IPv6: How many addresses do you need for happiness?
The picture, which some networkers accustomed to IPv4 can enter into a stupor:
Moreover, each of these addresses can be used along with the others. How so?
Now more.
')
Of course, one could argue that IPv4 also had various methods, how to assign several addresses to the interface (secondary, alias, and so on). But in IPv6, the addresses were made equal, and this opens up broad possibilities.
For example, a node can use one address for communication in its local network, another address for communication within the organization, and a third one for access to the Internet. Or 10 for Internet access at once - send requests from a new address to each site.
Introduced mechanism of preference and aging of addresses, with which you can make a smooth change of addresses in the network. At the first stage, all requests begin to be sent from the new addresses, but the nodes continue to respond to the old ones too. Then, after some time, the old addresses are completely written off as scrap.
At first glance, it may seem like "Well, okay," but such small details will lead to a completely different logic of address assignment.
Again, formally, IPv4 addresses also had scope.
There are link-local addresses. They are usually known under the code name "$ @ # * !!! Again, DHCP does not work!" and are selected from the range of 169.254.0.0/16 . But in general, they have functions besides "To let the admin understand that his DHCP server does not give out addresses".
First, such an address can be automatically generated by the device itself. Secondly, it is quite suitable for communication within the network. Restriction: it generally should not be routed, for link-local.
Besides them, RFC 1918 defines three ranges of private addresses: everyone's favorite 192.168.0.0/16 , large 10.0.0.0/8, and undeservedly forgotten 172.16.0.0/12 (that is, from 172.16.0.0 to 172.31.255.255 ). They are routed, but only within your internal network. For communication on the Internet can not use them.
Finally, there are (not enough) many unique (“public”, “white”) addresses that are issued for use by organizations and providers and are suitable for communication on a global scale.
Significant IPv4 Restriction: You cannot use these addresses at the same time. Either link-local, and sit without communication with other networks, or private, but without NAT you can’t get to the Internet, or public ones that are suitable for everything, but now in terrible shortage.
In IPv6, you can use addresses with different scope at the same time. We need to knock on a neighbor on the network - use link-local. We went to the Internet - we take a globally unique one.
For nodes, there are three options for addresses:
In addition to the general concept of "scope", each specific address on a specific interface has a coverage zone . This is part of the topology to which the scope of a given address extends from this interface. For programmers, the following explanation is usually offered: the scope is an abstract class, and the scope is an instance of a class. For example, a link-local address on the Fa0 / 0 interface will have a network segment connected to the Fa0 / 0 interface.
The boundaries of the zones pass through the nodes. From here, the link-local addresses on different interfaces of the router will lie in different zones.
The image will help to visualize the scope and area of ​​action:
Side effect : ambiguity. If we say “Send a packet to FE80 :: 101”, then the counter question will be “To which of the interfaces?”, Because this address can be on any of the interfaces. Therefore, for the link-local addresses, the interface to be used is necessarily specified. In Windows, entries like FE80 :: 1% 5 are used, where after the character "%" there is an interface ID. In Linux, the name applies (FE80 :: 1% eth0).
The ability to simultaneously use addresses of different types opens up very interesting possibilities.
Let's take this topology:
How many subnets do we need to have an IP connection between the computer and the server?
In IPv4, we need 4 subnets, and even if we take networks / 31, these are 8 addresses.
How many subnets will be enough to configure in IPv6?
How is this possible?
A very simple. Routing works hop by hop. At each stage, we need to know only the outgoing interface and the address of the next transition, and the physical one, and we need IP, insofar as.
The computer knows the link-local address of the nearest router (Router0). Router0 knows the link-local of the next one in the chain (Router1). Router1 knows the address of Router2. Router2 can deliver a message to the server. The back is the same.
Clarification : As rightly noted in the comments of Alukardd , there is such a possibility in IPv4. Therefore, on the Internet, you can easily see private addresses in the trace results.
Check it out.
Enable IPv6 routing:
Enable IPv6 on interfaces; link-local addresses will be created automatically:
Checking:
Configure global addresses:
Please note that on computers in general, you do not need to configure anything, addresses will be automatically obtained. How - the topic of a separate article.
Finally, you need routing. Configure OSPFv3.
Repeat the procedure on the remaining routers (changing the router-id, of course). After that, we will establish a neighborhood (via link-local addresses!), And the necessary routes will get into the routing table.
Then you can make sure that everything works.
Conclusion : for traffic transit it is enough to use link-local addresses. Globally-unique addresses and ULA will be needed only if you want to access the device itself (for example, log into the router via SSH).
The undoubted advantage of routing to link-local addresses is that the binding to a specific address is removed. It is possible to make the following analogy: in IPv4, the route was recorded through the names of streets and houses - “On Lenin Street to 51 and right”. In IPv6, the route can be written as “two traffic lights straight on the third to the right”. In the case of a change of addressing (“renaming streets”), IPv4 routes need to be rebuilt, and everything will continue to work as usual in IPv6.
There was a clarification about the EUI-64 earlier, but the topic as a whole is worthy of a separate article.
IPv6 addresses via EUI-64: Points above i
Hope the article was helpful. Next in line is the distribution of addresselephants .
R6#sh ipv6 interface brief FastEthernet0/0 [up/up] FE80::218:18FF:FE45:F0E2 1::1 1::2 1::3 1::10 1::100:500 2::1 2::2 Moreover, each of these addresses can be used along with the others. How so?
Important IPv6 Changes
- There can be a lot of addresses on the interface.
- Addresses have scope - scope or scope.
- Actively used addresses with a scope within the segment - the so-called link-local.
- Addresses can be generated independently.
Now more.
')
1. Many addresses on the interface
Of course, one could argue that IPv4 also had various methods, how to assign several addresses to the interface (secondary, alias, and so on). But in IPv6, the addresses were made equal, and this opens up broad possibilities.
For example, a node can use one address for communication in its local network, another address for communication within the organization, and a third one for access to the Internet. Or 10 for Internet access at once - send requests from a new address to each site.
Introduced mechanism of preference and aging of addresses, with which you can make a smooth change of addresses in the network. At the first stage, all requests begin to be sent from the new addresses, but the nodes continue to respond to the old ones too. Then, after some time, the old addresses are completely written off as scrap.
At first glance, it may seem like "Well, okay," but such small details will lead to a completely different logic of address assignment.
2. Scope
Again, formally, IPv4 addresses also had scope.
There are link-local addresses. They are usually known under the code name "$ @ # * !!! Again, DHCP does not work!" and are selected from the range of 169.254.0.0/16 . But in general, they have functions besides "To let the admin understand that his DHCP server does not give out addresses".
First, such an address can be automatically generated by the device itself. Secondly, it is quite suitable for communication within the network. Restriction: it generally should not be routed, for link-local.
Besides them, RFC 1918 defines three ranges of private addresses: everyone's favorite 192.168.0.0/16 , large 10.0.0.0/8, and undeservedly forgotten 172.16.0.0/12 (that is, from 172.16.0.0 to 172.31.255.255 ). They are routed, but only within your internal network. For communication on the Internet can not use them.
Finally, there are (not enough) many unique (“public”, “white”) addresses that are issued for use by organizations and providers and are suitable for communication on a global scale.
Significant IPv4 Restriction: You cannot use these addresses at the same time. Either link-local, and sit without communication with other networks, or private, but without NAT you can’t get to the Internet, or public ones that are suitable for everything, but now in terrible shortage.
In IPv6, you can use addresses with different scope at the same time. We need to knock on a neighbor on the network - use link-local. We went to the Internet - we take a globally unique one.
For nodes, there are three options for addresses:
- Link-local. Range FE80 :: / 10 . Must be on all nodes with IPv6. It is created by the node itself (for example, according to EUI-64), or we can set it with pens. As the name implies, operates within a segment, therefore uniqueness is required only within this segment (as with MAC addresses, for example). From here on different interfaces can be the same.
- Unique-local address (ULA) . This is an analogue of "private" addresses. Scope is generally global ( RFC 4193 ), but no one is obliged to route them on the Internet, so in most cases they will be cut off by the provider, for example. You can assign by analogy with the addresses 192.168 ..., but now there are many more, so the probability of choosing the same is much lower.
Note
In IPv4 there is one unpleasant situation with private addresses when firm A buys firm B, and in these firms the same network is used (in the worst case, 10.0.0.0/8). Splicing them is a headache. Although it is possible to take any ULA addresses, it is recommended to generate them randomly and enter them into one of the public directories (for example, here ). This guarantees a very small chance of crossing. If you take the “beautiful” ULA addresses, and then you have to merge the same networks together with another similar loser, the admin - you are to blame.
- Globally unique addresses . Those most. Routed, unique throughout the world, a direct analogue of public IPv4 addresses.
Note
Previously there were so-called. site-local address with its scope - one site (site). But the developers of IPv6 came to the conclusion that the concept of the site is too muddy, and was refused from site-local in favor of ULA.
In addition to the general concept of "scope", each specific address on a specific interface has a coverage zone . This is part of the topology to which the scope of a given address extends from this interface. For programmers, the following explanation is usually offered: the scope is an abstract class, and the scope is an instance of a class. For example, a link-local address on the Fa0 / 0 interface will have a network segment connected to the Fa0 / 0 interface.
The boundaries of the zones pass through the nodes. From here, the link-local addresses on different interfaces of the router will lie in different zones.
The image will help to visualize the scope and area of ​​action:
Side effect : ambiguity. If we say “Send a packet to FE80 :: 101”, then the counter question will be “To which of the interfaces?”, Because this address can be on any of the interfaces. Therefore, for the link-local addresses, the interface to be used is necessarily specified. In Windows, entries like FE80 :: 1% 5 are used, where after the character "%" there is an interface ID. In Linux, the name applies (FE80 :: 1% eth0).
3. Benefits of link-local addresses
The ability to simultaneously use addresses of different types opens up very interesting possibilities.
Let's take this topology:
How many subnets do we need to have an IP connection between the computer and the server?
In IPv4, we need 4 subnets, and even if we take networks / 31, these are 8 addresses.
How many subnets will be enough to configure in IPv6?
Correct answer
Two, one between the computer and Router0, and the other between the server and Router2. Other addresses can be link-local, they can be generated automatically.
How is this possible?
A very simple. Routing works hop by hop. At each stage, we need to know only the outgoing interface and the address of the next transition, and the physical one, and we need IP, insofar as.
The computer knows the link-local address of the nearest router (Router0). Router0 knows the link-local of the next one in the chain (Router1). Router1 knows the address of Router2. Router2 can deliver a message to the server. The back is the same.
Clarification : As rightly noted in the comments of Alukardd , there is such a possibility in IPv4. Therefore, on the Internet, you can easily see private addresses in the trace results.
Check it out.
Enable IPv6 routing:
Router#conf t Router(config)#ipv6 unicast-routing Enable IPv6 on interfaces; link-local addresses will be created automatically:
Router(config)#interface fa0/0 Router(config-if)#ipv6 enable Router(config-if)#interface fa0/1 Router(config-if)#ipv6 enable Router(config-if)#end Router# Checking:
Router#show ipv6 interface brief FastEthernet0/0 [up/up] FE80::201:C7FF:FE8D:B001 FastEthernet0/1 [up/up] FE80::201:C7FF:FE8D:B002 Configure global addresses:
Router0#conf t Router0(config)#interface fa0/0 Router0(config-if)#ipv6 address 1::1/64 Router2#conf t Router2(config)#interface fa0/1 Router2(config-if)#ipv6 address 2::1/64 Please note that on computers in general, you do not need to configure anything, addresses will be automatically obtained. How - the topic of a separate article.
Finally, you need routing. Configure OSPFv3.
Router0#conf t Router0(config)#ipv6 router ospf 1 %OSPFv3-4-NORTRID: OSPFv3 process 1 could not pick a router-id,please configure manually ! , router-id, Router0(config-rtr)#router-id 1.0.0.0 Router0(config-rtr)#exit Router0(config)#interface fa0/0 Router0(config-if)#ipv6 ospf 1 area 0 Router0(config-if)#interface fa0/1 Router0(config-if)#ipv6 ospf 1 area 0 Repeat the procedure on the remaining routers (changing the router-id, of course). After that, we will establish a neighborhood (via link-local addresses!), And the necessary routes will get into the routing table.
Router0#sh ipv6 route IPv6 Routing Table - 4 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route, M - MIPv6 I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 D - EIGRP, EX - EIGRP external C 1::/64 [0/0] via ::, FastEthernet0/0 L 1::1/128 [0/0] via ::, FastEthernet0/0 O 2::/64 [110/3] via FE80::201:63FF:FE59:4501, FastEthernet0/1 Then you can make sure that everything works.
On the verge of extreme
You can get by with just two global addresses (per computer and per server). However, in this case, Router0 and Router2 will have to create static routes to the computer and server, respectively, since routers will not find out about these addresses themselves. Then you can redistribute into OSPF and verify that there will be a connection even in such a strange case.
Conclusion : for traffic transit it is enough to use link-local addresses. Globally-unique addresses and ULA will be needed only if you want to access the device itself (for example, log into the router via SSH).
The undoubted advantage of routing to link-local addresses is that the binding to a specific address is removed. It is possible to make the following analogy: in IPv4, the route was recorded through the names of streets and houses - “On Lenin Street to 51 and right”. In IPv6, the route can be written as “two traffic lights straight on the third to the right”. In the case of a change of addressing (“renaming streets”), IPv4 routes need to be rebuilt, and everything will continue to work as usual in IPv6.
4. Automatic address assignment
There was a clarification about the EUI-64 earlier, but the topic as a whole is worthy of a separate article.
IPv6 addresses via EUI-64: Points above i
Hope the article was helpful. Next in line is the distribution of address
Source: https://habr.com/ru/post/245657/
All Articles