2. Plan
I. Introduction – TCP/IP model
II. Limitations of ipv4
1. Public and private addresses
2. NAT/PAT
3. IPSec
III. Ipv6
1. Ipv6 concepts and addressing
2. Ipv6 routing
3. Ipv6 Security
4. Migration to IPv6
IV. Ipv6/ipv4 coexistence
1. NAT-PT
2. Tunneling
3. Dual stacks
V. Live Demo
ALLAOUI Mohamed Amine – CCNP
2
allaoui.amine@gmail.com
3. TCP/IP
letter
Application Poste / UPS / DHL
Host-to-Host With/ without acknowledgment of receipt
• Addresses
Internet • Priority
• Routes
Network Access Cars, airplanes, ships
ALLAOUI Mohamed Amine – CCNP
3
allaoui.amine@gmail.com
8. Limitations of ipv4
1. Public and private addresses
2. NAT/PAT
3. IPSec
ALLAOUI Mohamed Amine – CCNP
8
allaoui.amine@gmail.com
9. IPv4 addresses
• 32 bits of addresses - 4 Octets ( A.B.C.D)
• Total number of addresses is (2^32-1) = 4.294.967.295
• Different classes of IP addresses.
Class Subnet mask range number
126 networks of
A 255.0.0.0 1.0.0.0 126.255.255
16777214 hosts
16320 networks
B 255.255.0.0 128.0.0.0 191.255.255.255
of 65534 hosts
2145825
C 255.255.255.0 192.0.0.0 223.255.255.255 networks of 254
hosts
All the remaining addresses are reserved for multicast and experimentation
Only approximately 3,5 B addresses are usable
ALLAOUI Mohamed Amine – CCNP
9
allaoui.amine@gmail.com
10. Public and Private addresses
• 3 ranges of addresses are used as private
addresses
» 192.168.0.0 – 192.168.255.255
» 172.16.0.0 – 172.31.255.255
» 10.0.0.0 – 10.255.255.255
• All other usable addresses are public
• Only public addresses are routed in the
internet.
ALLAOUI Mohamed Amine – CCNP
10
allaoui.amine@gmail.com
12. Port Address Translation
Range 192.168.0.0 255.255.255.0
192.168.0.1 Private
192.168.0.254
200.156.24.4
192.168.0.2
Public
192.168.0.3
Private Public
private:source port Public:source port
192.168.0.1:2233 200.168.24.4:2233
192.168.0.2:1554 200.168.24.4:1554
192.168.0.3:6651 200.168.24.4:6651
ALLAOUI Mohamed Amine – CCNP
12
allaoui.amine@gmail.com
13. NAT/PAT
• Uses a lot of processing power and memory
• Hosting limitations
• Provides basic security but not really useful
• Slows down ip packets
• …
ALLAOUI Mohamed Amine – CCNP
13
allaoui.amine@gmail.com
14. IPSec
• Security at network layer
• More reliable that transport/application layer
security
• Consumes less processing power
• Provides a lot of features
• Provides some security to unsecure applications
• Provides authentication, protection, encryption
and negociation
ALLAOUI Mohamed Amine – CCNP
14
allaoui.amine@gmail.com
19. Ipv6 concepts and addressing
• New internet layer protocol
• 128 bits of addresses =
340.282.366.920.938.463.463.374.607.431.770.000.000
• Ipv6 header is less complex that IPv4.
• No private addresses
• No broadcasts
• Very long addresses:
2000:AD24:114d:aabc:1100:0001:0000:0001
ALLAOUI Mohamed Amine – CCNP
19
allaoui.amine@gmail.com
23. Static Routing
• every router only knows it’s directly connected networks
• every router needs to know how to get to all networks
• Every router had its own routing table
• Each route has to be added staticly to every router
ALLAOUI Mohamed Amine – CCNP
23
allaoui.amine@gmail.com
24. Dynamic Routing
• RIPng
• OSPF 3
• EIGRP for IPv6
• All routers has to use the same routing protocol
• Each router sends updates to his neighbors to tell them about networks
it knows
ALLAOUI Mohamed Amine – CCNP
24
allaoui.amine@gmail.com
25. IPv6 Security
• NDP replaced ARP and stateful DHCP
• Link local addresses are not routable
• No duplicate MAC-Address on a subnet
• « the Less we have on the header the more
secure the protocol is »
• Ipv6 supports IPSec without adding another
header.
ALLAOUI Mohamed Amine – CCNP
25
allaoui.amine@gmail.com
26. Neighbor Discovery Protocol
• Hosts send a Neighbor Sollicitation to verify if
the global unicast address is unique and if it is
the the correct subnet (FF02::1)
• Hosts send a Neighbor Advertisement to the
multicast address of all IPv6 hosts (FF02::1) to
tell them about it’s link local address.
• Finally, to know how to get to the gateway,
hosts send another NS to know the IPv6
address of the gateway (FF02::2)
ALLAOUI Mohamed Amine – CCNP
26
allaoui.amine@gmail.com
27. Migration to IPv6
• Every computer supports Ipv6 since 2002
• Almost all routers support IPv6
• Servers on the Internet has to be configured
to use IPv6
• Network Operators are not using ipv6 yet.
• Some countries in asia are already using IPv6.
ALLAOUI Mohamed Amine – CCNP
27
allaoui.amine@gmail.com
28. Migration to IPv6
• What are we waiting for?
– Some feature on IPv6 are not yet industry
standards
– Internet users are afraid of using global unicast
addressed
– Networks administrators are not confortable with
this new suite of protocols
– Rare ressources are always more beneficial for
Internet Operators
ALLAOUI Mohamed Amine – CCNP
28
allaoui.amine@gmail.com
29. Migration to IPv6
• What are we waiting for?
– Some issues with NBMA (frame-relay, ATM, MPLS
…)
– Gouvernements don’t accept changes easily.
ALLAOUI Mohamed Amine – CCNP
29
allaoui.amine@gmail.com
33. NAT-PT
• Translates IPv6 addresses to IPv4 and IPv4 to
IPv6
• Same as classic NAT and PAT
IPv6 address IPv4 address
2001:AA01:45:3::1 port 1542 195.25.111.3 port 1542
2001:AA01:45:3::2 port 1598 195.25.111.3 port 1598
2001:AA01:45:3::3 port 4452 195.25.111.3 port 4452
ALLAOUI Mohamed Amine – CCNP
33
allaoui.amine@gmail.com
35. Dual Stacks
• Interfaces that run both IPv4 and IPv6 at the
same time
192.168.0.1
2001:AA01:45:9::1/64 192.168.0.254
2001:AA01:45:9::FFFF/64
192.168.0.2
2001:AA01:45:9::2/64
ALLAOUI Mohamed Amine – CCNP
35
allaoui.amine@gmail.com
36. Thank you for your attention
Any questions ?
ALLAOUI Mohamed Amine – CCNP
36
allaoui.amine@gmail.com