ipv6
DESCRIPTION
ipv6TRANSCRIPT
IPv6
Alp ISIK
9.1 Link-local addressing• At R1 - // similiar at R2-R3-R4int s2/0
ipv6 address fe80::1 link-localframe-relay map ipv6 fe80::5 105 broadcastframe-relay map ipv6 fe80::2 105frame-relay map ipv6 fe80::3 105frame-relay map ipv6 fe80::4 105
At R5interface Serial2/0
ipv6 address FE80::5 link-local frame-relay map ipv6 FE80::4 504 broadcast frame-relay map ipv6 FE80::3 503 broadcast frame-relay map ipv6 FE80::2 502 broadcast
frame-relay map ipv6 FE80::1 501 broadcast frame-relay map ip 155.1.0.4 504 broadcast
frame-relay map ip 155.1.0.3 503 broadcast frame-relay map ip 155.1.0.2 502 broadcast
frame-relay map ip 155.1.0.1 501 broadcast
IPv6 Unique Local Addressing
interface Ethernet0/0ipv6 address FC00:1:0:37::3/64
9.3 global Aggregatable Addressing• At R5interface Serial2/0
ipv6 address 2001:1:0:1234::5/64 frame-relay map ipv6 2001:1:0:1234::4 501
frame-relay map ipv6 2001:1:0:1234::3 501 frame-relay map ipv6 2001:1:0:1234::2 501 frame-relay map ipv6 2001:1:0:1234::1 501
9.4 EUI Addressing• At R1
int e0/0ipv6 address 2001:1:0:146::/64 eui-64show ipv6 int briEthernet0/0 [up/up]
FE80::A8BB:CCFF:FE00:100 2001:1:0:146:A8BB:CCFF:FE00:100
***9.5 IPv6 Auto-coniguration ***
• Ipv4’daki DHCP nin gorevi olan IP dağıtımını IPv6’te routerlar, neighbor discovery router advertisement paketleri ile yapabilirler.
• At R5ipv6 unicast-routing (config-if)#ipv6 addr fc00:1:0:58::5/64
ipv6 addr fc00:1:0:85::5/64ipv6 nd prefix fc00:1:0:58::/64 14400 14400 no-autoconfig // kullanılmamasını istediğimiz prefixlerde no autoconfig girdik. ****//trouble
shoot ederken dikkat edilmeli.**** gizli komutipv6 nd prefix fc00:1:0:85::/64 14400 14400 ipv6 nd ra-inter 40ipv6 nd ra-life 60*** no ipv6 nd ra suppress // defaultta boyle geliyor ama troubleshoot ederken
dikkat edilmeli.• At SW2• **IPv6 i switchlerde acabilmek icin //”sdm prefer dual-ipv4-and-ipv6 routing”
komutu + reboot gerekli
(config-if)#ipv6 address autoconfig default
9.6 RIPng• Global’de “ipv6 unicast-routing” açılır.• IPv6 adresi configure edilmiş interface’de
açılır.//interface Ethernet0/0
ipv6 address 2001:1:0:146::/64 eui-64ipv6 rip RIPNG enable
RIPng over NBMA
• HUB’ta //split horizonu kapatmayı unutmamalıyız.
Rack1R5(config)#ipv6 router rip RIPNGRack1R5(config-rtr)#no split-horizon
RIPng Summarization
• At R1----------------(config-if)#ipv6 rip RIPNG summary-address
fc00:1::/61
9.9 RIPng Prefix Filtering• R5
ipv6 router rip RIPNG distribute-list prefix-list FILTER_R6_LO100 in
ipv6 prefix-list FILTER_R6_LO100 seq 5 deny FC00:1:0:6::/64ipv6 prefix-list FILTER_R6_LO100 seq 10 permit ::/0 le 128
9.10 RIPng Metric manipulation
• At R4interface Serial2/1
ipv6 enableipv6 rip RIPNG enable
interface Serial2/0ipv6 rip RIPNG metric-offset 2
R4#show ipv6 int briSerial2/1 [up/up] FE80::A8BB:CCFF:FE00:400 // ipv6 enable komutu
otomatik link-local adresi oluşturdu.
9.11 RIPng Default routing• At R6------Rack1R6(config-if)#ipv6 rip RIPNG default-information originate metric 5
9.12 EIGRPv6
• Diğer v6 routing protokollerinde olduğu gibi //ipv6 unicast-routing açılır.ipv6 router eigrp 100
no shut // eigrpye ozel acılır.
9.13 EIGRPv6 Summarization
• At R5int s2/1
ipv6 summary-address eigrp 100 fc00:1::/60int s2/0
ipv6 summary-address eigrp 100 fc00:1::/60
9.14 EIGRP Prefix Filtering
• At R5ipv6 router eigrp 100
distribute-list prefix-list FILTER_R6_LO100 in
ipv6 prefix-list FILTER_R6_LO100 seq 5 deny FC00:1:0:6::/64ipv6 prefix-list FILTER_R6_LO100 seq 10 permit ::/0 le 128
9.15 EIGRPv6 Metric Manupulation
• At R4, R5, R6, SW2ipv6 router eigrp 100
variance 3 metric weights 0 0 0 1 0 0
• At R4 ve R5int s2/0
delay 2000int s2/1
delay 1000
9.16 EIGRPv6 Default Routing• Default route basmanın iki yolu var, summarization ve
redistribution.• Redistribution’da, eigrp external ve AD170 olarak gondeririz.• Summarization da ise leak-map olmadığı için diğer bütün
routelar suppress edilir.
• At R6-----------Rack1R6(config-if)#ipv6 summary-address eigrp 100 ::/0 ? <1-255> Administrative distance <cr>
Rack1R6(config-if)#ipv6 summary-address eigrp 100 ::/0 5
9.17 OSPFv3
• At SW1interface Ethernet0/3 ipv6 address FC00:1:0:37::7/64 ipv6 ospf network point-to-point ipv6 ospf 1 area 37
interface Ethernet1/0ipv6 address FC00:1:0:67::7/64
ipv6 ospf hello-interval 1 ipv6 ospf 1 area 0
ipv6 router ospf 1 router-id 150.1.7.7
9.18 OSPF over NBMA• At R2
ipv6 unicast-routinginterface Serial2/0
ipv6 address FE80::2 link-local ipv6 ospf network point-to-multipoint non-broadcast
ipv6 ospf neighbor FE80::5 ipv6 ospf 1 area 0
ipv6 router ospf 1router-id 150.1.2.2
• At R5ipv6 unicast-routinginterface Serial2/0
ipv6 address FE80::5 link-local ipv6 ospf network point-to-multipoint non-broadcast
ipv6 ospf neighbor FE80::2 ipv6 ospf 1 area 0
ipv6 router ospf 1router-id 150.1.5.5
9.19 OSPFv3 Virtual Links
• At SW1---------ipv6 router ospf 1
area 37 virtual-link 150.1.3.3• At R3---------ipv6 router ospf 1
area 37 virtual-link 150.1.7.7
9.20 OSPFv3 Summarization• Rack1R5
ipv6 router ospf 1area 58 range fc00:1::/56
int e0/0ipv6 ospf 1 area 58
• SW2interface Loopback100
ipv6 address FC00:1:0:8::8/64 ipv6 ospf 1 area 58
interface Loopback101 ipv6 address FC00:1:0:88::88/64 ipv6 ospf 1 area 58
interface vl58 ipv6 ospf 1 area 58
9.21 IPv6 Redistribution• At R5ipv6 router eigrp 100
redistribute rip RIPNG metric 1000 0 255 1 1500 include-connected redistribute ospf 1 metric 1000 0 255 1 1500 include-connectedipv6 router ospf 1
redistribute connected metric 8 redistribute rip RIPNG metric 8 redistribute eigrp 100 metric 8ipv6 router rip RIPNG
redistribute eigrp 100 metric 8 include-connected redistribute ospf 1 metric 8 include-connected
• At R6ipv6 router ospf 1
distance ospf extern 171
9.22 IPv6 Filtering• At R3
int s2/0ipv6 traffic-filter FILTER_OUT outipv6 traffic-filter FILTER_IN inipv6 access-list FILTER_OUT
permit tcp FC00:1:0:67::/64 any eq www permit tcp FC00:1:0:67::/64 any range ftp-data ftp permit tcp FC00:1:0:67::/64 any eq whois
ipv6 access-list FILTER_IN permit tcp any eq www FC00:1:0:67::/64 permit tcp any range ftp-data ftp FC00:1:0:67::/64 permit tcp any eq whois FC00:1:0:67::/64 permit 89 any any• AT R5ip http server
9.23 IPv6 NAT-PT
• At SW1ipv6 route 2000::/96 fc00:1:67::6
• R6int e0/0.67
ipv6 natint e0/0.146
ipv6 natipv6 nat v6v4 source fc00:1:0:67::7 155.1.146.7ipv6 nat v4v6 source 150.1.4.4 2000::9601:0404ipv6 nat prefix 2000::/96ipv6 router rip RIPNG
redistribute connected
SW1
R6
R4
ipv6 route 2000::/96 fc00:1:67::6
ipv6 nat
ipv6 nat
fc00:1:0:67::7
fc00:1:67::6
155.1.146.7
150.1.4.4
9.24 IPv6 MP-BGP• At R1
router bgp 100neighbor 2001:1:0:1234::5 remote-as 500
address-family ipv6 unicast neighbor 2001:1:0:1234::5 activate network 2003:1:0:1::/64 network 2003:1:0:10::/61 aggregate-address 2003:1::/59 summary-only• At R5
router bgp 500address-family ipv6 unicast neighbor 2001:1:0:1234::1 remote 100 neighbor 2001:1:0:1234::1 activate
9.25 IPv6 PIM and MLD
• IPv6 multicast-routing’i actıgımızda PIMv2 otomatik olarak butun interface’lerde acılır, kapatmak istediğimiz interface’lerde tek tek no ipv6 pim yazarız.
• Rack1R1ipv6 multicast-routingint s2/1
no ipv6 pim• Rack1R3
ipv6 multicast-routingint s2/2
no ipv6 pim• Rack1R4
ipv6 multicast-routingint s2/2
no ipv6 pim
• R5ipv6 multicast-routingipv6 access-list MLD_FILTER
permit ipv6 any ff08::/64int e0/0
ipv6 mld access-group MLD_FILTERipv6 mld join-group ff08::8 ipv6 mld query-interval 10
9.26 IPv6 PIM BSR• Rack1R6
ipv6 pim bsr candidate rp fc00:1:0:6::6 prio 100• Rack1R4
ipv6 pim bsr candidate bsr fc00:1:0:4::4 prio 100• Rack1R5
ipv6 route fc00:1:0:4::/64 ser 2/1 multicast //statcic mroute yazımı için ipv6 te sona “multicast” eklenir.
• Rack1R1ipv6 route fc80:1:0:4::/64 e0/0 FE80::A8BB:CCFF:FE00:410 multicast // FE80::A8BB:CCFF:FE00:410 is link-local of R4 vl146
9.27 IPv6 Embeded RP
• Same as static RP• At R5
ipv6 mld join-group ff76:0640:2001:cc1e::8• At R6
int lo 300ipv6 add 2001:cc1e::6/128ipv6 eigrp 100ipv6 rip RIPNG enable
9.28 IPv6 SSM• R5int e0/0
ipv6 mld join-group ff36::8 2001:1:0:146:21A:2FFF:FE78:4678
9.29 IPv6 Tunnelling• At R6
interface Tunnel26 ipv6 address 2001:1:0:26::6/64 tunnel source Loopback0 tunnel destination 150.1.2.2
interface Tunnel56 ipv6 address 2001:1:0:56::6/64 tunnel source Loopback0 tunnel destination 150.1.5.5 tunnel mode ipv6ip
ipv6 route 2001:1:0:2::/64 Tunnel26ipv6 route 2001:1:0:5::/64 Tunnel56
int lo100ipv6 address 2001:1:0:6::6/64
• At R2ipv6 unicast-routinginterface Tunnel26 ipv6 address 2001:1:0:26::2/64 tunnel source Loopback0 tunnel destination 150.1.6.6int lo100
ipv6 address 2001:1:0:2::2/64
• R5interface Tunnel56 ipv6 address 2001:1:0:56::6/64 tunnel source Loopback0 tunnel destination 150.1.6.6 tunnel mode ipv6ipint lo100
ipv6 address 2001:1:0:5::5/64
9.30 Automatic 6to4 Tunnelling
• At R5interface Tunnel345
ipv6 address 2002:9601:505::5/64 tunnel source Loopback0 tunnel mode ipv6ip 6to4
ipv6 route 2002::/16 Tunnel345int lo200
ipv6 address 2002:9601:505:1::5/64Not : there is no tunnel destination in configIpv6 adresi aşağıdaki formatta olur:2002:IPv4Address:Subnet ID : Interface ID(16 bits) : (32 bits) : (16 bits) : (64 bits)Oncelikle Ipv6 adresine gomulu IPv4 adresi üzerinden karşı taraf için
destination adresi oluştururuz. Bütün 2002:: ya giden paketleri tunele yollayarak erişimi sağlarız.
• R3int tunnel 345
tunnel source lo0tunnel mode ipv6ip 6to4ipv6 address 2002:9601:303::3/64
ipv6 route 2002::/16 Tunnel 345int lo200
ipv6 address 2002:9601:303:1::3/64• R4
int tunnel 345tunnel source lo0tunnel mode ipv6ip 6to4ipv6 address 2002:9601:404::4/64
ipv6 route 2002::/16 Tunnel 345int lo200
ipv6 address 2002:9601:404:1::4/64
R3#ping 2002:9601:0303:64::3
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2002:9601:303:64::3, timeout is 2 seconds:!!!!!Gateway olarak ipv4 adresini kullanır.Protocol id 41 // firewall’da izin verilmeli.
R1.cfg R2.cfg R3.cfg R4.cfg
ipv6 6to4 tunnel.net
WB2 lab9 3.1
R4
R6R5
R3
İpv6ip 6to4
İpv6ip 6to4 İpv6ip 6to4 İpv6ip 6to4
İpv4 cloud tunnel
tunnel
tunneltunnel
Lo0İpv6 addr
Lo0İpv6 addr
Lo0İpv6 addr
Lo0İpv6 addr
Static route for loopbacks over tunnel
Static route for loopbacks over tunnel
Static route for loopbacks over tunnel
Static route for loopbacks over tunnel
9.31 ISATAP Tunnelling• At R3
interface Tunnel345ipv6 address 2001:1:0:345::/64 eui-64
tunnel source Loopback0 tunnel mode ipv6ip isatap
ipv6 route 2001:1:0:5::/64 2001:1:0:345:0:5EFE:9601:505ipv6 route 2001:1:0:4::/64 2001:1:0:345:0:5EFE:9601:404int lo100
ipv6 address 2001:1:0:3::3/64• At R5
interface Tunnel345ipv6 address 2001:1:0:345::/64 eui-64
tunnel source Loopback0 tunnel mode ipv6ip isatap
ipv6 route 2001:1:0:3::/64 2001:1:0:345:0:5EFE:9601:303ipv6 route 2001:1:0:4::/64 2001:1:0:345:0:5EFE:9601:404int lo100
ipv6 address 2001:1:0:5::5/64
• At R4interface Tunnel345
ipv6 address 2001:1:0:345::/64 eui-64 tunnel source Loopback0 tunnel mode ipv6ip isatap
ipv6 route 2001:1:0:4::/64 2001:1:0:345:0:5EFE:9601:303ipv6 route 2001:1:0:4::/64 2001:1:0:345:0:5EFE:9601:505int lo100
ipv6 address 2001:1:0:4::4/64• Source lo0 adresinden tunnel ipv6 adresini oluşturuyor.R1#sh ipv6 int brTunnel345 [up/up] FE80::5EFE:9601:303 2001:1:0:345:0:5EFE:9601:303
R3#ping 2001:1:0:345:0:5EFE:9601:404
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001:1:0:345:0:5EFE:9601:404, timeout is 2 seconds:!!!!!PS : Protocol id 41