communicate to the IPv6 network before it has a global unicast address. Used as the default gateway address by hosts. Adjacent routers to exchange routing updates
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 45
R1
Fa0/0
Ser 0/0/0 .1
Ser 0/0/0 .2
R2
2001:0DB8:CAFE:1::/64
PC-1
Link-local address automatically created when (before) the global unicast address is. FE80 + 64-bit Interface ID EUI-64 Format Randomly generated Link-local address can also be created statically.
46
Hexadecimal
00
03
6B
E9
D4
80
Binary
0000 0000
0000 0011
0110 1011
1110 1001
1101 0100
1000 0000
OUI 24 bits
00 03 6B E9
Hexadecimal
0110 1011
1111 1111
1111 1110
1110 1001
1101 0100
1000 0000
02
03
6B
FF
FE
E9
D4
80
49
R1# show interface fastethernet 0/0 FastEthernet0/0 is up, line protocol is up Hardware is AmdFE, address is 0003.6be9.d480 (bia 0003.6be9.d480) <output omitted for brevity> Ethernet MAC address R1# show ipv6 interface fastethernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::203:6BFF:FEE9:D480 Global unicast address(es): 2001:DB8:AAAA:1::1, subnet is 2001:DB8:AAAA:1::/64 <output omitted for brevity> Link-local address using EUI-64 format
50
R1
Fa0/0
Ser 0/0/0 .1
Ser 0/0/0 .2
R2
2001:0DB8:CAFE:1::/64
PC-1
Dynamic link-local addresses can be difficult to identify. Routers use link-local addresses for: Exchanging routing updates Default gateway address for hosts Static link-local addresses are easier to remember and identify. Link-local addresses only have to be unique on the link!
51
R1(config)# interface fastethernet 0/0 Static Link-local Address R1(config-if)# ipv6 address fe80::1 ? link-local Use link-local address R1(config)# interface fastethernet 0/0 R1(config-if)# ipv6 address fe80::1 link-local R1(config-if)# exit R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 address fe80::1 link-local R1(config-if)# exit R1# R1# show ipv6 interface brief FastEthernet0/0 [up/up] FE80::1 Same link-local unicast address (best practice) 2001:DB8:CAFE:1::1 Serial0/0/0 [up/up] FE80::1 2001:DB8:CAFE:A001::1 R1#
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 52
FE80::2
R1
Fa0/0
Ser 0/0/0 .1
Ser 0/0/0 .2
R2
2001:0DB8:CAFE:A001::/64
R1# ping fe80::2 Output Interface: ser 0/0/0 Must include exit-interface % Invalid interface. Use full interface name without spaces (e.g. Serial0/1) Output Interface: serial0/0/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::2, timeout is 2 secs: !!!!!
53
Link-local addresses are automatically created whenever a global unicast address is configured. The ipv6 enable command will: Create a link-local address when there is no global unicast address Maintain the link-local address even when the global unicast 54 address is removed.
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.
54
R1# show running-config ! interface FastEthernet0/0 no ip address ipv6 address FE80::1 link-local ipv6 address 2001:DB8:CAFE:1::1/64 ! interface Serial0/0/0 no ip address ipv6 address FE80::1 link-local ipv6 address 2001:DB8:CAFE:A001::1/64 !
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 55
IPv6 Address. . . . . . . . . . . : 2001:db8:cafe:1::100 Link-local IPv6 Address . . . . . : fe80::50a5:8a35:a5bb:66e1%11 Default Gateway . . . . . . . . . : 2001:db8:cafe:1::1
Windows operating systems, Windows XP and Server 2003 use EUI-64. Windows Vista and newer do not use EUI-64 create a random 64-bit Interface ID.
The %value following the link-local address is a Windows Zone ID and not part of IPv6.
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 56
My MAC OS 10.6 uses EUI-64 but you check with your OS flavor and version. Many Linux flavors moving to random Interface IDs
57
Unicast
Multicast
Anycast
Assigned
FF00::/8
Solicited Node
FF02::1:FF00:0000/104
Global Unicast
2000::/3 3FFF::/3
Link-Local
FE80::/10 FEBF::/10
Loopback
::1/128
Unspecified
::/128
Unique Local
FC00::/7 FDFF::/7
Embedded IPv4
::/80
58
Multicast Addresses
Multicast Addresses
IPv6 Addressing
Unicast
Multicast
Anycast
Assigned
FF00::/8
Solicited Node
FF02::1:FF00:0000/104
Global Unicast
2000::/3 3FFF::/3
Link-Local
FE80::/10 FEBF::/10
Loopback
::1/128
Unspecified
::/128
Unique Local
FC00::/7 FDFF::/7
Embedded IPv4
::/80
60
8 bits
4 bits 4 bits
112bits
Group ID
FF00::/8
Flag 0 Permanent, well-known multicast address assigned by IANA 1 Non-permanently-assigned, dynamically" assigned multicast address Scope (partial list) 0 Reserved 1 Interface-Local scope 2 Link-Local scope 5 Site-Local scope 8 Organization-Local scope
61
Multicast Addresses
IPv6 Addressing
Unicast
Multicast
Anycast
Assigned
FF00::/8
Solicited Node
FF02::1:FF00:0000/104
Global Unicast
2000::/3 3FFF::/3
Link-Local
FE80::/10 FEBF::/10
Loopback
::1/128
Unspecified
::/128
Unique Local
FC00::/7 FDFF::/7
Embedded IPv4
::/80
62
R1# show ipv6 interface fastethernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::203:6BFF:FEE9:D480 Global unicast address(es): 2001:DB8:AAAA:1::1, subnet is 2001:DB8:AAAA:1::/64 Joined group address(es): FF02::1 FF02::2 Member of these Multicast Groups FF02::1:FF00:1 All-nodes on this link FF02::1:FFE9:D480 <output omitted for brevity>
All-routers on this link: IPv6 routing enabled Solicited-node multicast address for Global Address Solicited-node multicast address for Link-local Unicast Address
A routers interfaces can be enabled (get an IPv6 address) for IPv6 like any other device on the network. For the router to act as an IPv6 router it must be enabled with the ipv6-unicast routing command. This enables the router to: Send Router Advertisement messages Enable the forwarding of IPv6 packets. Participate in IPv6 routing protocols (RIPng, EIGRP for IPv6, OSPFv3)
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 64
Multicast Addresses
IPv6 Addressing
Unicast
Multicast
Anycast
Assigned
FF00::/8
Solicited Node
FF02::1:FF00:0000/104
Global Unicast
2000::/3 3FFF::/3
Link-Local
FE80::/10 FEBF::/10
Loopback
::1/128
Unspecified
::/128
Unique Local
FC00::/7 FDFF::/7
Embedded IPv4
::/80
65
NIC: I will listen for my MAC address IP: I listen for my IP addresses (Global and Link-local)
MAC
PC-2
Devices list for their unicast addresses. Devices also listen for their multicast addresses
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 66
Solicited-node multicast addresses for PC2 NIC: I will also listen for my MAC multicast address IP: I will also listen for my IP multicast addresses (Global and Link-local)
Broadcasts
PC-2
Global Unicast Address: Solicited Node (Global): Link-local Unicast Address: Solicited Node (Link-local):
67
Subnet ID
Interface ID
Copy
0000
0001
FF
24 bits
FF02:0:0:0:0:1:FF00::/104
Devices create a solicited node multicast address for their unicast (and anycast) addresses including: Global Unicast Address Link-local Address
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 68
Subnet ID
Interface ID
Copy
0000
0001
FF
24 bits
FF02:0:0:0:0:1:FF00::/104 Used as a destination address when dont know the unicast address. Address Resolution (ARP) and Duplicate Address Detection (Gratuitous ARP) Same intent as a broadcast but more efficient. Devices process packets with their solicited node multicast address as the destination address: IP and MAC.
69
R1# show ipv6 interface fastethernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::203:6BFF:FEE9:D480 Global unicast address(es): 2001:DB8:AAAA:1::1, subnet is 2001:DB8:AAAA:1::/64 Joined group address(es): FF02::1 FF02::2 Member of these Multicast Groups FF02::1:FF00:1 FF02::1:FFE9:D480 <output omitted for brevity>
Solicited-node multicast address for Global Address Solicited-node multicast address for Link-local Unicast Address
70
Router(config)# interface fastethenet 0/0 Router(config-if)# ipv6 address 2001:db8:cafe:1::/64 eui-64 Router# show ipv6 interface fastethernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::21B:CFF:FEC2:82D8 No Virtual link-local address(es): Global unicast address(es): 2001:DB8:CAFE:1:21B:CFF:FEC2:82D8, subnet is 2001:DB8:CAFE:1::/64 [EUI] Joined group address(es): FF02::1 FF02::2 FF02::1:FFC2:82D8 Solicited-node multicast address for Global and
Link-local unicast addresses
If the Global and Link-local unicast addresses used EUI-64 the last 24 bits would be the same and there would only be one solicited node address.
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 71
Interface ID
24 bits
0001
0000:0000:00
00:0200
Copy
PC2s IPv6 Solicited-Node Multicast Address FF02 0000 0000 0000 0000 0001 FF
00:0200
Copy
33-33
FF-00-02-00
PC2s IPv6 Global Unicast Address: 2001:0DB8:AAAA:0001::0200 PC2s IPv6 Solicited-node multicast address: FF02::1:FF00:0200 PC2s mapped solicited-node Ethernet multicast address : 33-33-FF-00-02-00
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 72
Why Solicited Node Addresses? Broadcasts are sent to all devices. Devices must process all broadcast at least to layer 3. Solicited Node Multicasts are only processed by those devices with the matching last 24 bits (usually one device). If I know the IPv6 address but not the MAC address I can send it to a solicited node addresses instead of a broadcast to everyone
PC-2
Global Unicast Address: Solicited Node (Global): MAC Unicast Address: Solicited Node (MAC):
Cisco Networking Academy, U.S./Canada
Address Resolution
NDP Neighbor Solicitation Message Destination: Solicited-node Multicast Whoever has 2001:0DB8:AAAA:1::0200 send me your Ethernet MAC address
2001:0DB8:AAAA:1::0100 PC-1
NIC: Thats one of my solicited node MAC addresses. IPv6: Thats one of my solicited node addresses. PC-2
2001:0DB8:AAAA:1::0200 FF02::1:FF00:200
Dest. MAC
33-33-FF-0002-00
Source MAC
00-12-34-5678-9A
Destination IPv6
Source IPv6
Target IPv6
Possible that multiple devices may have the same last 24 bits in their IPv6 address but only those devices would have to process up to the
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 74
PC-1
NDP Neighbor Solicitation Message Destination: Solicited-node Multicast Who ever has the IPv6 address 2001:0DB8:AAAA:0001::0200 please send me your Ethernet MAC address
NDP Neighbor Solicitation Message Destination: Solicited-node Multicast Before I use this address is anyone else on this link using this link-local address: FE80::50A5:8A35:A5BB:66E1?
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.
75
75
Unicast
Multicast
Anycast
Assigned
FF00::/8
Solicited Node
FF02::1:FF00:0000/104
Global Unicast
2000::/3 3FFF::/3
Link-Local
FE80::/10 FEBF::/10
Loopback
::1/128
Unspecified
::/128
Unique Local
FC00::/7 FDFF::/7
Embedded IPv4
::/80
Manual
Dynamic
IPv6 Address
IPv6 Unnumbered
Stateless Autoconfiguratio n
DHCPv6
Static
EUI-64
77
Email: graziani@cabrillo.edu
79
80
A routers interfaces can be enabled (configured with an IPv6 address) for IPv6 like any other device on the network For the router to act as an IPv6 router it must be enabled with the ipv6-unicast routing command This enables the router to:
Send ICMPv6 Router Advertisement messages Enable the forwarding of IPv6 packets Configure static routing and participate in IPv6 routing protocols (EIGRP for IPv6, OSPFv3)
81
Prefix
Prefixlength
Next-hop
Note: Static routes using only an exit interface on point-to-point networks are common, however the use of the default CEF forwarding mechanism makes this practice unnecessary For reasons, beyond the scope of this presentation, there are advantages to using a static route with a next-hop address
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 82
Static Route with an exit interface (unnecessary with CEF enabled): R1(config)# ipv6 route 2001:db8:acad:2::/64 g0/0 A fully specified static route includes an exit interface and the next hop address (unnecessary with CEF enabled except when using a next hop linklocal address):
R1(config)# ipv6 route 2001:db8:acad:2::/64 g0/0 2001:db8:feed::1
A summary route:
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 83
84
R1(config)# interface gigabitethernet 0/0 R1(config-if)# ipv6 address 2001:db8:acad:1::1/64 R1(config-if)# ipv6 address fe80::1 link-local R1(config-if)# exit Ugly EUI-64 Interface ID is used by default R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 address 2001:db8:acad:4::1/64 R1(config-if)# ipv6 address fe80::1 link-local R1(config-if)# exit
85
R1# show ipv6 interface brief GigabitEthernet0/0 [up/up] FE80::1 2001:DB8:ACAD:1::1 Same Link-local address on all Serial0/0/0 [up/up]interfaces FE80::1 2001:DB8:ACAD:4::1 R1#
86
<output omitted>
C 2001:DB8:ACAD:1::/64 [0/0] via GigabitEthernet0/0, directly connected L 2001:DB8:ACAD:1::1/128 [0/0] via GigabitEthernet0/0, receive Connected routes occur for C 2001:DB8:ACAD:4::/64 [0/0] via Serial0/0/0, directly connected any interface with an IPv6 unicast address that has L 2001:DB8:ACAD:4::1/128 [0/0] more than link local scope via Serial0/0/0, receive L FF00::/8 [0/0] Link-local addresses are via Null0, receive not included in the routing R1# table because they are not routable off the link
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 87
<output omitted>
C 2001:DB8:ACAD:1::/64 [0/0] via GigabitEthernet0/0, directly connected L 2001:DB8:ACAD:1::1/128 [0/0] via GigabitEthernet0/0, receive The local routes are all /128 C 2001:DB8:ACAD:4::/64 [0/0] routes (host routes) for the via Serial0/0/0, directly connected routers IPv6 unicast L 2001:DB8:ACAD:4::1/128 [0/0] address via Serial0/0/0, receive L FF00::/8 [0/0] Allow the router to more via Null0, receive Multicast packets efficiently process packets R1# Not routed
R1(config)#ipv6 route 2001:DB8:ACAD:2::/64 2001:DB8:ACAD:4::2 R1(config)#ipv6 route 2001:DB8:ACAD:5::/64 2001:DB8:ACAD:4::2 R1(config)#ipv6 route 2001:DB8:ACAD:3::/64 2001:DB8:ACAD:4::2 R1(config)#
89
R1#show ipv6 route static IPv6 Routing Table - default - 8 entries Codes: C - Connected, L - Local, S - Static, <Output omitted> S 2001:DB8:ACAD:2::/64 [1/0] via 2001:DB8:ACAD:4::2 S 2001:DB8:ACAD:3::/64 [1/0] via 2001:DB8:ACAD:4::2 S 2001:DB8:ACAD:5::/64 [1/0] via 2001:DB8:ACAD:4::2 R1#
90
R1(config)# ipv6 route ::/0 2001:db8:acad:4::2 R1(config)# end R1# show ipv6 route S ::/0 [1/0] via 2001:DB8:ACAD:4::2
91
2001:DB8:ACAD:2::/64
R2
R1
S0/0/0 :1 FE80::1
S0/0/1 :1 FE80::2
G0/0 :1 FE80::2
R1(config)# ipv6 route 2001:db8:acad:2::/64 fe80::2 % Interface has to be specified for a link-local nexthop R1(config)# ipv6 route 2001:db8:acad:2::/64 s0/0/0 fe80::2 R1(config)# end R1# show ipv6 route S 2001:DB8:ACAD:2::/64 [1/0] via FE80::2, Serial0/0/0
92
93
Interior Gateway Protocols Distance Vector Distance Vector Routing Protocols IPv4 IPv6 RIPv2 RIPng EIGRP EIGRP for IPv6 Link State Link State Routing Protocols OSPFv2 OSPFv3 IS-IS IS-IS for IPv6
Most IPv6 routing protocol commands are identical to their IPv4 counterpart Just need to substitute ipv6 for ip
94
v6
95
96
IPv4
IPv4
Neighbor Table
Topology Table
Routing Table
Neighbor Table
Topology Table
Routing Table
IPv4 Network
R1 IPv6 Network
R2
IPv6
IPv6
Neighbor Table
Topology Table
Routing Table
Neighbor Table
Topology Table
Routing Table
97
EIGRP for IPv4 Advertised routes Distance vector Convergence technology Metric Transport protocol Update messages Neighbor discovery IPv4 networks Yes DUAL
Default: Bandwidth & delay Default: Bandwidth & delay Optional: Reliability and load Optional: Reliability and load RTP Partial & bounded updates Hello packets RTP Partial & bounded updates Hello packets
IPv6
IPv6
Neighbor Table
Topology Table
Routing Table
Neighbor Table
Topology Table
Routing Table
IPv6 Network
R1
R2
99
2001:DB8:CAFE:2::/64 Link-local 2001:DB8:FEED:1::/64 addresses G0/0 :1 FE80::2 S0/1/0 S0/0/1 :1 Internet R2 ISP :2 S0/0/0 S0/0/1 :2 :1 2001:DB8:CAFE:A001::/64 2001:DB8:CAFE:A002::/64 Link-local S0/0/0 :1 addresses FE80::1 S0/0/1 S0/0/0 R1 :1 :2 G0/0 2001:DB8:CAFE:A003::/64 :1 2001:DB8:CAFE:1::/64
Cisco Networking Academy, U.S./Canada
R3
G0/0 :1
2001:DB8:CAFE:3::/64
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.
EIGRP for IPv6 was made available in Cisco IOS, Release 12.4(6)T
R1(config)# ipv6 router eigrp 2 % IPv6 routing not enabled Enables IPv6 routing R1(config)# ipv6 unicast-routing R1(config)# ipv6 router eigrp 2same on all routers Must be R1(config-rtr)# eigrp router-id 1.0.0.0 R1(config-rtr)# no This shutdown is specific to EIGRP for IPv6 R1(config-rtr)#
EIGRP uses a 32-bit Router ID for both IPv4 and IPv6 (eigrp not always required) The eigrp router-id command takes precedence over any loopback or physical interface IPv4 addresses If there are no active IPv4 interfaces, then the eigrp router-id command is required Router ID should be a unique otherwise, routing inconsistencies can occur
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 101
No network commands needed! R1(config)#interface g0/0 R1(config-if)#ipv6 eigrp 2 R1(config-if)#exit R1(config)#interface s 0/0/0 R1(config-if)#ipv6 eigrp 2 R1(config-if)#exit R1(config)#interface s 0/0/1 R1(config-if)#ipv6 eigrp 2 R1(config-if)#
102
R2(config)#ipv6 unicast-routing R2(config)#ipv6 router eigrp 2 R2(config-rtr)#eigrp router-id 2.0.0.0 R2(config-rtr)#no shutdown R2(config-rtr)# R2(config)#interface g 0/0 R2(config-if)#ipv6 eigrp 2 R2(config-if)#exit R2(config)#interface s 0/0/0 R2(config-if)#ipv6 eigrp 2 R2(config-if)#exit %DUAL-5-NBRCHANGE: EIGRP-IPv6 2: Neighbor FE80::1 (Serial0/0/0) is up: new adjacency R2(config)#interface s 0/0/1 R2(config-if)#ipv6 eigrp 2 R2(config-if)#
103
H 1 0
R1#show ipv6 eigrp neighbors EIGRP-IPv6 Neighbors for AS(2) Address Interface Hold Uptime SRTT (sec) (ms) Link-local address: Se0/0/1 13 00:37:17 45 FE80::3 Link-local address: Se0/0/0 14 00:53:16 32 FE80::2 R1#
RTO
2370
104
R1#show ipv6 protocols <Some output omitted for brevity> Routing protocol and Process ID IPv6 Routing Protocol is "eigrp 2" (AS Number) EIGRP-IPv6 Protocol for AS(2) Same K values used in Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 composite metric Router-ID: 1.0.0.0 EIGRP Router Topology : ID 0 (base) Distance: internal 90 external 170 Maximum path: 16Same EIGRP Administrative Maximum hopcount 100 Distances Maximum metric variance 1 Interfaces: GigabitEthernet0/0 Serial0/0/0 Serial0/0/1 Interfaces enabled for this EIGRP for IPv6 R1#
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 105
106
2001:DB8:ACAD::/48
2001:DB8:ACAD::/48
Note 1: There is no automatic summarization in IPv6 (no classful networks) Note 2: EIGRP for IPv4 automatic summarization is disabled by default beginning with Cisco IOS Release 15.0(1)M and 12.2(33)
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 107
2001:DB8:ACAD::/48
2001:DB8:ACAD::/48
R3(config)# interface serial 0/0/0 R3(config-if)# ipv6 summary-address eigrp 2 2001:db8:acad::/48 R3(config-if)# exit R3(config)# interface serial 0/0/1 R3(config-if)# ipv6 summary-address eigrp 2 2001:db8:acad::/48 R3(config-if)# end R3# show ipv6 route
D
Cisco Networking Academy, U.S./Canada
Similar to EIGRP for IPv4, R3 includes a summary route to null0 as a loop prevention 2001:DB8:ACAD::/48 [5/128256] mechanism via Null0, directly connected
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 108
R1#
R1
2001:DB8:ACAD::/48
109
2001:DB8:CAFE::/48
R2
2001:DB8:FEED:1::/64
S0/1/0 :1
Default Route
S0/0/1 :2
ISP
Internet
R1
R3
R2(config)# ipv6 route ::/0 2001:DB8:FEED:1::2 R2(config)# ipv6 router eigrp 2 R2(config-rtr)# redistribute static R1# show ipv6 route EX ::/0 [170/3523840] EX = EIGRP External via FE80::3, Serial0/0/1
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 110
Bandwidth utilization, Hello and Hold Timers remain the same R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 bandwidth-percent eigrp 2 50 R1(config-if)# ipv6 hello-interval eigrp 2 60 R1(config-if)# ipv6 hold-time eigrp 2 180 R1(config-if)#
Same with MD5 Authentication (only IPv6 relevant commands are shown)
R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 authentication mode eigrp 2 md5 R1(config-if)# ipv6 authentication key-chain eigrp 2 EIGRPV6_KEY
111
112
OSPFv2
OSPFv2
IPv4
OSPfv2
OSPFv2
IPv4
Neighbor Table
LSDB
Routing Table
Neighbor Table
LSDB
Routing Table
IPv4 Network
R1 IPv6 Network
R2
OSPFv3
OSPFv3
IPv6
OSPFv3
OSPFv3
IPv6
Neighbor Table
LSDB
Routing Table
Neighbor Table
LSDB
Routing Table
113
OSPFv2 Advertises Link-State Routing Algorithm Metric IPv4 networks Yes SPF Cost
Source address
Destination address Authentication
Areas
Packet types Neighbor discovery DR and BDR
Cisco Networking Academy, U.S./Canada
Yes
Yes, Hello Packets Multi-access networks
Yes
Yes, Hello Packets Multi-access networks
114
Router ID
32-bit router ID 32-bit router ID 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.
OSPFv3
OSPFv3
IPv6
OSPFv3
OSPFv3
IPv6
Neighbor Table
LSDB
Routing Table
Neighbor Table
LSDB
Routing Table
IPv6 Network
R1
R2
115
2001:DB8:CAFE:2::/64 Link-local 2001:DB8:FEED:1::/64 addresses G0/0 :1 FE80::2 S0/1/0 S0/0/1 :1 Internet R2 ISP :2 S0/0/0 S0/0/1 :2 :1 2001:DB8:CAFE:A001::/64 2001:DB8:CAFE:A002::/64 Link-local S0/0/0 :1 addresses FE80::1 S0/0/1 S0/0/0 R1 :1 :2 G0/0 2001:DB8:CAFE:A003::/64 :1 2001:DB8:CAFE:1::/64
Cisco Networking Academy, U.S./Canada
R3
G0/0 :1
2001:DB8:CAFE:3::/64
2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.
R1(config)#ipv6 router ospf 10 R1(config-rtr)# *Mar 29 11:21:53.739: %OSPFv3-4-NORTRID: Process OSPFv3-1-IPv6 could not pick a router-id, please configure manually R1(config-rtr)# R1(config-rtr)#router-id 1.1.1.1 R1(config-rtr)#auto-cost reference-bandwidth 1000 % OSPFv3-1-IPv6: Reference bandwidth is changed. 32-bit Router ID similar to OSPFv2 Please ensure reference bandwidth is consistent across all routers. R1(config-rtr)#end R1#
Must modify reference bandwidth because we have gigabit Ethernet links, otherwise Fastethernet and faster would have the same cost
There is no no shutdown
117
Interface Type
Cost
Gigabit Ethernet 1 Gbps Fast Ethernet 100 Mbps Ethernet 10 Mbps Serial 1.544 Mbps Serial 128 kbps Serial 64 kbps Cisco Networking Academy, U.S./Canada
1,000,000,000
1,000,000,000 1,000,000,000 1,000,000,000 1,000,000,000 1,000,000,000
1,000,000,000
100,000,000 10,000,000 1,544,000 128,000 64,000
1
10 100 647 7812 15625
118
R1(config)# interface GigabitEthernet 0/0 No network commands needed! R1(config-if)# ipv6 ospf 10 area 0 R1(config-if)# exit R1(config)#interface Serial0/0/0 R1(config-if)# ipv6 ospf 10 area 0 R1(config-if)# exit R1(config)#interface Serial0/0/1 R1(config-if)# ipv6 ospf 10 area 0 R1(config-if)# end R1# R1#show ipv6 ospf interfaces brief PID Area Intf ID Cost State Nbrs F/C 10 0 7 15625 P2P 0/0 10 0 6 647 P2P 0/0 10 0 3 1 WAIT 0/0 R1#
119
R2(config)# router ospf 10 R2(config-rtr)# router-id 2.2.2.2 R1(config-rtr)# auto-cost reference-bandwidth 1000 R2(config-rtr)# exit R2(config)# interface GigabitEthernet 0/0 R2(config-if)# ipv6 ospf 10 area 0 R2(config-if)# exit R2(config)# interface Serial0/0/0 R2(config-if)# ipv6 ospf 10 area 0 R2(config-if)# exit R2(config)# interface Serial0/0/1 R2(config-if)# ipv6 ospf 10 area 0 R2(config-if)#
120
121
R1 #show ipv6 protocols IPv6 Routing Protocol is "connected" IPv6 Routing Protocol is "ND" IPv6 Routing Protocol is "ospf 10" Router ID 1.1.1.1 Number of areas: 1 normal, 0Routing stub, 0 protocol nssa and Process Interfaces (Area 0): OSPFv3 Router ID Serial0/0/1 Serial0/0/0 GigabitEthernet0/0 Redistribution: None Interfaces enabled for OSPFv3 R1#
ID
122
123
Hello and Dead Timers remain the same R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 ospf hello-interval 5 R1(config-if)# ipv6 ospf dead-interval eigrp 20 R1(config-if)# *Apr 10 15:03:51.175: %OSPFv3-5-ADJCHG: Process 10, Nbr 2.2.2.2 on Serial0/0/0 from FULL to DOWN, Neighbor Down: Dead timer expired R1(config-if)#
R1(config)# interface serial 0/0/0 R1(config-if)# ipv6 ospf priority 10 R1(config-if)# ipv6 ospf cost 65
124
2001:DB8:CAFE::/48
R2
2001:DB8:FEED:1::/64
S0/1/0 :1
Default Route
S0/0/1 :2
ISP
Internet
R1
R3
R2(config)# ipv6 route ::/0 2001:DB8:FEED:1::2 R2(config)# ipv6 router ospf 10 R2(config-rtr)# default-information originate R1# show ipv6 route OE2 ::/0 [110/1], tag 10 via FE80::2, Serial0/0/0
Cisco Networking Academy, U.S./Canada 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 125
Multi-Area OSPFv3
126
127
R1
R2
128
R2
I now only need to run the SPF algorithm when there is a change in area 0 or area 51
129
Area 1
Area 0
Area 51
R1
R2
Link fails
Only R2 and routers in area 51 exchange router LSAs and run the SPF algorithm
130
2001:DB8:CAFE:2::/64
Area 0
G0/0 :1 FE80::2
2001:DB8:CAFE:A001::/64 S0/0/0 :2
R2
S0/0/1 :1
2001:DB8:CAFE:A002::/64
S0/0/0 :1
R1
S0/0/1 :2
FE80::1 FE80::3
R3
Area 1
G0/0 :1 2001:DB8:CAFE:1::/64
G0/0 :1 2001:DB8:CAFE:3::/64
Area 51
131
2001:DB8:CAFE:2::/64
Area 0
G0/0 :1 FE80::2
2001:DB8:CAFE:A001::/64 S0/0/0 :2
R2
S0/0/1 :1
2001:DB8:CAFE:A002::/64
Area 1
2001:DB8:CAFE:1::/64
R2(config)# router ospf 10 R2(config-rtr)# router-id 2.2.2.2 S0/0/0 S0/0/1 R2(config-rtr)# exit :1 R2(config)# interface GigabitEthernet :2 0/0 R2(config-if)# ipv6 ospf 10 area 0 FE80::1 FE80::3 R1 R2(config-if)# exit R3 R2(config)# interface Serial0/0/0 No changes to R2 G0/0 R2(config-if)# Area 51 ipv6 ospf 10 area G0/0 0 All interfaces in Area 0 :1 R2(config-if)# exit :1 R2(config)# interface Serial0/0/1 R2(config-if)# ipv6 ospf 10 area 0 2001:DB8:CAFE:3::/64
132
R1(config)# ipv6 router ospf 10 2001:DB8:CAFE:2::/64 R1(config-rtr)# router-id 1.1.1.1 Area 0 R1(config-rtr)# exit G0/0 An ABR (Area Border Router) has R1(config)# interface Serial 0/0/0 interfaces in more than one area :1 R1(config-if)# FE80::2 ipv6 ospf 10 area 0 R1(config-if)# exit R2 S0/0/0 R1(config)# interface GigabitEthernet 0/0 S0/0/1 2001:DB8:CAFE:A001::/64 :2 ipv6 ospf R1(config-if)# area 1 2001:DB8:CAFE:A002::/64 :1 10 R1(config-if)# S0/0/0 :1
R1
Area 0
FE80::1 FE80::3
S0/0/1 :2
R3
Area 1
G0/0 :1 2001:DB8:CAFE:1::/64
G0/0 :1 2001:DB8:CAFE:3::/64
Area 51
133
134
IPv6 ACLs are very similar to IPv4 ACLs but with three significant differences
1. Applying an IPv6 ACL to an interface:
ip access-group is used in IPv4 ipv6 traffic-filter is used to apply an IPv6 ACL to an IPv6 interface
2. No Wildcard Masks
permit icmp any any nd-na permit icmp any any nd-ns
I have the IPv6 address you are looking for and here is my MAC address
Two default statements allow the router to participate in the IPv6 equivalent of ARP IPv6 uses ICMPv6 Neighbor Discovery (ND) messages to accomplish name address resolution encapsulated in IPv6 packets ARP does not use IPv4 IPv6 ACLs need to implicitly permit ND packets to be sent and received on an interface
136
2001:DB8:CAFE:30::/64
R1
IPv6 NETWORK
G0/0
S0/0/0
R1(config)# ipv6 access-list NO-R3-LAN-ACCESS R1(config-ipv6-acl)# deny ipv6 2001:db8:cafe:30::/64 any R1(config-ipv6-acl)# permit ipv6 any any R1(config-ipv6-acl)# exit R1(config)# interface s0/0/0 R1(config-if)# ipv6 traffic-filter NO-R3-LAN-ACCESS in R1(config-if)#
Deny all IPv6 packets from the 2001:DB8:CAFE:30::/64 coming into Serial 0/0/0 Permit all other IPv6 packets
137
2001:DB8:CAFE:11::/64
R1
IPv6 NETWORK
G0/0
S0/0/0
R1(config)#ipv6 access-list NO-FTP-TO-11 R1(config-ipv6-acl)#deny tcp any 2001:db8:cafe:11::/64 eq ftp R1(config-ipv6-acl)#deny tcp any 2001:db8:cafe:11::/64 eq ftp-data R1(config-ipv6-acl)#permit ipv6 any any R1(config-ipv6-acl)#exit R1(config)#interface g0/0 R1(config-if)#ipv6 traffic-filter NO-FTP-TO-11 in R1(config-if)#
Deny FTP traffic from Gig0/0 to 2001:DB8:CAFE:11::/64
138
139
140
Introduction Background IPv6 Deployment Mechanisms Dual Stack Tunneling Translation Summary
141
Security
142
232 = 4.4 x 109 IPv4 Addresses 2128 = 3.4 x 1038 IPv6 Addresses Thats 6.7 x 1019 addresses per cm2 of earths surface including the ocean Thats roughly 15 billion IPv4 Internets
143
Transition to IPv6
Requires careful planning Transition mechanisms
Expertise is a must
End goal is to deploy native IPv6 everywhere
144
145
146
Summary
147
Hosts and routers run both IPv4 and IPv6 protocol stack Hosts and routers can communicate using native IPv4 and IPv6 Access to network applications using either IPv4 or IPv6 protocol stack Focus in this presentation is mainly on the router
148
149
Comment
Configure IPv4 addresses on routers and hosts Configure IPv4 IGP on routers
Test IPv4 connectivity Configure IPv6 addresses on routers and hosts Configure IPv6 IGP on routers Test IPv6 connectivity
Step 1. Step 2.
Step 3. Step 4.
150
151
Show ip route
Show running-config
152
Ensure IGP for IPv4 is working Configure IPv6 addresses on required interfaces
153
154
Verify
Summary
155
Manual tunnel is a static tunneling mechanism defined in RFC4213 Primarily used to connect IPv6 nodes over a dominant IPv4 backbone
network
Manually setup tunnels Point-to-point IPv6 tunnel mechanism Manual tunnel regards the IPv4 network as a link layer for IPv6
prefixes
Focus in this presentation is on the router, not a single host due to
157
Tunnel source is manually configured Tunnel destination is manually configured Capable of running IGP routing protocols Tunnel endpoints share common prefix address
158
Comment
Configure the loopback interface and make sure it is reachable from remote routers via the IPv4 IGP Configure the tunnel interface with IPv6 prefix address, tunnel source, tunnel destination, and select the tunnel mode
Step 2.
Interface tunnel 0 tunnel source loopback 0 tunnel destination 192.168.1.1 ipv6 address 2005:1:1:1::1/64 tunnel mode ipv6ip ipv6 eigrp 10
Step 3.
Ipv6 unicast-routing Ipv6 router eigrp 10 eigrp router-id 2.2.2.2 no shutdown Interface FastEthernet 0/1 ipv6 address 2005:1:1:10::1/64 ipv6 eigrp 10
Step 4.
159
160
Show running-config
161
Do not forget to configure the source IPv4 tunnel address Do not forget to configure the destination IPv4 tunnel address
162
6to4 Transition
163
Verify
Summary
164
6to4 is a dynamic tunneling protocol defined in RFC3056 Point-to-multipoint IPv6 tunnel mechanism
Facilitate communication of IPv6 sites over native IPv4 backbone without manual
tunnel setup
Capable of supporting global unicast IPv6 addresses
Each router is capable of deriving an interim globally unique IPv6 address prefix
Flexible solution - additional IPv6 sites can be added to the network without any
new configuration
Focus in this presentation is on the router, not a single host due to scalability
166
Non global addresses uses the reserved 2002::/16 prefix Incoming IPv6 address has the destination IPv4 address embedded in the packet
Use the second and third quartets in the IPv6 address as the hex of the IPv4
address
Allocate unique /64 prefix for each subnet
Configure the tunnel interface with IPv6 address derived from the above /64
prefix
Configure a static route for destination 2002::/16 and point to the tunnel as next
hop address
167
168
IOS Commands
Comment
Identify the IPv4 address that will be used as the source IPv4 address Convert the IPv4 address into hexadecimal
C0A8:0202 or C0A8:202
2002::/16
2002:C0A8:202::/48
Merge reserved IPv6 prefix for 6to4 with the hex values of the IPv4 addresses in step 2 to obtain the IPv6 prefix
169
IOS Commands
Comment
Configure the loopback interface and make sure it is reachable from remote routers via the IPv4 IGP Configure the tunnel interface with IPv6 prefix address, tunnel source, and select the tunnel mode Configure IPv6 address on LAN interface using the IPv6 prefix derived for the 6to4 address Enable IPv6 routing and configure a static route to all unknown IPv6 2002::/16 addresses to the tunnel id
Interface tunnel 2 tunnel source loopback 2 ipv6 address 2002:C0A8:202::/128 tunnel mode ipv6ip 6to4 Interface FastEthernet 0/1 ipv6 address 2002:C0A8:202:1:1/64
Step 3. Step 4.
170
IOS Commands
Comment
Step 1.
Step 2. Step 3. Step 4.
Identify the IPv4 address that will be used as the source IPv4 address
Convert the IPv4 address into hexadecimal
C0A8:0303 or C0A8:303
2002::/16
Write down the original reserved IPv6 for 6to4 Merge reserved IPv6 prefix for 6to4 with the hex values of the IPv4 addresses in step 2 to obtain the IPv6 prefix
2002:C0A8:303::/48
171
Steps to Complete IOS Commands 6to4 Tunnel Configuration for R3 Step 1. Step 2.
Interface loopback 3 ip address 192.168.3.3 255.255.255.255
Comment
Configure the loopback interface and make sure it is reachable from remote routers via the IPv4 IGP Configure the tunnel interface with IPv6 prefix address, tunnel source, and select the tunnel mode Configure IPv6 address on LAN interface using the IPv6 prefix derived for the 6to4 address Enable IPv6 routing and configure a static route to all unknown IPv6 2002::/16 addresses to the tunnel id
Interface tunnel 3 tunnel source loopback 3 ipv6 address 2002:C0A8:303::/128 tunnel mode ipv6ip 6to4 Interface FastEthernet 0/1 ipv6 address 2002:C0A8:303:1:1/64
Step 3. Step 4.
172
Show running-config
173
Do not configure a destination tunnel address Do not forget to set the tunnel mode to ipv6ip 6to4
Note that additional IPv6 networks must use unique subnet IDs derived from the
175
Verify
Summary
176
ISATAP is a dynamic tunneling mechanism defined in RFC5214 Primarily used to connect dual-stack nodes over a dominant IPv4
backbone network
No need to manually setup tunnels Point-to-multipoint IPv6 tunnel mechanism ISATAP regards the IPv4 network as a link layer for IPv6 prefixes Focus in this presentation is on the router, not a single host due to
177
Incoming IPv6 address has the destination IPv4 address embedded in the packet Use the last two quartets in the IPv6 address as the hex of the IPv4 address Last two quartets are used to find destination tunnel endpoint Tunnel interface uses IPv6 address derived from the subnet prefix and hex of local IPv4 destination
tunnel endpoint
ISATAP interface identifiers use modified EUI-64
Host-id is made up of 24-bit IANA OUI 0000:5E Concatenate 24-bit IANA OUI with 8-bit hexadecimal value 0xFE as in 0000:5EFE Final Host-id includes 32-bit IPv4 address of router address 0000:5EFE:IPv4:IPv4
178
IOS Commands
192.168.1.2
Comment
Original IPv4 address of router interface Convert IPv4 address to Hexadecimal Reserved ISATAP quartets 5 and 6
Step 4.
Step 5. Step 6.
::0000:5EFE:C0A8:102
2005:1::/64
2005:1::0000:5EFE:C0A8:0102/64
179
180
IOS Commands
Comment
Step 1.
Configure the loopback interface and make sure it is reachable from remote routers via the IPv4 IGP
Configure the tunnel interface with IPv6 prefix address, tunnel source, and select the tunnel mode Enable IPv6 routing and configure static routes for all unknown IPv6 prefixes. Outgoing or next-hop interface is required embeds IPv4 Configure IPv6 address on LAN interface using an unique prefix-id
Step 2.
Interface tunnel 1 tunnel source loopback 1 ipv6 address 2005:99::/64 eui-64 tunnel mode ipv6ip isatap Ipv6 unicast-routing Ipv6 route 2005:2::/64 2005:99::0:5EFE:A01:102 Ipv6 route 2005:3::/64 2005:99::0:5EFE:A01:103
Step 3.
Step 4.
181
What are the next-hop IP addresses for the ISATAP tunnel on R3?
182
Show running-config
183
Do not configure a destination tunnel address Do not forget to set the tunnel mode to ipv6ip isatap
Configure static IPv6 routes for each destination IPv6 prefix with an IPv6 next-
hop address
Next-hop address must be remote routers IPv6 address with IPv4 address
Dual stack assumes you have full administrative control over the infrastructure devices All devices in dual stack can access either protocol stack assuming DNS and other
Tunneling in case of intermittent requests for IPv6 services may be the best option
Default tunneling if the tunnel mode is not selected is GRE Both 6to4 and ISATAP do not support IGP. Static routing is required ISATAP supports global unicast prefixes. 6to4 requires careful planning of IP addresses
185
186