ipv6: hype or reality? tim helming director of product management corey, nachreiner, cissp, sr....
TRANSCRIPT
IPv6: Hype or Reality?
Tim HelmingDirector of Product Management
Corey, Nachreiner, CISSP, Sr. Network Security Strategist,
Welcome!
You’re here because v6 matters to you
Come On In: The Water’s Fine!
IPv4 is dead…long live IPv4!
IPv6 is Everywhere….sort of…
Source: Elise Gerich, IANA/ICANN
Sometimes “unofficial” data is the most interesting…
Graphic: Geoff Huston, APNIC
OK….Pencils and Binoculars Ready?
IPv6 Technical Brief
What’s the problem with IPv4?
Simply put, it doesn’t offer enough addresses…
World Population: Around 6.8 billion
Number of IPv4 addresses: Around 4.3 billion
It Gets Worse…
People (personal computers) aren’t the only thing online…
IPv6 Technical Benefits
Quick IPv4 Address Recap
• Developed in 80s• 232
• 4.3 billion possible addresses (4,294,967,296)• Generally represented in decimal• NAT allows more (1000s of devices can hide behind one IPv4 address)
• Developed in 80s• 232
• 4.3 billion possible addresses (4,294,967,296)• Generally represented in decimal• NAT allows more (1000s of devices can hide behind one IPv4 address)
208.132.96.2532-bit (four bytes) long
One byte = 0 - 255
1101000.10000100.01100000.00011001
Dissecting an IPv6 Address
• Developed in 1998 (RFC 2460)•2128
• 3.4 x 1038 or 340 Undecillion (what?) possible addresses•Generally represented in hexadecimal (HEX)•Who needs NAT!
• Developed in 1998 (RFC 2460)•2128
• 3.4 x 1038 or 340 Undecillion (what?) possible addresses•Generally represented in hexadecimal (HEX)•Who needs NAT!
2560:1900:4545:0003:0200:F8FF:FE21:67CF
128-bits (16 bytes) longTwo bytes = 0 – FFFF (65535)
0010000111011010000000001101001100000000000000000010111100111011 0000001010101010000000001111111111111110001010001001110001011010
340 282 366 920 938 463 463 374 607 431 768 211 456
2001:19:545:3:200::67CF
Shortening IPv6 Addresses
2001:0019:0545:0003:0200:0000:0000:67CF
2001:19:545:3:200:0:0:67CF
Remove preceding zeros
Remove groups of zeros
2001:19:545:3:200:::67CF
Reading HEX Primer
Hexadecimal (base 16) is a numeral system with sixteen symbols • 0-9 = well… zero through nine (duh)• A-F = 10 – 15•10,11,12,13 = 16, 17, 18. 19
Converting HEX to decimal: 4D5F
(4 x 163) + (13 x 162) +(5 x 161 ) + (15 x 160)
(16384) + (3328)+(80)+(15)
19807 or (0100110101011111)
Types of IPv6 Addresses
•Unicast Address – a one-to-one address:• Global – publicly routable address assigned by IANA (2000::/3)• Link local – Local address assigned for auto configuration or
neighbor discovery, etc… not routed. (FE80::/10)• Unique local – like private addresses. Just used at local site
(FC00 or FD00::/8)• Special – special addresses like loopback or default gateway• Compatible – used for IPv4 to IPv6 migration
•Multicast Address – an address intended for one-to-many communication:
• Multicast – sent to members in a multicast group• Broadcast – sent to all address on a network (technically, now
a all-nodes multicast)•Anycast Address – a new address used to send to the first receipient of a group
IPv6 Hierarchical Addressing
2561:1900:4545:0003:0200:F8FF:FE21:67CF
Interface IDSLA IDGlobal Routing Prefix
TLA ID NLA ID
Prefix
IPv6 Subnetting
•CIDR only (slash notation)•No concept of subnet masks•/ followed by prefix size (decimal number 1-128)
•CIDR only (slash notation)•No concept of subnet masks•/ followed by prefix size (decimal number 1-128)
2001:1900:4545:0003:0200:F8FF:FE21:67CF
2001:1900:4545::/48 =2001:1900:4545:0000:0000:0000:0000:0000 -
2001:1900:4545:FFFF:FFFF:FFFF:FFFF:FFFF
/16 /32 /48
CIDR to range tool: http://www.ultratools.com/tools/ipv6CIDRToRange
What about MAC?
•Hosts generate a unique “Interface Identifier”• Called 64-bit Extended Unique Identifier or EUI-64• 48-bit MAC addresses converted by adding FFFE to the middle
1. MAC Address: 90-3A-2B-06-2C-D12. Split in half: 90-3A-2B 06-2C-D13. Insert FFFE: 90:3A:2B:FF:FE:06:2C:D14. Change 7th bit to 1: 92:3A:2B:FF:FE:06:2C:D1
What about ARP?
IPv6 replaces ARP with the Neighborhood Discovery Protocol. This new protocol combines many functions:
Simplified Headers Mean Faster Traffic
Version IHL Type ofService Total Length
Identification FlagsFragment
Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
IPv4 Header (20 bytes)
Version Traffic Class Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
IPv6 Header (40 bytes)
IPv6 OS Support
Field Guide to Common IPv6 Addresses
Common Address Field Guide (1)
•Loopback address (was 127.0.0.1)
•Link-local address (was 169.254.0.0/16)
0000:0000:0000:0000:0000:0000:0000:0001or::1
FE80::/10
FE80::28BB:0ACB:3F57:D837
Common Address Field Guide (2)
•Default route (was 0.0.0.0/0)
•Unique Local Address or ULA (Also called Site Local. Similar to private networks)
0000:0000:0000:0000:0000:0000:0000:0000/0or
::/0
FC00::/7
FC00::28BB:0ACB:3F57:D837
Common Address Field Guide (3)
•Multicast address (was 224.0.0.0/4)
•Anycast address (new – send to the nearest node in a group)
FF00::/8
FF02::1
Looks like a unicast address
Common Address Field Guide (4)
•6to4 addresses
2002::/1616 bits 32 bit 16 bits 64 bits
2002 IPv4 address (hex)
SLA ID Interface ID
207.134.42.111 =2002:CF86:2A6F::/48
Common Address Field Guide (5)
•Unique Global (public IP address)
2000::/3
2260:F3A4:32CB:715D:5D11:D837
Common Address Field Guide (6)
Other addresses/ranges of lesser note:
• 42::/16 - The Retiolum Prefix• 2001::/32 -Teredo tunneling (transition mechanism)• 2001:2::/48 -Assigned to BMWG• 2001:10::/28 - ORCHID (Overlay Routable
Cryptographic Hash Identifiers)• 3FFE::/16 – 6Bone IPv6 Testbed addresses (legacy)
IPv6 Technical Summary
Glossary
•IP address: Internet protocol address. An address network devices use to identify one another•NAT: Network address translation. A standard to hide many special IPs behind one real IP•Hexadecimal: A base-16 numbering system consisting of 0-F•Routing Prefix: The first 64-bits of an IPv6 address, which identifies routing info•Interface ID: The last 64-bits of an IPv6 address, which identifies a single host•CIDR: Classless Inter-Domain Routing. A scalable method for assigning IPs and routing packets•MAC: Media Access Control address. A unique address for specific network hardware•ARP: Address resolution protocol. A standard for IPv4 devices to find one another locally•EUI-64: A unique 64-bit identifier of IPv6, based on MAC•Network Discovery (ND) Protocol: IPv6 replacement for ARP and more…
Glossary (cont.)
•Addresses• Unicast Address: Specific One-to-one address• Multicast Address: An address to communicate from one-to-
many• Anycast Address: A new type of address to communicate
from one to the first in a group to receive.• Loopback: Address that represents the local host• Local Link: Required, non-routable address that connects to
local network, and is used for autoconfiguration• Default Route: Address that represents where to send non-
local traffic• Unique Local: Non-global address similar to IPv4 private
networks• 6to4: One of many IPv6 transition mechanisms• Unique Global: A specific, publicly routable IPv6 host address
Things We Haven’t Covered (Lots)
Extra Reading Material for Geeks
IPv6 Request For Comments (RFCs):
• RFC 1752 (1995):The Recommendation for IP Next Generation (IPng) Protocol
• RFC 2460 (1998):Internet Protocol Version 6 (IPv6) Specification
• RFC 2462: IPv6 Stateless Address Autoconfiguration
• RFC 3775: Mobility Support in IPv6
• RFC 2893: Transition Mechanisms for IPv6 Hosts and Routers
• RFC 2373: IP Version 6 Addressing Architecture
And many more (over 70 RFCs related to IPv6): http://oversteer.bl.echidna.id.au/IPv6/RFC/
Wrapping Up
You Have Some New IPv6 Knowledge….Now What?
Thank You!