Ipv6

IPv6
Presented by: ALLAOUI Mohamed Amine

ALLAOUI Mohamed Amine – CCNP
1
allaoui.amine@gmail.com

Plan
I. Introduction – TCP/IP model
II. Limitations of ipv4
1. Public and private addresses
2. NAT/PAT
3. IPSec
III. Ipv6
1. Ipv6 concepts and addressing
2. Ipv6 routing
3. Ipv6 Security
4. Migration to IPv6
IV. Ipv6/ipv4 coexistence
1. NAT-PT
2. Tunneling
3. Dual stacks
V. Live Demo

2

TCP/IP
letter

Application Poste / UPS / DHL

Host-to-Host With/ without acknowledgment of receipt

• Addresses
Internet • Priority
• Routes

Network Access Cars, airplanes, ships

3

TCP/IP

Application HTTP – FTP – Telnet – RTP – DNS – SMTP

Host-to-Host TCP - UDP

Internet IPv4 – IPv6

Network Access Ethernet – PPP – HDLC – Metro Ethernet – Frame Relay

4

TCP/IP
My computer Google.com
192.168.0.100 173.194.35.2

Application Application

Host-to-Host Host-to-Host

Internet Internet Internet Internet

Network Access Network Access Network Access Network Access

5

TCP/IP
Router 1 Google.com
My computer
IP: 192.168.0.254 IP: 173.194.35.2
IP: 192.168.0.100
Mac: mac-r1
Mac: mac-pc1

HTTP Request HTTP

TCP (source 2655, TCP (source
destination 80) 2655, destination 80)

IPv4 (source IPv4 (source IPv4 (source
192.168.0.100, destina 192.168.0.100, destination 192.168.0.100, destina
tion 173.194.35.2) 173.194.35.2 tion 173.194.35.2

Ethernet
Ethernet Source mac- PPP / HDLC /
Source mac-pc1, pc1, destination PPP / HDLC / ATM
destination mac-r1 mac-r1 ATM

6

TCP/IP
Router 1 Google.com
My computer
IP: 192.168.0.254 IP: 173.194.35.2
IP: 192.168.0.100
Mac: mac-r1
Mac: mac-pc1

HTTP Reply HTTP

TCP (source TCP (source 80,
80, destination 2655) destination 2655)

IPv4 (source IPv4 (source
IPv4 (source
192.168.0.100, 192.168.0.100,
192.168.0.100, destination
destination destination
173.194.35.2
173.194.35.2) 173.194.35.2

Ethernet Ethernet
Source mac- PPP / HDLC /
Source mac-
pc1, destination mac-
pc1, destination PPP / HDLC / ATM
mac-r1 ATM
r1

7

Limitations of ipv4
1. Public and private addresses
2. NAT/PAT
3. IPSec

8

IPv4 addresses
• 32 bits of addresses - 4 Octets ( A.B.C.D)
• Total number of addresses is (2^32-1) = 4.294.967.295
• Different classes of IP addresses.

Class Subnet mask range number

126 networks of
A 255.0.0.0 1.0.0.0 126.255.255
16777214 hosts
16320 networks
B 255.255.0.0 128.0.0.0 191.255.255.255
of 65534 hosts
2145825
C 255.255.255.0 192.0.0.0 223.255.255.255 networks of 254
hosts
All the remaining addresses are reserved for multicast and experimentation
Only approximately 3,5 B addresses are usable
9

Public and Private addresses
• 3 ranges of addresses are used as private
addresses
» 192.168.0.0 – 192.168.255.255
» 172.16.0.0 – 172.31.255.255
» 10.0.0.0 – 10.255.255.255

• All other usable addresses are public
• Only public addresses are routed in the
internet.

10

Network Address Translation
Range 192.168.0.0 255.255.255.0
192.168.0.1 Private
192.168.0.254
200.156.24.0 – 200.156.24.255
192.168.0.2
Public

192.168.0.3

Private Public

192.168.0.1 200.168.24.1
192.168.0.2 200.168.24.2
192.168.0.3 200.168.24.3

11

Port Address Translation
Range 192.168.0.0 255.255.255.0
192.168.0.1 Private
192.168.0.254
200.156.24.4
192.168.0.2
Public

192.168.0.3
Private Public

private:source port Public:source port

192.168.0.1:2233 200.168.24.4:2233
192.168.0.2:1554 200.168.24.4:1554
192.168.0.3:6651 200.168.24.4:6651

12

NAT/PAT
• Uses a lot of processing power and memory
• Hosting limitations
• Provides basic security but not really useful
• Slows down ip packets
• …

13

IPSec
• Security at network layer
• More reliable that transport/application layer
security
• Consumes less processing power
• Provides a lot of features
• Provides some security to unsecure applications
• Provides authentication, protection, encryption
and negociation

14

IPSec

Application

Host-to-Host

Internet

Network Access

15

Headers
IPv4 packet Host to Host Application

Transport Mode : Ipv4 packet AH/ESP Host to Host Application

Tunnel Mode : IPv4 packet AH/ESP IPv4 packet Host to Host Application

16

IPSec
• More overhead
• More processing power
• More bandwidth usage
• More delay

17

IPv6
1. Ipv6 concepts and addressing
2. Ipv6 routing
3. Ipv6 Security

18

Ipv6 concepts and addressing

• New internet layer protocol
• 128 bits of addresses =
340.282.366.920.938.463.463.374.607.431.770.000.000
• Ipv6 header is less complex that IPv4.
• No private addresses
• No broadcasts
• Very long addresses:
2000:AD24:114d:aabc:1100:0001:0000:0001
19

IPv6 Header

20

Ipv6 concepts and addressing
• Address abbreviation
– Ex: 2000:0000:0000:0000:0000:0000:0000:0001
== 2000::1
– 2000:0001::1 == 2000:1::1
• 3 types of addresses:
– Link Local : FE80:: /10
– Multicast : FF02 :: /8
– Global Unicast : 2000 :: /3

21

Ipv6 Routing
• Static routing
• Dynamic routing
– RIPng
– OSPF 3
– EIGRP for IPv6
– Multiprotocol BGP

22

Static Routing

• every router only knows it’s directly connected networks
• every router needs to know how to get to all networks
• Every router had its own routing table
• Each route has to be added staticly to every router

23

Dynamic Routing
• RIPng
• OSPF 3
• EIGRP for IPv6

• All routers has to use the same routing protocol
• Each router sends updates to his neighbors to tell them about networks
it knows

24

IPv6 Security
• NDP replaced ARP and stateful DHCP
• Link local addresses are not routable
• No duplicate MAC-Address on a subnet
• « the Less we have on the header the more
secure the protocol is »
• Ipv6 supports IPSec without adding another
header.

25

Neighbor Discovery Protocol
• Hosts send a Neighbor Sollicitation to verify if
the global unicast address is unique and if it is
the the correct subnet (FF02::1)
• Hosts send a Neighbor Advertisement to the
multicast address of all IPv6 hosts (FF02::1) to
tell them about it’s link local address.
• Finally, to know how to get to the gateway,
hosts send another NS to know the IPv6
address of the gateway (FF02::2)

26

Migration to IPv6
• Every computer supports Ipv6 since 2002
• Almost all routers support IPv6
• Servers on the Internet has to be configured
to use IPv6
• Network Operators are not using ipv6 yet.
• Some countries in asia are already using IPv6.

27

Migration to IPv6
• What are we waiting for?
– Some feature on IPv6 are not yet industry
standards
– Internet users are afraid of using global unicast
addressed
– Networks administrators are not confortable with
this new suite of protocols
– Rare ressources are always more beneficial for
Internet Operators
28

Migration to IPv6
• What are we waiting for?
– Some issues with NBMA (frame-relay, ATM, MPLS
…)
– Gouvernements don’t accept changes easily.

29

IPv6/IPv4 coexistence
1. NAT-PT
2. Tunneling
3. Dual stacks

30


ISP

195.25.111.3
CS Professors

2001:AA01:45:3::0/64
NAT -PT

2001:AA01:45:3::0/64 195.25.111.3

31


ISP

195.25.111.3
CS Professors

2001:AA01:45:3::0/64
NAT –PT
&
Dual Stack Dual stack

32

NAT-PT
• Translates IPv6 addresses to IPv4 and IPv4 to
IPv6
• Same as classic NAT and PAT
IPv6 address IPv4 address

2001:AA01:45:3::1 port 1542 195.25.111.3 port 1542
2001:AA01:45:3::2 port 1598 195.25.111.3 port 1598
2001:AA01:45:3::3 port 4452 195.25.111.3 port 4452

33

Tunneling
• Point-to-point Tunnels
– Ip6ip
– Generic Router Encapsulation (GRE)
• Multipoint Tunnels
– Automatic 6to4
– ISATAP tunnels

IPv4 Packet IPv6 Packet Host to Host Application

34

Dual Stacks
• Interfaces that run both IPv4 and IPv6 at the
same time

192.168.0.1

2001:AA01:45:9::1/64 192.168.0.254

2001:AA01:45:9::FFFF/64
192.168.0.2

2001:AA01:45:9::2/64
35

Thank you for your attention
Any questions ?

36

Ipv6

Recommandé

Recommandé

Contenu connexe

Similaire à Ipv6

Similaire à Ipv6 (20)

Dernier

Dernier (20)

Ipv6