IPV6 is fun. Part 1
I got the idea to introduce Habra to the public about IPv6 and setting up protocols based on this wonderful and poorly studied network experts. For these purposes, I will focus on two main vendors, Juniper and Cisco. My article will consist of three parts. In the first part I will collect all the most boring, but very necessary theory. Consider the fields of the ipv6 protocol, the principles of operation, splitting into subnetworks and set myself the task, as much as possible to focus on distinguishing it from your favorite IPv4.
Well, let's start, and we'll start with the plan.
• IPv6 Header versus IPv4
• Representation of IPv6 addresses
• Types of IPv4 and IPv6 sharing
• Types of addresses
• Subnetting
The depletion of the IPv4 address space was the motivating factor for the transition to IPv6. Since Africa, Asia and other regions of the world are gaining more and more connections to the global Internet, resulting in a shortage of IPv4 addresses. On Monday, January 31, 2011, IANA highlighted the last, 8 blocks of IPv4 addresses for RIRs. According to experts, these addresses will be occupied from 2015-2020. But apart from the lack of address space, IPv6 has some advantages over IPv4, which we will discuss in this article. IPv6 is designed as a successor to IPv4. In IPv6, there is more than 128-bit address space, which is enough for 340 undecillion addresses. (This is 340, followed by 36 zeros.) However, IPv6 is not just big addresses. When the IETF experts began developing a successor to IPv4, they used this opportunity to remove the limitations of IPv4 and make further improvements.
One of the major design improvements to the IPv6 protocol compared to IPv4 is the simplified IPv6 header. The IPv4 header consists of 20 octets (up to 60 bytes, if the “Parameters” field is used) and 12 main header fields, not including the “Parameters” and “Placeholder” fields. The IPv6 header consists of 40 octets (mainly due to the length of the source and destination IPv6 addresses) and 8 header fields (3 main IPv4 header fields and 5 additional fields). In addition, a new field has been added to IPv6 that is not used in the IPv4 protocol. The simplified IPv6 header offers several advantages over IPv4: increased routing efficiency for performance scalability and transfer speeds; no checksum processing required; Simplified and more efficient extension header mechanisms (as opposed to the Parameters field in IPv4); The “Flow label” field is intended for processing by flows without the need to open a transport internal packet to determine various traffic flows. The following fields are used in the IPv6 packet header:
')
Version : A field containing a 4-bit binary value that identifies the version of the IP packet. For IPv6 packets, this field is always 0110.
Traffic class : 8-bit field corresponding to the "Differentiated Services (DS)" field in the IPv4 header. It also contains the 6-bit Differentiated Services Code Point (DSCP), which is used to classify packets, as well as the 2-bit Explicit Congestion Notification (ECN) value, used to manage traffic congestion.
Flow Label : A 20-bit field providing a special service for real-time applications. Using this field, routers and switches are transmitted information about the need to maintain the same path for the flow of packets, which will help to avoid reordering.
Payload Length : 16-bit field corresponding to the Total Length field in the IPv4 header. It determines the size of the entire package (fragment), including the header and additional extensions.
Next header: 8-bit field corresponding to the “Protocol” field in the IPv4 header. It indicates the type of data payload that the packet carries, which allows the network layer to transfer data to the appropriate higher layer protocol. This field is also used when additional extension headers are added to the IPv6 packet.
Transition limit : 8-bit field, replacing the Time to Live (TTL) field in IPv4. This value is reduced by one by each router forwarding the packet. When the counter reaches 0, the packet is discarded, and an ICMPv6 message is sent to the sending node, which means that the packet has not reached its destination.
The source address is a 128-bit field that specifies the IPv6 address of the receiving node.
Destination Address : 128-bit field that specifies the IPv6 address of the receiving node.
"
The length of IPv6 addresses is 128 bits, written as a string of hexadecimal values. The bits are represented by one hexadecimal digit, and the total number of hexadecimal values ​​is 32. There are no examples of conversion from hexadecimal to binary and decimal in this article. Any self-respecting network specialist should be able to translate in his mind from different number systems, because network specialists do not receive money for beautiful eyes — and not small ones.
We describe two important rules for the proper representation of IPv6 addresses.
1) Rule number 1:
The first rule to shorten the entry of IPv6 addresses is to omit all leading 0s in hexadecimal. For example:
01AB can be represented as 1AB
09F0 can be represented as 9F0
0A00 can be represented as A00
00AB can be represented as AB
This rule applies only to leading zeros, and NOT to subsequent ones, otherwise the address will be written unclear. For example, the hexadecimal number "ABC" can be represented as "0ABC" or "ABC0".
2) Rule number 2:
The second rule to shorten the entry of IPv6 addresses is that a double colon (: :) can replace any single, adjacent string of one or more 16-bit segments (hextets) consisting of zeros. A double colon (: :) can only be used once in an address.
Wrong address:
2001: 0DB8 :: ABCD :: 1234
Possible extensions of ambiguously recorded compressed addresses:
2001: 0DB8 :: ABCD: 0000: 0000: 1234
2001: 0DB8 :: ABCD: 0000: 0000: 0000: 1234
2001: 0DB8: 0000: ABCD :: 1234
2001: 0DB8: 0000: 0000: ABCD :: 1234
Dual Stack : Dual Stack allows IPv4 and IPv6 to coexist on the same network. Devices with a double stack simultaneously work with IPv4 and IPv6 protocol stacks (picture attached):
Tunneling is a method of transporting an IPv6 packet over an IPv4 network. An IPv6 packet is encapsulated inside an IPv4 packet, like other types of data
Conversion — Network Address Translation 64 (NAT64) allows devices running IPv6 to communicate with devices running IPv4 using a translation method similar to the conversion method from NAT to IPv4. An IPv6 packet is converted to an IPv4 packet and vice versa.
There are three types of IPv6 – addresses:
Unicast (individual) - Used to define an interface on a device running IPv6
Multicast (Group) - Used to send packets to multiple destination addresses (Replaced the Broadcast address, there is an IPv6 address for all nodes, which gives a similar result.)
Anycast — Any individual address that can be assigned to multiple devices. A packet sent to a random broadcast address is sent to the nearest device with this address.
To get familiar with the types of addresses, we need the following information: the prefix, or the network part of the IPv4 address, can be indicated by a subnet mask in decimal format with dividing dots or the prefix length (entry with a slash). For example, the IP address 192.170.6.11 with a subnet mask in decimal format with separating dots 255.255.255.0 is equivalent to 192.170.6.11/24.
IPv6 uses the prefix length to denote part of the address prefix. IPv6 does not use a decimal point separator for the subnet mask. The prefix length denotes the network part of an IPv6 address using an address or an IPv6 prefix length. The prefix length range can be from 0 to 128. The traditional IPv6 prefix length for local and other types of networks is / 64. This means that the prefix length, or the network part of the address, is 64 bits, and the remaining 64 bits remain for the interface identifier (node ​​part) of the address.
Unicast address is used to determine the interface device running IPv6. The packet that is sent to the unicast address will be received by the interface assigned to this address. As with IPv4, the IPv6 address must be individualized.
There are six types of Unicast addresses:
Global unicast address
Global unicast address is not much different from a public IPv4 address. These addresses, which you can route to the Internet, are unique throughout the world. Global individual addresses can be configured statically or dynamically assigned.
Link-local
The local IPv6 channel address allows the device to exchange data with other devices running IPv6 on the same channel and only on the given channel (subnet). Packets with a local source channel or destination channel address cannot be routed outside the channel in which the packet is created. Unlike local IPv4 channel addresses, local IPv6 channel addresses play an important role in various aspects of a network. Global individual address is optional. However, a network interface running IPv6 is required to maintain the local channel address. If the local channel address is not manually configured on the interface, the device automatically creates its own address without accessing the DHCP server. IPv6 managed nodes create a local IPv6 link address even if a global IPv6 address has not been assigned to the device. This allows devices running IPv6 to communicate with other devices running IPv6 on the same subnet, including the default gateway (router). The local IPv6 channel addresses are in the FE80 :: / 10 range. /ten
Loopback
The loopback address is used by the node to send the packet to itself and cannot be assigned to the physical interface. As with the loopback IPv4 address, to check the TCP / IP settings on the local host, you can send a ping request to the loopback IPv6 address. The IPv6 loopback address consists of zeros, with the exception of the last bit, which looks like :: 1/128 or simply :: 1 in a compressed format.
Unspecified address
An undefined address consists of zeros and in a compressed format is represented as :: / 128 or simply :: It cannot be assigned to an interface and is used only as a source address in an IPv6 packet. An undefined address is used as the source address when the device is not assigned a fixed IPv6 address or when the source of the packet does not belong to the destination.
Unique local
Unique local - IPv6 addresses have some common features with private RFC 1918 IPv4 addresses, but there are also significant differences between them. Unique local addresses are used for local addressing within a node or between a limited number of nodes. These addresses should not be routed in the global IPv6 protocol. Unique local addresses range from FC00 :: / 7 to FDFF :: / 7. In the case of IPv4, private addresses are combined with Network Port and Address Translation (NAT / PAT) to provide address translation from private to public. This is done due to the lack of an IPv4 address space. Many sites also use the private nature of RFC 1918 addresses to secure or protect the network from potential threats. However, such a measure has never been the goal of using these technologies, and the IETF organization has always recommended that proper precautions be taken when operating the router on the Internet. Although IPv6 provides specific addressing for sites, it is not designed to hide internal devices running IPv6 from the IPv6 Internet. The IETF recommends restricting access to devices using the best possible security measures.
IPv4 embedded
The most recent types of individual addresses considered are embedded IPv4 addresses. Using these addresses facilitates the transition from IPv4 to IPv6.
Global unicast address
Global unicast IPv6 addresses are unique worldwide and are available for IPv6 routing over the Internet. These addresses are equivalent to public IPv4 addresses. Currently only global individual addresses are assigned with the first three bits 001 or 2000 :: / 3. This is only 1/8 of the total available IPv6 address space. Address 2001: 0DB8 :: / 32 was reserved for documentation, including for use in the examples.
The global individual address consists of three parts:
Global Routing Prefix - The Global Routing Prefix is ​​the prefix or network part of the address assigned by the ISP to the customer or host. Currently / 48 is the global routing prefix that Internet registrars currently assign to their customers — corporate networks and individual users. This address space is more than enough for most customers.
Subnet ID - The subnet ID is used by organizations to designate the subnets in each node.
Interface ID - The IPv6 interface ID is equivalent to the node portion of the IPv4 address. The term "interface identifier" is used when one node can have several interfaces, each of which has one or more IPv6 addresses.
EUI-64 Process - The IEEE Organization has developed an Extended Unique Identifier (EUI) or a modified EUI-64 process. This process uses the 48-bit Ethernet MAC address of the client and inserts another 16 bits in the middle of this address to create a 64-bit interface identifier. The advantage of the EUI-64 Ethernet MAC address is that it can be used to determine the interface identifier. In addition, network administrators can easily monitor an IPv6 address to end devices using a unique MAC address. However, it worries other users about the threat to their privacy. They are concerned that their packages can be traced to a physical computer. To avoid such complications, you can use a randomly generated interface identifier. Depending on the operating system, the device may use a randomly generated interface identifier instead of the MAC address and EUI-64. All this operation is needed when configuring DHCPv6
Not much different from multicast IPv4 addresses. As you remember, the multicast address is used to send one packet to one or several destinations (a multicast group). Multicast IPv6 addresses have the prefix FF00 :: / 8. Multicast addresses can only be destination addresses, not source addresses. There are two types:
1) multicast IPv6 addresses:
2) assigned group address;
1) Group address of the requested node. The assigned group addresses are reserved for the given device groups. The assigned group address is one address used to communicate with a group of devices operating on a single protocol or service. The assigned multicast addresses are used with specific protocols, for example with the DHCPv6 protocol.
Consider two common groups of assigned group IPv6 addresses.
The multicast group for all nodes FF02 :: 1 - This is the multicast group to which all devices running the IPv6 protocol are connected. A packet sent to this group is received and processed by all IPv6 interfaces on a channel or network. This address group works just like a broadcast address in IPv4.
The multicast group for all routers FF02 :: 2 - This is the multicast group to which all IPv6 routers are connected. A packet sent to this group is received and processed by all IPv6 routers in a channel or network.
The group address of the requested node is an address that corresponds to only 24 bits of the global individual IPv6 address of the device. Only those devices that have a similar 24 bits in the least significant, rightmost part of the interface identifier should process these packets.
2) The group IPv6 address of the requested node is automatically created when a global individual address or a local channel address is assigned. The group IPv6 address of the requested node is created by combining the special prefix FF02: 0: 0: 0: 0: 1: FF00 :: / 104 with the extreme right 24 bits of its individual address.
The group address of the requested node consists of 2 parts.
Group prefix FF02: 0: 0: 0: 0: 1: FF00 :: / 104: the first 104 bits of the group address of the requested node.
The least significant 24 bits: the last or the extreme right 24 bits of the group address of the requested node. These bits are copied from the rightmost 24 bits of the global individual address or the local channel address of the device.
There is a possibility that several devices will have the same multicast address of the requested node. Quite rarely in the device interface identifiers are the same extreme right 24 bits. This does not entail any problems, since the device will still process the encapsulated message, which contains the full IPv6 address of the requested device.
Dividing an IPv6 network into subnets implies using a different approach than splitting an IPv4 network into subnets. The space of IPv6 addresses is not divided to save addresses, but to provide a hierarchical logical network structure. Subnetting in IPv6 is possible in two ways, which I will outline and supplement with pictures for better understanding.
Subnetting using a subnet identifier : As you remember, the block of IPv6 addresses with the / 48 prefix contains 16 bits of the subnet identifier, as shown in the figure. Subnetting using 16 bits of the subnet identifier gives 65,536 possible / 64 subnets. Therefore, there is no need to borrow bits from the interface identifier or the nodal part of the address. Each IPv6 / 64 subnet contains approximately 18 quintillion addresses, which is obviously far more than you ever need in one segment of an IP network. Subnets created from the subnet ID are easy to imagine because you do not need to convert to binary . To determine the next available subnet, it is enough to calculate the next hexadecimal number. You must apply the calculation of the subnet identifier part in hexadecimal number system. The global routing prefix is ​​the same for all subnets. For each subnet, only the four-byte subnet identifier byte is incremented.
Subnetting using an interface identifier — In IPv6 networks, by analogy with borrowing bits from the host part of an IPv4 address, you can borrow bits from an interface identifier to create additional IPv6 subnets. Typically, this is done for security reasons, to reduce the number of nodes in the subnet and create additional subnets. When expanding a subnet identifier by borrowing bits from an interface identifier, it is recommended to create a subnet on the nibble boundary. A nibite is 4 bits or one hexadecimal digit. The / 64 subnet prefix is ​​extended to four bits or one nibble to the / 68 subnet. This allows you to reduce the size of the identifier by 4 bits (from 64 to 60). Subnetting along the nibble boundary is only relevant for subnet-aligned masks. Starting at / 64, subnet-aligned masks will be masks / 68, / 72, / 76, / 80, etc. Splitting into subnets along the nibble boundary allows you to create subnets using an additional hexadecimal value. You can create a subnet within a nibble using a hexadecimal digit, but this is not recommended and, moreover, it is not necessary. Subnetting within a nibble negates the advantage of quickly determining a prefix from an interface identifier. For example, if the prefix length is / 66, the first two bits would be part of the subnet ID, and the second two bits would be part of the interface identifier.
1) Cisco CCNA RS
2) Cisco CCNP RS
3) IP Version 6 in Junos (EDU-JUN-IPV6)
4) XGU.RU
Above, I described the main points of IPv6 and how it differs from IPv4. The following parts will be more practical work. Let me remind you that in the second part the configuration of the main protocols on the CIsco equipment will be described, and I will also describe the principle of how DHCPV6 works. The third part will describe the IPv6 configuration already on Juniper hardware.
The network is cool, the network specialist sounds proudly. second part here
Well, let's start, and we'll start with the plan.
Plan
• IPv6 Header versus IPv4
• Representation of IPv6 addresses
• Types of IPv4 and IPv6 sharing
• Types of addresses
• Subnetting
Introduction
The depletion of the IPv4 address space was the motivating factor for the transition to IPv6. Since Africa, Asia and other regions of the world are gaining more and more connections to the global Internet, resulting in a shortage of IPv4 addresses. On Monday, January 31, 2011, IANA highlighted the last, 8 blocks of IPv4 addresses for RIRs. According to experts, these addresses will be occupied from 2015-2020. But apart from the lack of address space, IPv6 has some advantages over IPv4, which we will discuss in this article. IPv6 is designed as a successor to IPv4. In IPv6, there is more than 128-bit address space, which is enough for 340 undecillion addresses. (This is 340, followed by 36 zeros.) However, IPv6 is not just big addresses. When the IETF experts began developing a successor to IPv4, they used this opportunity to remove the limitations of IPv4 and make further improvements.
Programmers are constantly competing with the Universe: they are trying to create more and more idiotostable programs, and the Universe is creating more and more perfect idiots. So far, the Universe is winning. (Rich Cook)
IPv6 Header versus IPv4
One of the major design improvements to the IPv6 protocol compared to IPv4 is the simplified IPv6 header. The IPv4 header consists of 20 octets (up to 60 bytes, if the “Parameters” field is used) and 12 main header fields, not including the “Parameters” and “Placeholder” fields. The IPv6 header consists of 40 octets (mainly due to the length of the source and destination IPv6 addresses) and 8 header fields (3 main IPv4 header fields and 5 additional fields). In addition, a new field has been added to IPv6 that is not used in the IPv4 protocol. The simplified IPv6 header offers several advantages over IPv4: increased routing efficiency for performance scalability and transfer speeds; no checksum processing required; Simplified and more efficient extension header mechanisms (as opposed to the Parameters field in IPv4); The “Flow label” field is intended for processing by flows without the need to open a transport internal packet to determine various traffic flows. The following fields are used in the IPv6 packet header:
')
Version : A field containing a 4-bit binary value that identifies the version of the IP packet. For IPv6 packets, this field is always 0110.
Traffic class : 8-bit field corresponding to the "Differentiated Services (DS)" field in the IPv4 header. It also contains the 6-bit Differentiated Services Code Point (DSCP), which is used to classify packets, as well as the 2-bit Explicit Congestion Notification (ECN) value, used to manage traffic congestion.
Flow Label : A 20-bit field providing a special service for real-time applications. Using this field, routers and switches are transmitted information about the need to maintain the same path for the flow of packets, which will help to avoid reordering.
Payload Length : 16-bit field corresponding to the Total Length field in the IPv4 header. It determines the size of the entire package (fragment), including the header and additional extensions.
Next header: 8-bit field corresponding to the “Protocol” field in the IPv4 header. It indicates the type of data payload that the packet carries, which allows the network layer to transfer data to the appropriate higher layer protocol. This field is also used when additional extension headers are added to the IPv6 packet.
Transition limit : 8-bit field, replacing the Time to Live (TTL) field in IPv4. This value is reduced by one by each router forwarding the packet. When the counter reaches 0, the packet is discarded, and an ICMPv6 message is sent to the sending node, which means that the packet has not reached its destination.
The source address is a 128-bit field that specifies the IPv6 address of the receiving node.
Destination Address : 128-bit field that specifies the IPv6 address of the receiving node.
"The main problem of programmers is that their errors are impossible to predict. (Seymour Cray)
Representation of IPv6 addresses
The length of IPv6 addresses is 128 bits, written as a string of hexadecimal values. The bits are represented by one hexadecimal digit, and the total number of hexadecimal values ​​is 32. There are no examples of conversion from hexadecimal to binary and decimal in this article. Any self-respecting network specialist should be able to translate in his mind from different number systems, because network specialists do not receive money for beautiful eyes — and not small ones.
We describe two important rules for the proper representation of IPv6 addresses.
1) Rule number 1:
The first rule to shorten the entry of IPv6 addresses is to omit all leading 0s in hexadecimal. For example:
01AB can be represented as 1AB
09F0 can be represented as 9F0
0A00 can be represented as A00
00AB can be represented as AB
This rule applies only to leading zeros, and NOT to subsequent ones, otherwise the address will be written unclear. For example, the hexadecimal number "ABC" can be represented as "0ABC" or "ABC0".
2) Rule number 2:
The second rule to shorten the entry of IPv6 addresses is that a double colon (: :) can replace any single, adjacent string of one or more 16-bit segments (hextets) consisting of zeros. A double colon (: :) can only be used once in an address.
Wrong address:
2001: 0DB8 :: ABCD :: 1234
Possible extensions of ambiguously recorded compressed addresses:
2001: 0DB8 :: ABCD: 0000: 0000: 1234
2001: 0DB8 :: ABCD: 0000: 0000: 0000: 1234
2001: 0DB8: 0000: ABCD :: 1234
2001: 0DB8: 0000: 0000: ABCD :: 1234
First, learn the theory. Then get your own programming style. And finally, forget about this nonsense and just write the code. (George Carrette)
Types of IPv4 and IPv6 sharing
Dual Stack : Dual Stack allows IPv4 and IPv6 to coexist on the same network. Devices with a double stack simultaneously work with IPv4 and IPv6 protocol stacks (picture attached):
Tunneling is a method of transporting an IPv6 packet over an IPv4 network. An IPv6 packet is encapsulated inside an IPv4 packet, like other types of data
Conversion — Network Address Translation 64 (NAT64) allows devices running IPv6 to communicate with devices running IPv4 using a translation method similar to the conversion method from NAT to IPv4. An IPv6 packet is converted to an IPv4 packet and vice versa.
First, learn the theory. Then get your own programming style. And finally, forget about this nonsense and just write the code. (George Carrette)
Types of IPv6 addresses
There are three types of IPv6 – addresses:
Unicast (individual) - Used to define an interface on a device running IPv6
Multicast (Group) - Used to send packets to multiple destination addresses (Replaced the Broadcast address, there is an IPv6 address for all nodes, which gives a similar result.)
Anycast — Any individual address that can be assigned to multiple devices. A packet sent to a random broadcast address is sent to the nearest device with this address.
To get familiar with the types of addresses, we need the following information: the prefix, or the network part of the IPv4 address, can be indicated by a subnet mask in decimal format with dividing dots or the prefix length (entry with a slash). For example, the IP address 192.170.6.11 with a subnet mask in decimal format with separating dots 255.255.255.0 is equivalent to 192.170.6.11/24.
IPv6 uses the prefix length to denote part of the address prefix. IPv6 does not use a decimal point separator for the subnet mask. The prefix length denotes the network part of an IPv6 address using an address or an IPv6 prefix length. The prefix length range can be from 0 to 128. The traditional IPv6 prefix length for local and other types of networks is / 64. This means that the prefix length, or the network part of the address, is 64 bits, and the remaining 64 bits remain for the interface identifier (node ​​part) of the address.
Education in the field of computer technology in the same way does not make you a great programmer, as the study of brushes and paints will not make you an excellent artist. (Eric Raymond)
Unicast IPv6 addresses
Unicast address is used to determine the interface device running IPv6. The packet that is sent to the unicast address will be received by the interface assigned to this address. As with IPv4, the IPv6 address must be individualized.
There are six types of Unicast addresses:
Global unicast address
Global unicast address is not much different from a public IPv4 address. These addresses, which you can route to the Internet, are unique throughout the world. Global individual addresses can be configured statically or dynamically assigned.
Link-local
The local IPv6 channel address allows the device to exchange data with other devices running IPv6 on the same channel and only on the given channel (subnet). Packets with a local source channel or destination channel address cannot be routed outside the channel in which the packet is created. Unlike local IPv4 channel addresses, local IPv6 channel addresses play an important role in various aspects of a network. Global individual address is optional. However, a network interface running IPv6 is required to maintain the local channel address. If the local channel address is not manually configured on the interface, the device automatically creates its own address without accessing the DHCP server. IPv6 managed nodes create a local IPv6 link address even if a global IPv6 address has not been assigned to the device. This allows devices running IPv6 to communicate with other devices running IPv6 on the same subnet, including the default gateway (router). The local IPv6 channel addresses are in the FE80 :: / 10 range. /ten
Loopback
The loopback address is used by the node to send the packet to itself and cannot be assigned to the physical interface. As with the loopback IPv4 address, to check the TCP / IP settings on the local host, you can send a ping request to the loopback IPv6 address. The IPv6 loopback address consists of zeros, with the exception of the last bit, which looks like :: 1/128 or simply :: 1 in a compressed format.
Unspecified address
An undefined address consists of zeros and in a compressed format is represented as :: / 128 or simply :: It cannot be assigned to an interface and is used only as a source address in an IPv6 packet. An undefined address is used as the source address when the device is not assigned a fixed IPv6 address or when the source of the packet does not belong to the destination.
Unique local
Unique local - IPv6 addresses have some common features with private RFC 1918 IPv4 addresses, but there are also significant differences between them. Unique local addresses are used for local addressing within a node or between a limited number of nodes. These addresses should not be routed in the global IPv6 protocol. Unique local addresses range from FC00 :: / 7 to FDFF :: / 7. In the case of IPv4, private addresses are combined with Network Port and Address Translation (NAT / PAT) to provide address translation from private to public. This is done due to the lack of an IPv4 address space. Many sites also use the private nature of RFC 1918 addresses to secure or protect the network from potential threats. However, such a measure has never been the goal of using these technologies, and the IETF organization has always recommended that proper precautions be taken when operating the router on the Internet. Although IPv6 provides specific addressing for sites, it is not designed to hide internal devices running IPv6 from the IPv6 Internet. The IETF recommends restricting access to devices using the best possible security measures.
IPv4 embedded
The most recent types of individual addresses considered are embedded IPv4 addresses. Using these addresses facilitates the transition from IPv4 to IPv6.
Global unicast address
Global unicast IPv6 addresses are unique worldwide and are available for IPv6 routing over the Internet. These addresses are equivalent to public IPv4 addresses. Currently only global individual addresses are assigned with the first three bits 001 or 2000 :: / 3. This is only 1/8 of the total available IPv6 address space. Address 2001: 0DB8 :: / 32 was reserved for documentation, including for use in the examples.
The global individual address consists of three parts:
Global Routing Prefix - The Global Routing Prefix is ​​the prefix or network part of the address assigned by the ISP to the customer or host. Currently / 48 is the global routing prefix that Internet registrars currently assign to their customers — corporate networks and individual users. This address space is more than enough for most customers.
Subnet ID - The subnet ID is used by organizations to designate the subnets in each node.
Interface ID - The IPv6 interface ID is equivalent to the node portion of the IPv4 address. The term "interface identifier" is used when one node can have several interfaces, each of which has one or more IPv6 addresses.
EUI-64 Process - The IEEE Organization has developed an Extended Unique Identifier (EUI) or a modified EUI-64 process. This process uses the 48-bit Ethernet MAC address of the client and inserts another 16 bits in the middle of this address to create a 64-bit interface identifier. The advantage of the EUI-64 Ethernet MAC address is that it can be used to determine the interface identifier. In addition, network administrators can easily monitor an IPv6 address to end devices using a unique MAC address. However, it worries other users about the threat to their privacy. They are concerned that their packages can be traced to a physical computer. To avoid such complications, you can use a randomly generated interface identifier. Depending on the operating system, the device may use a randomly generated interface identifier instead of the MAC address and EUI-64. All this operation is needed when configuring DHCPv6
There is no such programming language in the world in which developers could not write a bad program. (Larry Flon)
Multicast IPv6
Not much different from multicast IPv4 addresses. As you remember, the multicast address is used to send one packet to one or several destinations (a multicast group). Multicast IPv6 addresses have the prefix FF00 :: / 8. Multicast addresses can only be destination addresses, not source addresses. There are two types:
1) multicast IPv6 addresses:
2) assigned group address;
1) Group address of the requested node. The assigned group addresses are reserved for the given device groups. The assigned group address is one address used to communicate with a group of devices operating on a single protocol or service. The assigned multicast addresses are used with specific protocols, for example with the DHCPv6 protocol.
Consider two common groups of assigned group IPv6 addresses.
The multicast group for all nodes FF02 :: 1 - This is the multicast group to which all devices running the IPv6 protocol are connected. A packet sent to this group is received and processed by all IPv6 interfaces on a channel or network. This address group works just like a broadcast address in IPv4.
The multicast group for all routers FF02 :: 2 - This is the multicast group to which all IPv6 routers are connected. A packet sent to this group is received and processed by all IPv6 routers in a channel or network.
The group address of the requested node is an address that corresponds to only 24 bits of the global individual IPv6 address of the device. Only those devices that have a similar 24 bits in the least significant, rightmost part of the interface identifier should process these packets.
2) The group IPv6 address of the requested node is automatically created when a global individual address or a local channel address is assigned. The group IPv6 address of the requested node is created by combining the special prefix FF02: 0: 0: 0: 0: 1: FF00 :: / 104 with the extreme right 24 bits of its individual address.
The group address of the requested node consists of 2 parts.
Group prefix FF02: 0: 0: 0: 0: 1: FF00 :: / 104: the first 104 bits of the group address of the requested node.
The least significant 24 bits: the last or the extreme right 24 bits of the group address of the requested node. These bits are copied from the rightmost 24 bits of the global individual address or the local channel address of the device.
There is a possibility that several devices will have the same multicast address of the requested node. Quite rarely in the device interface identifiers are the same extreme right 24 bits. This does not entail any problems, since the device will still process the encapsulated message, which contains the full IPv6 address of the requested device.
If debugging is the process of removing errors, then programming should be the process of inserting them. (Edsger W. Dijkstra)
Subnetting
Dividing an IPv6 network into subnets implies using a different approach than splitting an IPv4 network into subnets. The space of IPv6 addresses is not divided to save addresses, but to provide a hierarchical logical network structure. Subnetting in IPv6 is possible in two ways, which I will outline and supplement with pictures for better understanding.
Subnetting using a subnet identifier : As you remember, the block of IPv6 addresses with the / 48 prefix contains 16 bits of the subnet identifier, as shown in the figure. Subnetting using 16 bits of the subnet identifier gives 65,536 possible / 64 subnets. Therefore, there is no need to borrow bits from the interface identifier or the nodal part of the address. Each IPv6 / 64 subnet contains approximately 18 quintillion addresses, which is obviously far more than you ever need in one segment of an IP network. Subnets created from the subnet ID are easy to imagine because you do not need to convert to binary . To determine the next available subnet, it is enough to calculate the next hexadecimal number. You must apply the calculation of the subnet identifier part in hexadecimal number system. The global routing prefix is ​​the same for all subnets. For each subnet, only the four-byte subnet identifier byte is incremented.
Subnetting using an interface identifier — In IPv6 networks, by analogy with borrowing bits from the host part of an IPv4 address, you can borrow bits from an interface identifier to create additional IPv6 subnets. Typically, this is done for security reasons, to reduce the number of nodes in the subnet and create additional subnets. When expanding a subnet identifier by borrowing bits from an interface identifier, it is recommended to create a subnet on the nibble boundary. A nibite is 4 bits or one hexadecimal digit. The / 64 subnet prefix is ​​extended to four bits or one nibble to the / 68 subnet. This allows you to reduce the size of the identifier by 4 bits (from 64 to 60). Subnetting along the nibble boundary is only relevant for subnet-aligned masks. Starting at / 64, subnet-aligned masks will be masks / 68, / 72, / 76, / 80, etc. Splitting into subnets along the nibble boundary allows you to create subnets using an additional hexadecimal value. You can create a subnet within a nibble using a hexadecimal digit, but this is not recommended and, moreover, it is not necessary. Subnetting within a nibble negates the advantage of quickly determining a prefix from an interface identifier. For example, if the prefix length is / 66, the first two bits would be part of the subnet ID, and the second two bits would be part of the interface identifier.
always write the code as if a psychopath will be accompanying him, who knows where you live. (Martin Golding)
Bibliography
1) Cisco CCNA RS
2) Cisco CCNP RS
3) IP Version 6 in Junos (EDU-JUN-IPV6)
4) XGU.RU
Above, I described the main points of IPv6 and how it differs from IPv4. The following parts will be more practical work. Let me remind you that in the second part the configuration of the main protocols on the CIsco equipment will be described, and I will also describe the principle of how DHCPV6 works. The third part will describe the IPv6 configuration already on Juniper hardware.
The network is cool, the network specialist sounds proudly. second part here
Source: https://habr.com/ru/post/253803/
All Articles