DNS, DHCP & IPAM with IPv6
0 likes700 views
This document discusses various aspects of IPv6 networking including: - Core network services like DNS and DHCP used to configure IPv6 hosts and provide name resolution. - How IPv6 addresses are represented in forward and reverse DNS lookups. - Configuring DNS servers to listen on IPv6 and support IPv6 queries and responses. - How routers use router advertisements to autoconfigure hosts on the local link with IPv6 addressing and configuration options. - The role and operation of DHCPv6 for central management of addressing and other network configuration options. - How DNS search lists and protocol-specific search lists work to determine name resolution with IPv6.
DNS, DHCP & IPAM with IPv6
- 2. CORE NETWORK SERVICES 3 DNS DHCP
- 3. ADDRESSES OF AN IPV6 HOST 4 § Link-Local § Unicast § Loopback § All-Nodes Multicast § Solicited-Node Multicast FE80::61CC:B8CA:FCB2:36BE 2001:db8:1C6E::6D2B:1C6E ::1 FF01::1 FF02::1:FF2B:1C6E (at least one)
- 4. IPV6 FORWARD DNS 5 ipv6-host IN AAAA 2001:DB8::1:2:34:56 host4711 IN A 192.249.249.111 IN AAAA 2001:db8:cafe:f9::d3
- 5. IPV6 REVERSE DNS 6 9.8.7.6.5.4.3.0.2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. IN PTR ipv6-host.bluecatnetworks.com. 2001:db8:cafe:f9::/64 >> 9.f.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa.
- 6. § “listen” Statement § “query-source” Statement ISC BIND & IPV6 7 options { listen-on-v6 { 2001:db8:cafe:1::53; }; }; options { query-source-v6 address 2001:db8:cafe:1::53; };
- 7. § “transfer-source” Statement § “notify-source” Statement ISC BIND & IPV6 8 options { transfer-source-v6 2001:db8:cafe:1::53; }; options { notify-source-v6 2001:db8:cafe:1::53; };
- 8. DNS QUERIES 9 DNS Server Resources IPv4 = 192.168.191.3 IPv6 = 2001:DB8::1:2:345:6789 DNS Query A/AAAA Query via IPv6 Query via IPv4
- 9. DNS QUERIES 10 § Filtering § Protocol-specific Search List options { filter-aaaa-on-v4 yes; }; IPv6 IPv6 IPv6 IPv4 = bcnlab.corp IPv6 = v6.bcnlab.corp Zone bcnlab.corp Zone v6.bcnlab.corp DNS Server
- 10. ROUTER ADVERTISEMENT (RA) 11 Router Prefix!? Prefix, TTL, Flags Src = link-local address (FE80::) Dst = all-routers multicast address (FF02::2) Src = link-local address (FE80::) Dst = all-nodes multicast address (FF02::1)
- 11. ROUTER ADVERTISEMENT (RA) 12 Router You‘re at 2001:db8:ca fe:1::/64 A, M, O Address Alloca+on Op+ons A Flag SLAAC RFC 6106 M Flag DHCPv6 DHCP O Flag SLAAC DHCP
- 12. RFC 6106 13 § Recursive DNS Server § DNS Search List switch# configure terminal switch(config)# interface ethernet 3/3 switch(config-if)# ipv6 nd ra dns server 2001:db8:1:2::53 sequence 0 switch(config-if)# ipv6 nd ra dns search-list bcn.corp sequence 1 Source: http://cisco.com (Nexus 7000 Series Routing Guide)
- 13. DHCPV6 14 § Motivation: Central Management & Auditing subnet6 2001:db8:1:2::/64 { range6 2001:db8:1:2::1:0 2001:db8:1:2::1:ffff; option dhcp6.name-servers 2001:db8:1:2::53; option dhcp6.domain-search "bcn.corp"; }
- 14. DHCPV6 15 § RA defines Usage of DHCPv6 § Clients on UDP 546 § Servers & Relays on UDP 547 § Special Multicast Addresses § FF02::1:2 (All-DHCP-Agents) used by Clients § FF05::1:3 (All-DHCP-Servers) used by Relays
- 15. DHCPV6 16 Client Server SOLICIT – FF02::1:2 ADVERTISE (Unicast) REQUEST (Unicast) REPLY (Unicast) Neighbour SolicitaLon Message (MulLcast) No Answer Duplicate Address DetecLon
- 16. PROTOCOL-SPECIFIC SEARCH LIST 17 IPv6 IPv6 IPv6 DHCP (v4/v6) IPv4 (119) = bcnlab.corp IPv6 (24) = v6.bcnlab.corp DNS ServerRouter DNSSL Resources Zone bcnlab.corp Zone v6.bcnlab.corp srv.v6.bcnlab.corp Query via IPv4 Query via IPv6 srv.bcnlab.corp
- 17. THEORETICALLY ... ;) 18Source: https://www.insinuator.net/2015/03/ipv6-router-advertisement-flags-rdnss-and-dhcpv6-conflicting-configurations/
- 18. ADDRESS MANAGEMENT FOR IPV6 19Source: https://www.insinuator.net/2013/10/ipam-requirements-in-ipv6-networks/ § Track dynamic Addresses (SLAAC + DHCP) § Connected L2/L3 Ports of Devices § Sorting Addresses by Categories § RFC 5952 § Integration with DNS & DHCP § Metadata (Import, Reporting, etc.)
- 19. Thank you for your Time.