M13 IPv6 Addresses
ENABLE THE ENGLISH SUBTITLES, These videos are spoken in Finnish
Lecture Videos
Background
RFC 8200 - Internet Protocol, Version 6 (IPv6) Specification
IP version 6 (IPv6) is a new version of the Internet Protocol (IP), designed as the successor to IP version 4 (IPv4) RFC791. The changes from IPv4 to IPv6 fall primarily into the following categories:
- Expanded Addressing Capabilities
- Header Format Simplification
- Improved Support for Extensions and Options
- Flow Labeling Capability
- Authentication and Privacy Capabilities
Internet Header version 6
Version (4 bit)
Implies the version number of the header. Thus 0110 for IPv6.
Traffic Class (8 bit)
Priority of the packet. Known as Type of Service in IPv4 and contains Differentiated Service Code Point (DSCP) these days.
Flow Label (20 bit)
Flows are typically identified by 5-tuple (source IP, destination IP, source Port, destination Port, Protocol), but NAT, fragmentation and encryption might alter these fields.
Flow label is a new field in IPv6 to identify a flow of packets sent from one source to another. This helps in processing the packets along their routed path.
Payload Length (16 bit)
Length of the data after the IPv6 header, in octets.
Next Header (8 bit)
Formely known as Protocol -field in IPv4. Uses identical values with it.
M03 IPv4 Addresses, Subnetting and ARP
Indicates the next protocol carried by this packet. Be it TCP, UDP, ICMP or something else. IANA lists these protocols
Typical values on this course:
| Value | Protocol |
|---|---|
| 1 | ICMP |
| 6 | TCP |
| 17 | UDP |
Hop Limit (8 bit)
Identical with Time To Live in IPv4.
M03 IPv4 Addresses, Subnetting and ARP
If this field is zero, this datagram cannot be forwarded. Once sent typically the value is 255 and is decreased by one per each routing decision.
Source Address (128 bit)
Source address of the computer sending the packet.
Destination Address (128 bit)
Destination address of the computer meant to receive the packet.
IPv6 Addressing
The address space is represented (to us, people) by 8 different sections of hexadecimals with colon (:) between them. Example would be
2001:dead:beef:acdc:1234:5678:abcd:ef12
Unfortunately computers do not process decimal/hexadecimal numbers, but binaries so the same address in binary would be.
0010000000000001:1101111010101101:1011111011101111:1010110011011100:1010110011011100:0101011001111000:1010101111001101:1110111100010010
Decimal format is not used for IPv6.
Representations of the IPv6 address
The IPv6 address can be shortened once with a double colon.
2001:0000:0000:0001:0000:0000:0000:0005 would be shortened 2001:0000:0000:0001::5.
Also hexadecimals are not close to electronics as binary is. Thus,
- the zeroes do not need to be written
- But if a 4 HEX field is zero, it has to be informed with one zero
2001:0000:0000:0001::5 would then be 2001:0:0:1::5
And these shortening rules are really annoying to remember about IPv6.
Subnetting
Subnetting works exactly the sameway as in IPv4. So... learn that and you know IPv6.
But as the address space is so huge, there is no need for small subnets!!!
The default subnet for workstations is /64.
This means that one subnet (VLAN) has 64 host bits in use, thus 2^64 = 18 446 744 073 709 551 616 available addresses for end devices.
Typical subnet sizes
- /64 - almost everywhere
- /127 - point to point links (note! debate is ongoing about this one)
- /128 - loopbacks
My recommendation for this course is to use /64 everywhere except loopbacks.
IANA registration
IANA distributes /48 address blocks for parties wanting to have an IPv6 address space. ISPs get /32. This would result in the following visualization of the address space:
IPv6 Address types
| Meaning | IPv6 Prefix | IPv4 similarity | Comments |
|---|---|---|---|
| Global Unicast | 2000::/3 | No equivelant single block for IPv4 | IPv6 had the luxury to plan out address distribution more precisely than IPv4, thus 2000::/3 is used at start. Used for Unicast routing |
| Multicast | ff00::/8 | 224.0.0.0/4 | From one node to many, but not all. Multicast is a topic of its own. Used for Broadcast TV distribution in IP networks. |
| Link-Local Addresses | fe80::/10 | 169.254.0.0/16 | If no DHCP server around, generate an IP address from this range. IPv6 generates link-local addresses even without DHCP connectivity. Used for forwarding traffic. |
| Loopback | ::1/128 | 127.0.0.1 | IP address for the host to communicate with itself (not to be confused with router loopbacks) |
Configuration Examples
Dual-Stack?
Dual-stack means an parallel implementation of IPv4 and IPv6 in the same data network. Often required for seamless transition to IPv6.
To have the topology function accordingly here are the configuration examples.
Topology configuration
IPv6 is OSI Model Layer 3 protocol, so VLAN tag/untag things do not change. In anyway. So do not touch them!
Vyos
interfaces {
ethernet eth0 {
duplex auto
hw-id 08:00:27:87:12:ef
smp-affinity auto
speed auto
vif 5 {
address 192.168.0.254/24
address 2001:dead:beef:5::1/64
}
vif 10 {
address 192.168.10.254/24
address 2001:dead:beef:10::1/64
}
vif 15 {
address 192.168.15.254/24
address 2001:dead:beef:15::1/64
}
}
}
Lubuntu1
Lubuntu2
Routing IPv6?
We'll use OSPFv3 for IPv6 routing. Which is actually a lot easier than IPv4.
set protocols ospfv3 parameters router-id <x.x.x.x>
If you want the router-id to be assigned manually, use set protocols ospf parameters router-id <x.x.x.x> where <x.x.x.x> is e.g. the loopback IPv4 address.
OSPFv3 actually uses IPv4 router-id's
set protocols ospfv3 area 0.0.0.0 interface <interface>
Where <interface> is the physical interface connected to the OSPF router e.g. eth0, eth1, eth0.5. It has an IPv6 address (and thus an subnet) configured to it.
The command has dual meaning.
- It sends and receives
OSPF Hellopackets in the interface that has the network configured - It adds the network to the OSPF database and starts to advertise it to neighbors
Similar to set protocols ospf area 0 network <x.x.x.x/xx> in IPv4.
OSPFv3 configuration example on Vyos1
protocols {
ospfv3 {
area 0.0.0.0 {
interface eth1
interface eth0.10
interface eth0.15
interface eth0.5
}
parameters {
router-id 10.0.255.1
}
}
}
show ipv6 ospfv3
vyos@vyos:~$ show ipv6 ospfv3
OSPFv3 Routing Process (0) with Router-ID 10.0.255.1
Running 00:09:10
LSA minimum arrival 1000 msecs
Initial SPF scheduling delay 0 millisec(s)
Minimum hold time between consecutive SPFs 50 millsecond(s)
Maximum hold time between consecutive SPFs 5000 millsecond(s)
Hold time multiplier is currently 1
SPF algorithm last executed 00:05:22 ago, reason R+, R-
Last SPF duration 0 sec 234 usec
SPF timer is inactive
Number of AS scoped LSAs is 0
Number of areas in this router is 1
Area 0.0.0.0
Number of Area scoped LSAs is 5
Interface attached to this area: eth1 eth0.10 eth0.15 eth0.5
SPF last executed 322.882917s ago
vyos@vyos:~$
show ipv6 ospfv3 neighbor
vyos@vyos:~$ show ipv6 ospfv3 neighbor
Neighbor ID Pri DeadTime State/IfState Duration I/F[State]
10.0.255.2 1 00:00:34 Full/DR 00:05:45 eth1[BDR]
vyos@vyos:~$
show ipv6 ospfv3 database
vyos@vyos:~$ show ipv6 ospfv3 database
Area Scoped Link State Database (Area 0.0.0.0)
Type LSId AdvRouter Age SeqNum Payload
Rtr 0.0.0.0 10.0.255.1 362 80000002 10.0.255.2/0.0.0.2
Rtr 0.0.0.0 10.0.255.2 363 80000002 10.0.255.2/0.0.0.2
Net 0.0.0.2 10.0.255.2 363 80000001 10.0.255.2
Net 0.0.0.2 10.0.255.2 363 80000001 10.0.255.1
INP 0.0.0.0 10.0.255.1 362 80000005 2001:dead:beef:5::/64
INP 0.0.0.0 10.0.255.1 362 80000005 2001:dead:beef:10::/64
INP 0.0.0.0 10.0.255.1 362 80000005 2001:dead:beef:15::/64
INP 0.0.0.2 10.0.255.2 363 80000001 2001:dead:beef:ffff::/64
I/F Scoped Link State Database (I/F eth1 in Area 0.0.0.0)
Type LSId AdvRouter Age SeqNum Payload
Lnk 0.0.0.3 10.0.255.1 402 80000001 fe80::a00:27ff:fe60:f9e5
Lnk 0.0.0.2 10.0.255.2 433 80000001 fe80::a00:27ff:fe97:f917
I/F Scoped Link State Database (I/F eth0.10 in Area 0.0.0.0)
Type LSId AdvRouter Age SeqNum Payload
Lnk 0.0.0.6 10.0.255.1 402 80000001 fe80::a00:27ff:fe87:12ef
I/F Scoped Link State Database (I/F eth0.15 in Area 0.0.0.0)
Type LSId AdvRouter Age SeqNum Payload
Lnk 0.0.0.5 10.0.255.1 402 80000001 fe80::a00:27ff:fe87:12ef
I/F Scoped Link State Database (I/F eth0.5 in Area 0.0.0.0)
Type LSId AdvRouter Age SeqNum Payload
Lnk 0.0.0.7 10.0.255.1 401 80000001 fe80::a00:27ff:fe87:12ef
AS Scoped Link State Database
Type LSId AdvRouter Age SeqNum Payload
show ipv6 route
vyos@vyos:~$ show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route
O 2001:dead:beef:5::/64 [110/1000] is directly connected, eth0.5, 00:05:20
C>* 2001:dead:beef:5::/64 is directly connected, eth0.5, 00:16:56
O 2001:dead:beef:10::/64 [110/1000] is directly connected, eth0.10, 00:05:20
C>* 2001:dead:beef:10::/64 is directly connected, eth0.10, 00:16:56
O 2001:dead:beef:15::/64 [110/1000] is directly connected, eth0.15, 00:05:20
C>* 2001:dead:beef:15::/64 is directly connected, eth0.15, 00:16:08
O 2001:dead:beef:ffff::/64 [110/100] is directly connected, eth1, 00:04:41
C>* 2001:dead:beef:ffff::/64 is directly connected, eth1, 00:08:23
C * fe80::/64 is directly connected, eth2, 00:16:49
C * fe80::/64 is directly connected, eth0.5, 00:16:57
C * fe80::/64 is directly connected, eth0.10, 00:16:57
C * fe80::/64 is directly connected, eth0.15, 00:16:57
C * fe80::/64 is directly connected, eth0, 00:17:00
C>* fe80::/64 is directly connected, eth1, 00:17:00
Testing IPv6
ping 2001:dead:beef:5::2
lubuntu@lubuntu-virtualbox:~$ ping 2001:dead:beef:5::2
PING 2001:dead:beef:5::2(2001:dead:beef:5::2) 56 data bytes
64 bytes from 2001:dead:beef:5::2: icmp_seq=1 ttl=62 time=1.94 ms
64 bytes from 2001:dead:beef:5::2: icmp_seq=2 ttl=62 time=1.91 ms
64 bytes from 2001:dead:beef:5::2: icmp_seq=3 ttl=62 time=1.85 ms
^C
--- 2001:dead:beef:5::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.848/1.901/1.944/0.039 ms
traceroute6 -n 2001:dead:beef:5::2
lubuntu@lubuntu-virtualbox:~$ traceroute6 -n 2001:dead:beef:5::2
traceroute to 2001:dead:beef:5::2 (2001:dead:beef:5::2) from 2001:dead:beef:100::2, 30 hops max, 24 byte packets
1 2001:dead:beef:100::1 0,3609 ms 0,3082 ms 0,2942 ms
2 2001:dead:beef:ffff::1 1,0319 ms 0,5650 ms 0,5187 ms
3 2001:dead:beef:5::2 1,9101 ms 1,5855 ms 1,4349 ms
Browsing IPv6 addresses in Firefox
Type the IPv6 address in brackets [] to the URL field
e.g. [2001:dead:beef:5::2]
ssh vyos@2001:dead:beef:5::1
lubuntu@lubuntu-virtualbox:~$ ssh vyos@2001:dead:beef:5::1
The authenticity of host '2001:dead:beef:5::1 (2001:dead:beef:5::1)' can't be established.
ECDSA key fingerprint is SHA256:+kmN6RAKQNLfon9nVgc3Bw3RfnF0DKyd5gDPPKd48Tw.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '2001:dead:beef:5::1' (ECDSA) to the list of known hosts.
Welcome to VyOS
vyos@2001:dead:beef:5::1's password:
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Oct 28 19:18:41 2020 from 2001:dead:beef:10::2
vyos@vyos:~$
/etc/hosts works similarly for IPv6
lubuntu@lubuntu-virtualbox:~$ more /etc/hosts
# Host addresses
127.0.0.1 localhost
127.0.1.1 lubuntu-virtualbox
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
2001:dead:beef:10::2 lubuntu1.karo.saharinen
lubuntu@lubuntu-virtualbox:~$ ping lubuntu1.karo.saharinen
PING lubuntu1.karo.saharinen(lubuntu1.karo.saharinen (2001:dead:beef:10::2)) 56 data bytes
64 bytes from lubuntu1.karo.saharinen (2001:dead:beef:10::2): icmp_seq=1 ttl=62 time=1.99 ms
64 bytes from lubuntu1.karo.saharinen (2001:dead:beef:10::2): icmp_seq=2 ttl=62 time=3.14 ms
64 bytes from lubuntu1.karo.saharinen (2001:dead:beef:10::2): icmp_seq=3 ttl=62 time=2.09 ms
^C
--- lubuntu1.karo.saharinen ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.994/2.408/3.138/0.517 ms
lubuntu@lubuntu-virtualbox:~$
Continue to the Exercises
Back to the Schedule?
License
This course and its materials are written by Karo Saharinen and licenced by Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) license.
