IPv6 networking training sduffy v3

Editor's Notes

• #2: Training has been developed for technical audience. Need to have a willingness to learn along with a good understanding of IPv4 networking.
• #4: http://www.nrl.navy.mil/itd/ncs/products/core<- Download CORE for our labs https://www.virtualbox.org/wiki/Download_Old_Builds_4_2<- For now we don’t want to go higher than 4.2 Virtual box due to a bug. Labs we will follow for IPv6 tutorial http://www.brianlinkletter.com/ipv6-addressing-simulator-part-1/ http://www.brianlinkletter.com/ipv6-addressing-simulator-part-2/ http://mininet.org/<- Alternative network simulator
• #5: Skip this section if the group is fully familiar with IPv4
• #6: Subnetting in IPv4 is simple to understand once we use classful subnets /8 /16 /24 which break at the dotted decimal points. It gets a little more complicated to understand the start network address and broadcast when we use CIDR Eg a.b.c.d/29+0.0.0.7255.255.255.24881/32 Cd = 0 ... (8n) ... 248 IPv6 will bring the same challenges but with more addresses there is no need to make things compicated so its best to break at the nibbles “:”
• #7: Using a CIDR example we can see how the subnet is applied like a MASK masking over the bits which become the network portion of the address. The host portion is covered in the trailing 0 bits For IPv6 we have so many addresses that in normal addressing which should not break the nibble boundaries when doing subnetting
• #8: Private addresses used on local LAN’s and private networks in IPv4
• #10: ARP does a MAC level broadcast to all hosts on the link. Hosts process the request and discard if not for them. Large flat networks can have issues with too much broadcast traffic. Under powered devices like print servers can suffer issues from dealing with too much broadcast traffic.
• #12: IPv6 header has been greatly simplified for faster processing The minimum path MTU size has been increased to >= 1280 bytes TTL -> Hop Limit
• #17: All globally routable IPv6 addresses will have the 1st Digit 2 or 3 we can very quickly spot the difference between Link local and Global addresses once we learn the identification of the first 3 digits
• #18: Discuss Anycast in IPv4 how its used for Global DNS servers in conjunction with BGP routing for the shortest hop distance
• #20: Keen eyes will spot that the interface has been expanded from an IMC MAC address of 00:00:29:00:00:01 notice the bit flip on the 1st set and also the FF:FE identifer between the 24bit OUI and 24bit unique
• #22: Link-local addresses and zone indices Because all link-local addresses in a host have a common prefix, normal routing procedures cannot be used to choose the outgoing interface when sending packets to a link-local destination. A special identifier, known as a zone index, is needed to provide the additional routing information; in the case of link-local addresses, zone indices correspond to interface identifiers. When an address is written textually, the zone index is appended to the address, separated by a percent sign (%). The actual syntax of zone indices depends on the operating system: the Microsoft Windows IPv6 stack uses numeric zone indices, e.g., fe80::3%1. The index is determined by the interface number; most Unix-like systems (e.g., BSD, Linux, OS X) use the interface name as a zone index: fe80::3%eth0. Zone index notations cause syntax conflicts when used in uniform resource identifiers (URI), so the '%' character must be escaped via percent-encoding: http://[fe80::3%25eth0]
• #25: This is a big difference no more flooding layer 2 with FF:FF:FF:FF:FF:FF. Multicast (Old switches will flood network much like old IPv4 broadcast, switches with MLD (IGMPv3) will prune the multicast traffic so that only ports which have multicast group subscribers will receive traffic) <- this makes a big difference in a large network. Uses ICMPv6 which implies that an IPv6 address must be available to use as the source address. Layer 3 protocol Solicited Multicast
• #26: Address Resolution The function of address resolution was handled by ARP for IPv4, but is handled by ICMPv6 for IPv6. In a process very similar to router discovery, two ICMPv6 messages are used: Neighbor Solicitation (type 135) and Neighbor Advertisement (type 136). A host seeking the link layer address of a neighbor multicasts a neighbor solicitation and the neighbor (if online) responds with its link layer address in a neighbor advertisement.
• #27: A Solicited-Node multicast address is an IPv6 multicast address valid within the local-link (e.g. an Ethernet segment or a Frame Relay cloud). Every IPv6 host will have at least one such address per interface. Solicited-Node multicast addresses are used in Neighbor Discovery Protocol for obtaining the layer 2 link-layer addresses of other nodes.[1] A Solicited-Node multicast address is created by taking the last 24 bits of a unicast or anycast address and appending them to the prefix ff02:0:0:0:0:1:ff00::/104.[2] It is important to realize that we have taken 104 bits from the address, so that the last byte 00 is not used in the prefix. Look at the examples below where the last 24 bits of the multicast address begin after ff. A host is required to join a Solicited-Node multicast group for each of its configured unicast or anycast addresses. Example: If we have an interface with the IP address fe80::2aa:ff:fe28:9c5a the associated Solicited-Node multicast address is ff02::1:ff28:9c5a. So we must join to the multicast group represented by this address. Efficiency Compared to IPv4 and ARP Solicited-node Multicast Addresses are used with IPv6 Neighbor Discovery to provide the same function as the Address Resolution Protocol (ARP) in IPv4. ARP uses broadcasts to send an ARP Request to the broadcast MAC-address ff:ff:ff:ff:ff:ff, which is received by all stations on the local link, although only one station—the one being queried—would need to respond. The other stations still have to process and discard the request. This interruption can cause problems on networks if the amount of broadcast traffic becomes excessive. Devices, such as embedded print servers, might not be able to cope with the amount of traffic they are processing, and fail to operate in a timely manner. Because a Solicited-node Multicast Addresses is a function of the last 24-bits of an IPv6 unicast (or anycast) address, the number of hosts that are subscribed to each Solicited-node Multicast Address is very small. This number would typically be one, but there could be a few because the mapping function is not a 1:1 mapping. This means that a host should not need to be interrupted as often to service Neighbor Solicitation requests, compared to ARP in IPv4. However, to prevent any intervening Ethernet switches from flooding the multicast frames out of all switch-ports, which turns the traffic profile in something more like broadcast, intermediate switches should implement MLD Snooping, which would allow them to send traffic that is addressed to a Solicited-node Multicast Address (or any other multicast address) to be sent out only on the ports that lead to stations that have subscribed to receive that traffic.
• #28: Router Discovery Whereas IPv4 hosts must rely on manual configuration or DHCP to provide the address of a default gateway, IPv6 hosts can automatically locate default routers on the link. This is accomplished through the use of two ICMPv6 messages: Router Solicitation (type 133) and Router Advertisement (type 134). When first joining a link, an IPv6 host multicasts a router solicitation to the all routers multicast group, and each router active on the link responds by sending a router advertisement with its address to the all nodes group.
• #29: Prefix Discovery One of the options typically carried by a router advertisement is the Prefix Information option (type 3). Each prefix information option lists an IPv6 prefix (subnet) reachable on the local link. Remember that it is not uncommon for multiple IPv6 prefixes to reside on the same link, and routers may include more than one prefix in each advertisement. A host which knows what prefixes are reachable on the link can communicate directly with destinations in those prefixes without passing its traffic through a router.
• #30: http://packetlife.net/blog/2008/aug/04/eui-64-ipv6/ One of IPv6's key benefits over IPv4 is its capability for automatic interface addressing. By implementing the IEEE's 64-bit Extended Unique Identifier (EUI-64) format, a host can automatically assign itself a unique 64-bit IPv6 interface identifier without the need for manual configuration or DHCP. This is accomplished on Ethernet interfaces by referencing the already unique 48-bit MAC address, and reformatting that value to match the EUI-64 specification. RFC 2373 dictates the conversion process, which can be described as having two steps. The first step is to convert the 48-bit MAC address to a 64-bit value. To do this, we break the MAC address into its two 24-bit halves: the Organizationally Unique Identifier (OUI) and the NIC specific part. The 16-bit hex value 0xFFFE is then inserted between these two halves to form a 64-bit address. Why 0xFFFE? As explained in the IEEE's Guidelines for EUI-64 Registration Authority, this is a reserved value which equipment manufacturers cannot include in "real" EUI-64 address assignments. In other words, any EUI-64 address having 0xFFFE immediately following its OUI portion can be recognized as having been generated from an EUI-48 (or MAC) address. The second step is to invert the universal/local (U/L) flag (bit 7) in the OUI portion of the address. Globally unique addresses assigned by the IEEE originally have this bit set to zero, indicating global uniqueness. Likewise, locally created addresses, such as those used for virtual interfaces or a MAC address manually configured by an administrator, will have this bit set to one. The U/L bit is inverted when using an EUI-64 address as an IPv6 interface ID. Again, you're probably wondering why this is done. The answer lies buried in section 2.5.1 of RFC 2373: The motivation for inverting the "u" bit when forming the interface identifier is to make it easy for system administrators to hand configure local scope identifiers when hardware tokens are not available. This is expected to be case for serial links, tunnel end-points, etc. The alternative would have been for these to be of the form 0200:0:0:1, 0200:0:0:2, etc., instead of the much simpler ::1, ::2, etc. The important part to remember here is that the scope of the address never changes: global addresses are still global and local addresses are still local. Rather, the meaning of the bit is inverted for convenience, so the value of the bit must be inverted as well.
• #32: https://kb.wisc.edu/ns/page.php?id=12364 http://test-ipv6.com
• #34: Two features of IPv6 greatly improve DHCPv6: IPv6 hosts have "link-local addresses".  Every network interface has a unique address, that can be used to send and receive on the link only. IPv6 hosts can use this to send requests for "real" addresses. IPv4 hosts have to use system­specific hacks to work before they have an address. All IPv6 systems support multicasting.  All DHCPv6 servers register that they want to receive DHCPv6 multicast packets. This means the network knows where to send them. In IPv4, clients broadcast their  requests, and networks do not know how far to send them Not having to hack below the socket layer in the OS is a beautiful thing.
• #35: IPv6 addresses in the Domain Name System In the Domain Name System hostnames are mapped to IPv6 addresses by AAAA resource records, so-called quad-A records. For reverse lookup the IETF reserved the domain ip6.arpa, where the name space is hierarchically divided by the 1-digit hexadecimal representation of nibble units (4 bits) of the IPv6 address. This scheme is defined in RFC 3596. As in IPv4, each host is represented in the DNS by two DNS records, an address record and a reverse mapping pointer record. For example, a host computer named sduffy in zone example.com has the Unique Local Address fdda:5cc1:23:4::1f. Its quad-A address record is sduffy.example.com. IN AAAA fdda:5cc1:23:4::1f and its IPv6 pointer record is f.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.3.2.0.0.1.c.c.5.a.d.d.f.ip6.arpa. IN PTR sduffy.example.com. This pointer record may be defined in a number of zones, depending on the chain of delegation of authority in the zone d.f.ip6.arpa. The DNS protocol is independent of its Transport Layer protocol. Queries and replies may be transmitted over IPv6 or IPv4 transports regardless of the address family of the data requested.
• #37: http://www.nrl.navy.mil/itd/ncs/products/core<- Download CORE for our labs https://www.virtualbox.org/wiki/Download_Old_Builds_4_2<- For now we don’t want to go higher than 4.2 Virtual box due to a bug. Labs we will follow for IPv6 tutorial http://www.brianlinkletter.com/ipv6-addressing-simulator-part-1/ http://www.brianlinkletter.com/ipv6-addressing-simulator-part-2/ http://mininet.org/<- Alternative network simulator
• #38: Default sudo root password is “core” Wireshark to see packet dumps radvd router advertisement daemon
• #40: Discuss how by default having a private address behind a NAT gateway provides a layer of security as it stops direct connections from the outside world by default. IPv6 with a Globally routable IPv6 address is by default Globally routable, so we need to ensure firewall and ACL rules prevent inbound connections.
• #41: Multicast Listener Discovery (MLD) v1 & v2
• #44: Protocol Independent Multicast v2 (PIMv2) Provides intradomain multicast forwarding for all underlying unicast routing protocols Independent from any underlying unicast protocol such as OSPF or MP-BGP Sparse mode: relies upon an explicit joining method before attempting to send multicast data to receivers of a multicast group Multicast Listener Discovery (MLD) v1 & v2 Protocol used by IPv6 hosts to communicate multicast group membership states to local multicast routers Version 2 of MLD adds source awareness to the protocol. This allows the inclusion or exclusion of sources. MLDv2 is required for Source Specific Multicast (SSM) PIM Source Specific Multicast SSM forwarding uses only source-based forwarding trees. SSM range is defined for inter domain use.
• #48: Bring example back to electrical level Layer 1 – Power Generation plants (Generation technology can be complicated… Nuclear, Coal, Gas, Solar but it doesn’t matter to the electrician who wires the house once he recives 110v at the main meter) Layer 2 – Electrial wiring within the house(Electrician needs to know how to wire the house, design for the correct loading factor on circuits and follow wiring codes…. This doesn’t matter to the home owner) Layer 3 – Home owner plugging in devices(All the home owner cares about is plugging in their device, turning it on and it works)
• #50: Ethernet/IP on UDP or TCP Packets
• #51: Modbus/TCP sitting on top of TCP packets
• #52: Ethernet Layer data Routed data on top of UDP
• #53: Standard Data – TCP / IP Soft Real Time – Custom Ether Type and Priority Realtime – Special Switches