Introduction:
RIR (Regional Internet Registries)
1. RIPE NCC
2. AfriNIC
3. APNIC
4. ARIN
5. LACNAC
Time line:
• 3rd FEB 2011 last remaining /8 pools were allocated amongest the five Regional Internet Registries
• 15th APR 2011 APNIC pool consist of the final /8 block
Why to move to IPv6
• ipv4 address pool exhausted
• NGN capabilities to defence
• Govt. mandates
• cable market address scaling
• population densities in APAC
• 4G deployments
• connects people and things not only computer
When enterprise will deploy Ipv6
• They have an application requirement to drive it
• Their presence on the Internet is compromised by lack of IPv6 access
• The price of an IPv4 address exceeds the hardware cost to route it
Ipv6 Introduction
• IPv6 addresses are 128 bits long
o Segmented into 8 groups of four HEX characters (called HEXtets) Separated by a colon (:)
• Default is 50% for network ID, 50% for interface ID
o Network portion is allocated by Internet registries 2^64 (1.8 x 1019),Still leaves us with ~ 3 billion network prefixes for each person on earth
340,282,366,920,938,463,374,607,432,768,211,456
(IPv6 Address Space - 340 Trillion Trillion Trillion)
vs
4,294,967,296
(IPv4 Address Space - 4 Billion)
• Abbreviations are possible
Only Leading zeros in contiguous block could be represented by (::)
2001:0db8:0000:130F:0000:0000:087C:140B
2001:0db8:0:130F::87C:140B
Double colon can only appear once in the address
• IPv6 uses CIDR representation
IPv4 address looks like 98.10.0.0/16
IPv6 address is represented the same way 2001:db8:12::/48
Notation must be represented in 16 bit blocks irrespective of the mask e.g. FE80::/10, or FF00::/8
• Addresses are assigned to interfaces
• An IPv6 interface is “expected” to have multiple addresses and multiple scopes
• Addresses have scope
o Link Local
o Unique Local
o Global
• Addresses have lifetime
o Valid and preferred lifetime
IPv6 Address
•Loopback address representation
0:0:0:0:0:0:0:1 == ::1 Same as 127.0.0.1 in IPv4 Identifies self
•Unspecified address representation
0:0:0:0:0:0:0:0 == ::
Used as a placeholder when no address available (Initial DHCP request, Duplicate Address Detection DAD)
NOT the default route
•Default Route representation
::/0
IPv6 Address Types
Three types of unicast address scopes
• Link-Local – Non routable exists on single layer 2 domain (FE80::/64)
o FE80:0000:0000:0000:xxxx:xxxx:xxxx:xxxx
• Unique-Local – Routable within administrative domain (FC00::/7)
o FCgg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx
o FDgg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx
• Global – Routable across the Internet (2000::/3)
o 2ggg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx
o 3ggg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx
Multicast addresses (FF00::/8)
• FFzs: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
o Flags (z) in 3rd nibble (4 bits) Scope (s) into 4th nibble
IPv6 Addressing Types Summary: (Represented in Binary and Hex)
Type Binary Hex
Global Unicast Address 001 2 or 3
Link Local Unicast Address 1111 1110 10 FE80::/10
Unique Local Unicast Address 1111 1100 1111 1101 FC00::/7 FC00::/8(registry) FD00::/8 (no registry)
Multicast Address 1111 1111 FF00::/16
Solicited Node Multicast FF02::1:FF00/104
Allocation Process
IANA 2000::/3
Registries 2000::/12
ISP 2000:/32
Enterprise 2000:/48
Global Unicast Address Interface ID
• Interface ID unicast address may be assigned in different ways
o Auto-configured from a 64-bit EUI-64 or expanded from a 48-bit MAC
o Auto-generated pseudo-random number (to address privacy concerns)
o Assigned via DHCP
o Manually configured
• EUI-64 format to do stateless auto-configuration
o Expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle
o To ensure chosen address is from a unique Ethernet MAC address
o The universal/local ( “u” bit) is set to 1 for global scope and 0 for local scope
• IPv6 Interface Identifier (EUI-64 format)
o Cisco uses the EUI-64 format to do stateless auto-configuration
o This format expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle 16 bits
o To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (“u” bit) is set to 1 for global scope and 0 for local scope
o Cisco devices ‘bit-flip’ the 7th bit
• Link-Local Address
1111 1110 10
FE80::/10
o Mandatory for communication between two IPv6 devices
o Automatically assigned by device using EUI-64
o Also used for next-hop calculation in routing protocols
o Only link specific scope
o Remaining 54 bits could be zero or any manually configured
• Unique Local Address (RFC 4193)
o 1111 110L
o FC00::/7
o ULA are “like” RFC 1918 – not routable on Internet
o ULA uses include
Local communications
Inter-site VPNs (Mergers and Acquisitions)
o FC00::/8 is Registry Assigned (L bit = 0), FD00::/8 is self generated (L bit = 1)
Registries not yet assigning ULA space, http://www.sixxs.net/tools/grh/ula/
o Global ID can be generated using an algorithm
Low order 40 bits result of SHA-1 Digest {EUI-64 && Time}
• IPv6 Multicast Address (RFC 4291)
o An IPv6 multicast address has the prefix FF00::/8 (1111 1111)
Well Known Multicast Addresses
Address Scope Meaning
FF01::1 Node-Local All Nodes
FF01::2 Node-Local All Routers
FF02::1 Link-Local All Nodes
FF02::2 Link-Local All Routers
FF02::5 Link-Local OSPFv3 Routers
FF02::6 Link-Local OSPFv3 DR Routers
FF02::1:FFXX:XXXX Link-Local Solicited-Node
• Solicited-Node Multicast Address
o For each Unicast and Anycast address configured there is a corresponding solicited-node multicast (Layer 3 address)
o Used in neighbor solicitation (NS) messages
o Multicast address with a link-local scope
o Solicited-node multicast consists of
o FF02::1:FF & {lower 24 bits from IPv6 Unicast interface ID}
IPv6 Interface example
Header comparison
IPv6 unique local address
Site-Local Addresses
• First stab at having a private address space range for our internal organizations
• Similar to RFC 1918 for IPv4.
• This address space was defined in RFC 3513
• Being in the range FEC0::/10.
• Basically what this means is that the first 12 bits of the address had to look something like this:
o 1111 1110 11xx
o [ F ] [ E ] [C-F]
The site-local address was the first attempt at letting network admins assign their own private addressing for their “sites.” The issues with it were that the term “site” was somewhat ambiguous. Nobody could really agree on what a “site” was. Secondly, there was no guarantee that no two sites within the same organization would not end up using overlapping site addressing due to carelessness or whatever else. Site-Local addresses went to sleep permanently when deprecated officially in RFC 3879.
Unique-Local Addresses (Replaces Site local address)
• Unique-Local addresses have officially replaced site-local addresses.
• There are really two different “flavors.” Unique-Local Addresses (ULA) are defined in RFC 4193
• They are given the range FC00::/7.
• Basically your first 8 bits will look like this:
o 1111 110x
o [F ] [C-D]
• Overall, your unique-local address will look something like this:
o F[C-D]xx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
It starts with either FC or FD in hexadecimal.
The string of ‘x’s there represents what we call our “global-id” which would describe your company and is 40 bits long.
The string of ‘y’s represent what we call the “subnet-id” which describes the sites within your company and is 16 bits long.
The string of ‘z’s is the remaining 64 bits that represent a host.
So essentially you have a 40-bit value that represents your company and 16 bits to play with for subnetting (which gives you up to 65,535 /64 subnets).
We have this FC00::/7 range. Basically some people thought the 40-bit global-id should be something centrally assigned by a registrar of sorts (similar to ARIN). The addresses would still not be routable on the public internet, but would be controlled by a trusted third party registrar. The reasoning was so that it was guaranteed that no two sites within an organization would ever get overlapping ranges.
On the other hand, other people didn’t like the idea of having private addresses allocated to them. Therefore, what they did was a compromise.
They took this massive FC00::/7 range and broke it up into two individual /8’s – FC00::/8 and FD00::/8 and each one works a bit differently.
Unique-Local Locally-Assigned Addresses (FD00::/8)
The people that do not want their private addresses assigned to them by a third party get this range. The kicker is that in the RFC the way that 40-bit global-id get’s picked is still not really Supposed to be up to you. It is a randomly generated number (at least “pseudo-random”). So, with FD00::/8 you get something like this
FDxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
Where string of ‘x’s is still the global-id and is 40-bits long…it is just randomly generated, or at least SHOULD be. The rest is the same…we still have 16 bits for subnetting and a /64 host address
Unique-Local Centrally-Assigned Addresses (FD00::/8)
The people that were for the private addresses being centrally assigned by some sort of registrar get the FC00::/8 range. Now, as of right now this organization that is supposed to hand out the addresses really doesn’t exist yet, the concept is similar except now you have something like this:
FCxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
Where string of ‘x’s is still the global-id and is 40-bits long. The rest is the same…we still have 16 bits for subnetting and a /64 host address
RIR (Regional Internet Registries)
1. RIPE NCC
2. AfriNIC
3. APNIC
4. ARIN
5. LACNAC
Time line:
• 3rd FEB 2011 last remaining /8 pools were allocated amongest the five Regional Internet Registries
• 15th APR 2011 APNIC pool consist of the final /8 block
Why to move to IPv6
• ipv4 address pool exhausted
• NGN capabilities to defence
• Govt. mandates
• cable market address scaling
• population densities in APAC
• 4G deployments
• connects people and things not only computer
When enterprise will deploy Ipv6
• They have an application requirement to drive it
• Their presence on the Internet is compromised by lack of IPv6 access
• The price of an IPv4 address exceeds the hardware cost to route it
Ipv6 Introduction
• IPv6 addresses are 128 bits long
o Segmented into 8 groups of four HEX characters (called HEXtets) Separated by a colon (:)
• Default is 50% for network ID, 50% for interface ID
o Network portion is allocated by Internet registries 2^64 (1.8 x 1019),Still leaves us with ~ 3 billion network prefixes for each person on earth
340,282,366,920,938,463,374,607,432,768,211,456
(IPv6 Address Space - 340 Trillion Trillion Trillion)
vs
4,294,967,296
(IPv4 Address Space - 4 Billion)
• Abbreviations are possible
Only Leading zeros in contiguous block could be represented by (::)
2001:0db8:0000:130F:0000:0000:087C:140B
2001:0db8:0:130F::87C:140B
Double colon can only appear once in the address
• IPv6 uses CIDR representation
IPv4 address looks like 98.10.0.0/16
IPv6 address is represented the same way 2001:db8:12::/48
Notation must be represented in 16 bit blocks irrespective of the mask e.g. FE80::/10, or FF00::/8
• Addresses are assigned to interfaces
• An IPv6 interface is “expected” to have multiple addresses and multiple scopes
• Addresses have scope
o Link Local
o Unique Local
o Global
• Addresses have lifetime
o Valid and preferred lifetime
IPv6 Address
•Loopback address representation
0:0:0:0:0:0:0:1 == ::1 Same as 127.0.0.1 in IPv4 Identifies self
•Unspecified address representation
0:0:0:0:0:0:0:0 == ::
Used as a placeholder when no address available (Initial DHCP request, Duplicate Address Detection DAD)
NOT the default route
•Default Route representation
::/0
IPv6 Address Types
Three types of unicast address scopes
• Link-Local – Non routable exists on single layer 2 domain (FE80::/64)
o FE80:0000:0000:0000:xxxx:xxxx:xxxx:xxxx
• Unique-Local – Routable within administrative domain (FC00::/7)
o FCgg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx
o FDgg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx
• Global – Routable across the Internet (2000::/3)
o 2ggg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx
o 3ggg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx
Multicast addresses (FF00::/8)
• FFzs: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
o Flags (z) in 3rd nibble (4 bits) Scope (s) into 4th nibble
IPv6 Addressing Types Summary: (Represented in Binary and Hex)
Type Binary Hex
Global Unicast Address 001 2 or 3
Link Local Unicast Address 1111 1110 10 FE80::/10
Unique Local Unicast Address 1111 1100 1111 1101 FC00::/7 FC00::/8(registry) FD00::/8 (no registry)
Multicast Address 1111 1111 FF00::/16
Solicited Node Multicast FF02::1:FF00/104
Allocation Process
IANA 2000::/3
Registries 2000::/12
ISP 2000:/32
Enterprise 2000:/48
Global Unicast Address Interface ID
• Interface ID unicast address may be assigned in different ways
o Auto-configured from a 64-bit EUI-64 or expanded from a 48-bit MAC
o Auto-generated pseudo-random number (to address privacy concerns)
o Assigned via DHCP
o Manually configured
• EUI-64 format to do stateless auto-configuration
o Expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle
o To ensure chosen address is from a unique Ethernet MAC address
o The universal/local ( “u” bit) is set to 1 for global scope and 0 for local scope
• IPv6 Interface Identifier (EUI-64 format)
o Cisco uses the EUI-64 format to do stateless auto-configuration
o This format expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle 16 bits
o To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (“u” bit) is set to 1 for global scope and 0 for local scope
o Cisco devices ‘bit-flip’ the 7th bit
• Link-Local Address
1111 1110 10
FE80::/10
o Mandatory for communication between two IPv6 devices
o Automatically assigned by device using EUI-64
o Also used for next-hop calculation in routing protocols
o Only link specific scope
o Remaining 54 bits could be zero or any manually configured
• Unique Local Address (RFC 4193)
o 1111 110L
o FC00::/7
o ULA are “like” RFC 1918 – not routable on Internet
o ULA uses include
Local communications
Inter-site VPNs (Mergers and Acquisitions)
o FC00::/8 is Registry Assigned (L bit = 0), FD00::/8 is self generated (L bit = 1)
Registries not yet assigning ULA space, http://www.sixxs.net/tools/grh/ula/
o Global ID can be generated using an algorithm
Low order 40 bits result of SHA-1 Digest {EUI-64 && Time}
• IPv6 Multicast Address (RFC 4291)
o An IPv6 multicast address has the prefix FF00::/8 (1111 1111)
Well Known Multicast Addresses
Address Scope Meaning
FF01::1 Node-Local All Nodes
FF01::2 Node-Local All Routers
FF02::1 Link-Local All Nodes
FF02::2 Link-Local All Routers
FF02::5 Link-Local OSPFv3 Routers
FF02::6 Link-Local OSPFv3 DR Routers
FF02::1:FFXX:XXXX Link-Local Solicited-Node
• Solicited-Node Multicast Address
o For each Unicast and Anycast address configured there is a corresponding solicited-node multicast (Layer 3 address)
o Used in neighbor solicitation (NS) messages
o Multicast address with a link-local scope
o Solicited-node multicast consists of
o FF02::1:FF & {lower 24 bits from IPv6 Unicast interface ID}
IPv6 Interface example
Header comparison
IPv6 unique local address
Site-Local Addresses
• First stab at having a private address space range for our internal organizations
• Similar to RFC 1918 for IPv4.
• This address space was defined in RFC 3513
• Being in the range FEC0::/10.
• Basically what this means is that the first 12 bits of the address had to look something like this:
o 1111 1110 11xx
o [ F ] [ E ] [C-F]
The site-local address was the first attempt at letting network admins assign their own private addressing for their “sites.” The issues with it were that the term “site” was somewhat ambiguous. Nobody could really agree on what a “site” was. Secondly, there was no guarantee that no two sites within the same organization would not end up using overlapping site addressing due to carelessness or whatever else. Site-Local addresses went to sleep permanently when deprecated officially in RFC 3879.
Unique-Local Addresses (Replaces Site local address)
• Unique-Local addresses have officially replaced site-local addresses.
• There are really two different “flavors.” Unique-Local Addresses (ULA) are defined in RFC 4193
• They are given the range FC00::/7.
• Basically your first 8 bits will look like this:
o 1111 110x
o [F ] [C-D]
• Overall, your unique-local address will look something like this:
o F[C-D]xx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
It starts with either FC or FD in hexadecimal.
The string of ‘x’s there represents what we call our “global-id” which would describe your company and is 40 bits long.
The string of ‘y’s represent what we call the “subnet-id” which describes the sites within your company and is 16 bits long.
The string of ‘z’s is the remaining 64 bits that represent a host.
So essentially you have a 40-bit value that represents your company and 16 bits to play with for subnetting (which gives you up to 65,535 /64 subnets).
We have this FC00::/7 range. Basically some people thought the 40-bit global-id should be something centrally assigned by a registrar of sorts (similar to ARIN). The addresses would still not be routable on the public internet, but would be controlled by a trusted third party registrar. The reasoning was so that it was guaranteed that no two sites within an organization would ever get overlapping ranges.
On the other hand, other people didn’t like the idea of having private addresses allocated to them. Therefore, what they did was a compromise.
They took this massive FC00::/7 range and broke it up into two individual /8’s – FC00::/8 and FD00::/8 and each one works a bit differently.
Unique-Local Locally-Assigned Addresses (FD00::/8)
The people that do not want their private addresses assigned to them by a third party get this range. The kicker is that in the RFC the way that 40-bit global-id get’s picked is still not really Supposed to be up to you. It is a randomly generated number (at least “pseudo-random”). So, with FD00::/8 you get something like this
FDxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
Where string of ‘x’s is still the global-id and is 40-bits long…it is just randomly generated, or at least SHOULD be. The rest is the same…we still have 16 bits for subnetting and a /64 host address
Unique-Local Centrally-Assigned Addresses (FD00::/8)
The people that were for the private addresses being centrally assigned by some sort of registrar get the FC00::/8 range. Now, as of right now this organization that is supposed to hand out the addresses really doesn’t exist yet, the concept is similar except now you have something like this:
FCxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
Where string of ‘x’s is still the global-id and is 40-bits long. The rest is the same…we still have 16 bits for subnetting and a /64 host address
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.