Understand IPv6 - (1)

demo

Today we're going to learn all about how tounderstand IPv6 addressing by breaking it down into nice understandable chunks, and we'll coversome shortcuts for writing IPv6 addresses. You'll be able to look at an IPv6 address andunderstand exactly what it does.
   
In the olden days, it was possible to skate over understanding the binary math behind IPv4addresses by memorizing the various classes and their address ranges. That won't work for IPv6.Get yourself an IP address calculator and learn how work out the conversions and calculations,or IPv6 will forever remain a mystery. ipv6calc is an excellent one thatruns on Linux/Unix. A bit of Googling will uncover an abundance of Web-based IP calculators andconverters.

IPv6 Address Types
Increasing the IP address pool was one of the major forces behind developing IPv6. It uses a128-bit address, meaning that we have a maximum of 2¹²⁸ addresses available, or340,282,366,920,938,463,463,374,607,431,768,211,456, or enough to give multiple IP addresses toevery grain of sand on the planet. So our friendly old 32-bit IPv4 dotted-quads don't do the jobanymore; these newfangled IPs require eight 16-bit hexadecimal colon-delimited blocks. So notonly are they longer, they use numbers and letters. At first glance, those mondo IPv6 addresseslook like impenetrable secret code:
2001:0db8:3c4d:0015:0000:0000:abcd:ef12  
We'll dissect this in a moment and learn that's it not such a scary thing, but first let'slook at the different types of IPv6 addressing.
Under IPv4 we have the old familiar unicast, broadcast and multicastaddresses. In IPv6 we have unicast, multicast and anycast. With IPv6 thebroadcast addresses are not used anymore, because they are replaced with multicastaddressing.

IPv6 Unicast
This is similar to the unicast address in IPv4 – a single address identifying a singleinterface. There are four types of unicast addresses:

• Global unicast addresses,which are conventional, publicly routable address, just like conventional IPv4 publicly routableaddresses.
• Link-local addresses are akin to the private, non-routable addressesin IPv4 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). They are not meant to be routed, butconfined to a single network segment. Link-local addresses mean you can easily throw together atemporary LAN, such as for conferences or meetings, or set up a permanent small LAN the easyway.
• Unique local addresses are also meant for private addressing, with theaddition of being unique, so that joining two subnets does not cause address collisions.
  

• Special addresses are loopback addresses, IPv4-address mapped spaces, and 6-to-4addresses for crossing from an IPv4 network to an IPv6 network.
  

If you read about site-local IPv6 addresses, which are related to link-local, thesehave been deprecated, so you don't need to bother with them.

Multicast
Multicast in IPv6 is similar to the old IPv4 broadcast address   a packet sent to amulticast address is delivered to every interface in a group. The IPv6 difference is it'stargeted   instead of annoying every single host on the segment with broadcast blather,only hosts who are members of the multicast group receive the multicast packets. IPv6 multicastis routable, and routers will not forward multicast packets unless there are members of themulticast groups to forward the packets to. Anyone who has ever suffered from broadcast stormswill appreciate this mightily.

Anycast
An anycast address is a single address assigned to multiple nodes. A packet sent to ananycast address is then delivered to the first available node. This is a slick way to provideboth load-balancing and automatic failover. The idea of anycast has been around for a long time;it was proposed for inclusion in IPv4 but it never happened.
Several of the DNS root servers use a router-based anycast implementation, which is really ashared unicast addressing scheme. (While there are only thirteen authoritative root servernames, the total number of actual servers is considerably larger, and they are spread all overthe globe.) The same IP address is assigned to multiple interfaces, and then multiple routingtables entries are needed to move everything along.
IPv6 anycast addresses contain fields that identify them as anycast, so all you need to dois configure your network interfaces appropriately. The IPv6 protocol itself takes care ofgetting the packets to their final destinations. It's a lot simpler to administer than sharedunicast addressing.
   

By Carla Schroderhttp://www.enterprisenetworkingplanet.com/netsp/article.php/3633211/Understand-IPv6-Addresses.htm

demo

Address Dissection
Let's take another look at our example IPv6 address:
2001:0db8:3c4d:0015:0000:0000:abcd:ef12
______________|____|___________________
global prefix      subnet  Interface ID
   
The prefix identifies it as a global unicast address. It has three parts: the network identifier, the subnet, and the interface identifier.
The global routing prefix comes from a pool assigned to you, either by direct assignment from a Regional Internet Registry like APNIC, ARIN, or RIPE NCC, or more likely from your Internet service provider. The subnet and interface IDs are controlled by you, the hardworking local network administrator.
You'll probably be running mixed IPv6/IPv4 networks for some time. IPv6 addresses must total 128 bits. IPv4 addresses are represented like this:
0000:0000:0000:0000:0000:0000:192.168.1.25
Eight blocks of 16 bits each are required in an IPv6 address. The IPv4 address occupies 32 bits, so that is why there are only seven colon-delimited blocks.
The localhost address is 0000:0000:0000:0000:0000:0000:0000:0001.
Naturally we want shortcuts, because these are long and all those zeroes are just dumb-looking. Leading zeroes can be omitted, and contiguous blocks of zeroes can be omitted entirely, so we end up with these:
2001:0db8:3c4d:0015:0:0:abcd:ef12
2001:0db8:3c4d:0015::abcd:ef12
::192.168.1.25
::1
I usually end up counting on my fingers, which is probably not the best method. ipv6calc is invaluable for checking your work. Suppose you're not sure if your compressed notation is correct. ipv6calc displays the uncompressed notation:
$ ipv6calc --in ipv6addr --out ipv6addr --printuncompressed ::1
0:0:0:0:0:0:0:1
$ ipv6calc --in ipv6addr --out ipv6addr --printfulluncompressed 2001:0db8:3c4d:0015::abcd:ef12
2001:0db8:3c4d:0015:0000:0000:abcd:ef12
Next week we'll get to the fun part: setting up a local IPv6 network, connecting to a public IPv6 network and learning how to calculate and assign IPv6 addresses.

Resources

• IPv6: Facts and Fiction
• Current Status of IPv6 Support for Networking Applications
• APNIC Root Server Trial FAQ
• Linux IPv6 Howto
  

   

demo

        We're going to spend some time teaching you a number of incredibly wonderful things about IPv6, such as:

• Why network admins need to get their duffs up and implement it
• Nice bullet points for persuading PHBs (define)
• How to actually use it
  

   
                    Persuasive Bullet Points
IPv6 means a whole lot more than just having a large enough pool of addresses to give every grain of sand and star in the sky a pool of unique addresses to play with. It also incorporates a lot of long-needed improvements in the IP protocol:

• No more NAT (Network Address Translation)
• Autoconfiguration
• No more private address collisions
• Better multicast routing
• The newfangled anycastrouting
• Simpler header format
• Simplified, more efficient routing
• True quality of service (QoS), also called "flow labeling"
• Built-in authentication and privacy support
• Flexible options and extensions
• Easier administration – say good-bye to DHCP
  

No More Lollygagging
You've doubtless read articles that claim the cost of migrating to IPv6 is going to be huge and painful, on the scale of Hurrican Katrina or Y2K. (Don't even get me started on the Y2K profiteering.) I don't think so. Naturally, anyone who is clinging to ancient routers and switches that don't support IPv6 is going to suffer the pain of buying new hardware. Cry me a river – you'll get great new stuff that will outperform those old antiques you've limping along with for so long. By design, IPv6 and IPv4 are going to co-exist for some time, so admins can take their time and migrate in nice sane small steps. No doubt some will suffer headaches from having to stuff new knowledge into their heads, but trust me, it's worth it.
Probably the biggest selling point for IPv6 is the shortage of IPv4 addresses. Here in the good old US of A, in typical overlord fashion, we possess the majority of them. While NAT and CIDR notation have extended the number of usable IPv4 addresses, NAT needs to go away forever, and the rest of the world can't live on our scraps.
Death to NAT
I long for the day when the final stake is driven through the heart of NAT. NAT extended the useful life of IPv4, which is a good thing, but in itself is a horrid kludge that has driven far too many network admins to drink and hair loss. Why does NAT suck? For a number of reasons. First of all it's a big fat chokepoint on your network border, forcing every single packet that enters or leaves your network to be examined and altered.
Secondly, NAT complicates every service, requiring all sorts of corollary hacks and kludges to make things work, especially services that use multiple ports. Everyone who survived the days of trying to make things like IRC, FTP and NFS work through NAT firewalls deserve medals. (You younguns just don't appreciate our suffering enough.) Most services have been around long enough to accumulate enough kludgework to deal with NAT, but new services still have to go through the pain cycle. Like the SIP (Session Initiation) protocol for voice-over-IP, Bittorrent and other peer protocols, plus anything that you want to run on multiple machines behind the same NAT address.
Colliding Private Addies
All those lovely, unique IPv6 addresses instantly cure a large IPv4 problem: private address collision. This happens when you have to integrate subnets that use the same IPv4 private address space- boy howdy, that's more fun than a barrel of monkeys.
Simplified Routing
The IPv6 header is completely re-designed. Required components are moved to the front of the header. Optional components are moved to an extension header; if there aren't any optional components, the extension headers are omitted and the packet size is reduced.
But that's not all. The IPv6 protocol is ingeniously designed so that our hardworking spam-burdened Internet backbone routers will have much smaller routing tables than they do now. No longer will they need to know every possible route, which is why those big backbone routers are the size of Ford Exorbitants. Instead of having to know every possible route, the routing tables will include routes to only those routers connected directly to them. The IPv6 protocol itself contains the remaining information a packet needs to reach its destination.
Real, Genuine QoS
QoS in IPv4 is a bit of a joke. Sure, packets can be assigned different priorities, but a lot of routers simply ignore the QoS flag, and certain networking stacks are rumored to mark all packets as highest priority, so it's pointless to even try.
In this  modern era of gigabyte and multiple-gigabyte networking speeds, voice over IP, streaming video, and other high-demand real-time services, that sort of clunkiness simply will not do. IPv6 is designed to handle these new super-high speeds, and it standardizes QoS so that all routers will handle packets correctly, even allocating bandwidth according to priority.
Easier Administration
Don't be scared by those long hexadecimal IPv6 addresses. We'll learn how to break them down into manageable chunks, some shortcuts to save typing, and understand what each piece means.
There are two separate address spaces for private addressing called "link-local" and "site-local."  A link-local address is like a single subnet and should not be routed. Link-local addresses let you do fun easy things like:

• Host autoconfiguration without DHCP, simply by querying the router
• Neighbor discovery
• Setting up ad-hoc LANs without a router
  

In other words, you can fling a gaggle of strangers together in a conference room, connect all their PCs (wireless, wired, whatever), and share files without having to rassle with file-sharing protocols.
Site-local addresses are like a typical office containing several subnets. The subnet information is in the address so they can be routed within a site. They should not be forwarded outside the site.
Hands-On
Understanding IPv6 addressing is the key to understanding how to use it, so next week we'll roll up our sleeves and make a nice IPv6 network.
Resources

       
• Networking 101: Subnets Realized (Including IPv6)
         
• IPv6: What You Need to Know
         
• IPv6: It's Better And Easier. Mostly.
         
• The excellent O'Reilly titles, "IPv6 Essentials" and "IPv6 Network Administration"
  

   

demo

Here is a unique private IPv6 address range generated just for you (refresh page to get another one):

Prefix/L:	fd
Global ID:	bc5d60fbb4
Subnet ID:	dd1b
Combined/CID:	fdbc:5d60:fbb4:dd1b::/64
IPv6 addresses:	fdbc:5d60:fbb4:dd1b:xxxx:xxxx:xxxx:xxxx

If you have multiple locations/sites/networks, you should assign each one a different "Subnet ID", but use the same "Global" ID for all of them.

The IPv6 address space is so huge (2128) that everyone shouldbe able to get a public IP address for every device they will ever own. So theoreticallyit shouldn't be necessary to have private IPv6 addresses like the 192.168.x.x and 10.x.x.x   addresses in IPv4.

However until you can actually get an IPv6 address range from your ISP, you may want touse "private" addresses for internal networks and testing etc.
In IPv6 there is a special "Unique Unicast" IP range of fc00::/7 which should be used for this as perRFC4193.
The official definition looks like this:

| 7 bits |1|  40 bits   |  16 bits  |          64 bits           | +--------+-+------------+-----------+----------------------------+ | Prefix |L| Global ID  | Subnet ID |        Interface ID        | +--------+-+------------+-----------+----------------------------+

In practice such address will always start with "fd" because the 8th (L) bit must be one.
The "Global ID" and "Subnet ID" must be random to ensure uniqueness (which is what this page does).
You are free to assign addresses from the rest (Interface ID).

Please note:
A former standard proposed the use of so-called "site-local" addresses in the fec0::/10 range.
This has been deprecated (see RFC3879) and should no longer be used.

http://www.simpledns.com/private-ipv6.aspx

demo

When we are dealing with IPv6 “private” addressing, it can quickly become pretty confusing.  The reason this particular topic becomes confusing is because the people that have developed the technology keep changing their minds!!!  Let’s go through some history.

Site-Local AddressesSite-local addresses were the first stab at having a private address space range for our internal organizations similar to RFC 1918 for IPv4.  This address space was defined in RFC 3513 as being in the range FEC0::/10.  Basically what this means is that the first 12 bits of the address had to look something like this:
1111 1110 11xx
[ F ] [  E ] [C-F]
So anyways, the site-local address was the first attempt at letting network admins assign their own private addressing for their “sites.”  The issues with it were that the term “site” was somewhat ambiguous.  Nobody could really agree on what a “site” was. Secondly, there was no guarantee that no two sites within the same organization would not end up using overlapping site addressing due to carelessness or whatever else. Site-Local addresses went to sleep permanently when deprecated officially in RFC 3879. Unfortunately for the current CCIE candidate, this site-local address range is still used quite extensively in some Cisco documentation
Unique-Local AddressesOut with the old in with the new!  Unique-Local addresses have officially replaced site-local addresses.  These get a little bit more interesting because there are really two different “flavors.”  Unique-Local Addresses (ULA) are defined in RFC 4193 and are given the range FC00::/7.  Basically your first 8 bits will look like this:
1111 110x
[F ] [C-D]
Overall, your unique-local address will look something like this:
F[C-D]xx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
So obviously it starts with EITHER FC or FD in hexadecimal.  The string of ‘x’s there represents what we call our “global-id” which would describe your company and is 40 bits long.  The string of ‘y’s represent what we call the “subnet-id” which describes the sites within your company and is 16 bits long.  The string of ‘z’s is the remaining 64 bits that represent a host.  So essentially you have a 40-bit value that represents your company and 16 bits to play with for subnetting.  If you do the math that gives you up to 65,535 /64 subnets…a LOT of addresses.
OK, so we have this FC00::/7 range.  Now, here is where it gets a little extra interesting.  Basically some people thought the 40-bit global-id should be something centrally assigned by a registrar of sorts (kind of like ARIN).  The addresses would still not be routable on the public internet, but would be controlled by a trusted third party registrar.  The reasoning was so that it was guaranteed that no two sites within an organization would ever get overlapping ranges.  On the other hand, other people didn’t like the idea of having private addresses allocated to them.  Therefore, what they did was a compromise.  They took this massive FC00::/7 range and broke it up into two individual /8’s – FC00::/8 and FD00::/8 and each one works a bit differently.
Unique-Local Locally-Assigned Addresses (FD00::/8)
The folks that do not want their private addresses assigned to them by a third party get this range.  The kicker is that in the RFC the way that 40-bit global-id get’s picked is still not really SUPPOSED to be up to you.  It is a randomly generated number (at least “pseudo-random”). So, with FD00::/8 you get something like this
FDxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
Here the string of ‘x’s is still the global-id and is 40-bits long…it is just randomly generated, or at least SHOULD be. The rest is the same…we still have 16 bits for subnetting and a /64 host address
Unique-Local Centrally-Assigned Addresses (FD00::/8)
The folks that WERE for the private addresses being centrally assigned by some sort of registrar get the FC00::/8 range.  Now, as of right now this organization that is supposed to hand out the addresses really doesn’t exist yet ANYWAYS, the concept is similar except now you have something like this:
FCxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz
Here the string of ‘x’s is still the global-id and is 40-bits long…but it is ASSIGNED to you in theory. The rest is the same…we still have 16 bits for subnetting and a /64 host address
So now what?!
For purposes of the CCIE R&S v4.0 lab – IF you are asked to do “site-local” addressing I would verify with the proctor that they REALLY mean site-local as in the FEC0::/10 range.  IF that is the case, go ahead and just pick something in the range and use it while smiling to yourself because it is really deprecated.
IF you are asked to do unique-local addressing I would watch the wording of your lab.  If it says something about you being “assigned” such and such range, I would opt for the centrally assigned range of FC00::/8.  They may say something like “You have been ASSIGNED a global-id of ABCD:EF12:34. Use the middle two octets of your IPv4 subnet as your subnet ID.” Let’s say the middle two octets were 4.4 in your IPv4 address space. That would equate to something like FCAB:CDEF:1234:0404::/64.  Because they said ASSIGNED I would assume we were using the FC00::/8 range.  The next 40 bits (global-id) were given to you, and you derived the next 16 bits from your IPv4 address.
IF you are told to do unique-local addressing and they mention something about you assigning your global-id yourself, or having it randomly generated I would opt for the FD00::/8 locally assigned range. Maybe you would have a task similar to this:  “You have decided to assign the unique-local global-id of BABA:CACA:12. Use the middle two octets of your IPv4 subnet as your subnet ID.” That would equate to something like FDBA:BACA:CA12:0404::/64. Because they said YOU assigned it to yourself or that it was “randomly generated” I would use the FD00::/8 range of addressing there.
Don’t you miss RFC 1918 now?
–
Joe Astorino
CCIE #24347 (R&S)
http://blog.ipexpert.com/2010/08 ... dressing-explained/
By Joe Astorino