Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
The ability to scale networks for future demands requires a limitless supply of IP addresses
and improved mobility. IP version 6 (IPv6) satisfies the increasingly complex requirements
of hierarchical addressing that IP version 4 (IPv4) does not provide. IPv6 uses some
different address types that make IPv6 more efficient than IPv4. This section describes the
different types of addresses that IPv6 uses and how to assign these addresses.
Transitioning to IPv6 from IPv4 deployments can require a variety of techniques, including
an auto-configuration function. The transition mechanism you will use depends on the
needs of your network. This section describes the different types of transition mechanisms
for an IPv6 network.
Reasons for Using IPv6
The IPv4 address space provides approximately 4.3 billion addresses. Of that address
space, approximately 3.7 billion addresses are actually assignable; the other addresses are
reserved for special purposes such as multicasting, private address space, loopback testing,
and research. Based on some industry figures as of January 1, 2007, about 2.407 billion of
these available addresses are currently assigned to either end users or Internet service
providers (ISPs). That leaves roughly 1.3 billion addresses still available from the IPv4
address space.
An IPv6 address is a 128-bit binary value, which can be displayed as 32 hexadecimal digits,
as shown in the figure. It provides 3.4 * 1038 IP addresses. This version of IP addressing
should provide sufficient addresses for future Internet growth needs. Figure 7-8 illustrates
the differences between the address space for IPv4 and IPv6.
Transitioning to IPv6 271
Figure 7-8 IPv4 and IPv6
In addition to its technical and business potential, IPv6 offers a virtually unlimited supply
of IP addresses. Because of its generous 128-bit address space, IPv6 generates a virtually
unlimited stock of addresses—enough to allocate more than 4.3 billion addresses (the entire
IPv4 Internet address space) to every person on the planet.
The Internet will be transformed after IPv6 fully replaces IPv4. Many people within the
Internet community have analyzed the issue of IPv4 address exhaustion and published their
reports. However, the estimates of when IPv4 address exhaustion will occur vary greatly
among the reports. Some predict IPv4 address exhaustion by 2008 or 2009, and others say
it will not happen until 2013 or beyond. Nevertheless, IPv4 will not disappear overnight.
Rather, it will coexist with and then gradually be replaced by IPv6.
The change from IPv4 to IPv6 has already begun, particularly in Europe, Japan, and the
Asia-Pacific region. These areas are exhausting their allotted IPv4 addresses, which makes
IPv6 all the more attractive and necessary. Some countries, such as Japan, are aggressively
adopting IPv6. Others, such as those in the European Union, are moving toward IPv6, and
China is considering building new networks dedicated for IPv6.
As of October 1, 2003, the U.S. Department of Defense mandated that all new equipment
purchased be IPv6-capable. In fact, all U.S. government agencies must start using IPv6
across their core networks by 2008, and the agencies are working to meet that deadline. As
these examples illustrate, IPv6 enjoys strong momentum.
11000000.10101000.11001001.0111000
192.168.201.113
4,294,467,295 IP Addresses
IPv4: 4 Octets
A524:72D3:2C80:DD02:0029:EC7A:002B:EA73
3.4 x 1038 IP Addresses
IPv6:
11010001.11011100.11001001.01110001.11010001.11011100.
11001100.01110001.11010001.11011100.11001001.01110001.
11010001.11011100.11001001.01110001
16 Octets
272 Chapter 7: Managing Address Spaces with NAT and IPv6
IPv6 is a powerful enhancement to IPv4. Several features in IPv6 offer functional
improvements. What IP developers learned from using IPv4 suggested changes to better
suit current and probable network demands:
■ Larger address space: Larger address space includes several enhancements:
— Improved global reachability and flexibility
— The aggregation of prefixes that are announced in routing tables
— Multihoming to several ISPs
— Autoconfiguration that can include data link layer addresses in the
address space
— Plug-and-play options
— Public-to-private readdressing end to end without address translation
— Simplified mechanisms for address renumbering and modification
■ Simpler header: A simpler header offers several advantages over IPv4:
— Better routing efficiency for performance and forwarding-rate
scalability
— No broadcasts and thus no potential threat of broadcast storms
— No requirement for processing checksums
— Simpler and more efficient extension header mechanisms
— Flow labels for per-flow processing with no need to open the transport
inner packet to identify the various traffic flows
■ Mobility and security: Mobility and security help ensure compliance with mobile IP
and IPsec standards functionality. Mobility enables people with mobile network
devices—many with wireless connectivity—to move around in networks:
— Mobile IP is an Internet Engineering Task Force (IETF) standard that is
available for both IPv4 and IPv6. The standard enables mobile devices
to move without breaks in established network connections. Because
IPv4 does not automatically provide this kind of mobility, you must add
it with additional configurations.
— In IPv6, mobility is built in, which means that any IPv6 node can use
mobility when necessary. The routing headers of IPv6 make mobile IPv6
much more efficient for end nodes than mobile IPv4 is.
Transitioning to IPv6 273
— IPsec is the IETF standard for IP network security, available for both
IPv4 and IPv6. Although the functionalities are essentially identical in
both environments, IPsec is mandatory in the IPv6 protocol. IPsec is
enabled on every IPv6 node and is available for use, making the IPv6
Internet more secure. IPsec also requires keys for each party, which
implies global key deployment and distribution.
■ Transition richness: You can incorporate existing IPv4 capabilities with the added
features of IPv6 in several ways:
— First, you can implement a dual-stack method, with both IPv4 and IPv6
configured on the interface of a network device.
— Second, you can use tunneling, which will become more prominent as
the adoption of IPv6 grows. A variety of IPv6 over IPv4 tunneling
methods exist. Some methods require manual configuration, whereas
others are more automatic.
— Third, Cisco IOS Software Release 12.3(2)T and later include Network
Address Translation-Protocol Translation (NAT-PT) between IPv6 and
IPv4. This translation allows direct communication between hosts that
use different versions of the IP protocol.
Understanding IPv6 Addresses
Colons separate entries in a series of 16-bit hexadecimal fields that represent IPv6
addresses. The hexadecimal digits A, B, C, D, E, and F that are represented in IPv6
addresses are not case sensitive.
IPv6 does not require explicit address string notation. Use the following guidelines for IPv6
address string notations:
■ The leading zeros in a field are optional, so 09C0 equals 9C0 and 0000 equals 0.
■ Successive fields of zeros can be represented as :: only once in an address.
■ An unspecified address is written as :: because it contains only zeros.
Using the :: notation greatly reduces the size of most addresses. For example,
FF01:0:0:0:0:0:0:1 becomes FF01::1.
NOTE An address parser identifies the number of missing zeros by separating the
two parts and entering 0 until the 128 bits are complete. If two :: notations are placed in
the address, there is no way to identify the size of each block of zeros.
274 Chapter 7: Managing Address Spaces with NAT and IPv6
Broadcasting in IPv4 results in a number of problems. Broadcasting generates a number of
interrupts in every computer on the network and, in some cases, triggers malfunctions that
can completely halt an entire network. This disastrous network event is known as a
broadcast storm.
In IPv6, broadcasting does not exist. IPv6 replaces broadcasts with multicasts and anycasts.
Multicast enables efficient network operation by using a number of functionally specific
multicast groups to send requests to a limited number of computers on the network. The
multicast groups prevent most of the problems that are related to broadcast storms in IPv4.
The range of multicast addresses in IPv6 is larger than in IPv4. For the near future,
allocation of multicast groups is not being limited.
IPv6 also defines a new type of address called an anycast address. An anycast address
identifies a list of devices or nodes; therefore, an anycast address identifies multiple
interfaces. Anycast addresses are like a cross between unicast and multicast addresses.
These addresses are designed for commonly used services such as DNS. Unicast sends
packets to one specific device with one specific address, and multicast sends a packet to
every member of a group. Anycast addresses send a packet to any one member of the group
of devices with the anycast address assigned.
For efficiency, a packet that is sent to an anycast address is delivered to the closest
interface—as defined by the routing protocols in use—that is identified by the anycast
address, so anycast can also be thought of as a “one-to-nearest” type of address. Anycast
addresses are syntactically indistinguishable from global unicast addresses because anycast
addresses are allocated from the global unicast address space.
Several basic types of IPv6 unicast addresses exist: global, reserved, private (link-local and
site-local), loopback, and unspecified. The sections that follow describe these address
types in greater detail.
NOTE There is little experience with widespread, arbitrary use of Internet anycast
addresses, and there are some known complications and hazards when using them in their
full generality. Until more experience has been gained and solutions have been agreed
upon for those problems, the following restrictions are imposed on IPv6 anycast
addresses: (1) An anycast address must not be used as the source address of an IPv6
packet. (2) An anycast address must not be assigned to an IPv6 host; that is, it may be
assigned to an IPv6 router only.
Transitioning to IPv6 275
Global Addresses
The IPv6 global unicast address is the equivalent of the IPv4 global unicast address. A
global unicast address is an IPv6 address from the global unicast prefix. The structure of
global unicast addresses enables the aggregation of routing prefixes, which limits the
number of routing table entries in the global routing table. Global unicast addresses that are
used on links are aggregated upward through organizations and eventually to the ISPs.
Reserved Addresses
The IETF reserves a portion of the IPv6 address space for various uses, both present and
future. Reserved addresses represent 1/256th of the total IPv6 address space. Some of the
other types of IPv6 addresses come from this block.
Private Addresses
A block of IPv6 addresses is set aside for private addresses, just as is done in IPv4. These
private addresses are local only to a particular link or site; therefore, they are never routed
outside of a particular company network. Private addresses have a first octet value of “FE”
in hexadecimal notation, with the next hexadecimal digit being a value from 8 to F.
These addresses are further divided into two types, based on their scope.
■ Site-local addresses, described further as follows:
— These are addresses similar to RFC 1918, “Address Allocation for
Private Internets,” in IPv4 today. The scope of these addresses is an
entire site or organization. They allow addressing within an organization
without needing to use a public prefix. Routers forward datagrams using
site-local addresses within the site, but not outside the site, to the public
Internet.
— In hexadecimal, site-local addresses begin with FE and then C to F for
the third hexadecimal digit. So, these addresses begin with FEC, FED,
FEE, or FEF.
■ Link-local addresses, described further as follows:
— The concept of link-local scope is new to IPv6. These addresses have a
smaller scope than site-local addresses; they refer only to a particular
physical link (physical network). Routers do not forward datagrams
using link-local addresses, not even within the organization; they are
only for local communication on a particular physical network segment.
— These addresses are used for link communications such as automatic
address configuration, neighbor discovery, and router discovery. Many
IPv6 routing protocols also use link-local addresses.
276 Chapter 7: Managing Address Spaces with NAT and IPv6
Loopback Address
Just as in IPv4, a provision has been made for a special loopback IPv6 address for testing;
datagrams sent to this address “loop back” to the sending device. However, IPv6 has just
one address, not a whole block, for this function. The loopback address is 0:0:0:0:0:0:0:1,
which is normally expressed using zero compression as ::1.
Unspecified Address
In IPv4, an IP address of all zeroes has a special meaning; it refers to the host itself and is
used when a device does not know its own address. In IPv6, this concept has been
formalized, and the all-zeroes address (0:0:0:0:0:0:0:0) is named the “unspecified” address.
It is typically used in the source field of a datagram that is sent by a device that seeks to
have its IP address configured. You can apply address compression to this address; because
the address is all zeroes, the address becomes just ::.
Global unicast addresses are defined by a global routing prefix, a subnet ID, and an
interface ID. The IPv6 unicast address space encompasses the entire IPv6 address range,
with the exception of FF00::/8 (1111 1111), which is used for multicast addresses. The
current global unicast address that is assigned by the Internet Assigned Numbers Authority
(IANA) uses the range of addresses that start with binary value 001 (2000::/3), which is
1/8 of the total IPv6 address space and is the largest block of assigned block addresses.
Addresses with a prefix of 2000::/3 (001) through E000::/3 (111) are required to have 64-
bit interface identifiers in the extended universal identifier (EUI)-64 format.
The IANA is allocating the IPv6 address space in the ranges of 2001::/16 to the registries.
Figure 7-9 outlines the IPv6 format for a global unicast or anycast address.
Figure 7-9 IPv6 Address Format
The global unicast address typically consists of a 48-bit global routing prefix and a 16-bit
subnet ID. Individual organizations can use a 16-bit subnet field called “Subnet ID” to
2001
Registry
ISP Prefix
Site Prefix
Subnet Prefix
0DB8
/23 /32 /48 /64
Interface ID
Transitioning to IPv6 277
create their own local addressing hierarchy and to identify subnets. This field allows an
organization to use up to 65,535 individual subnets. For more information, refer to RFC
3587, “IPv6 Global Unicast Address Format,” which replaces RFC 2374.
IPv6 over Data Link Layers
IPv6 is defined on most of the current data link layer protocols, including the following
protocols:
■ Ethernet*
■ PPP*
■ High-Level Data Link Control (HDLC)*
■ FDDI
■ Token Ring
■ Attached Resource Computer network (ARCnet)
■ Nonbroadcast multiaccess (NBMA)
■ ATM**
■ Frame Relay***
■ IEEE 1394
* Cisco supports these data link layers.
** Cisco supports only ATM permanent virtual circuit (PVC), not switched virtual
circuit (SVC) or ATM LAN Emulation (LANE).
***Cisco supports only Frame Relay PVC, not SVC.
An RFC describes the behavior of IPv6 in each of these specific data link layers, but Cisco
IOS Software does not necessarily support all of them. The data link layer defines how IPv6
interface identifiers are created and how neighbor discovery deals with data link layer
address resolution.
Larger address spaces make room for large address allocations to ISPs and organizations.
An ISP aggregates all the prefixes of its customers into a single prefix and announces the
single prefix to the IPv6 Internet. The increased address space is sufficient to allow
organizations to define a single prefix for their entire network. Figure 7-10 shows how this
aggregation occurs.
278 Chapter 7: Managing Address Spaces with NAT and IPv6
Figure 7-10 IPv6 Address Aggregation
Aggregation of customer prefixes results in an efficient and scalable routing table. Scalable
routing is necessary to expand broader adoption of network functions. Scalable routing also
improves network bandwidth and functionality for user traffic that connects the various
devices and applications.
Internet usage—both now and in the future—can include the following elements:
■ A huge increase in the number of broadband consumers with high-speed connections
that are always on
■ Users who spend more time online and are generally willing to spend more money on
communications services (such as downloading music) and high-value searchable
offerings
■ Home networks with expanded network applications such as wireless VoIP, home
surveillance, and advanced services such as real-time video on demand (VoD)
■ Massively scalable games with global participants and media-rich e-learning,
providing learners with on-demand remote labs or lab simulations
Assigning IPv6 Addresses
Interface identifiers in IPv6 addresses are used to identify interfaces on a link. They can also
be thought of as the “host portion” of an IPv6 address. Interface identifiers are required to be
unique on a specific link. Interface identifiers are always 64 bits and can be dynamically
derived from a Layer 2 media and encapsulation.
There are several ways to assign an IPv6 address to a device:
■ Static assignment using a manual interface ID
2001:0410:0001:/48
2001:0410:0002:/48
IPv6 Internet
2001::/16
Announces
Only the /32 Prefix
Customer
No. 1
Customer
No. 2
2001:0410::/32
Transitioning to IPv6 279
■ Static assignment using an EUI-64 interface ID
■ Stateless autoconfiguration
■ DHCP for IPv6 (DHCPv6)
Manual Interface ID Assignment
One way to statically assign an IPv6 address to a device is to manually assign both the
prefix (network) and interface ID (host) portion of the IPv6 address. To configure an IPv6
address on a Cisco router interface and enable IPv6 processing on that interface, use the
ipv6 address ipv6-address/prefix-length command in interface configuration mode.
To enable IPv6 processing on the interface and configure an address based on the directly
specified bits, you will use the command demonstrated here:
RouterX(config-if) ipv6 address 2001:DB8:2222:7272::72/64
EUI-64 Interface ID Assignment
Another way to statically assign an IPv6 address is to configure the prefix (network) portion
of the IPv6 address and derive the interface ID (host) portion from the Layer 2 MAC
address of the device, which is known as the EUI-64 interface ID.
To configure an IPv6 address for an interface and enable IPv6 processing on the interface
using an EUI-64 interface ID in the low order 64 bits of the address (host), use the ipv6
address ipv6-prefix/prefix-length eui-64 command in interface configuration mode.
To assign the IPv6 address 2001:0DB8:0:1::/64 to Ethernet interface 0 and use an EUI-64
interface ID in the low order 64 bits of the address, enter the following commands:
RouterX(config)# interface ethernet 0
RouterX(config-if)# ipv6 address 2001:0DB8:0:1::/64 eui-64
Stateless Autoconfiguration
As the name implies, autoconfiguration is a mechanism that automatically configures the
IPv6 address of a node. In IPv6, it is assumed that non-PC devices, as well as computer
terminals, will be connected to the network. The autoconfiguration mechanism was
introduced to enable plug-and-play networking of these devices, to help reduce
administration overhead.
DHCPv6 (Stateful)
DHCP for IPv6 enables DHCP servers to pass configuration parameters such as IPv6
network addresses to IPv6 nodes. It offers the capability of automatic allocation of reusable
network addresses and additional configuration flexibility. This protocol is a stateful
280 Chapter 7: Managing Address Spaces with NAT and IPv6
counterpart to IPv6 stateless address autoconfiguration (RFC 2462), and it can be used
separately or concurrently with IPv6 stateless address autoconfiguration to obtain
configuration parameters.
Use of EUI-64 Format in IPv6 Addresses
The 64-bit interface identifier in an IPv6 address identifies a unique interface on a link. A
link is a network medium over which network nodes communicate using the link layer. The
interface identifier can also be unique over a broader scope. In many cases, an interface
identifier is the same as, or is based on, the link-layer (MAC) address of an interface. As in
IPv4, a subnet prefix in IPv6 is associated with one link. Figure 7-11 illustrates the IPv6
EUI-64 interface identifier.
Figure 7-11 IPv6 EUI-64 Interface Identifier
Interface identifiers in global unicast and other IPv6 address types must be 64 bits long
and can be constructed in the 64-bit EUI-64 format. The EUI-64 format interface ID is
derived from the 48-bit link-layer (MAC) address by inserting the hexadecimal number
FFFE between the upper 3 bytes (Organizational Unique Identifier [OUI] field) and the
lower 3 bytes (serial number) of the link layer address. To ensure that the chosen address is
from a unique Ethernet MAC address, the seventh bit in the high-order byte is set to 1 to
indicate the uniqueness of the 48-bit address.
Stateless autoconfiguration is a key feature of IPv6. It enables serverless basic configuration
of the nodes and easy renumbering.
Stateless autoconfiguration uses the information in the router advertisement messages to
configure the node. The prefix included in the router advertisement is used as the /64 prefix
for the node address. The other 64 bits are obtained by the dynamically created interface
identifier, which in the case of Ethernet, is the modified EUI-64 format.
Routers periodically send router advertisements. When a node boots up, the node needs its
address in the early stage of the boot process. It can be “long” to wait for the next router
advertisement to get the information to configure its interfaces. Instead, a node sends a
router solicitation message to the routers on the network asking them to reply immediately
with a router advertisement so the node can immediately autoconfigure its IPv6 address. All
U/L Bit Where U =
1 = Universally Unique
0 = Locally Unique
U = 1
Modified EUI-64 Address 02 90 27 FF FE 17 FC 0F
000000UG
Transitioning to IPv6 281
the routers respond with a normal router advertisement message with the all-nodes
multicast address as the destination address. Figure 7-12 illustrates stateless
autoconfiguration.
Figure 7-12 Stateless Autoconfiguration
Autoconfiguration enables plug-and-play configuration of an IPv6 device, which allows
devices to connect themselves to the network without configuration from an administrator
and without servers, such as DHCP servers. This key feature enables deployment of new
devices on the Internet, such as cellular phones, wireless devices, home appliances, and
home networks.
DHCPv6 is an updated version of DHCP for IPv4. It supports the addressing model of IPv6
and benefits from new IPv6 features. DHCPv6 has the following characteristics:
■ Enables more control than serverless or stateless autoconfiguration
■ Can be employed in an environment that uses only servers and no routers
■ Can be used concurrently with stateless autoconfiguration
■ Can be used for renumbering
■ Can be used for automatic domain name registration of hosts using dynamic DNS
NOTE Stateless DHCP is a concept, developed in February 2004, that strikes a middle
ground between stateless autoconfiguration and the thick-client approach of stateful
DHCP. Stateless DHCP for IPv6 is also called “DHCP-lite.” See RFC 3736, “Stateless
Dynamic Host Configuration Protocol (DHCP) Service for IPv6.”
1. Router Solicitation
Requests Prefix
3. Host Autoconfigured Address:
Prefix Received + Link-Layer Address Sends Network-Type Information
(Prefix, Default Route, ...)
2. Router Advertisement
282 Chapter 7: Managing Address Spaces with NAT and IPv6
The process for acquiring configuration data for a DHCPv6 client is similar to that in IPv4,
with a few exceptions. Initially, the client must detect the presence of routers on the link
by using neighbor discovery messages. If at least one router is found, then the client
examines the router advertisements to determine if DHCPv6 should be used. If the router
advertisements enable the use of DHCPv6 on that link or if no router is found, then the
client starts a DHCP solicit phase to find a DHCP server.
DHCPv6 uses multicast for many messages. When the client sends a solicit message, it
sends the message to the ALL-DHCP-Agents multicast address with link-local scope.
Agents include both servers and relays.
When a DHCP relay forwards a message, it can forward it to the All-DHCP-Servers
multicast address with site-local scope. This means that you do not need to configure a relay
with all the static addresses of the DHCP servers, as in IPv4. If you want only specific
DHCP servers to receive the messages, or if there is a problem forwarding multicast traffic
to all the network segments that contain a DHCP server, a relay can contain a static list of
DHCP servers.
You can configure different DHCPv6 servers, or the same server with different contexts, to
assign addresses based on different polices. For example, you could configure one DHCPv6
server to give global addresses using a more restrictive policy, such as, “do not give
addresses to printers.” You could then configure another DHCPv6 server, or the same server
within a different context, to give site-local addresses using a more liberal policy, such as,
“give to anyone.”
No comments:
Post a Comment