IPv6: Operation
By Pascal AnelliSource: G6 c©
http://lim.univ-reunion.fr/staff/panelli
R&T 1Universite de la Reunion
March 31, 2020
1 / 47
Content
1 ForewordsIPv4 crisisIPv6, the solutionAbout this course
2 IPv6 addressing reminder
3 IPv6 protocol operation control
4 Conclusion
Content
1 ForewordsIPv4 crisisIPv6, the solutionAbout this course
2 IPv6 addressing reminder
3 IPv6 protocol operation control
4 Conclusion
Forewords IPv4 crisis
History
Exponential growth in the 90’s:
Address space has been exhausting
Routing tables have been exploding
IP addresses become a scare resourceForecast of exhaustion of the address space
Growth will be stopped initialy in 94!
Percentage Allocated (Allocated and Assigned Combined) in January 1996I Class A - 100.00%I Class B - 61.95%I Class C - 36.44%
⇒Problem about the size of address space
2 / 47
Forewords IPv4 crisis
IPv4 is not enough
7 billion peoples
New connected objects
New usages for Internet
Requirement is 300 to 350 million addresses per year
Source: http://www.google.com/intl/en/ipv6
3 / 47
Content
1 ForewordsIPv4 crisisIPv6, the solutionAbout this course
2 IPv6 addressing reminder
3 IPv6 protocol operation control
4 Conclusion
Forewords IPv6, the solution
Why switch to IPv6?
The SOLUTION to the IPv4 address pool exhaustion
1 Enable new usages on the InternetI IPv6 restores the end-to-end principle : smart ends and dump pipesI No more box-in-the-middle problem (except firewalls)I Network independence for deployment of new protocols and applicationsI Open new application fields : Wireless home automation networks (WHANs),
Sensor networks, etc.
2 To go beyond the IPv4 limits :
3 To add simplicity :
4 to reduce the connectivity cost
⇒IPv6 for a communication network supporting innovation
4 / 47
Forewords IPv6, the solution
Why switch to IPv6?
The SOLUTION to the IPv4 address pool exhaustion
1 Enable new usages on the Internet2 To go beyond the IPv4 limits :
I For a growth unlimitedI IPv6 address space is large enough for the future; IPv6 is built for long-term
deploymentI An address space for the new uses, for the new (tiny) devices (Internet of
Things)
3 To add simplicity :
4 to reduce the connectivity cost
⇒IPv6 for a communication network supporting innovation
4 / 47
Forewords IPv6, the solution
Why switch to IPv6?
The SOLUTION to the IPv4 address pool exhaustion
1 Enable new usages on the Internet
2 To go beyond the IPv4 limits :3 To add simplicity :
I Plug-and-play (Auto-configuration): Network is configured mainly at therouter level
I IP header, focus on performance,
4 to reduce the connectivity cost
⇒IPv6 for a communication network supporting innovation
4 / 47
Forewords IPv6, the solution
Why switch to IPv6?
The SOLUTION to the IPv4 address pool exhaustion
1 Enable new usages on the Internet
2 To go beyond the IPv4 limits :
3 To add simplicity :4 to reduce the connectivity cost
I Residual IPv4 addresses insufficient and costly to deploy: increasefunctionalities behind the box
I A connectivity scalable : Multiple-level NATs are complex (NAT444)!I NAT Traversal development cost is getting unbearable for applicationsI Same functions of IPv4 at the beginning
⇒IPv6 for a communication network supporting innovation
4 / 47
Forewords IPv6, the solution
Why switch to IPv6?
The SOLUTION to the IPv4 address pool exhaustion
1 Enable new usages on the Internet
2 To go beyond the IPv4 limits :
3 To add simplicity :
4 to reduce the connectivity cost
⇒IPv6 for a communication network supporting innovation
4 / 47
Forewords IPv6, the solution
Where we are ?
IPv6 adoption
Source :http://www.google.com/ipv6/statistics.html
5 / 47
Forewords IPv6, the solution
Where we are ?
IPv6 Adoption per-country
Source :http://www.google.com/ipv6/statistics.html
5 / 47
Content
1 ForewordsIPv4 crisisIPv6, the solutionAbout this course
2 IPv6 addressing reminder
3 IPv6 protocol operation control
4 Conclusion
Forewords About this course
G6
Material is taken from the G6 tutorial and copyrighted from G6.
G6: Group of IPv6 actors in France (researchers, engineers, ...):
Academic & industrial partnersI CNRS, Institut TELECOM, INRIA, Universities . . .I AFNIC, 6Wind, Bull, ...
Launched in 1995.
Today a legal association under French Law (1901)
For further information: http://www.g6.asso.fr
6 / 47
Forewords About this course
The first MOOC on IPv6 !G6 and Institut Mines-Telecom released the first M(assive) O(pen) O(line)C(ourse) on IPv6.
available on France Universite Numeriqueprovide videos, a book, exercices and labs4 teachers and a dynamic community interacting
Fifth session starts on June 2019
7 / 47
Content
1 Forewords
2 IPv6 addressing reminder
3 IPv6 protocol operation control
4 Conclusion
IPv6 addressing reminder
What is IPv6 ?
A new IP version
Addressing: Extend address format to 128 bits (16 bytes)I Global addressing
Protocol: Keep things that where successful in IPv4I ConnectionlessI Auto-descriptive packet
Processing: Correct (or suppress) inefficient topics in IPv4I Fix and well-known header formatI No fragmentation inside the network
Operation: Provide a good support to IP operationI Address resolutionI Auto-configurationI Multicast
⇒IPv4 and IPv6 are functionally the same.
8 / 47
IPv6 addressing reminder
IPv6 Addressing
Requirements
Flexibility for network evolutions
To reduce routing table size
ChoiceSeveral adresses types:
I castingI scopeI transition
Use CIDR principles to aggregate routes
Hexadecimal representation
Interfaces have several IPv6 addresses
9 / 47
IPv6 addressing reminder
Notation
Base format :I 8 words of 16 bits separated by ”:”I Each word consists of 4 hexadecimal digits [0− 9,A− F ]
Compressed format:
2001:0db8:beef:0001:0000:0000:cafe:deca
1 Remove 0 on the left of each word
2 Consecutive words with null value are abbreviated by "::"
3 To avoid ambiguity, substitute ONLY one sequence of zeros by ::
IPv4 in IPv6 format:I An IPv4 address may also appearI The 4 low-order 8-bit pieces are noted in standard IPv4 representationI 0:0:0:0:0:ffff:192.0.2.1 ⇒ ::ffff:192.0.2.1
10 / 47
IPv6 addressing reminder
Notation
Base format :I 8 words of 16 bits separated by ”:”I Each word consists of 4 hexadecimal digits [0− 9,A− F ]
Compressed format:
2001:0db8:beef:0001:0000:0000:cafe:deca
1 Remove 0 on the left of each word
2 Consecutive words with null value are abbreviated by "::"
3 To avoid ambiguity, substitute ONLY one sequence of zeros by ::
IPv4 in IPv6 format:I An IPv4 address may also appearI The 4 low-order 8-bit pieces are noted in standard IPv4 representationI 0:0:0:0:0:ffff:192.0.2.1 ⇒ ::ffff:192.0.2.1
10 / 47
IPv6 addressing reminder
Notation
Base format :I 8 words of 16 bits separated by ”:”I Each word consists of 4 hexadecimal digits [0− 9,A− F ]
Compressed format:
2001:db8:beef:1:0:0:cafe:deca
1 Remove 0 on the left of each word
2 Consecutive words with null value are abbreviated by "::"
3 To avoid ambiguity, substitute ONLY one sequence of zeros by ::
IPv4 in IPv6 format:I An IPv4 address may also appearI The 4 low-order 8-bit pieces are noted in standard IPv4 representationI 0:0:0:0:0:ffff:192.0.2.1 ⇒ ::ffff:192.0.2.1
10 / 47
IPv6 addressing reminder
Notation
Base format :I 8 words of 16 bits separated by ”:”I Each word consists of 4 hexadecimal digits [0− 9,A− F ]
Compressed format:
2001:db8:beef:1:0:0:cafe:deca
1 Remove 0 on the left of each word
2 Consecutive words with null value are abbreviated by "::"
3 To avoid ambiguity, substitute ONLY one sequence of zeros by ::
IPv4 in IPv6 format:I An IPv4 address may also appearI The 4 low-order 8-bit pieces are noted in standard IPv4 representationI 0:0:0:0:0:ffff:192.0.2.1 ⇒ ::ffff:192.0.2.1
10 / 47
IPv6 addressing reminder
Notation
Base format :I 8 words of 16 bits separated by ”:”I Each word consists of 4 hexadecimal digits [0− 9,A− F ]
Compressed format:
2001:db8:beef:1::cafe:deca
1 Remove 0 on the left of each word
2 Consecutive words with null value are abbreviated by "::"
3 To avoid ambiguity, substitute ONLY one sequence of zeros by ::
IPv4 in IPv6 format:I An IPv4 address may also appearI The 4 low-order 8-bit pieces are noted in standard IPv4 representationI 0:0:0:0:0:ffff:192.0.2.1 ⇒ ::ffff:192.0.2.1
10 / 47
IPv6 addressing reminder
Notation
Base format :I 8 words of 16 bits separated by ”:”I Each word consists of 4 hexadecimal digits [0− 9,A− F ]
Compressed format:
2001:db8:beef:1::cafe:deca
1 Remove 0 on the left of each word
2 Consecutive words with null value are abbreviated by "::"
3 To avoid ambiguity, substitute ONLY one sequence of zeros by ::
IPv4 in IPv6 format:I An IPv4 address may also appearI The 4 low-order 8-bit pieces are noted in standard IPv4 representationI 0:0:0:0:0:ffff:192.0.2.1 ⇒ ::ffff:192.0.2.1
10 / 47
IPv6 addressing reminder
Address prefix
Identification of a contiguous set of addresses
Use CIDR principles: Combining node address and prefix
ipv6-address/prefix-length
Prefix lengthI How many of the leftmost contiguous bits of the address comprise the prefix
For example, let the 60 bits prefix 2001:0db8:0000:d0d0:I 2001:db8:0:d0d0:1e1a:deca:dead:face/60
Alternative representation:I 2001:db8:0:d0d0::/60
Warning:
2001:db8:3::/40 is in fact 2001:db8:0003::/40 and not2001:db8:0300::/40
11 / 47
IPv6 addressing reminder
Address prefix
Identification of a contiguous set of addresses
Use CIDR principles: Combining node address and prefix
ipv6-address/prefix-length
Prefix lengthI How many of the leftmost contiguous bits of the address comprise the prefix
For example, let the 60 bits prefix 2001:0db8:0000:d0d0:I 2001:db8:0:d0d0:1e1a:deca:dead:face/60
Alternative representation:I 2001:db8:0:d0d0::/60
Warning:
2001:db8:3::/40 is in fact 2001:db8:0003::/40 and not2001:db8:0300::/40
11 / 47
IPv6 addressing reminder
IPv6 Addressing scheme
RFC 4291 defines addresses types :I loopback (::1)I link local (fe80::/10)I global unicast (2000::/3)I multicast (ff00::/8)
RFC 4193 adds a private unicast address typeI unique local IPv6 unicast addresses (fc00::/7)
Interfaces have several IPv6 addressesI at least a link-local and a global unicast addresses
Note:There are no broadcast addresses in IPv6, their function being superseded bymulticast addresses
12 / 47
IPv6 addressing reminder
Unicast Address
Hierarchical address spaceI Address is aggregable with prefix
Structured in 2 parts:I Subnet prefix: every subnet should be a /64I Interface identity on a link
Format:
Subnet prefix Interface ID
64 128-64
13 / 47
IPv6 addressing reminder
Global Unicast Address RFC 3587
Unique global address
2000::/3 to 3000::/3
Format:
001 Global Prefix SID Interface ID
3 45 16 64
public topology
given by the provider
local topology
assigned by network engineer
link address
auto or manual configuration
Global routing prefix is structured hierarchically by RIRs and ISPsSID: Subnet ID
I 16-bit length up to 65 535 subnetsF For home network, global prefix may be a /56 or /60 depending on the ISP
I There is no strict rules to structure SID:F sequencial : 1, 2, ...F use VLAN numberF include usage to allow filtering,
14 / 47
IPv6 addressing reminder
Link-Local Address
Automatically generated at bootstrap
Address not routable
Used for auto-configuration
the prefix is fe80::/64I The exit interface is not definedI A %iface, is added at the end of the address to avoid ambiguity.
Destination Gateway Flags Netif
default fe80::213:c4ff:fe69:5f49%en0 UGSc en0
Format:
fe80 0...0 Interface ID
10 54 64
link address
auto-configuration
15 / 47
IPv6 addressing reminder
Other kind of addresses : ULA RFC 4193
Equivalent to the private addresses in IPv4
But try to avoid same prefixes on two different sites:I avoid renumbering if two company mergeI avoid ambiguities when VPN are used
These prefixes are not routable on the Internet
Unique Local IPv6 Unicast Addresses:
fd Random Value SID Interface ID
8 40 16 64
private topology
Not Routable in the Internet
local topology link address
http://www.sixxs.net/tools/grh/ula/ to create your own ULA prefix.
16 / 47
IPv6 addressing reminder
Multicast address
Identifies several interfaces
Format:
8 4 4 112
ff xRPT scope Group ID
T (Transient) 0: well known address - 1: temporary addressP (Prefix) 1 : assigned from a network prefix (T must be set to 1) RFC 3306R : Embedding the Rendezvous Point (RP) address in an IPv6 Multicast address RFC 3956
Scope :I 1 - interface-localI 2 - link-localI 3 - reservedI 4 - admin-localI 5 - site-localI 8 - organisation-localI e - globalI f - reserved
17 / 47
IPv6 addressing reminder
Multicast address
Predefined group ID
1 All Nodes
2 All Routers
Well Known Multicast Addresses :http://www.iana.org/assignments/ipv6-multicast-addresses
Example
FF0s::1 All nodes in the scope s (s= 1, 2)
FF0s::2 All routers in the scope s (s= 1, 2, 5)
18 / 47
IPv6 addressing reminder
Others addresses
loopback0:0:0:0:0:0:0:1⇒::1
unspecified0:0:0:0:0:0:0:0 ⇒::
I indicates the absence of an addressI In a routing table, used as default routeI must not be used as the destination address
For further details
”Overview of IPv6” - Cisco:http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/
configuration/rtg_brdg/guide/ipv6.html
19 / 47
Content
1 Forewords
2 IPv6 addressing reminder
3 IPv6 protocol operation controlControl an IPv6 network through ICMPv6Neighbor discoveryStateless Address Auto-Configuration (SLAAC)
4 Conclusion
Content
1 Forewords
2 IPv6 addressing reminder
3 IPv6 protocol operation controlControl an IPv6 network through ICMPv6Neighbor discoveryStateless Address Auto-Configuration (SLAAC)
4 Conclusion
IPv6 protocol operation control Control an IPv6 network through ICMPv6
Supervision avec ICMPv6
20 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
ICMPv6 RFC 4443
Goal
ICMP (Internet Control Message Protocol) monitors the IP operation.Functionalities are extended and better organized
Functionalities
ICMPv6 covers ICMPv4 (for IPv4) features:
Error report encountered in processing packetInformation about the status of the network
ICMPv6 contains new functionalities:
Auto-configurationMulticast group memberships manangementNeighbor discoveryMobility
Procedures and messages format are separated.ICMPv6 is encapsulated in IPv6 packet : next header = 58
21 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
ICMPv6: General Message Format
0..............7..............15...............23...............31
Type Code Checksum
Options
First wordtype: nature of the message ICMPv6code: specifies the cause of the message ICMPv6checksum: used to verify the integrity of ICMP packet (mandatory)
22 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
ICMPv6 : Two Functions
Error occurs during forwarding (value < 128)1 Destination Unreachable2 Packet Too Big3 Time Exceeded4 Parameter Problem
Management applications (value > 128)128 Echo Request129 Echo Reply
130 Group Membership Query131 Group Membership Report132 Group Membership Reduction
133 Router Solicitation134 Router Advertissement135 Neighbor Solicitation136 Neighbor Advertissement137 Redirect
23 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
Information about the connectivity
Ping (Packet INternet Groper)
Check connectivity of a network interface.
Type:
128: Echo request129: Echo reply
0..............7..............15..............23..............31
Type = 128/129 Code =0 Checksum
Identifier Sequence Number
Data
24 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
Error: Packet Too Big
ContextWhen a router cannot forward a packet because it is larger than the MTU of theoutgoing link.Routers are not allowed to fragment IPv6 packets.
0.............7..............15..............23...............31
Type = 2 Code = 0 Checksum
MTU
Packet which generated error
(with MTU constraint)
25 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
Path MTU discovery for IPv6 RFC 8201
A
B
R
MTU=1500
MTU=1280
PMTU(*)=1500
26 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
Path MTU discovery for IPv6 RFC 8201
A
B
R
MTU=1500
MTU=1280
PMTU(*)=1500
A-> B Size=1500
26 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
Path MTU discovery for IPv6 RFC 8201
A
B
R
MTU=1500
MTU=1280
PMTU(*)=1500
R-> A ICMP6 Error: Packet too big
MTU=1280
26 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
Path MTU discovery for IPv6 RFC 8201
A
B
R
MTU=1500
MTU=1280
PMTU(*)=1500
R-> A ICMP6 Error: Packet too big
MTU=1280
PMTU(B)=1280
26 / 47
IPv6 protocol operation control Control an IPv6 network through ICMPv6
Path MTU discovery for IPv6 RFC 8201
A
B
R
MTU=1500
MTU=1280
PMTU(*)=1500
PMTU(B)=1280
A-> B Size=1280
26 / 47
Content
1 Forewords
2 IPv6 addressing reminder
3 IPv6 protocol operation controlControl an IPv6 network through ICMPv6Neighbor discoveryStateless Address Auto-Configuration (SLAAC)
4 Conclusion
IPv6 protocol operation control Neighbor discovery
Decouverte des voisins
27 / 47
IPv6 protocol operation control Neighbor discovery
Neighbor Discovery (ND) RFC 4861
IPv6 nodes sharing the same physical medium (link) use Neighbor Discovery (ND)to :
Determine link-layer addresses of their neighborsI IPv4 : ARP
Address auto-configurationI Layer 3 parameters: IPv6 address, default route, MTU and Hop LimitI Only for hosts !I IPv4 : impossible, mandate a centralized DHCP server
Duplicate Address Detection (DAD)
Maintain neighbors reachability information (NUD)
Principles
Mainly uses multicast addresses
Protocol messages are transported/encapsulated in IPv6 packets:I Protocol uses ICMPv6 messages
28 / 47
IPv6 protocol operation control Neighbor discovery
Neighbor Discovery (ND) RFC 4861
IPv6 nodes sharing the same physical medium (link) use Neighbor Discovery (ND)to :
Determine link-layer addresses of their neighborsI IPv4 : ARP
Address auto-configurationI Layer 3 parameters: IPv6 address, default route, MTU and Hop LimitI Only for hosts !I IPv4 : impossible, mandate a centralized DHCP server
Duplicate Address Detection (DAD)
Maintain neighbors reachability information (NUD)
Principles
Mainly uses multicast addresses
Protocol messages are transported/encapsulated in IPv6 packets:I Protocol uses ICMPv6 messages
28 / 47
IPv6 protocol operation control Neighbor discovery
Neighbor Discovery (ND) RFC 4861
IPv6 nodes sharing the same physical medium (link) use Neighbor Discovery (ND)to :
Determine link-layer addresses of their neighborsI IPv4 : ARP
Address auto-configurationI Layer 3 parameters: IPv6 address, default route, MTU and Hop LimitI Only for hosts !I IPv4 : impossible, mandate a centralized DHCP server
Duplicate Address Detection (DAD)
Maintain neighbors reachability information (NUD)
Principles
Mainly uses multicast addresses
Protocol messages are transported/encapsulated in IPv6 packets:I Protocol uses ICMPv6 messages
28 / 47
IPv6 protocol operation control Neighbor discovery
Neighbor Discovery (ND) RFC 4861
IPv6 nodes sharing the same physical medium (link) use Neighbor Discovery (ND)to :
Determine link-layer addresses of their neighborsI IPv4 : ARP
Address auto-configurationI Layer 3 parameters: IPv6 address, default route, MTU and Hop LimitI Only for hosts !I IPv4 : impossible, mandate a centralized DHCP server
Duplicate Address Detection (DAD)
Maintain neighbors reachability information (NUD)
Principles
Mainly uses multicast addresses
Protocol messages are transported/encapsulated in IPv6 packets:I Protocol uses ICMPv6 messages
28 / 47
IPv6 protocol operation control Neighbor discovery
Neighbor Discovery (ND) RFC 4861
IPv6 nodes sharing the same physical medium (link) use Neighbor Discovery (ND)to :
Determine link-layer addresses of their neighborsI IPv4 : ARP
Address auto-configurationI Layer 3 parameters: IPv6 address, default route, MTU and Hop LimitI Only for hosts !I IPv4 : impossible, mandate a centralized DHCP server
Duplicate Address Detection (DAD)
Maintain neighbors reachability information (NUD)
Principles
Mainly uses multicast addresses
Protocol messages are transported/encapsulated in IPv6 packets:I Protocol uses ICMPv6 messages
28 / 47
IPv6 protocol operation control Neighbor discovery
Types of ICMPv6 messages used to ND
For routing configuration and auto-configuration :I Router Solicitation (RS) : 133I Router Advertisement (RA) : 134I Redirect: 137
For interaction between neighborsI Neighbor Solicitation (NS) : 135I Neighbor Advertisement (NA) : 136
29 / 47
IPv6 protocol operation control Neighbor discovery
Address Resolution
Principle
Sending a request by a NS to Solicited-Node Multicast Addresscorresponding to the target address.
A node sends a NA in response to a valid NS, targeting one of the node’sassigned addresses.
30 / 47
IPv6 protocol operation control Neighbor discovery
Address Resolution
Principle
Sending a request by a NS to Solicited-Node Multicast Addresscorresponding to the target address.
A node sends a NA in response to a valid NS, targeting one of the node’sassigned addresses.
Interface configuration
Each IPv6 node has joined 2 special multicast groups for every network interface :
All-nodes multicast group: ff02::1
Solicited-node multicast group: ff02::1:ffxx:xxxx30 / 47
IPv6 protocol operation control Neighbor discovery
Solicited-Node Multicast Address
GoalsWidely used for stateless auto-configuration and for address resolution
Avoid the use of broadcast
Rules
Derive a Multicast Address from a Unicast Address
A node must join the associated solicited-node multicast addresses for everyof its unicast addresses
IPv6 multicast address is mapped in MAC address and added in the Ethernetcard. (RFC 2464)
I ⇒no address resolution for Multicast address
2 parts:I Prefix: FF02::1:FF00:0/104I Group ID: low-order 24 bits of unicast address
31 / 47
IPv6 protocol operation control Neighbor discovery
Solicited-Node Multicast Address
Derive a Multicast Address from a Unicast AddressI Widely used for stateless auto-configurationI Avoid the use of broadcast
01-02-03-04-05-06
32 / 47
IPv6 protocol operation control Neighbor discovery
Solicited-Node Multicast Address
Derive a Multicast Address from a Unicast AddressI Widely used for stateless auto-configurationI Avoid the use of broadcast
01-02-03-04-05-06
fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506
32 / 47
IPv6 protocol operation control Neighbor discovery
Solicited-Node Multicast Address
Derive a Multicast Address from a Unicast AddressI Widely used for stateless auto-configurationI Avoid the use of broadcast
01-02-03-04-05-06
fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506 GP::1
32 / 47
IPv6 protocol operation control Neighbor discovery
Solicited-Node Multicast Address
Derive a Multicast Address from a Unicast AddressI Widely used for stateless auto-configurationI Avoid the use of broadcast
01-02-03-04-05-06
fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506 GP::1
ff02::1:ff04:0506 ff02::1:ff00:0001
32 / 47
IPv6 protocol operation control Neighbor discovery
Solicited-Node Multicast Address
Derive a Multicast Address from a Unicast AddressI Widely used for stateless auto-configurationI Avoid the use of broadcast
01-02-03-04-05-06
fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506 GP::1
ff02::1:ff04:0506 ff02::1:ff00:0001
33-33-ff-04-05-06 33-33-ff-00-00-01
32 / 47
IPv6 protocol operation control Neighbor discovery
Solicited-Node Multicast Address
Derive a Multicast Address from a Unicast AddressI Widely used for stateless auto-configurationI Avoid the use of broadcast
01-02-03-04-05-06
fe80::0302:03ff:fe04:0506 GP:0302:03ff:fe04:0506 GP::1
ff02::1:ff04:0506 ff02::1:ff00:0001
33-33-ff-04-05-06 33-33-ff-00-00-01
Example
1 IPv6 addr: 2001:0660:010a:4002:4421:21FF:FE24:87c1
2 Sol. Mcast addr: FF02:0000:0000:0000:0000:0001:FF24:87c1
3 Ethernet: 33:33:FF:24:87:c1
32 / 47
IPv6 protocol operation control Neighbor discovery
Duplicated Address Detection (DAD) RFC 4862
Rule 1Before being valid on an interface, an IPv6 address has to be proved unique onthe network.
DAD mechanism use Neighbor Discovery to ensure adress uniqueness
Validating host sends a NS targetting this addressSame host triggers a timer for NA reception (around 1s)If no NA received before timer expiration, the address is considered as unique
Rule 2If an address conflict is detected, resolution is responsability of the administrator.
33 / 47
Content
1 Forewords
2 IPv6 addressing reminder
3 IPv6 protocol operation controlControl an IPv6 network through ICMPv6Neighbor discoveryStateless Address Auto-Configuration (SLAAC)
4 Conclusion
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Auto-configuration
Hosts should be plug & play
The new address format allows plug and play
Configuring a network interface:
Allocate or create an IPv6 address
Indicate the prefix length for the network
Communicate the router address of the default route
Identify the local name server
34 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Auto-configuration
2 types of auto-configuration
Stateless Address Auto-Configuration (SLAAC) RFC 4862
To configure address without maintaining any state
Stateful Address Auto-Configuration RFC 8415
Use of DHCPv6 (Dynamic Host Configuration Protocol)
Client/Server/Relay architecture
Can be used to complement stateless auto-configuration
34 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Auto-configuration: Stateless vs Stateful
StatelessPro:
Reduce manual configuration
No server, no state (therouter provides allinformation)
Cons:
Non-obvious addresses
No control on addresses onthe LAN
Security flaws
Stateful (DHCPv6)
Pro:
Control of addresses on theLAN
Control of address format
Cons:
Require an extra server
Still need RA mechanism(still vulnerable)
Clients to be deployed
Stateless: Typically, for Plug-and-Play networks (Home Network)
Stateful: Typically, for administrated networks (enterprise, institution)
If concerned about security => static configuration !
35 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Auto-configuration sans etat
Part 1: Principe
36 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Auto-configuration sans etat
Part 2: Echanges avec le routeur
36 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Stateless Address Auto-Configuration (SLAAC) RFC 4862
Principle
Allows a host to create a unicast address from:
Its MAC addressPrefixes sent by neighbor routers
SLAAC steps:
Link-local addresses creationDuplicate addresses detection (DAD)Discover the routers on-link (RS/RA)Configure hosts global addressesConfigure other parameters: default router, name server
37 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Address creation
Unicast address format
Subnet prefix Interface ID
64 128-64
Principle
IID is created from EUI-64Subnet prefix is either well-known (FE80::/64) or received from router
38 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
How to Construct an IID from MAC Address RFC 2464
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)
IEEE propose a way to transform a MAC-48 to an EUI-64
Universal/Local changed for numbering purpose
39 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
How to Construct an IID from MAC Address RFC 2464
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)
IEEE propose a way to transform a MAC-48 to an EUI-64
Universal/Local changed for numbering purpose
39 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
How to Construct an IID from MAC Address RFC 2464
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)
IEEE propose a way to transform a MAC-48 to an EUI-64
Universal/Local changed for numbering purpose
00 VendorMAC-48 Serial Number
00 Vendor Serial Number0xfffeEUI-64
39 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
How to Construct an IID from MAC Address RFC 2464
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)
IEEE propose a way to transform a MAC-48 to an EUI-64
Universal/Local changed for numbering purpose
00 VendorMAC-48 Serial Number
00 Vendor Serial Number0xfffeEUI-64
10 Vendor Serial Number0xFFFEIID
39 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
How to Construct an IID from MAC Address RFC 2464
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)
IEEE propose a way to transform a MAC-48 to an EUI-64
Universal/Local changed for numbering purpose
00 VendorMAC-48 Serial Number
00 Vendor Serial Number0xfffeEUI-64
10 Vendor Serial Number0xFFFEIID
There is no conflicts if IID are manually numbered: 1, 2, 3, ...
39 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Examples
From MAC to IIDMAC address (48 bits)
I 00:A0:24:E3:FA:4B
EUI-64 (64 bits + U=0/L=1)I 00A0:24FF:FEE3:FA4B
IID (U=1/L=0)I 02A0:24FF:FEE3:FA4B
On Unix
%ifconfiglo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1inet 127.0.0.1 netmask 0xff000000
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet6 fe80::216:cbff:febe:16b3%en1 prefixlen 64 scopeid 0x5inet 192.168.2.5 netmask 0xffffff00 broadcast 192.168.2.255inet6 2001:660:7307:6031:216:cbff:febe:16b3 prefixlen 64autoconfether 00:16:cb:be:16:b3media: autoselect status: activesupported media: autoselect
40 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Examples
From MAC to IIDMAC address (48 bits)
I 00:A0:24:E3:FA:4B
EUI-64 (64 bits + U=0/L=1)I 00A0:24FF:FEE3:FA4B
IID (U=1/L=0)I 02A0:24FF:FEE3:FA4B
On Unix
%ifconfiglo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1inet 127.0.0.1 netmask 0xff000000
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet6 fe80::216:cbff:febe:16b3%en1 prefixlen 64 scopeid 0x5inet 192.168.2.5 netmask 0xffffff00 broadcast 192.168.2.255inet6 2001:660:7307:6031:216:cbff:febe:16b3 prefixlen 64autoconfether 00:16:cb:be:16:b3media: autoselect status: activesupported media: autoselect
40 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Examples
From MAC to IIDMAC address (48 bits)
I 00:A0:24:E3:FA:4B
EUI-64 (64 bits + U=0/L=1)I 00A0:24FF:FEE3:FA4B
IID (U=1/L=0)I 02A0:24FF:FEE3:FA4B
On Unix
%ifconfiglo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1inet 127.0.0.1 netmask 0xff000000
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet6 fe80::216:cbff:febe:16b3%en1 prefixlen 64 scopeid 0x5inet 192.168.2.5 netmask 0xffffff00 broadcast 192.168.2.255inet6 2001:660:7307:6031:216:cbff:febe:16b3 prefixlen 64autoconfether 00:16:cb:be:16:b3media: autoselect status: activesupported media: autoselect
40 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
Examples
From MAC to IIDMAC address (48 bits)
I 00:A0:24:E3:FA:4B
EUI-64 (64 bits + U=0/L=1)I 00A0:24FF:FEE3:FA4B
IID (U=1/L=0)I 02A0:24FF:FEE3:FA4B
On Unix
%ifconfiglo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1inet 127.0.0.1 netmask 0xff000000
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet6 fe80::216:cbff:febe:16b3%en1 prefixlen 64 scopeid 0x5inet 192.168.2.5 netmask 0xffffff00 broadcast 192.168.2.255inet6 2001:660:7307:6031:216:cbff:febe:16b3 prefixlen 64autoconfether 00:16:cb:be:16:b3media: autoselect status: activesupported media: autoselect
40 / 47
IPv6 protocol operation control Stateless Address Auto-Configuration (SLAAC)
In brief
41 / 47
Content
1 Forewords
2 IPv6 addressing reminder
3 IPv6 protocol operation control
4 Conclusion
Conclusion
ICMPv6
Messages
ICMPv6 is different from ICMP for IPv4I IPv6 next header (or extension): 58
Procedures and messages format are separated
Used ToAs ICMPv4:
I Error report encountered in forwarding packetI Information about the status of the network
Discovery the PMTU⇒Alternate solution by Packetization Layer Path MTU Discovery (RFC 4821)
Neighbor discoveryI Address resolution
Stateless Address Auto-configuration:I Network is configured mainly at the router levelI Allows a host to configure its network interface
42 / 47
Conclusion
IPv6 Operations
BenefitsICMPv6 covers ICMPv4 features
I BUT features are extended and better organized
Efficiently address resolutionI Mainly uses multicast addressesI Protocol uses ICMPv6 messagesI ICMPv6 messages are transported/encapsulated in IPv6 packets
Auto-configuration of hosts (stateless and stateful)I Layer 3 ”Plug & Play” Protocol
⇒Provide efficiently and simplicity
Attention
Never filter ICMPv6 messages blindly (RFC 4890)
43 / 47
Conclusion
IPv6 Operations
BenefitsICMPv6 covers ICMPv4 features
I BUT features are extended and better organized
Efficiently address resolutionI Mainly uses multicast addressesI Protocol uses ICMPv6 messagesI ICMPv6 messages are transported/encapsulated in IPv6 packets
Auto-configuration of hosts (stateless and stateful)I Layer 3 ”Plug & Play” Protocol
⇒Provide efficiently and simplicity
Attention
Never filter ICMPv6 messages blindly (RFC 4890)
43 / 47
Conclusion
How can G6 help you?
Book ”IPv6, Theorie et Pratique”
Reference book in French
Online version: http://livre.g6.asso.fr/
New version in progress
Web Site & Newsletter
http://g6.asso.fr/
MOOC
Objectif IPv6 : vers l’internet nouvelle generation
44 / 47
Conclusion
References
S. Bortzmeyer blog: RFC Analysishttp://www.bortzmeyer.org/search
Support and e-learninghttp://www.6deploy.eu
https://www.ripe.net/support/training/courses
Practice: ”Computer Networking : Principles, Protocols and Practice”http://cnp3bis.info.ucl.ac.be
Major milestones to IPv6 deploymenthttp://en.wikipedia.org/wiki/IPv6_deployment
45 / 47
Conclusion
Questions ?
46 / 47
Conclusion
Fin
Slides written in LATEX. March 31, 2020.Document class beamer.by Pascal Anellihttp://lim.univ-reunion.fr/staff/panelli
47 / 47