IPv6 is fun, part 2

Introduction: Good afternoon or evening, or even night dear habravchane. In this article, we will continue to explore the features of the IPv6 protocol and its differences from IPv4. This article will be the minimum amount of theory and the maximum number of settings. Let's start with setting up DHCPV6 and look at the specifics of how this protocol works on the basis of the IPv6 protocol, and also look at how IPv6-based dynamic routing protocol is configured. Equipment to configure, select Cisco (in the third part of Juniper).

IPV6 is fun. Part 1

I would also like to thank all users who comment, ask questions. By asking some uncomfortable questions you make me climb into the books again, repeat something, learn something better and answer your questions. Also, each of you may affect the release of the next part. Do not be afraid to ask questions if something is not clear.

Plan

1. DHCPV6 configuration
2. Configuring static routes
3. Configure dynamic routing protocols (RIPng, EIGRP, OSPF, IS-IS, BGP)
4. ACL Setting (Extended Named Sheets)
5. VRRP v3,
6. IPv6 ICMP speed limit setting
7. Dual IPv4 and IPv6 Protocol Stacks

')
At the request of the workers, first of all I wanted to express my opinion on IPv6 and sum up some result written in the previous chapter. I'll sort through the points:

1. IPv6 does not have Broadcast, ARP.
   Broadcast partially replaced Multicast addresses and Link Local addresses (read the previous article). ARP protocol replaced by NDP protocol;
2. There is no NAT technology in IPv6, which is in IPv4. Feel free to argue with those who say the opposite. Saving IPv6 addresses is not used, addresses are enough for everyone. The security level that NAT provides in IPv4 technology has been replaced by Unique Local addresses (read the previous article), but we must not forget that security must be ensured by firewalls - this is their function. The name Nat64 which can be found in the literature on IPv6, is about the sharing of technology IPv6, IPv4 (read the previous article);
3. According to my feelings, there are 3-4 years left to complete the transition to IPv6. In my view, the transition will be parallel;
4. Thanks to Link Local Addresses, network devices can communicate within one local channel and only within it;
5. A feature appeared that is called: “checking the uniqueness of an IPv6 address”. Used in DHCPV6, the full process will be described below. Its essence is that after assigning an ip-address to the device, it sends an icmp request, destination selects the address given to it, if a reply comes, then its address is not unique and you need to receive a new IPv6 address;
6. Appeared anycast addresses (read article). There may be several hosts on the network with absolutely identical IPv6 addresses. I identified one use case, in the case when there are three balancers near the server. They are given the same address, which is called anycast. The principle of the balancer will not explain, since this is not the topic of the article;
7. Vendors, such as Cisco or Juniper, are fully prepared for the transition to IPv6, the matter remains for telecom operators and IT companies.

Errors are human, but for non-human blunders a computer is needed. (Paul Ehrlich)

DHCPV6

SLAAC is a method that allows a device to get its prefix, prefix length, and default gateway address from an IPv6 router without the help of a DHCPv6 server. When using SLAAC, devices rely on ICMPv6 Router Advertisement messages to get the necessary information.
IPv6 routers periodically send “ICMPv6 Router Ads” messages to all devices on an IPv6-based network. By default, Cisco routers send such messages every 200 seconds to a multicast address for all IPv6 nodes. An IPv6 network device does not need to wait for these periodic messages. The device can send an ICMPv6 Router Request message that uses the multicast address to all IPv6 nodes. When an IPv6 router receives such a message, it immediately sends a router advertisement in response.

IPv6 routing is not enabled by default. In order for the router to work as an IPv6 router, you must use the global configuration command ipv6 unicast-routing.

The message “ICMPv6 router advertisement” contains the prefix, the prefix length and other information of the IPv6 device. In addition, such a message tells the IPv6 device how to get addressing information. The “Router Advertisement” message may appear in one of the following 3 options.

• Option 1: SLAAC only . The device must use the prefix, prefix length, and default gateway contained in the “Router Advertisement” message. Other information is not available from the DHCPv6 server;
• Option 2: SLAAC and DHCPv6 . The device must use the prefix, prefix length, and default gateway contained in the “Router Advertisement” message. Other information is available on the DHCPv6 server, such as the DNS server address. The device will receive this additional information in the process of searching and querying the DHCPv6 server. This process is called “DHCPv6 without storing states”, because DHCPv6 servers do not allocate and do not monitor any IPv6 address assignments, but provide additional information, such as the address of the DNS server;
• Option 3: DHCPv6 only . The device should not use the information from the “Router Advertisement” message to supplement its addressing information. Instead, the device will use the usual lookup and query processes for DHCPv6 servers to get all of its addressing information. This information includes the individual IPv6 address, prefix length, default gateway address, and DNS server addresses. In this case, the DHCPv6 server operates as a DHCP server, which records data similarly to a DHCP server for IPv4. The DHCPv6 server allocates and monitors IPv6 addresses so as not to assign the same IPv6 address to multiple devices.

The computer allows us to make mistakes much faster than any other inventions of mankind: with the exception, perhaps, of tequila and weapons. (Mitch Radcliffe)

General information about SLAAC
Automatic Statusless Address Setting (SLAAC) is a way for a device to get a global IPv6 unicast address without using a DHCPv6 server. At the heart of SLAAC is the ICMPv6 protocol. The ICMPv6 protocol is similar to ICMPv4, but at the same time it has additional functionality and demonstrates greater error resistance. SLAAC uses the ICMPv6 router request messages and router advertisements to provide addressing information and other configuration information normally provided by a DHCP server.

• Router Request Message (RS) - if the client is configured to receive addressing information automatically using SLAAC, it sends an RS message to the router. The RS message is sent to the Fv02 :: 2 IPv6 multicast address, which all routers support.
• Router Advertisement Message (RA) - to provide addressing information, the router sends RA messages to clients configured to receive IPv6 addresses automatically. The RA message contains the prefix and prefix length of the local segment. This information is used by the client to create its own global individual IPv6 address. The router sends an RA message periodically or in response to an RS message. By default, Cisco routers send RA messages every 200 seconds. RA messages are always sent to the common IPv6 multicast address FF02 :: 1.

As the term shows, SLAAC does not track the status of the address. The stateless service says that none of the servers support network address information. Unlike a DHCP server, the SLAAC server does not know which IPv6 addresses are used and which ones are available.

The working principle of SLACC + DHCPV6 without state tracking


To send RA messages to a router, you must first configure IPv6 routing. To activate IPv6 routing, you must run the following commands:

Router(config)# ipv6 unicast-routing 

1. In the topology, PC1 is configured to automatically receive IPv6 addressing settings. PC1 has not received any RA messages since it was loaded, so it sends an RS message to a multicast address that all routers support in order to inform the local IPv6 router about the need to receive an RA message.
2. R1 receives the RS message and sends an RA message in response. The RA message includes the prefix and the length of the network prefix. An RA message has been sent to the IPv6 common multicast address FF02 :: 1 with the link-local address of the router as the IPv6 source address.
3. PC1 receives an RA message containing the prefix and prefix length for the local network. PC1 will use this information to create its own global individual IPv6 address. PC1 now has a 64-bit network prefix, but requires a 64-bit interface identifier (IID) to create a global unicast address.

There is a way for PC1 to create its own unique IID:

EUI-64 randomly generated.

Since SLAAC is a stateless process, before using PC1 of this newly created IPv6 address, you must verify its uniqueness. PC1 sends a neighbor search request message with its own address as the IPv6 destination address over ICMPv6. If other devices do not respond with a neighbor search request message, then the address is unique and PC1 can be used. If the neighbor search request message is received by PC1, then the address is not unique and the operating system must set the new interface identifier to use.

This process is part of the ICMPv6 neighbor discovery process and is known as duplicate address discovery (DAD).

Whether the client is configured to automatically receive IPv6 addressing information using SLAAC, DHCPv6, or a combination of both options depends on the settings contained in the RA message. The ICMPv6 RA messages contain two flags indicating which of the options should be used by the client ( see in Part 1 ).
These flags are the address managed configuration flag (M) and the other configuration flag (O).

To argue that Java is good because it works on all operating systems is the same as arguing that anal sex is good because it fits any sex. (Alanna)

SLAAC, DHCPV6 + SLAAC, DHCPV6 functions
Consider all three ways, changing flags.

1. SLAAC - This option instructs the client to use only the information from the RA message. This includes prefix, prefix length, DNS server, MTU, and default gateway information. Further, the client does not receive any information from the DHCPv6 server. The global individual IPv6 address is created by combining the prefix received in the RA message and the interface identifier obtained by using EUI-64 or generated randomly.
   
   RA messages are configured on a separate router interface. To reactivate the SLAAC mode on the interface, on which another operation option could be installed, the M and O flags must be reset to their initial values ​​equal to 0. To do this, use the following interface configuration mode commands:
   
   

    Router(config-if)# no ipv6 nd managed-config-flag Router(config-if)# no ipv6 nd other-config-flag 

   
   
   
2. DHCPV6 + SLAAC - For DHCPv6 without status tracking, the O flag value is set to 1, and the M flag value remains with a default value of 0. The O flag value of 1 is used to inform the client that there is no tracking on the DHCPv6 server Status Additional configuration information is available.
   
   To change the RA message sent to the router interface to indicate the use of DHCPv6 without state tracking, use the following commands:
   
   Router (config-if) # ipv6 nd other-config-flag
   
   
3. DHCPv6 stateful (DHCPv6 only)
   The M flag indicates whether stateful DHCPv6 is used. O flag is not used. To change the value of the M flag from 0 to 1 for a stateful DHCPv6 declaration, the following commands are applied:
   
   Router (config-if) # ipv6 nd managed-config-flag
   
   

Creating a programming language is like walking in a park. In the Jurassic Park. (Larry Wall)

DHCPV6 processes
In case the DHCPv6 operation option is indicated in the RA message (with or without state tracking), DHCPv6 operation is initiated. DHCPv6 messages are sent via the UDP protocol. DHCPv6 messages from server to client use UDP destination port 546. The client sends messages to the DHCPv6 server through UDP destination port 547.
The client — now the DHCPv6 client — needs to locate the DHCPv6 server. the client sends a DHCPv6 SOLICIT message to the reserved IPv6 multicast address FF02 :: 1: 2 used by all DHCPv6 servers. This multicast address operates within the link-local link, which means that routers do not forward messages to other networks.

One or more DHCPv6 servers respond with the ADVERTISE DHCPv6 message. The ADVERTISE message tells the DHCPv6 client that the server is available to provide the DHCPv6 service.

The client responds to the DHCPv6 server with a REQUEST or INFORMATION-REQUEST message, depending on whether the DHCPv6 server is a status monitoring server or without it.

• Stateless DHCPv6 client — The client sends a DHCPv6 INFORMATION-REQUEST message to the DHCPv6 server, requesting only configuration parameters, such as the address of the DNS server. The client creates its own IPv6 address using a prefix from an RA message and a self-generated interface identifier.
• DHCPv6 stateful client — the client sends a DHCPv6 REQUEST message to the server to get the IPv6 address and all other configuration parameters from the server.

Programs are like sex: much better when free. (Linus Torvalds)

Now we leave the theory and display only the setting.

1. Configure the router as a DHCPV6 server without state tracking
   Activate IPv6 Routing
   

    Router(config)# ipv6 unicast-routing 

   
   DHCPV6 pool configuration
   

    Router(config)#ipv6 dhcp pool (pool-name) 

   
   Setting pool settings
   

    Router(config-dhcpv6)# dns-server (  dns-server-address) Router(config-dhcpv6)#domain-name (  domain) 

   
   Interface Setup
   

    Router(config-)# interface (type number) Router(config-if)# ipv6 dhcp server (pool name) Router(config-if)# ipv6 nd other-config-flag 

2. As a customer
   

    Router(config)#interface (interface-number) Router(config-if)# ipv6 enable Router(config-if)# ipv6 address autoconfig ( ipv6 address autoconfig    IPv6-   SLAAC) : show ipv6 dhcp pool,show ipv6 interface (type-number) 

   
   
3. DHCPV6 stateful server
   Activate IPv6 Routing
   

    Router(config)#ipv6 unicast-routing 

   
   Setting up a DHCPV6 pool
   

    Router(config)#ipv6 dhcp pool (pool-name) 

   
   Setting pool settings
   

    Router(config-dhcpv6)# address (prefix/length (lifetime (valid-lifetime preferred-lifetime)infinite)) Router(config-dhcpv6)# dns-server (dns-server-address) Router(config-dhcpv6)# domain-name (domain-name) 

   
   Interface Setup
   

    Router(config)#interface (interface-number) Router(config-if)# ipv6 dhcp server (pool-name) Router(config-if)# ipv6 nd managed-config-flag 

   
   Configure the router as a stateful DHCPV6 client
   

    Router(config)#interface (interface-number) Router(config-if)# ipv6 enable Router(config-if)# ipv6 address dhcp 

4. Configure the router as a rental agent
   

    Router(config)#interface (interface-number) Router(config-if)# ipv6 dhcp relay destination (address) 

If debugging is the process of removing errors, then programming should be the process of inserting them. (Edsger W. Dijkstra)

2) Configure static routes in IPv6

 Router(config)# ipv6 route ipv6-prefix/prefix-length { ipv6-address | exit-intf } 

2) Configuring a recursive static route

 Router(config)#ipv6 route 2001:DB8:ACAD:2::/64 2001:DB8:ACAD:4::2 Router(config)#ipv6 route 2001:DB8:ACAD:5::/64 2001:DB8:ACAD:4::2 Router(config)#ipv6 route 2001:DB8:ACAD:3::/64 2001:DB8:ACAD:4::2 

The name of the network is next-hop. In this example, the different networks next-hop are the same.
3) Configure directly connected static route

 Router(config)#ipv6 route 2001:DB8:ACAD:3::/64 s0/0/0 

Configuring a fully defined static IPv6 route

 Router(config)#ipv6 route 2001:DB8:ACAD:3::/64 s0/0/0 fe80::2 (   ,     Lin-Local       ) 

5) setting default routes

 ipv6 route ::/0 { ipv6-address | exit-intf } 

Configure Summary IPv6 Address

 Router(config)#ipv6 route 2001:DB8:ACAD:1::/64 2001:DB8:ACAD:4::2 Router(config)#no ipv6 route 2001:DB8:ACAD:2::/64 2001:DB8:ACAD:4::2 Router(config)#no ipv6 route 2001:DB8:ACAD:3::/64 2001:DB8:ACAD:4::2 Router(config)#no ipv6 route 2001:DB8:ACAD:4::/64 2001:DB8:ACAD:4::2 

In total

 Router(config)#ipv6 route 2001:DB8:ACAD:4::/61 2001:DB8:ACAD:4::2 

If McDonalds had developed the software, one of the hundreds of big poppies would have been poisoned, and the administration would have responded: "Take the coupon for two free big poppies as an excuse." (Mark Minasi)

3) Configure Dynamic IPv6 Routing
Ripng

 Router(config)#interface (number) Router(config-if)# ipv6 rip RIP-AS enable Router(config-if)# exit 

pass default route

 Router(config)# pv6 rip _ default-information originate 

EIGRP

 Router(config)# ipv6 router eigrp autonomous-system Router(config-rtr)# eigrp router-id 1.0.0.0 –    Router(config-rtr)# no shutdown Router(config)# interface (type/number) (  ) Router(config-if)# ipv6 eigrp (AS) Router(config-if)# ipv6 bandwidth-percent eigrp as-number percent-    , R2(config-rtr)# redistribute static -     Router(config-if)# ipv6 hello-interval eigrp as-number seconds -  hello  Router(config-if)# ipv6 hold-time eigrp as-number seconds -  hold-time 

Ospf3

 Router(config)# ipv6 router ospf 10 –  OSPF Router(config-rtr)# router-id 1.1.1.1 ( router-id) Router(config-rtr)# auto-cost reference-bandwith 1000 ( cost) Router(config)# interface (type/number) (  ) Router(config-if)# ipv6 ospf 10 area (number) (    ospf, , area) Router#clear ipv6 ospf process 

IS-IS

 Router(config)# isis area-tag ( router isis area2) Router(config-rtr)# net network-entity-title ( 49.0001.0000.0000.000.00 Router(config)# interface Ethernet 0/0/1 Router(config)# ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length} Router(config-if)# ipv6 router isis area-name (ipv6 router isis area2) 

Bgp

 Router(config)# router bgp 65000 Router(config-rtr)# no bgp default ipv4-unicast (  ipv4 unicast   BGP) Router(config-rtr)#bgp router-id ( 32-  id ,       BGP peering ) Router(config-rtr)# neighbor 2001:DB8:0:CC00::1 remote as 64600 –  ipv6     . Router(config-rtr)# address-family ipv6 [unicast |multicast] Router(config-rtr-af)#neighbor 2001:DB8:CC00::1 activate –      ipv6 

4) ACL

 Router(config)#ipv6 access-list NO-BYX-SIDET-VKONTAKTE Router(config-ipv6-acl)#deny ipv6 2001:db8:cafe:30::/64 any Router(config-ipv6-acl)#permit ipv6 any any 

all this might look like this-

 Router(config)#ipv6 access-list access-list-name Router(config-ipv6-acl)#deny | permit protocol (source-ipv6-prefix/prefix-length |any|host source-ipv6-addres) (operator(port-number)) (destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address) (operator(port-number)) Router(config)# interface (type/number) (  ) Router(config-if)# ipv6 traffic-filter access-list-name { in |out } 

5) VRRP, HSPR

 Router(config)# fhrp version vrrp v3 –  ,  3 ,   . Router(config)# interface type number Router(config-if)# vrrp (group-id address-family (ipv6) Router(config-if)# vrrp 3 address-family ipv6 Router(config-if-vrrp)# address 2001:abc:cafe:11::/64 primary ( secondary) Router(config-if-vrrp)# description group 3 Router(config-if-vrrp)# match-address (    ) Router(config-if-vrrp)# preempt delay minimum 30 –         () 

HSPR

 Switch (config)# interface type number Switch (config-if)#no switchport Switch (config)#standby 1 ipv6 autoconfig Router(config)# interface type number Router(config-if)#standby version (2) Router(config)# interface type number Router(config-if)#standby (group-number) ipv6 (link-local |address) Router(config-if)#standby [group-number]preempt [delay {minimumseconds | reload seconds |sync seconds}] Router(config-if)#standby [group-number]priority priority 

6) Configure IPv6 ICMP speed limit

 Router(config)#ipv6 icmp error- interval (bucketsize) (interval   , 0 2147483647,bucketsize – , 1 - 200 

7) Dual IPv4 and IPv6 Protocol Stacks

 Switch(config)# sdm prefer dual-ipv4-and-ipv6 default Switch(config)# ip routing Switch(config)# ipv6 unicast-routing Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# no switchport Switch(config-if)# ip address 192.168.99.1 244.244.244.0 Switch(config-if)# ipv6 address 2001:0DB8:c18:1::/64 eui 64 Switch(config-if)# end 

Given the sad state of modern computer programs, software development can still be considered an art, not a scientific discipline. (Bill Clinton)

Here came the second part to the end. Who listened - well done. From the written article, I realized one thing: to configure BGP, IS-IS, you need to write separate articles. In general, the setting of ipv6 is not much different from ipv4, sometimes it turns out even easier. In the third part, I will describe the configuration of protocols based on Juniper networks equipment. It will, in fact, be rather short, so leave your comments below the article. I repeat, your criticism, questions or suggestions may affect the writing of a new article. Good luck to all.

Bibliography

1. CCNA RS
2. CCNP RS
3. IP Version 6 in Junos (EDU-JUN-IPV6)
4. XGU.RU
5. cisco.com