IPv6 in Cisco or the future is near (Part 1)

Introduction

IPv6 protocol is the successor of the fourth version of IP protocol, IPv4, which is commonly used today, and naturally inherits most of the logic of this protocol. For example, packet headers in IPv4 and IPv6 are very similar, the same packet forwarding logic is used — routing based on the destination address, monitoring how long a packet is in the network using TTL, and so on. However, there are significant differences: in addition to changing the length of the IP address itself, there was a refusal to use broadcasting in any form, including directional (Broadcast, Directed broadcast). Instead, multicast is now used. Also, the ARP protocol, whose functions are entrusted to ICMP, has disappeared, which will make information security departments more attentive to this protocol, since its simple prohibition has already become impossible. We will not describe all the changes that have occurred to the protocol, since the reader will be able to easily find them on most IT resources. Instead, we’ll show practical examples of configuring Cisco IOS-based devices to work with IPv6.

Many novice network professionals wonder: "Do we need to start learning IPv6 now?" In our opinion, today you can’t approach IPv6 as a separate chapter or technology; instead, all the techniques and techniques being studied should be worked out directly on both versions of the IP protocol. For example, when studying the work of the EIGRP dynamic routing protocol, it is worthwhile to set up test networks in the laboratory for both IPv4 and IPv6 simultaneously. Let's move from words to deeds!

')

IPv6 addressing

The IPv6 address is 128 bits, which is four times the length of an IPv4 address. The number of IPv6 addresses is huge and amounts to 2128-3,4⋅1038. The IPv6 address itself can be divided into two parts: the prefix and the host address, which is also called the interface identifier. This division is very similar to what was used in IPv4 for classless routing.



IPv6 addresses are written in hexadecimal, each group of four digits is separated by a colon. For example, 2001: 1111: 2222: 3333: 4444: 5555: 6666: 7777.



The mask is indicated by a slash, that is, for example, / 64.



An IPv6 address may contain long sequences of zeros, so an abbreviated address is provided. First, the leading zeros of each group of numbers may not be written, that is, instead of the address 2001: 0001: 0002: 0003: 0004: 0005: 0006: 7000, you can write 2001: 1: 2: 3: 4: 5: 6: 7000. Finite zeros are not deleted. In the case when a group of digits in the address (or several groups in a row) contains only zeros, it can be replaced with a double colon. For example, instead of the address 2001: 1: 0: 0: 0: 0: 0: 1, an abbreviated notation 2001: 1 :: 1 may be used. It is worth noting that the address can be shortened only once.



The following are correct and incorrect forms for recording IPv6 addresses.

The correct entry.

2001: 0000: 0db8: 0000: 0000: 0000: 07a0: 765d

2001: 0: db8: 0: 0: 0: 7a0: 765d

2001: 0: db8 :: 7a0: 765d



Error form.

2001 :: db8 :: 7a0: 765d

2001: 0: db8 :: 7a: 765d



Funny cuts.

:: / 0 - default gateway

:: 1 - loopback

2001: 2345: 6789 :: / 64 - the address of a network



However, not all IPv6 addresses can be assigned to nodes on the WAN. There are several reserved ranges and address types. An IPv6 address can be one of the following three types.

• Unicast

• Multicast

• Anycast



Unicast addresses are very similar to similar IPv4 addresses, they can be assigned to interfaces of network devices, servers and end-user hosts. Group or Multicast addresses are intended for delivering packets to several recipients included in a group at once. When using Anycast addresses, data will be received by the closest node to which such an address is assigned. It is worth paying special attention to the fact that there are no broadcast addresses in the list of IPv6 supported addresses. Even among Unicast addresses, there is a finer split into types.

• Link local

• Global unicast

• Unique local

The addresses belonging to the Unique local group are described in RFC 4193 and are very similar in their purpose to the private IPv4 addresses described in RFC 1918. The addresses of the Link local group are used to transfer information between devices connected to the same L2 network. Most addresses from the Global unicast range can be assigned to the interfaces of specific network nodes. The list of reserved addresses is provided below.

Address	Mask	Description	Notes
::	128	-	Analogue 0.0.0.0 in IPv4
::one	128	Loopback	Analogue 127.0.0.1 to IPv4
:: xx.xx.xx.xx	96	Built-in IPv4	IPv4 compatible. Out of date, not used
:: ffff: xx.xx.xx.xx	96	IPv4 mapped to IPv6	For non-IPv6 hosts
2001: db8 ::	32	Documenting	Reserved for examples. RFC 3849
fe80 :: - febf ::	ten	Link-local	Analog 169.254.0.0/16 in IPv4
fc00 ::	7	Unique Local Unicast	Came to replace Site-Local. RFC 4193
ffxx ::	eight	Multicast	-

Basic interface configuration

IPv6 routing is enabled using the ipv6 unicast-routing command. In principle, router support for IPv6 will be made without the introduction of this command, but without it, the device will act as a host for IPv6. Many of the commands you are used to in IPv4 are also present in IPv6, but for them, instead of the ip option, you will need to specify the word ipv6.

Setting the address on the interface is possible in several ways. When you enable IPv6 support, the interface automatically assigns a link-local address.

R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int gi0/0 R1(config-if)#ipv6 enable R1(config-if)#^Z R1#show ipv6 int bri Ethernet0/0 [administratively down/down] unassigned GigabitEthernet0/0 [up/up] FE80::C800:3FFF:FED0:A008 

The calculation of the part of the link-local address is performed using the EUI-64 algorithm based on the MAC address of the interface. To do this, in the middle of the 48-byte MAC address, two bytes are automatically appended, which in hexadecimal notation have the form FFFE, and the seventh bit of the first byte of the MAC address is inverted. The figures below schematically show the work of the algorithm under discussion.









Compare the above link-local address with the router's physical Gi0 / 0 interface address (an insignificant part of the output of the sho int Gi0 / 0 command is deleted).

 R1#show int gi0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is ca00.3fd0.a008 (bia ca00.3fd0.a008) EUI-64  IPv6 : CA00:3FFF:FED0:A008. 

Manually assigning an address to an interface is done using the ipv6 address command, for example, ipv6 address 2001: db8 :: 1/64. It is possible only to specify the address of the network segment, the rest will be assigned automatically using the physical address of the interface converted with EUI-64, for which use the command with the keyword eui-64.

 R2#conf t R2(config)#int gi0/0 R2(config-if)#ipv ad 2001:db8::/64 eui-64 R2(config-if)#^Z R2#show ipv6 int bri Ethernet0/0 [administratively down/down] unassigned GigabitEthernet0/0 [up/up] FE80::C801:42FF:FEA4:8 2001:DB8::C801:42FF:FEA4:8 

Exchanging messages within a single L2 segment using only link-local addresses is possible and in some cases used, but in most situations the interface must be assigned a normal, routable IPv6 address. So, for example, OSPF or EIGRP neighborhood is established using link-local addresses. Automatic neighbor search and other service protocols also work on link-local addresses.

 R1#sho ipv6 int brief Ethernet0/0 [administratively down/down] unassigned GigabitEthernet0/0 [up/up] FE80::C800:42FF:FEA4:8 2001:DB8::1 R1#sho ipv ei ne IPv6-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 Link-local address: Gi0/0 12 00:01:03 39 234 0 3 FE80::C801:42FF:FEA4:8 R1#ping FE80::C801:42FF:FEA4:8 Output Interface: GigabitEthernet0/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::C801:42FF:FEA4:8, timeout is 2 seconds: Packet sent with a source address of FE80::C800:42FF:FEA4:8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/48 ms 

Naturally, the option of automatic address assignment in IPv6 using DHCP is also preserved. It is worth noting, however, that in IPv6 there are two different types of DHCP: stateless and stateful, which are configured using the commands ipv6 address autoconfig and ipv6 address dhcp, respectively.



As noted earlier, IPv6 does not use ARP anymore. Neighbors are detected using the Neighbor Discovery Protocol (NDP) by exchanging ICMP messages, sending them to the group address FF02 :: 1.

 R1#show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FE80::C801:42FF:FEA4:8 25 ca01.42a4.0008 STALE Gi0/0 

The Windows family operating systems also have the ability to view the list of neighbors (similar to the arp –a command), however, now you have to use a longer system call.

 C:\>netsh interface ipv6 show neighbors Interface 1: Loopback Pseudo-Interface 1 Internet Address Physical Address Type -------------------------------------------- ----------------- ----------- ff02::c Permanent ff02::16 Permanent ff02::1:2 Permanent ff02::1:3 Permanent ff02::1:ff1e:f939 Permanent Interface 24:     4 Internet Address Physical Address Type -------------------------------------------- ----------------- ----------- 2001:db8:0: 5::1 00-11-5c-1b-3d-49 Reachable (Router) fe80::ffff:ffff:fffe Unreachable Unreachable fe80::211:5cff:fe1b:3d49 00-11-5c-1b-3d-49 Stale (Router) fe80::218:f3ff:fe73:33d7 Unreachable Unreachable fe80::a541:1a9:3b2d:7734 Unreachable Unreachable ff02::1 33-33-00-00-00-01 Permanent ff02::2 33-33-00-00-00-02 Permanent ff02::c 33-33-00-00-00-0c Permanent ff02::16 33-33-00-00-00-16 Permanent ff02::1:2 33-33-00-01-00-02 Permanent ff02::1:3 33-33-00-01-00-03 Permanent ff02::1:ff00:0 33-33-ff-00-00-00 Permanent ff02::1:ff00:1 33-33-ff-00-00-01 Permanent 

Similarly, the search for routers in the local segment is performed, however, in this case, the packets are sent to the address FF02 :: 2. The interested node sends an RS (Router Solicitation) message, to which an RA (Router Advertisement) receives a response from the router. The specified response contains the parameters of the IP protocol on this network. The described process is shown in the figure below.







Discovery of a router connected to a local network segment is used by the node to obtain an IPv6 address using the stateless address autoconfiguration (SLAAC) procedure, also called Stateless DHCP.



______________

UPD 05/05/14: As a colleague correctly noted in the comment, you should distinguish between SLAAC and Stateless DHCP. In our text with Maxim, the important word “ERRORLY” is missing. Remember how it was said in the philosophy textbook that it is impossible to rip a quote out of context, otherwise it would be “It would be a mistake to think that (quote)” :)



So, it would be correct to write: “stateless address autoconfiguration (SLAAC), which is erroneously called Stateless DHCP in some literature.”



I apologize for the oversight and misrepresentation

______________



(continued in the form of routing, tunneling and VRF - here ).



The article was written by Maxim Klimanov (foxnetwork.ru, I am a co-author), who asked me to publish it for a wide range of readers.