Introduction to IPv6
IPv6 is a technology developed to overcome the limitations of the current standard, IPv4, which allows end systems to communicate and forms the foundation of the Internet as we know it today.
This section on IPv6-specific design considerations provides an overview of IPv6 features and addressing and explains the various IPv6 address types. The address assignment and name resolution strategies for IPv6 are explored. The transition from IPv4 to IPv6 is discussed, and the section concludes with a brief description of the IPv6 routing protocols.
Note | RFC 2460, Internet Protocol, Version 6 (IPv6), defines the IPv6 standard. Information on IPv6 features supported in specific Cisco IOS releases can be found in Cisco IOS Software Release Specifics for IPv6 Features, at http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/ftipv6s.htm. |
IPv6 Features
The ability to scale networks for future demands requires a limitless supply of IP addresses and improved mobility; IPv6 combines expanded addressing with a more efficient and feature-rich header to meet these demands. IPv6 satisfies the increasingly complex requirements of hierarchical addressing that IPv4 does not support.
The Cisco IOS supports IPv6 in Release 12.2(2)T and later. The main benefits of IPv6 include the following:
-
Larger address space: IPv6 addresses are 128 bits, compared to IPv4’s 32 bits. This larger addressing space allows more support for addressing hierarchy levels, a much greater number of addressable nodes, and simpler autoconfiguration of addresses.
-
Globally unique IP addresses: Every node can have a unique global IPv6 address, which eliminates the need for NAT.
-
Site multihoming: IPv6 allows hosts to have multiple IPv6 addresses and allows networks to have multiple IPv6 prefixes. Consequently, sites can have connections to multiple ISPs without breaking the global routing table.
-
Header format efficiency: A simplified header with a fixed header size makes processing more efficient.
-
Improved privacy and security: IPsec is the IETF standard for IP network security, available for both IPv4 and IPv6. Although the functions are essentially identical in both environments, IPsec is mandatory in IPv6. IPv6 also has optional security headers.
-
Flow labeling capability: A new capability enables the labeling of packets belonging to particular traffic flows for which the sender requests special handling, such as nondefault quality of service (QoS) or real-time service.
-
Increased mobility and multicast capabilities: Mobile IPv6 allows an IPv6 node to change its location on an IPv6 network and still maintain its existing connections. With Mobile IPv6, the mobile node is always reachable through one permanent address. A connection is established with a specific permanent address assigned to the mobile node, and the node remains connected no matter how many times it changes locations and addresses.
IPv6 Address Format
Rather than using dotted-decimal format, IPv6 addresses are written as hexadecimal numbers with colons between each set of four hexadecimal digits (which is 16 bits); we like to call this the “coloned hex” format. The format is x:x:x:x:x:x:x:x, where x is a 16-bit hexadecimal field. A sample address is as follows:
-
2035:0001:2BC5:0000:0000:087C:0000:000A
For example, the previous address can be shortened to the following:
-
2035:1:2BC5::87C:0:A
An all-0s address can be written as ::.
Similar to how IPv4 subnet masks can be written as a prefix (for example, /24), IPv6 uses prefixes to indicate the number of bits of network or subnet information.
IPv6 Address Types
This section covers the various IPv6 address types and their scopes.
IPv6 Address Scope Types
Similar to IPv4, a single source can address datagrams to either one or many destinations at the same time in IPv6.
Note | RFC 4291, IPv6 Addressing Architecture, defines the IPv6 addressing architecture. |
Following are the types of IPv6 addresses:
-
Unicast (one-to-one): Similar to an IPv4 unicast address, an IPv6 unicast address is for a single source to send data to a single destination. A packet sent to a unicast IPv6 address goes to the interface identified by that address. The IPv6 unicast address space encompasses the entire IPv6 address range, with the exception of the FF00::/8 range (addresses starting with binary 1111 1111), which is used for multicast addresses. The “IPv6 Unicast Addresses” section discusses the different types of IPv6 unicast addresses.
-
Anycast (one-to-nearest): An IPv6 anycast address is a new type of address that is assigned to a set of interfaces on different devices; an anycast address identifies multiple interfaces. A packet that is sent to an anycast address goes to the closest interface (as determined by the routing protocol being used) identified by the anycast address. Therefore, all nodes with the same anycast address should provide uniform service.
Anycast addresses are syntactically indistinguishable from global unicast addresses because anycast addresses are allocated from the global unicast address space. Nodes to which the anycast address is assigned must be explicitly configured to recognize the anycast address.
Anycast addresses must not be used as the source address of an IPv6 packet.
Examples of when anycast addresses could be used are load balancing, content delivery services, and service location. For example, an anycast address could be assigned to a set of replicated FTP servers. A user in China who wants to retrieve a file would be directed to the Chinese server, whereas a user in the Europe would be directed to the European server.
-
Multicast (one-to-many): Similar to IPv4 multicast, an IPv6 multicast address identifies a set of interfaces (in a given scope), typically on different devices. A packet sent to a multicast address is delivered to all interfaces identified by the multicast address (in a given scope). IPv6 multicast addresses have a 4-bit scope identifier (ID) to specify how far the multicast packet may travel.
An IPv6 address is valid for a specific scope, which defines the types of applications the address is suitable for.
Interface Identifiers in IPv6 Addresses
In IPv6, a link is a network medium over which network nodes communicate using the link layer. Interface IDs in IPv6 addresses are used to identify a unique interface on a link. They can also be thought of as the “host portion” of an IPv6 address. Interface IDs are required to be unique on a link and can also be unique over a broader scope. When the interface identifier is derived directly from the data link layer address of the interface, the scope of that identifier is assumed to be universal (global). Interface identifiers are always 64 bits and are dynamically created based on the data link layer.
This process is illustrated in Figure 6-18.
The seventh bit in an IPv6 interface identifier is referred to as the Universal/Local (U/L) bit. This bit identifies whether this interface identifier is locally unique on the link or whether it is universally unique. When the interface identifier is created from an Ethernet MAC address, it is assumed that the MAC address is universally unique and, therefore, that the interface identifier is universally unique. The U/L bit is for future use by upper-layer protocols to uniquely identify a connection, even in the context of a change in the leftmost part of the address. However, this feature is not yet used. The eighth bit in an IPv6 interface identifier, also known as the “G” bit, is the group/individual bit for managing groups.
IPv6 Unicast Addresses
Following are the different unicast addresses that IPv6 supports:
-
Global aggregatable address (also called global unicast address)
-
Link-local address
-
IPv4-compatible IPv6 address
Global aggregatable addresses and link-local addresses are discussed in the next two sections, respectively. IPv4-compatible IPv6 addresses are described in the later “IPv4-to-IPv6 Transition Strategies and Deployments” section.
Note | Site-local unicast addresses are another type of IPv6 unicast address; however, the use of site-local addresses was deprecated in September 2004 by RFC 3879, Deprecating Site Local Addresses, and future systems must not implement any support for this type of address. Site-local unicast addresses were similar to private addresses in IPv4 and were used to address a site without having a global prefix. Site-local addresses used the prefix FEC0::/10 (binary 1111 1110 11) with a subnet identifier (a 16-bit field) and an interface identifier (a 64-bit field) concatenated after the prefix. Site-local addresses were considered private addresses to be used to restrict communication to a limited domain. IPv6 routers must not advertise routes or forward packets that have site-local source or destination addresses, outside the site. |
Global Aggregatable Unicast Addresses
The structure of global aggregatable unicast addresses enables summarization (aggregation) of routing prefixes so that the number of routing table entries in the global routing table can be reduced. Global unicast addresses used on links are aggregated upward, through organizations, and then to intermediate-level ISPs, and eventually to top-level ISPs. A global unicast address typically consists of a 48-bit global routing prefix, a 16-bit subnet ID, and a 64-bit interface ID (typically in EUI-64 bit format), as illustrated in Figure 6-19.
The subnet ID can be used by individual organizations to create their own local addressing hierarchy using subnets. This field allows an organization to use up to 65,536 individual subnets.
A fixed prefix of binary 2000::/3 (binary 001) indicates a global aggregatable IPv6 address; this is the current range of IPv6 global unicast addresses assigned by the Internet Assigned Numbers Authority (IANA). Assignments from this block are registered in the IANA registry, which is available at http://www.iana.org/assignments/ipv6-unicast-address-assignments.
The 64-bit Interface ID field identifies interfaces on a link and therefore must be unique on the link.
Note | RFC 3587, IPv6 Global Unicast Address Format, defines the global unicast address format. |
Link-Local Unicast Addresses
A link-local address is useful only in the context of the local link network; its scope limits its relevance to only one link. A link-local address is an IPv6 unicast address that can be automatically configured on any interface by using the link-local prefix FE80::/10 (1111 1110 10) and the 64-bit interface identifier, as shown in Figure 6-20. Link-local addresses are used in the neighbor discovery protocol and the dynamic address assignment process. Dynamic address assignment is discussed in more detail in the next section.
Many routing protocols also use link-local addresses.
When communicating with a link-local address, the outgoing interface must be specified, because every interface is connected to FE80::/10.
An IPv6 router must not forward packets that have either link-local source or destination addresses to other links.
IPv6 Address Assignment Strategies
As with IPv4, IPv6 allows two address assignment strategies: static and dynamic.
Static IPv6 Address Assignment
Static address assignment in IPv6 is the same as in IPv4—the administrator must enter the IPv6 address configuration manually on every device in the network.
Dynamic IPv6 Address Assignment
IPv6 dynamic address assignment strategies allow dynamic assignment of IPv6 addresses, as follows:
-
Link-local address: The host configures its own link-local address autonomously, using the link-local prefix FE80::0/10 and a 64-bit identifier for the interface, in an EUI-64 format.
-
Stateless autoconfiguration: A router on the link advertises—either periodically or at the host’s request—network information, such as the 64-bit prefix of the local network and its willingness to function as a default router for the link. Hosts can automatically generate their global IPv6 addresses by using the prefix in these router messages; the hosts do not need manual configuration or the help of a device such as a DHCP server. For example, Figure 6-21 shows a host using the prefix advertised by the router as the top 64 bits of its address; the remaining 64 bits contain the host’s 48-bit MAC address in an EUI-64 format.
Figure 6-21: IPv6 Stateless Autoconfiguration Allows a Host to Automatically Configure Its IPv6 Address -
Stateful using DHCP for IPv6 (DHCPv6): DHCPv6 is an updated version of DHCP for IPv4. DHCPv6 gives the network administrator more control than stateless autoconfiguration and can be used to distribute other information, including the address of the DNS server. DHCPv6 can also be used for automatic domain name registration of hosts using a dynamic DNS server. DHCPv6 uses multicast addresses.
IPv6 Name Resolution
This section discusses IPv6 name resolution strategies and name resolution on a dual-stack (IPv4 and IPv6) host.
Static and Dynamic IPv6 Name Resolution
IPv6 and IPv4 name resolutions are similar. The following two name resolutions are available with IPv6:
-
Static name resolution: Accomplished by manual entries in the host’s local configuration files.
-
Dynamic name resolution: Accomplished using a DNS server that supports IPv6, usually along with IPv4 support. As shown in Figure 6-22, an IPv6-aware application requests the destination hostname’s IPv6 address from the DNS server using a request for an A6 record; an A6 record is a new DNS feature that contains an address record for an IPv6 host. The task of querying for the address is done with the name resolver, which is usually part of the operating system. The network administrator must set up the appropriate DNS server with IPv6 support and connect it to the IPv6 network with a valid IPv6 address. The hosts must also have IPv6 addresses.
IPv4- and IPv6-Aware Applications and Name Resolution
A dual-stack host has both IPv4 and IPv6 protocol stacks and has a new application program interface (API) defined to support both IPv4 and IPv6 addresses and DNS requests. An application can use both IPv4 and IPv6. An application can be converted to the new API while still using only IPv4.
As shown in Figure 6-23, an IPv6- and IPv4-enabled application chooses which stack to use (the typical default is IPv6) and asks the DNS server for the destination host’s address; in this example, it requests the host’s IPv6 address. After receiving the response from the DNS server, the application asks the source host to connect to the destination host using IPv6.
Note | Microsoft Windows XP and Windows Server 2003 fully support most aspects of IPv6 with the appropriate service packs installed; Windows Vista supports IPv6. |
IPv4-to-IPv6 Transition Strategies and Deployments
IPv4-to-IPv6 migration does not happen automatically. The following sections first explore the differences between IPv4 and IPv6 and then discuss possible transition strategies and deployments.
Differences Between IPv4 and IPv6
Regardless of which protocol is used, the communication between IPv4 and IPv6 domains must be transparent to end users. The major differences to consider between IPv4 and IPv6 include the following:
-
IPv4 addresses are 32 bits long, whereas IPv6 addresses are 128 bits long.
-
An IPv6 packet header is different from an IPv4 packet header. The IPv6 header is longer and simpler (new fields were added to the IPv6 header, and some old fields were removed).
-
IPv6 has no concept of broadcast addresses; instead, it uses multicast addresses.
-
Routing protocols must be changed to support native IPv6 routing.
IPv4-to-IPv6 Transition
The transition from IPv4 to IPv6 will take several years because of the high cost of upgrading equipment. In the meantime, IPv4 and IPv6 must coexist. The following are three primary mechanisms for the transition from IPv4 to IPv6:
-
Dual-stack: Both the IPv4 and the IPv6 stacks run on a system that can communicate with both IPv6 and IPv4 devices.
-
Tunneling: Uses encapsulation of IPv6 packets to traverse IPv4 networks, and vice versa.
-
Translation: A mechanism that translates one protocol to the other to facilitate communication between the two networks.
The following sections describe these mechanisms.
In addition, Cisco has designed the IPv6 on the Multiprotocol Label Switching (MPLS) Provider Edge (PE) routers (6PE) feature, which supports smooth integration of IPv6 into MPLS networks. Because the MPLS routers switch packets based on labels rather than address lookups, organizations with an MPLS backbone can scale IPv6 traffic easily and do not need to make costly hardware upgrades.
Dual-Stack Transition Mechanism
As shown in Figure 6-24, a dual-stack node enables both IPv4 and IPv6 stacks. Applications communicate with both IPv4 and IPv6 stacks; the IP version choice is based on name lookup and application preference. This is the most appropriate method for campus and access networks during the transition period, and it is the preferred technique for transitioning to IPv6. A dual-stack approach supports the maximum number of applications. Operating systems that support the IPv6 stack include FreeBSD, Linux, Sun Solaris, and Windows 2000, XP, and Vista.
Tunneling Transition Mechanism
The purpose of tunneling is to encapsulate packets of one type in packets of another type. When transitioning to IPv6, tunneling encapsulates IPv6 packets in IPv4 packets, as shown in Figure 6-25.
By using overlay tunnels, isolated IPv6 networks can communicate without having to upgrade the IPv4 infrastructure between them. Both routers and hosts can use tunneling. The following different techniques are available for establishing a tunnel:
-
Manually configured: For a manually configured tunnel, the tunnel source and tunnel destination are manually configured with static IPv4 and IPv6 addresses. Manual tunnels can be configured between border routers or between a border router and a host.
-
Semi-automated: Semi-automation is achieved by using a tunnel broker that uses a web-based service to create a tunnel. A tunnel broker is a server on the IPv4 network that receives tunnel requests from dual-stack clients, configures the tunnel on the tunnel server or router, and associates the tunnel from the client to one of the tunnel servers or routers. A simpler model combines the tunnel broker and server onto one device.
-
Automatic: Various automatic mechanisms accomplish tunneling, including the following:
-
IPv4-compatible: The tunnel is constructed dynamically using an IPv4-compatible IPv6 address (an IPv6 address that consists of 0s in the upper bits and an embedded IPv4 address in the lower 32 bits). Because it does not scale, this mechanism is appropriate only for testing.
-
IPv6-to-IPv4 (6-to-4): The 6-to-4 tunneling method automatically connects IPv6 islands through an IPv4 network. Each 6-to-4 edge router has an IPv6 address with a /48 prefix that is the concatenation of 2002::/16 and the IPv4 address of the edge router; 2002::/16 is a specially assigned address range for the purpose of 6-to-4. The edge routers automatically build the tunnel using the IPv4 addresses embedded in the IPv6 addresses. For example, if the IPv4 address of an edge router is 192.168.99.1, the prefix of its IPv6 address is 2002:C0A8:6301::/48 because 0xC0A86301 is the hexadecimal representation of 192.168.99.1.
When an edge router receives an IPv6 packet with a destination address in the range of 2002::/16, it determines from its routing table that the packet must traverse the tunnel. The router extracts the IPv4 address embedded in the third to sixth octets, inclusive, in the IPv6 next-hop address. This IPv4 address is the IPv4 address of the 6-to-4 router at the destination site—the router at the other end of the tunnel. The router encapsulates the IPv6 packet in an IPv4 packet with the destination edge router’s extracted IPv4 address.
The packet passes through the IPv4 network. The destination edge router unencapsulates the IPv6 packet from the received IPv4 packet and forwards the IPv6 packet to its final destination. A 6-to-4 relay router, which offers traffic forwarding to the IPv6 Internet, is required for reaching a native IPv6 Internet.
-
6over4: A router connected to a native IPv6 network and with a 6over4-enabled interface can be used to forward IPv6 traffic between 6over4 hosts and native IPv6 hosts. IPv6 multicast addresses are mapped into the IPv4 multicast addresses. The IPv4 network becomes a virtual Ethernet for the IPv6 network; to achieve this, an IPv4 multicast-enabled network is required.
-
Translation Transition Mechanism
Dual-stack and tunneling techniques manage the interconnection of IPv6 domains. For legacy equipment that will not be upgraded to IPv6 and for some deployment scenarios, techniques are available for connecting IPv4-only nodes to IPv6-only nodes, using translation, an extension of NAT techniques.
As shown in Figure 6-26, an IPv6 node behind a translation device has full connectivity to other IPv6 nodes and uses NAT functionality to communicate with IPv4 devices.
Translation techniques are available for translating IPv4 addresses to IPv6 addresses and vice versa. Similar to current NAT devices, translation is done at either the transport layer or the network layer. NAT-Protocol Translation (NAT-PT) is the main translation technique; the Dual-Stack Transition Mechanism (DSTM) might also be available.
The NAT-PT translation mechanism translates at the network layer between IPv4 and IPv6 addresses and allows native IPv6 hosts and applications to communicate with native IPv4 hosts and applications. An application-level gateway (ALG) translates between the IPv4 and IPv6 DNS requests and responses. NAT-PT is defined in RFC 2766, Network Address Translation-Protocol Translation (NAT-PT).
Note | ALGs use a dual-stack approach and enable a host in one domain to send data to another host in the other domain. This method requires that all application servers be converted to IPv6. |
The DSTM translation mechanism may be used for dual-stack hosts in an IPv6 domain that have not yet had an IPv4 address assigned to the IPv4 side but that must communicate with IPv4 systems or allow IPv4 applications to run on top of their IPv6 protocol stack. This mechanism requires a dedicated server that dynamically provides a temporary global IPv4 address for the duration of the communication (using DHCPv6) and uses dynamic tunnels to carry the IPv4 traffic within an IPv6 packet through the IPv6 domain.
IPv6 Routing Protocols
The routing protocols available in IPv6 include interior gateway protocols (IGP) for use within an autonomous system and exterior gateway protocols (EGP) for use between autonomous systems.
As with IPv4 CIDR, IPv6 uses the same longest-prefix match routing. Updates to the existing IPv4 routing protocols were necessary for handling longer IPv6 addresses and different header structures. Currently, the following updated routing protocols or draft proposals are available:
-
IGPs:
-
RIP new generation (RIPng)
-
EIGRP for IPv6
-
OSPF version 3 (OSPFv3)
-
Integrated IS-IS version 6 (IS-ISv6)
-
-
EGP: Multiprotocol extensions to BGP version 4 (BGP4+)
RIPng
RIPng is a distance-vector protocol with a limit of 15 hops that uses split-horizon and poison reverse to prevent routing loops. RIPng features include the following:
-
RIPng is based on the IPv4 RIPv2 and is similar to RIPv2.
-
RIPng uses an IPv6 prefix and a next-hop IPv6 address.
-
RIPng uses the multicast address FF02::9, the all-RIP-routers multicast address, as the destination address for RIP updates.
-
RIPng uses IPv6 for transport.
-
RIPng uses link-local addresses as source addresses.
-
RIPng updates are sent on UDP port 521.
Note | RIPng is defined in RFC 2080, RIPng for IPv6. |
EIGRP for IPv6
EIGRP for IPv6 is available in Cisco IOS Release 12.4(6)T and later. EIGRP for IPv4 and EIGRP for IPv6 are configured and managed separately; however, the configuration and operation of EIGRP for IPv4 and IPv6 is similar. EIGRP for IPv6 features include the following:
-
EIGRP for IPv6 is configured directly on the interfaces over which it runs.
-
EIGRP for IPv6 can be configured without the use of a global IPv6 address.
-
No network commands are used when configuring EIGRP for IPv6.
-
EIGRP for IPv6 routes IPv6 prefixes.
Note | EIGRP IPv6 is not currently supported on the Cisco 7600 routers or Catalyst 6500 switches. |
For more information on this protocol, refer to “Implementing EIGRP for IPv6,” available at http://www.cisco.com/.
OSPFv3
OSPFv3 is a new OSPF implementation for IPv6; it has the following features:
-
OSPFv3 is similar to OSPF version 2 (OSPFv2) for IPv4; it uses the same mechanisms as OSPFv2, but the internals of the protocols are different.
-
OSPFv3 carries IPv6 addresses.
-
OSPFv3 uses link-local unicast addresses as source addresses.
-
OSPFv3 uses IPv6 for transport.
Note | OSPFv3 is defined in RFC 2740, OSPF for IPv6. |
Integrated IS-IS Version 6
The large address support in integrated IS-IS facilitates the IPv6 address family. IS-ISv6 is the same as IS-IS for IPv4, with the following extensions added for IPv6:
-
Two new type-length-values (TLV):
-
IPv6 Reachability
-
IPv6 Interface Address
-
-
New protocol identifier
BGP4+
Multiprotocol extensions for BGP4 enable other protocols to be routed besides IPv4, including IPv6. Additional IPv6-specific extensions incorporated into BGP4+ include the definition of a new identifier for the IPv6 address family.
Note | RFC 4760, Multiprotocol Extensions for BGP-4, defines multiprotocol extensions to BGP. RFC 2545, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing, defines BGP4+ for IPv6. |
Summary
In this chapter, you learned about IPv4 and IPv6 addressing. The following topics were explored:
-
Private and public IP addresses, and when to use each
-
Determining the network size, including the number and type of locations and the number and type of devices at each location
-
Hierarchical addressing, route summarization, and the role of classful and classless routing protocols and fixed-length and variable-length subnet masks
-
Static and dynamic (DHCP) address assignment
-
Static and dynamic (DNS) name resolution
-
Features of IPv6, including its 128-bit addresses
-
Types of IPv6 addresses: unicast (one-to-one), anycast (one-to-nearest), and multicast (oneto-many)
-
Types of IPv6 unicast addresses: global aggregatable, link-local, and IPv4-compatible
-
Types of IPv6 address assignment: static or dynamic, which includes using link-local addresses, stateless autoconfiguration, and stateful using DHCPv6
-
Types of IPv6 name resolution: static or dynamic using DNS servers that have IPv6 protocol stack support
-
IPv4-to-IPv6 transition strategies, including dual-stack use, tunneling mechanisms, and translation mechanisms
-
IPv6 routing protocols, including RIPng, EIGRP for IPv6, OSPFv3, IS-ISv6, and BGP4+
No comments:
Post a Comment