Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
IPv6: Build Your Own Lab Jeffrey L Carrell Network Conversions Network Consultant IPv6 SME/Trainer
[email protected] Twitter: @JeffCarrell_v6
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
1
IPv6: Build Your Own Lab • • • • • •
Whatt are we trying Wh t i to t accomplish li h today? t d ? Quick IPv6 History IPv6 Address basics IPv6 Address Autoconfiguration IPv6 Transition Mechanisms IPv6 Lab system configuration and demonstration IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
2
1
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
What are we trying to accomplish today? • LLearn some IPv6 IP 6 basics b i • Use free applications, utilities, and OS’s to create a “virtual lab system” on a single host computer • Connect to an IPv6 tunnel broker to obtain routed a /56 IPv6 address block, capable of 256 /64 networks or 16 /60 subnets with 16 /64 networks each • Configure an open source router application to perform true IPv4/IPv6 routing and DHCP/DHCPv6 services • Have real IPv6 Internet presence with only IPv4 access to the Internet IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
3
IPv6 Brief History • • • • • • • •
Fall 1992 – IPv4 addresses will run out someday Oct 1993 – DHCP – RFC 1531 – easier IPv4 address management Dec 1993 – IPng – RFC 1550 – basic specification for next version IP May 1994 – NAT – RFC 1631 – temporary solution before IPng available Dec 1995 – RFC 1883 – Basic specifications of IPv6 F b 1996 – RFC 1918 – Private Feb Pi Iv4 I 4 addresses dd Dec 1998 – RFC 2460 – Full IPv6 defined May 2005 – RFC 3927 – APIPA (IPv4) IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
4
2
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Comparing IPv4 & IPv6 Addresses • IP IPv4 4 addresses dd 232 = 4,294,967,296 4 294 967 296 • IPv6 addresses 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 – which is 340 undecillion – 340 trillion trillion trillion – 79,228,162,514,264,337,593,543,950,336 79 228 162 514 264 337 593 543 950 336 times ti more v6 6 addresses dd than th v4 4
• If IP addresses weighed one gram each: – IPv4 = half the Empire State Building – IPv6 = 56 billion earths IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
5
What is an IPv6 Address? • IP IPv6 6 addresses dd are very different diff t than th IPv4 IP 4 addresses dd in i the th size, numbering system, and delimiter between the numbers – 128bit -vs- 32bit – colon-hexadecimal -vs- dotted-decimal – colon and double colon -vs- period (or “dot” for the real geeks)
• Valid IPv6 addresses are comprised of hexadecimal numbers (0-9 & a-f), with colons separating groups of four numbers, with a total of eight groups (each group is known as “quibble” or “hextet”) – 2001:0db8:1010:61ab:f005:ba11:00da:11a5 IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
6
3
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Address types Add Address Type T Unicast ‐ One‐to‐one communication
Broadcast ‐ One‐to‐many communication local
Multicast ‐ One‐to‐many communication local/remote One to many communication local/remote
Anycast ‐ One‐to‐many communication nearest
IP 4 IPv4
IP 6 IPv6
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
7
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Address scopes Address Scope dd Link‐Local
IPv4
IPv6
Yes
Yes
(is temp, APIPA)
‐ Not routable
Global Unicast ‐ Routable to Internet
Unique Local ‐ Routable only within domain
Aka public
Yes
Aka private RFC 1918
RFC 4193
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
8
4
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
IPv4/IPv6 special addresses Address Type Default Route D f lt R t Unspecified Loopback Multicast Link‐Local Global Unicast Unique Local
Documentation
IPv4
IPv6
0.0.0.0/0 0 0 0 0/0 0.0.0.0/32 127.0.0.1/8 224.0.0.0/4 169.254.0.0/16 All others 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 192.0.2.0/24 198.51.100.0/24 203.0.113.0/24
::/0 /0 ::/128 ::1/128 ff00::/8 fe80::/10 2000::/3 fc00::/7
2001:db8::/32
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Option 1
9
IPv6 shorthand notation 2001::a52:0:0:0:3d16
Consecutive Zeros
Leading Zeros
2001:0000:0000:0a52:0000:0000:0000:3d16 Leading Zeros
Option 2
Consecutive Zeros
2001:0:0:a52::3d16 IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
10
5
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Incorrect shorthand notation 2001:0000:0000:0a52:0000:0000:0000:3d16 Consecutive Zeros
Consecutive Zeros Leading Zero
2001::a52::3d16
NOT A VALID NOT A VALID IPv6 Address
How many bits are represented by each “::”? 11
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
States of an IPv6 address (timers) Valid
Tentative
Preferred
Deprecated
Invalid Time
Preferred Lifetime Valid Lifetime
• • • • •
Tentative – address is in process of verification for uniqueness and is not yet available for regular communications Valid – address is valid for use in communication based on Preferred and Deprecated status Preferred – address is usable for all communications Deprecated – address can still be used for existing sessions, but not for new sessions Invalid – an address is no longer available for sending or receiving IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
12
6
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Comparing IPv4 & IPv6 Neighbor Discovery Protocols IP 4 IPv4 ARP Request ARP Reply Router Solicitation Router Advertisement Gratuitous ARP ARP Cache
IP 6 IPv6 Neighbor Solicitation Neighbor Advertisement Router Solicitation Router Advertisement Duplicate Address Detection Neighbor Cache
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
13
IPv6 Neighbor Discovery Protocol • Neighbor N i hb Discovery Di Protocol P t l (NDP) iis d defined fi d iin RFC 4861 • NDP provides the following basic IPv6 functions per node – – – – –
Discover what link they are one Learn link prefix addresses Discover the on-link on link router Discover on-link neighbors Keep track of active neighbors IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
14
7
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Duplicate Address Detection (DAD) • Wh When a node d initially i iti ll assigns i an IPv6 IP 6 address dd to t its it interface, i t f it must check whether the selected address is unique • If unique, the address is configured on interface • The node sends a multicast Neighbor Solicitation message with the: – dest MAC of 33:33: – dest IPv6 addr of ff02::1:ff – source IPv6 of “::” (IPv6 unspecified addr) 15
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
IPv6 default for subnet • B Based d on th the d default f lt d definition, fi iti an IPv6 IP 6 address dd is i logically l i ll divided into two parts: a 64-bit network prefix and a 64-bit interface identifier (IID) • Therefore, the default subnet size is /64 • 2001:0db8:1010:61ab:f005:ba11:00da:11a5/64 64bits for Network Identifier
64bits for Interface Identifier
Prefix Length
• A single /64 network yields 18 billion-billion possible addresses IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
16
8
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Interface ID from MAC address Company ID
00
00
19
71
64
19
71
FF
FE
3F
00
IEEE 48 Bit MAC Address IEEE 48‐Bit MAC Address
64
3F
00
64
3F
00
Expand to EUI‐64 (IEEE Extended Unique ID)
0xFFFE inserted
00000000 00000010
02
Manufacturer Data
7th bit inverted – Local/Global bit
19
71
FF
FE
Invert the Local/Global Bit
0219:71ff:fe64:3f00
Modified EUI‐64 Interface ID
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
17
Interface ID from Random Number • RFC 4941 - Privacy Pi Extensions E t i for f St Stateless t l Add Address Autoconfiguration in IPv6 • Initial IID is derived based on mathematical computation to create a “random 64bit number” and appended to prefix to create a GUA • An additional but different 64bit number is computed, appended to prefix and tagged “temporary” for a 2nd GUA prefix, • Temporary GUA should be re-computed on a frequent basis • Temporary GUA is used as primary address for communications, as it is considered “more secure” IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
18
9
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
IPv6 autoconfiguration options Address Autoconfiguration Method
ICMPv6 RA (Type 134) Flags M Flag O Flag
ICMPv6 RA (Type 134) ICMPv6 Option Prefix Info A Flag L Flag
Prefix Derived from
Interface ID Derived from
Other Configuration Options
# of IPv6 Addr
1
N/A
N/A
N/A
N/A
Internal (fe80::)
M‐EUI‐64 or Privacy
Manual
Manual
Off
Off
Off
On
Manual
Manual
Manual
SLAAC
Off
Off
On
On
RA
M‐EUI‐64 or Privacy
Manual
Stateful (DHCPv6)
On
N/R
Off
On
DHCPv6
DHCPv6
DHCPv6
Stateless DHCPv6
Off
On
On
On
RA
M‐EUI‐64 or Privacy
DHCPv6
Combination Stateless & DHCPv6
On
N/R
On
On
RA and DHCPv6
M‐EUI‐64 or Privacy and DHCPv6
DHCPv6
Link‐Local (always configured)
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
2 (LL, Manual)
3 (LL, IPv6, IPv6 temp)
2 (LL, DHCPv6)
3 (LL, IPv6, IPv6 temp)
4 (LL, IPv6, IPv6 temp, DHCPv6)
19
Router Advertisement packet (Stateless)
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
20
10
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
IPv6 Stateful (DHCPv6) process
• • • •
DHCPv6Solicit = DHCPv6Advertise = DHCPv6Request = DHCPv6Reply =
DHCPDiscover (IPv4) ( ) DHCPOffer (IPv4) DHCPRequest (IPv4) DHCPAck (IPv4)
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
21
Key difference in DHCP/DHCPv6 • Default D f lt gateway t – DHCP – configurable Router option in scope – DHCPv6 – no configurable Router option in scope (possible future, but no client OS support yet)
• An IPv6 node derives its default gateway from the router’s LinkLocal address when the L flag is set in the Prefix information field of an RA (! not from the network prefix !) IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
22
11
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
IPv6 Transition mechanisms - tunnels • • • • • •
6in4 6i 4 – RFC 4213 6over4 – RFC 2529 6to4 – RFC 3056 ISATAP – RFC 5214 Teredo – RFC 4380 6rd – RFC 5969 IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
23
IPv6 Tunnel brokers • Tunnelbroker.net T lb k – 6in4 6i 4 tunnell • Freenet6.net – IPv6-over-UDP • Sixxs.net – 6in4 tunnel & AYIAY
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
24
12
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
IPv6 Freenet6 tunnel service • IPv6-in-IPv4 IP 6 i IP 4 in i NAT Traversal T l mode d (aka - IPv6-over-UDP)
• Uses Tunnel Setup Protocol (TSP) • See RFC 5572 for additional information
Source – www.gogo6.com/freenet6/powered‐by
25
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
IPv6 Freenet6 tunnel service • Th The ffreenet6.net 6 system provides id a /56 IPv6 IP 6 block (with Pro account) • You have options when creating /64 IPv6 networks /56
16 /60
16 /64 256 /64
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
26
13
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
IPv6 Build Your Own Lab – Demo • Breakdown /56 into /60’s and then /64’s – 2001:5c0:xxxx:xxyz::/56 – Y = subnets /60 • 0 = core • a = internal network(s) of VyOS • e = external USB-Enet network (link to another router) • c = networks on external L3 switch – Z = networks /64 • 0 = core • f = loopback • 1 = 1st /64 network – 2001:5c0:xxxx:xxc1::/64 = first /64 on L3 switch IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
27
IPv6 Build Your Own Lab – Demo
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
28
14
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Resources
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
29
Resources
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
30
15
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Resources
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
31
Resources
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
32
16
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
Resources
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
33
IPv6 Verification / test sites • • • • • • • •
http://ip6.nl/ htt //i 6 l/ http://test-ipv6.com/ http://ipv6-test.com/ http://whatismyv6.com/ http://myglobalip.com/ http://ismyipv6working.com/ http://www.kame.net/ http://www.vyncke.org/ip.php IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
34
17
Interop‐Las Vegas‐2015 – Build Your Own IPv6 Lab
IPv6 Build Your Own Lab - It’s Time • G Goto t www.gogo6.com/freenet6/tunnelbroker 6 /f t6/t lb k and d signup i for f Freenet6 Pro account (requires gogoNET account) • Install VirtualBox www.virtualbox.org/ • Create VyOS router VM vyos.net/wiki/Main_Page • Configure VyOS and gogoc (gogoc is freenet tunnel interface) – test IPv6 6 connectivity i i
• Create another VM: Windows or Ubuntu – test IPv6 connectivity IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
35
Thank You for Attending! •
[email protected] • Twitter: @JeffCarrell_v6
IPv6: Build Your Own Lab - Presentation v1.1 - Copyright © 2015 Jeffrey L. Carrell
Copyright © 2015 Jeffrey L. Carrell
36
18
