ip v6 sissejuhatus · 2017-03-01 · •192.168.252.200 ipv6 •128 bitti •arvud 16-süsteemis,...
TRANSCRIPT
IPv6 harjutusedAadressi kuju, kirjaviis, osad, liigid
Aadressi saamise viisid
IPv6 aadressi kuju
IPv4
• 32 bitti (4 baidi kaupa)
• Kuju – kümnendarvud 4 kaupa punktidega eraldatud
• 192.168.252.200
IPv6
• 128 bitti
• Arvud 16-süsteemis, mis rühmitatakse 4 kaupa ja eraldatakse kooloniga
• Xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx – 16bit x8 =128 bit
• Lühendamise reeglid
Aadressi formaat
• Pannakse kirja kujulxxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
x – 0 – 9 ja A - F
• Erikujud• Tagasipöördumisaadress (loopback address)
0:0:0:0:0:0:0:1 ehk siis ka ::1
• Määramata aadress (unspecified address)::/128
• IPv4 aadressidele ka kuju0:0:0:0:0:FFFF:192.0.2.1 ehk siis ::FFFF:192.0.2.1
• Dokumentatsioon 2001:db8::/32
3
IPv6 aadressid
4
5
IPv6 aadresside grupeerimine
• Aadress
2001:0db8:0000:0000:0000:0000:0000:0000
2001:db8:0:0:0:0:0:0
2001:db8::
2001:db8::/32 – dokumentatsioon ja näited
6
7
Spikker
8
IPv6 aadresside grupeerimine
• Võrk 2001:db8::/32 sisaldab aadresse vahemikus 2001:0db8:0000:0000:0000:0000:0000:0000
2001:0db8:ffff:ffff:ffff:ffff:ffff:ffff
• Võrk 2001:db8:1230::/44 sisaldab aadresse vahemikus 2001:0db8:1230:0000:0000:0000:0000:0000
2001:0db8:123f:ffff:ffff:ffff:ffff:ffff
9
IPv6 aadresside grupeerimine neljaga mittejaguv mask• Võrk 2001:db8::/61 sisaldab aadresse vahemikus:
2001:0db8:0000:0000:0000:0000:0000:0000
2001:0db8:0000:0007:ffff:ffff:ffff:ffff
0 – 0001
7 – 0111
• Võrk 2001:db8:0:8::/61 sisaldab aadresse vahemikus:
2001:0db8:0000:0008:0000:0000:0000:0000
2001:0db8:0000:000f:ffff:ffff:ffff:ffff
10
IPv6 prefiksi lühendamise reeglid
• IPv6 aadressi 60 bitine prefiks 20010DB80000CD3
• Õiged variandid:• 2001:0DB8:0000:CD30:0000:0000:0000:0000/60
• 2001:0DB8::CD30:0:0:0:0/60
• 2001:0DB8:0:CD30::/60
11
IPv6 prefiksi lühendamise reeglid
• Õige variant: 2001:0DB8:0:CD30/60
• Valed variandid:• 2001:0DB8:0:CD3/60
16 bitises aadressi osas ei tohi kõrvale visata lõpus olevaid 0
• 2001:0DB8::CD30/60Aadressi võib lugeda kui2001:0DB8:0000:0000:0000:0000:0000:CD30
• 2001:0DB8::CD3::/60Aadressi võib lugeda kui2001:0DB8:0000:0000:0000:0000:0000:0CD3
12
IPv6 Address Representation
• 16 bit fields in case insensitive colon hexadecimal representation• 2031:0000:130F:0000:0000:09C0:876A:130B
• Leading zeros in a field are optional:• 2031:0:130F:0:0:9C0:876A:130B
• Successive fields of 0 represented as ::, but only once in an address:
13
• The first rule to help reduce the notation of IPv6 addresses is any leading 0s (zeros) in any 16-bit section or hextet can be omitted
• 01AB can be represented as 1AB
• 09F0 can be represented as 9F0
• 0A00 can be represented as A00
• 00AB can be represented as AB
14
• Examples
#1
15
#2
IPv6 Address Representation
• IPv4-compatible (not used any more)• 0:0:0:0:0:0:192.168.30.1
• = ::192.168.30.1
• = ::C0A8:1E01
• In a URL, it is enclosed in brackets (RFC3986)• http://[2001:db8:4f3a::206:ae14]:8080/index.html
• Cumbersome for users
• Mostly for diagnostic purposes
• Use fully qualified domain names (FQDN)
• ⇒ The DNS has to work!!
16
6 commandments of RFC 5952
1. Thou shalt not SHOUT your IPv6 address. • IPv6 must be written in lowercase. 2001:db8::1 not 2001:DB8::1
2. Thou shall destroy leading zeros.• Always truncate leading zeros. 2001:0db8::1 is not acceptable, you must use
2001:db8::1
3. Thou shalt not use the double colon where there is only one 16 bit set of zeros.• If you only have one set of 4 zeros, you can no longer use the double colon, instead
it just gets shortened to one zero. An address such as 2001:db8:0000:4:5:6:7:8 can’t use the double colon and only gets shortened to 2001:db8:0:4:5:6:7:8
17
6 commandments of RFC 5952
4. Thou shall use the double colon to it’s greatest potential.• If you have multiple sets of more than 8 zeros, you have to use the set with the
most zeros. So if you have 2001:db8:0000:0000:1:0000:0000:0000 you have to use the double colon on the right set of 0′s – 2001:db8:0:0:1::
5. Wheresoever thou has two places to use the double colon, thou shall use the leftmost.• If there are 2 equal sets of zeros, use the double colon on the one on the left, and
single zeros on the right. 2001:db8:0000:0000:1:0000:0000:1 would become 2001:db8::1:0:0:1
18
6 commandments of RFC 5952
6. Thou shall use the square brackets to separate IPv6 address from thy port number.• When writing an IPv6 address with a port number, use square brackets around the
IPv6 address to keep confusion at bay, since ports are appended with a : (the same separator as IPv6 sections): [2001:db8::1]:80 With the square brackets, we know it’s IPv6 address 2001:db8::1 on port 80, not IPv6 address 2001:db8::1:80
19
Aadressi lühendatud kirjaviis ülesanded
ülesanded
• 2001:0db8:0001:acad:0000:fe55:6789:b210
• 0000:0000:0000:0000:0000:0000:0000:0001
• fc00:0022:000a:0002:0000:0cd4:23e4:76fa
• 2033:0db8:0001:0001:0022:a33d:259a:21fe
• fe80:0000:0000:0000:0000:3201:cc01:65b1
• ff00:0000:0000:0000:0000:0000:0000:0000
• ff00:0000:0000:0000:0db7:4322:a231:067c
• FF02:0000:0000:0000:0000:FF00:0000:0000
• 2001:0db8:0000:0000:1000:0000:0000:0001
• 2001:0db8:acad:0001:0000:0000:0000:0010
Aadressi lühendatud kirjaviis ülesanded
ülesanded
• 2001:0db8:0001:acad:0000:fe55:6789:b210
• 0000:0000:0000:0000:0000:0000:0000:0001
• fc00:0022:000a:0002:0000:0cd4:23e4:76fa
• 2033:0db8:0001:0001:0022:a33d:259a:21fe
• fe80:0000:0000:0000:0000:3201:cc01:65b1
• ff00:0000:0000:0000:0000:0000:0000:0000
• ff00:0000:0000:0000:0db7:4322:a231:067c
• FF02:0000:0000:0000:0000:FF00:0000:0000
• 2001:0db8:0000:0000:1000:0000:0000:0001
• 2001:0db8:acad:0001:0000:0000:0000:0010
vastused
• 2001:db8:1:acad:0:fe55:6789:b210
• ::1
• fc00:22:a:2:0:cd4:23e4:76fa
• 2033:db8:1:1:22:a33d:259a:21fe
• fe80::3201:cc01:65b1
• ff00::
• ff00::db7:4322:a231:067c
• FF02:0:0:0:0:FF00:: või FF02::FF00:0:0
• 2001:db8::1000:0:0:1
• 2001:db8:acad:1::10
Aadressi osad
• Võrgu aadress, alamvõrk ja võrguliidese aadressGlobal Routing Prefix, Subnet ID, Interface ID
• Global Routing Prefix (48 bit), Subnet ID (16 bit), Interface ID (64 bit)
• Kui väiksemaid võrke vaja - võtta bitte juurde võrguliidese osast, näiteks• Global Routing Prefix (48 bit), Subnet ID (20 bit), Interface ID (60 bit)
• (Võetakse võrguliidese ID tähistuselt ära nibble ehk 4 bitti ehk 1 hex number)
• Üleskirjutusviis – aadress / võrgu bittide arv.
Adresseerimise paradigma muutus
• Igal liidesel mitu aadressi – vaikimisi eeldus
• Aadressid• Link local
• Unique local
• Global
• Aadressidel eluiga• Valid and preferred lifetime
• Lifetimes are infinite, unless configured to a shorter period
23
IPv6 aadressi kategooriad:
• Üksikedastus (unicast). Üksikedastusaadress näitab ühele kindale liidesele võrgus. Pakett edastatakse täpselt sellele määratud aadressile.
• Multiedastus (multicast). Multiedastusaadress näitab liideste grupile võrgus. Pakett edastatakse kõigile selles grupis.
• Suvaedastus (anycast). Suvaedastusaadress näitab mitmele liidesele. Pakett edastatakse ainult ühele neist, tavaliselt lähimale (arvutused teeb marsruuter, kasutades marsruutimisprotokolli).
• IPv6 korral ei ole leviedastust (broadcast)
24
Formaadi prefiks
• 000 – spetsiaalkasutuse jaoks
• 001 – globaalselt unikaalsete üksikedastusaadresside jaoks
• 111 – multiedastusaadresside ja kohaliku võrguasukoha (local-site) jaoks
25
IPv6 Prefix Length
• IPv6 does not use the dotted-decimal subnet mask notation
• Prefix length indicates the network portion of an IPv6 address using the following format: • IPv6 address/prefix length
• Prefix length can range from 0 to 128
• Typical prefix length is /64
26
Loopback & Unspecified
• Loopback address representation• 0:0:0:0:0:0:0:1=> ::1
• Same as 127.0.0.1 in IPv4
• Identifies self
• Unspecified address representation• 0:0:0:0:0:0:0:0=> ::
• Cannot be assigned to an interface and is only used as a source address
• An unspecified address is used as a source address when the device does not yet have a permanent IPv6 address or when the source of the packet is irrelevant to the destination
• Examples: Initial DHCP request, Duplicate Address Detection (DAD)
27
IPv6 Address Types
• Unicast• Uniquely identifies an interface on an IPv6-enabled device
• A packet sent to a unicast address is received by the interface that is assigned that address.
28
IPv6 Unicast Addresses
29
IPv6 Unicast Addresses
• Loopback• Used by a host to send a packet to itself and cannot be assigned to a physical
interface
• Ping an IPv6 loopback address to test the configuration of TCP/IP on the local host
• All-0s except for the last bit, represented as ::1/128 or just ::1
• Unspecified address • All-0’s address represented as ::/128 or just ::
• Cannot be assigned to an interface and is only used as a source address
• An unspecified address is used as a source address when the device does not yet have a permanent IPv6 address or when the source of the packet is irrelevant to the destination
30
Global Unicast
• Global Unicast Addresses Are:• Addresses for generic use of IPv6
• Structured as a hierarchy to keep the aggregation
• ISPs /32, to clients /48 - smallest routable
31
Unique-Local
• Unique-Local Addresses Used for: • Local communications & inter-site VPNs
• Local devices such as printers, telephones, etc
• Site Network Management systems connectivity
• Not routable on the Internet
• In the range of FC00::/7 to FDFF::/7
• Private to organization, yet statistically unique• Low probability of address clash, if to sites with ULA merge
32
IPv6 Unicast Addresses
• Unique local• Similar to private addresses for IPv4
• Used for local addressing within a site or between a limited number of sites
• In the range of FC00::/7 to FDFF::/7
• IPv4 embedded • Used to help transition from IPv4 to IPv6
33
Link-Local
• Link-Local Addresses Used for: • Mandatory Address for Communication between two IPv6 devices (like ARP but at
Layer 3)
• Automatically assigned by Router as soon as IPv6 is enabled – Mandatory Address
• Also used for Next-Hop calculation in Routing Protocols
• Only Link Specific scope
• Remaining 54 bits could be Zero or any manual configured value
34
Link-Local
35
36
IPv6 Link-Local Unicast Addresses
• Every IPv6-enabled network interface is REQUIRED to have a link-local address
• Enables a device to communicate with other IPv6-enabled devices on the same link and only on that link (subnet)
• FE80::/10 range, first 10 bits are 1111 1110 10xx xxxx
• 1111 1110 1000 0000 (FE80) - 1111 1110 1011 1111 (FEBF)
37
IPv6 Link-Local Unicast Addresses
38
Packets with a source or destination link-local address cannot be routed beyond the link from where the packet originated
Structure of an IPv6 Global Unicast Address
• IPv6 global unicast addresses are globally unique and routable on the IPv6 Internet
• Equivalent to public IPv4 addresses
• ICANN allocates IPv6 address blocks to the five RIRs
39
Structure of an IPv6 Global Unicast Address
40
Currently, only global unicast addresses with the first three bits of 001 or 2000::/3 are being assigned
Structure of an IPv6 Global Unicast Address
• A global unicast address has three parts:
• Global Routing Prefix- prefix or network portion of the address assigned by the provider, such as an ISP, to a customer or site, currently, RIR’s assign a /48 global routing prefix to customers
• 2001:0DB8:ACAD::/48 has a prefix that indicates that the first 48 bits (2001:0DB8:ACAD) is the prefix or network portion
41
Structure of an IPv6 Global Unicast Address
• Subnet ID• Used by an organization to identify subnets within its site
• Interface ID• Equivalent to the host portion of an IPv4 address
• Used because a single host may have multiple interfaces, each having one or more IPv6 addresses
42
Aadressi osad - ülesanded
• 2001:0DB8:0:CD30:123:4567:89AB:CDEF
• 2001:db8::/32
Aadress ja mask (prefiks) ülesanded
Leida võrguosa ja arvutiosa
• 2001:db8:1:acad:0:fe55:6789:b210/48
• 2001:db8:1:acad:0:fe55:6789:b210/64
• 2001:db8:1:acad:0:fe55:6789:b210/68
• 2033:db8:1:1:22:a33d:259a:21fe/68
Aadress ja mask (prefiks) ülesanded
Leida võrguosa ja arvutiosa
• 2001:db8:1:acad:0:fe55:6789:b210/48
• 2001:db8:1:acad:0:fe55:6789:b210/64
• 2001:db8:1:acad:0:fe55:6789:b210/68
• 2033:db8:1:1:22:a33d:259a:21fe/68
Vastused Võrguosa arvutiosa• 2001:db8:1:acad:0:fe55:6789:b210/48
• Võrk (global routing prefix) - 2001:db8:1• Võrguliidese ID - 0:fe55:6789:b210
• 2001:db8:1:acad:0:fe55:6789:b210/64• Võrk (global routing prefix) - 2001:db8:1• Subnet ID - acad• Võrguliidese ID - 0:fe55:6789:b210
• 2001:db8:1:acad:0:fe55:6789:b210/68• Võrk (global routing prefix) - 2001:db8:1• Subnet ID – acad:0• Võrguliidese ID - 000:fe55:6789:b210 (pikalt kirjutatuna)
• 2033:db8:1:1:22:a33d:259a:21fe/68• Võrk (global routing prefix) - 2033:db8:1• Subnet ID – 0001:0 (pikalt kirjutatuna)• Võrguliidese ID - 022:a33d:259a:21fe (pikalt kirjutatuna)
Aadressi tüübid (liigitus)
• Unspecified 00...0 (128 bits) ::/128
• Loopback 00...1 (128 bits) ::1/128
• Multicast 11111111 FF00::/8
• Link-Local unicast 1111111010 FE80::/10
• FE80::/10 range, first 10 bits are 1111 1110 10xx xxxx
• 1111 1110 1000 0000 (FE80) - 1111 1110 1011 1111 (FEBF)
• Global Unicast (2000::/3)
• Anycast addresses are taken from the unicast address spaces (of any scope) and are not syntactically distinguishable from unicast addresses.
Ise luua IPv6 aadress
• IPv4 aadressist koostada uus IPv6 aadress
• MAC aadressist koostada uus IPv6 aadress (slaid 16) lokaalne ja globaalne• Keskele panna ff:fe
EUI-64 aadressi moodustamine - 1
• Pane MAC aadressi keskele FF:FE
Miks FF:FE? – IEEE juhend. Tootjad ei tohi seda aadressi kasutada.
Allikas: http://standards.ieee.org/regauth/oui/tutorials/EUI64.html
48
EUI-64 aadressi moodustamine - 2
• Muuda MAC aadressi lokaalselt hallatavaks
49
EUI-64 või juhuslik
• EUI-64 lihtsalt jälgitav – jälgitav mis võrkudes kasutaja on
• Juhusliku kasutamine sõltub OS• Windows Vista ja uuemad – juhuslik• Windows XP ja vanema - EUI-64• Linux sõltub distrost ja tavaliselt tuleb sisse lülitada
Privacy extension• Rohkem infot
http://superuser.com/questions/243669/how-to-avoid-exposing-my-mac-address-when-using-ipv6
• Põhimõtteliselt iga päring oma aadressiga
• Haldus ja monitooring keerulisem
50
Dynamic Link-local Addresses
51
Link-local Address After a global unicast address is assigned to an interface, IPv6-enabled device
automatically generates its link-local address Must have a link-local address which enables a device to communicate with other
IPv6-enabled devices on the same subnet Uses the link-local address of the local router for its default gateway IPv6 address Routers exchange dynamic routing protocol messages using link-local addresses Routers’ routing tables use the link-local address to identify the next-hop router
when forwarding IPv6 packets
Dynamic Link-local Addresses
52
Dynamically Assigned Link-local address is dynamically created using the FE80::/10 prefix and the
Interface ID
Ise luua IPv6 aadress - ülesanded
• Oma arvuti/nutitelefoni IPv4 aadressist
• Oma arvuti/nutitelefoni MAC aadressist
Aadressi saamine
• SLAAC (Stateless Address Autoconfiguraton)
• DHCPv6
• Mõlemad (alguses SLAAC, siis edasi DHCPv6)
Dynamic Configuration of a Global Unicast Address using SLACC
55
Stateless Address Autoconfiguraton (SLAAC)• A method that allows a device to obtain its prefix, prefix length and default
gateway from an IPv6 router• No DHCPv6 server needed• Rely on ICMPv6 Router Advertisement (RA) messages
IPv6 routers• Forwards IPv6 packets between networks• Can be configured with static routes or a dynamic IPv6 routing protocol• Sends ICMPv6 RA messages
Dynamic Configuration of a Global Unicast Address using SLAAC
56
Command IPv6 unicast routing enables IPv6 routing
RA message can contain one of the following three options• SLAAC Only – use the information contained in the RA message• SLAAC and DHCPv6 – use the information contained in the RA message and get other
information from the DHCPv6 server, stateless DHCPv6 (example: DNS)• DHCPv6 only – device should not use the information in the RA, stateful DHCPv6
Routers send ICMPv6 RA messages using the link-local address as the source IPv6 address
Dynamic Configuration of a Global Unicast Address using SLACC
57
Dynamic Configuration of a Global Unicast Address using DHCPv6
58
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Similar to IPv4 Automatically receive addressing information including a global unicast address,
prefix length, default gateway address and the addresses of DNS servers using the services of a DHCPv6 server
Device may receive all or some of its IPv6 addressing information from a DHCPv6 server depending upon whether option 2 (SLAAC and DHCPv6) or option 3 (DHCPv6 only) is specified in the ICMPv6 RA message
Host may choose to ignore whatever is in the router’s RA message and obtain its IPv6 address and other information directly from a DHCPv6 server.
Dynamic Configuration of a Global Unicast Address using DHCPv6
59