Cisco

avatar
Created by
ghassan

Subdecks (5)

Cards (277)

  • IPv4 issues
    IPv4 is running out of addresses, IPv6 is the successor to IPv4 with a much larger 128-bit address space, IPv6 includes fixes for IPv4 limitations and other enhancements, with increasing internet population, limited IPv4 address space, issues with NAT and the IoT, the time has come to begin the transition to IPv6
  • IPv4 and IPv6 coexistence
    Both IPv4 and IPv6 will coexist in the near future and the transition will take several years, IETF has created various protocols and tools to help network administrators migrate their networks to IPv6 (dual stack, tunneling, translation)
  • Dual stack
    • Devices run both IPv4 and IPv6 protocol stacks simultaneously
  • Tunneling
    • A method of transporting an IPv6 packet over an IPv4 network, the IPv6 packet is encapsulated inside an IPv4 packet
  • Translation
    • Network Address Translation 64 (NAT64) allows IPv6-enabled devices to communicate with IPv4-enabled devices using a translation technique similar to NAT for IPv4
  • Tunneling and translation are for transitioning to native IPv6 and should only be used where needed, the goal should be native IPv6 communications from source to destination
  • IPv6 address representation
    IPv6 addresses are 128 bits in length and written in hexadecimal, not case-sensitive, preferred format is x:x:x:x:x:x:x:x with each "x" consisting of four hexadecimal values, a hextet is the unofficial term used to refer to a segment of 16 bits, or four hexadecimal values
  • Rule 1 - Omit leading zero
    • The first rule to help reduce the notation of IPv6 addresses is to omit any leading 0s (zeros), this rule only applies to leading 0s, NOT to trailing 0s
  • Rule 2 - Double colon
    • A double colon (::) can replace any single, contiguous string of one or more 16-bit hextets consisting of all zeros, the double colon (::) can only be used once within an address, otherwise there would be more than one possible resulting address
  • IPv6 address types
    There are three broad categories of IPv6 addresses: unicast (uniquely identifies an interface on an IPv6-enabled device), multicast (used to send a single IPv6 packet to multiple destinations), anycast (any IPv6 unicast address that can be assigned to multiple devices, a packet sent to an anycast address is routed to the nearest device having that address)
  • IPv6 prefix length

    Prefix length is represented in slash notation and is used to indicate the network portion of an IPv6 address, the IPv6 prefix length can range from 0 to 128, the recommended IPv6 prefix length for LANs and most other types of networks is /64
  • Types of IPv6 unicast addresses
    • IPv6 devices typically have two unicast addresses: global unicast address (GUA, similar to a public IPv4 address, globally unique and internet-routable) and link-local address (LLA, required for every IPv6-enabled device, used to communicate with other devices on the same local link, not routable and confined to a single link)
  • Unique local address
    IPv6 unique local addresses (range fc00::/7 to fdff::/7) have some similarity to RFC 1918 private addresses for IPv4, but are used for local addressing within a site or between a limited number of sites, are not globally routed or translated to a global IPv6 address
  • IPv6 GUA structure
    Global routing prefix (prefix/network portion assigned by provider), subnet ID (used by organization to identify subnets), interface ID (equivalent to host portion, recommended to use /64 subnets)
  • IPv6 LLA

    Enables a device to communicate with other IPv6-enabled devices on the same link and only on that link, packets with a source or destination LLA cannot be routed, every IPv6-enabled network interface must have an LLA, if not configured manually it will be automatically created, in the fe80::/10 range
  • Static GUA configuration on a router
    Use ipv6 address ipv6-address/prefix-length command
  • Static GUA configuration on a Windows host
    Manually configure the IPv6 address, can use GUA or LLA of router interface as default gateway
  • Static LLA configuration on a router
    Use ipv6 address ipv6-link-local-address link-local command, common practice is to create a different LLA on each interface
  • Dynamic addressing for IPv6 GUAs
    Devices obtain GUA addresses dynamically through ICMPv6 messages, router solicitation (RS) messages from hosts to discover routers, router advertisement (RA) messages from routers to inform hosts on how to obtain GUA and provide network information
  • SLAAC
    • Allows a device to configure a GUA without DHCPv6, device obtains prefix from RA and uses EUI-64 or random generation to create interface ID
  • SLAAC and stateless DHCP
    • RA instructs device to use SLAAC to create GUA and stateless DHCPv6 to obtain other information like DNS server
  • Stateful DHCPv6
    • RA instructs device to use stateful DHCPv6 to obtain GUA, prefix length, DNS server address
  • SLAAC
    Stateless Address Autoconfiguration
  • Stateless DHCPv6
    Automatically obtain other configuration information such as DNS server address and domain name
  • RA message suggests devices use
    1. SLAAC to create its own IPv6 GUA
    2. Router LLA as the default gateway address
    3. Stateless DHCPv6 server to obtain other information
  • Stateful DHCPv6
    Similar to DHCP for IPv4, a device can automatically receive a GUA, prefix length, and the addresses of DNS servers
  • RA message suggests devices use
    1. Router LLA as the default gateway address
    2. Stateful DHCPv6 server to obtain a GUA, DNS server address, domain name and other necessary information
  • EUI-64 process
    • 16 bit value of fffe (in hexadecimal) is inserted into the middle of the 48-bit Ethernet MAC address
    • The 7th bit of the client MAC address is reversed from binary 0 to 1
  • Randomly generated interface ID
    Instead of using the MAC address and the EUI-64 process
  • Windows Vista and later use a randomly generated interface ID instead of one created with EUI-64
  • To ensure the uniqueness of any IPv6 unicast address, the client may use a process known as Duplicate Address Detection (DAD)
  • Link-local address (LLA)

    All IPv6 interfaces must have an IPv6 LLA
  • LLA is dynamically created using
    1. The fe80::/10 prefix
    2. The interface ID using the EUI-64 process, or a randomly generated 64-bit number
  • Cisco routers automatically create an IPv6 LLA whenever a GUA is assigned to the interface
  • Cisco IOS routers use EUI-64 to generate the interface ID for all LLAs on IPv6 interfaces by default
  • IPv6 multicast addresses

    Have the prefix ff00::/8
  • Types of IPv6 multicast addresses
    • Well-Known multicast addresses
    • Solicited node multicast addresses
  • Well-known IPv6 multicast addresses

    Assigned and reserved for predefined groups of devices
  • Well-known IPv6 multicast groups
    • ff02::1 All-nodes multicast group
    • ff02::2 All-routers multicast group
  • Solicited-node multicast address

    Similar to the all-nodes multicast address, but mapped to a special Ethernet multicast address