IPv6 Addressing, Concepts, Configuration, and Integration

By | July 8, 2013

IPv6 is in existence to address the IP shortage due to current addresses currently being poorly handled and NAT has helped somewhat with this.  NAT is current a hindrance to innovation however.  Most other countries are way ahead with implementing IPv6 because they have run out entirely.  IPv6 will give us these benefits:

  • IPSec implemented everywhere
  • Higher mobility – every device out there will be assigned an IP address for network connectivity including refrigerators, cars, pets, etc.
  • There is a simpler header in the packets that get passed.  This gives us better processing power.

IPv6 Addressing:

Address sized moved from 32-bit to 128-bit.

Provides a total of 340,282,366,920,938,463,463,374,607,431,770,000,000 total addresses that can be assigned!

They have been converted to Hexadecimal to make them more readable.  They now are 8 groups of 4 hex characters.

Rule 1:  You can Eliminate the groups of consecutive zero’s using double :: shown below:

2001:0050::04B4:1E2B:98AA

Rule 2:  Drop the leading zero’s of an address as well:

2001:50::AB4:1E2B:98AA

IPv6 Headers vs IPv4 Headers:

 

IPv4 vs IPv6 Headers

Types of communication and Addreses:

IPv6 only has 3 types of communication packets/messages:

  • Unicast:  one to one
  • Multicast:  one to many (replaces broadcast entirely!) and lets you specify the receivers.
  • Anycast: one to closest.  Allows you to assign the same addresses to multiple servers and a device can any-cast to find the closest server.  This helps with a lot of the load balancing functionality.

The types of addresses include:

  • Link-Local Scope Addresses:  Used to communicate in the Layer 2 Domain (aka within the switch).
  • Unique/Site-Local Scope Addresses:  Replaces private addresses since there is no need for NAT to preserve addresses.  These get assigned to the Organization and make up the next part of the address.  These do not need to be used!
  • Global Scope Address:  The Internet and contains public addresses live on the internet.

Types of Multi-casts that can be sent:

  • FF01:0:0:0:0:0:0:1 sends to All Node Addresses on the Network
  • FF01:0:0:0:0:0:0:2 sends to All Router Addresses on the Network
  • FF01:0:0:0:0:0:0:FB sends to mDNSv6?? (I’m assuming this means DNS requests)

Link Local Addresses:

Assigned automatically as an IPv6 host comes online.

Similar to the 169.254.x.x addresses of IPv6 (APIPA)

These always begin with FE80 followed by 54 bits of 0’s:

1111:1110:1000:0000:0000:0000:0000:0000:… (Remember 2 Hex digits equal a full 8 bits so one hex digit is a half of a byte or 4 bits).

The last 64 bits is the 48-bit mac address with FFFE squeezed in the middle:

If Mac address is:

0019.D122.DCF3

Then the last 64-bits would be:

0019.D1FF.FE.22.DCF3

Unique-Local (NEW name – RFC 4193) or Site-Local (OLD name – RFC 3513) Addresses:

These are debatable if they should even be used.

Used within Enterprise networks to identify the boundary of the their networks.

Uses the first 8 bits in the following format:

FC00::17
OR
1111:110(L)
Where the L  can be whatever you want but is recommended to be 1 meaning they will all begin with:
FD00::18

Then the following 40 bits will be your global ID, the following 16 bits will be your subnet ID, and the final 64-bits will be the interface ID discussed above in the link local.

Global Addresses:

They have their high level 3 bits set to 001

These will be the new pool of addresses to build the IPv6 internet

The address is made up of a global routing prefix 001…. then the next 64-bits are the subnet ID (or whatever is left over after the global routing prefix) followed by the next 64-bits being the interface ID.

The global routing prefix is 48-bits or less however.  The subnet ID is comprised of whatever bits are left over after the global routing prefix.

The primary addresses expected to comprise the IPv6 internet are from the 2001::/16 subnet.

Assigning IPv6 addresses to your Router

First it is important to grasp this network.  We have R1 with a private address range behind it beginning with 1FE0:1111::1/32.  IFE0 tells us it is a private range.  Since it is a /32 it tells us 1FE0:1111 will not change.  Every client on this network will begin with 1FE0:1111 since each section is 16 bits.  On the WAN link of R1 we have a global scope IP with 2001:210:10:1::1/64 as the address and a connection to R2 with an IP 2001:210:10:1::2/64 which tells us since the first 64 bits are unchanged every IP on this subnet must start with 4 unchangeable sections:  2001:210:10:1.  Lastly, the private side of R2 is going to use the address 1FE0:2222::1/32

Now, lets configure it.  First we must turn on IPv6:

conf t
ip routing – used to be used to enable regular IP routing, however this is no longer needed since it is the industry standard.  This command will do nothing.
ipv6 unicast-routing –  turns on ipv6 routing.

Now lets configure the interfaces with IPv6 addresses:

interface fa0/0
ipv6 address 1fe0:1111::1/32 – assigns our address to the internal interface

interface s0/1/0
ipv6 address 2001:210:10:1::1/64 – assigns our public IP to the outside interface.

show ipv6 interface brief  – will lists the interfaces with a brief summary.  This will show the link local address auto generated by the router on Fa0/0 as well as the address we assigned.  The link local address will look something like FE80::XXX:9CFF:FE14:112C since that is the standard.  You will also see the link local address on the serial interface as well.

Now lets configure R2:

conf t
ipv6 unicast-routing

int e0/0
ipv6 address 1FE0:2222::1/32

int s0/0
2001:210:10:1::2/64

This would now assign IPv6 on our WAN links between the routers and we could test using the age old ping:

ping ipv6 2001:201:10:1::1 – will send a ping to the remote address.  Now we need to allow routing across the wire to allow the traffic to reach each others internal networks.

Understanding the New Routing Protocols

Every routing protocol has been updated to support IPv6:

  • RIPng – RIP next generation
  • OSPFv3 – OSPF
  • EIGRP for IPv6 – EIGRP
  • IS-IS for IPv6 – IS-IS
  • MP-BGP4 – The new BGP, Multi Protocol BGP.

Here is how we can configure RIPng.  From R2 lets start the RIP process:

conf t
ipv6 router rip 1 – starts the rip process and specifies the tag as 1.  There is no need for the network statement now.

int e0/0
ipv6 rip 1 – enables RIP on the interface to start advertising the networks it has and finds.

int s0/0
ipv6 rip 1 – enables RIP on the serial interface

Now from R1 do the same things:

conf t
ipv6 router rip 1 – starts the rip process and specifies the tag as 1.  There is no need for the network statement now.

int fa0/0
ipv6 rip 1 – enables RIP on the interface to start advertising the networks it has and finds.

int s0/1/0
ipv6 rip 1 – enables RIP on the serial interface

To verify that RIP is running you can do:

show ipv6 rip – will do the updates, administrative distances, etc.

show ipv6 route – will show the IPv6 routing table that is being populated and learned.  This will also show the hops needed to get there.

If you can ping everything RIP is working properly and your routers can see each other.

The Migration to IPv6:

Technology does exist to migrate smoothly.  However there is no real cut off date.  Here are the ways we can migrate:

Dual stack routers – the routers will be able to support both and as the clients behind the routers upgrade to IPv6 they can use the IPv6 internet and the rest can still use IPv4.  Since ISP’s will still allow both to translate to each other there will be no inaccessible resources.  Servers and resources on the internet will have both protocols enabled.

Tunneling (6to4 and 4to6) – You can create a tunnel with your routers that allow IPv4 addresses on your private side to tunnel through the IPv6 internet using Teredo.  You can also do this in reverse using ISATAP to tunnel IPv6 through IPv4 addresses.  ISATAP is currently what other counties use.

NAT Protocol Translation (NAT-PT) – You can NAT your IPv4 network to IPv6 in the same way NAT currently works.

This will be a non pressured migration with no real rush to migrate so companies can do it as they get the time and expertise.