IPv6 Foundations v2016

Mukom Akong T.
| @perfexcellent
@AFRINICtraining
Engage us on Twitter
#IPv6 #<city> #<country>
EXERCISE
Call out
a phrase you associate with IPv6
EXERCISE
Write out your
ONE BURNING question

about IPv6
AGENDA
IPv4 Exhaustion
and its implications
IPv6 Address Types

LLA | GUA | ULA etc
1
2
IPv6 Address Basics
Basic Configuration
notation, shortening rules
3
hosts and routers
IPv6 vs IPv4
key functions comparison
Neighbor Discovery
and its applications
Address Planning
Provisioning
ISPs, campuses, enterprises
7
SLAAC, DHCPv6, DHCP-PD
Basic IPv6 Routing
static & OSPFv3
10
Transition Techniques
11
usage scenarios
dual stack, tunnels, NAT64
END
Pre-requisite knowledge & skills

Foundational concepts of networking
OSI and TCP/IP networking model
IPv4 addressing, subnetting, VLSM, CIDR
Routing and forwarding
Experience configuring and maintaining basic IPv4
Host (Windows, Linux, Unix etc)configuration
Use of TCP/IP applications: ping, traceroute, telnet
Experience using the CLI (Cisco IOS, JUNOS, Linux/Unix)
learn.afrinic.net | slide 9
Understanding
Implications of IPv4 Exhaustion

Section Objectives
Describe the global situation with respect to IPv4 addresses

Describe the implications of IPv4 exhaustion
Timelines, Implications, Consequences
Central IPv4 pool as at 16.06.2010
Used
Free
Unusable
Central IPv4 pool as at 31.01.2011
Used
Free
Unusable
Global IPv4 address distribution is unbalanced
Number of IPv4 addresses per person

3 Feb 19 Apr
2011 2011
14 Sep
2012
10 Jun 24 Sep
2014 2015
AFRINIC
ARIN
LACNIC
RIPE NCC
APNIC
IANA
General IPv4 pool depletion timeline
2017
Exhaustion drives up address costs & NATs

Network complexity
$12
/address
NAT
Increase in OPEX
Breaks end-to-end
Cripples innovation
Implications for Africa: Scramble for Africa

African networks deprived
of critical IPv4 needed to
facilitate transition to IPv6
We are forced to deploy
greenfield IPv6
Use of NAT increases
How will you deal with IPv4 exhaustion?
Wait and see
Deploy IPv6
Deploy NAT on Steroids
IPv6 the only sustainable response to exhaustion

IPv6
IPv6? No rush,
AFRINIC still has
IPv4 till 2018
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert
Working with
IPv6 Addresses
Section Objectives
Work comfortably with IPv6s hexadecimal notation

Identify, write and shorten IPv6 addresses
IPv4 Exhaustion
IPv6 Address Types

LLA | GUA | ULA etc
1
2
IPv6 Address Basics
IPv6 vs IPv4
3
Recall: TCP/IP model (IPv4 32 bits)

APPLICATION
DNS
HTTP
IMAP
SMTP
POP
NFS
TRANSPORT
TCP
IPv4
UDP
NETWORK
ICMP
IGMP
IPSec
NAT
OSPF
IS-IS
mob. IP
DATA LINK
Ethernet et al
NBMA
ATM
3GPP
TCP/IP model (IPv6 128 bits)

APPLICATION
DNS
HTTP
IMAP
SMTP
POP
NFS
TRANSPORT
TCP
IPv6
UDP
NETWORK
ICMPv6
MLD
IPSec
ND
OSPFv3
IS-IS
mob. IP
DATA LINK
Ethernet et al
NBMA
ATM
3GPP
How to write IPv6 addresses (1/2)
0010000000000001
0000000000010000
1011101011101000
1111111001001010
0100001010010000
0000001001001001
0101011011111111
1110110011111110
128 bits
How to write IPv6 addresses (2/2)

128 bits
32 nibbles
hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh/n
h = hexadecimal digit (hexit) [0 9, a f]
n = prefix length: decimal value
Full IPv6 address example

0010000000000001 0100001010010000 0000000000010000 0000001001001001
2001:4290:0010:0249:bae8:56ff:fe4a:ecfe
1011101011101000 0101011011111111 1111111001001010 1110110011111110

1
2
Rules for shortening IPv6 addresses
The Zero Suppression rule
Strip off all LEADING zeroes
The Zero Compression rule
Replace CONTIGUOUS groups of zeroes with ::

Example: shortening an IPv6 address
2001:0000:0000:0249:0000:0000:0000:ecfe
Zero Compression
Zero Suppression
2001::249:0:0:0:ecfe
Example: shortening an IPv6 address
2001:0000:0000:0249:0000:0000:0000:ecfe
Zero Suppression
Zero Compression
2001:0:0:249::ecfe
WRONG! IPv6 address shortening
2001:0000:0000:0249:0000:0000:0000:ecfe
The Zero Compression rule The Zero Compression rule
2001::249::ecfe
Compress the following

a)
b)
c)
d)
2001:0db8:0000:0000:0008:0800:200C:417a
ff01:0000:0000:0000:0000:0000:0000:0101
0000:0000:0000:0000:0000:0000:0000:0001
0000:0000:0000:0000:0000:0000:0000:0000
QUIZ
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert
Understanding
IPv6 Address Types

Section Objectives
Identify different types of IPv6 addresses

Describe the structure and scopes these addresses
IPv4 Exhaustion
IPv6 Address Types

LLA | GUA | ULA etc
1
2
IPv6 Address Basics
Basic Configuration
3
hosts and routers
Therere 3 types of IPv6 addresses

1:1
Unicast
1:n
Multicast
Tx
1:closest
Anycast
Rx
Tx
Tx
Rx
Rx
Rx
Rx
Rx
No broadcast addresses (or communications) in IPv6

Rx
And address has scope = extent of uniqueness

Global scope
Link-local scope
Within a scope, an address can be used as a unique ID for

an interface
Global unicast addresses (GUA)

Network portion
n bits
Global Routing Prefix
Host portion
64 - n bits
64 bits
SubnetID
InterfaceID
Ex: 2001:4290:10:249:bae8:56ff:fe4a:ecfe
Link-local addresses (LLA)
10 bits
54 bits
1111111010
64 bits
InterfaceID
fe80
Ex: fe80:0000:0000:0000:bae8:56ff:fe4a:ecfe
Link-local reachability and scopeID

fe80::1
fe80::1a
Fe 0/0
fe80::1b
fe80::3
Fe 0/1
fe80::4
fe80::2
ping fe80::1
Which interface does the router send out the packet?

You must additionally specify the egress interface
Resolving LLA ambiguity with zoneIDs

Identifies address scope
Automatically generated by OS
Typically a +ve integer or interface name
fe80::hhhh:hhhh:hhhh:hhhh%zoneID
E.g on Mac OS X: fe80::bae8:56ff:fe4a:ecfe%en0
E.g on Windows: fe80::bae8:56ff:fe4a:ecfe%10
Quiz: Using ScopeIDs correctly

Node B
fe80::a1%10
fe80::b%eth0
fe80::a2%11
fe80::c%en1
Node A
Write down the commands for

Node A to telnet to Node B
Node A to ping Node C
Node C
No, you cant use only LLAs in a network
They cant be pinged from off-link

Traceroute via LLA link will reveal routers system address
Troubleshooting parallel point-to-point links is difficult
Swapping out an interface may trigger change of address
Breaks ability to name interfaces in DNS-style
Difficult to specify and recognize LLAs
Unique Local Addresses (ULA)

8 bits
56 bits
1111 110L
64 bits
InterfaceID
fc00::/7
L=0
fc00::/8
Centrally assigned
fd00::/8
L=1
Free use self assignment
IPv4-based IPv6 transition addresses

Network portion
Host portion
n bits
32 bits
32 - n bits
64 bits
IPv6 Prefix
WWXX:YYZZ
SubnetID
InterfaceID
IPv4 address: w.x.y.z

Most significant example is formation of 6rd addresses.
Most common example is 6to4 addresses: 2002:WWXX:YYZZ::/48
Quiz: generate an IPv6 prefix from an IPv4 address

Given the following IPv6 root prefix and IPv4 address,
generate the corresponding IPv6 prefix
2002 and 196.1.0.87
2001:4290 and 196.1.0.87
Generating the InterfaceID (IID)

Network portion
Host portion
64 bits
64 bits
Network Prefix
Static (manual)
Servers
Router interfaces
InterfaceID
EUI-64
cryptographically
Pseudo-random
Automatically configured hosts

Motivations of the 64-bit boundary (RFC 7421)

The default length of IIDs is 64-bits with /127 for point
to point links as the only exception
The Cryptographically Generated Addresses

(CGA) and Hash-Based Addresses (HBA)
specifications rely on the 64-bit identifier, as do
INITIAL MOTIVATIONS FOR A 64-BIT BOUNDARY

A proposal that led to the Identifier-Locator
Network Protocol[RFC6741], required a fixed
point for the split between LAN and WAN parts
of an address
the Privacy extensions [RFC4941] and some

examples in "Internet Key Exchange Version 2
(IKEv2)" [RFC7296].
Mobile IP home network models [RFC4887] rely
heavily on the /64 subnet length and assume a
Expectation that 64-bit Extended Unique

Identifier (EUI-64) Media Access Control (MAC)
64-bit IID.
A shorter IID may only be required where a site
addresses would become widespread in place
doesnt receive sufficient address space to use a /64
of 48-bit addresses
per leaf-subnet e.g. home network, vehicles. In this
Plans that auto-configured addresses will be

based on MAC-based interface IDs
case a longer IID could be used in conjunction with

manual configuration or DHCPv6
Advantages of a fixed-length IID

Simplifies address auto-configuration; thus is mandatory for
The proposed method [RFC7278] of extending an assigned
operation of Stateless Address Auto-configuration (SLAAC)
/64 prefix from a smartphone's cellular interface to its WiFi
Fixed IID, separate from subnetID makes it possible to limit

the traceability of a host computer by varying the
identifier
link relies on prefix length, and implicitly on the length of

the IID, to be valued at 64.
/64 is explicitly referenced in many RFCs that specify IPv6.
Guarantees that therell forever be sufficient addresses in

the subnet to add more interfaces
Many existing IPv6 code also implements this.

The Cryptographically Generated Addresses (CGA) and
Homenet architecture (RFC 7368 )considers a CPE which
Hash-Based Addresses (HBA) specifications rely on the 64-
doesnt receive a sufficient prefix to allow use of /64s per
bit identifier, as do the Privacy extensions [RFC4941] and
leaf-subnet to be an error condition
some examples in "Internet Key Exchange Version 2
Same prefix-length on all leaf-subnets thus fewer errors

leading to simpler network design
(IKEv2)" [RFC7296].
Mobile IP home network models [RFC4887] rely heavily on
Adding a new subnet is easy just pick another /64 from
the /64 subnet length and assume a 64-bit IID.
the pool, no calculations or estimates
Reserved InterfaceIDs (RFC 5453)
0000:0000:0000:0000
FDFF:FFFF:FFFF:FF80
FDFF:FFFF:FFFF:FFFF
Subnet router anycast

Subnet anycast
How EUI-64 interfaceIDs are generated

00 90 27 17 FC 0F
Start with MAC address (48 bits)
00 90 27 FF FE 17 FC 0F
Expand it to 64 bits (add fffe)
0000 00X0
Set U/L bit

X = 0 for unique MAC
X = 1 for non-unique MAC
02 90 27 FF FE 17 FC 0F
Viola! your InterfaceID
Problems associated with EUI-64 addresses

1) Since EUI-64 based IIDs dont change over time, they
allow correlation of host activities within the same
network, thus negatively affecting the privacy of
users
2) Since EUI-64 based IIDs are constant across networks,
the resulting IPv6 addresses can be used to track
and correlate the activity of a host across multiple
networks (e.g., track and correlate the activities of a
typical client connecting to the public Internet from
different locations), thus negatively affecting the
privacy of users.
3) Since embedding the underlying link-layer address in
the Interface Identifier will result in specific address
patterns, such patterns may be leveraged by
attackers to reduce the search space when
performing address-scanning attacks. For example,
the IPv6 addresses of all hosts manufactured by the
same vendor (within a given time frame) will likely

contain the same IEEE Organizationally Unique
Identifier (OUI) in the Interface Identifier.
4) Embedding the underlying hardware address in the
Interface Identifier leaks device-specific information
that could be leveraged to launch device-specific
attacks.
5) Embedding the underlying link-layer address in the
Interface Identifier means that replacement of the
underlying interface hardware will result in a change
of the IPv6 address(es) assigned to that interface.
Consequences of not using 64-bit IIDs
Router implementations with strict interpretations of

/64 as in RFC6164 & RFC7136 will consider unicast
addresses in /65 - /126 as invalid and thus fail
Its impossible to generate multicast addresses
based on unicast prefixes (as per RFC3306) that
are more than /64
Breaks ability to embed a rendezvous point

address in a multicast group as per RFC3956 which
assumes at least a /64 prefix
The Cryptographically Generated Address format

[RFC3972] is heavily based on a /64 interface
identifier and will fail otherwise
IPv6-to-IPv6 Network Prefix Translation (NPTv6)
defined in RFC6296 maps a /64 prefix to another
/64 prefix and will fail for non-64-bit prefixes.

The Identifier-Locator Network Protocol (ILNP)
[RFC6741] is relies on locally unique 64-bit node
identifiers and will fail otherwise
Modifying SLAAC to work with shorter IIDs increases
increases the statistical risk of choosing the same
pseudo-random IID thus increasing change of
duplicate addresses and thus DAD failure.
Most host implementations hard-chose the linklocal address to be fe80::/64 using different IIDs
for LLAs on same link might have unpredictable
results
Consistent with SLAAC functioning, the A-bit in the
PIO is only honored if the prefix length is 64
Important well-known addresses

Unspecified address
Means host doesnt have an IPv6 address
Never used as destination address
Link-local scope
::
::/0
Default route
::1
Used to send IPv6 packets to itself

Must never be forwarded outside the node
IPv4-mapped IPv6 address

80 bits
16 bits
ffff
32 bits
IPv4 address
Example: ::ff:196.1.0.87
Represent an IPv4 address to an IPv6-only application
These addresses should not appear in the public Internet
Anycast addresses
Same address assigned to multiple interfaces/hosts (yellow)

Anycast packets are delivered to topologically closest one
Allocated from to unicast addresses space
Multicast addresses
ID of the multicast group within given scope
Prefix of unicast subnet which owns this address
8 bits
4
bits
4
bits
8 bits
11111111 flags scope reserved p-len
ff
64 bits
32 bits
network prefix
groupID
8 bits
Number of bits in network prefix field
All multicast addresses are in the range ff00::/8

Decoding the flags of a multicast address

RP not embedded
RP Embedded
0
1
0
1
Permanently assigned (IANA)

Dynamically assigned
0 R P T
0
1
Not based on a network prefix

Based on a network prefix
Well-known multicast scopes

4
bits
b b b b
Bits
Hex
Scope
0001
Interface-local
0010
Link-local
0100
Admin-local
0101
Site-local
1000
Organization-local
1110
Global
4
bits
b b b b
Reserved & undefined

scopes
0000
Reserved
0011
Reserved
1111
Reserved
0110
Unassigned
0111
Unassigned
1001
Unassigned
1110
Unassigned
1011
Unassigned
1100
Unassigned
1101
Unassigned
Example: groupID with different scopes

If NTP servers is assigned a permanent multicast group with ID = 101
FF01::101 All NTP servers on the same interface as sender

FF02::101 All NTP servers on the same link as sender
FF05::101 All NTP servers on the same site as sender
FF08::101 All NTP servers in same organisation as sender
FF0E:101
All NTP servers on the Internet

Reserved multicast addresses
FF00::
FF01::
FF02::
FF03::
FF04::
FF05::
FF06::
FF07::
FF08::
FF09::
FF0A::
FF0B::
FF0C::
FF0D::
FF0E::
FF0F::
Some well-known multicast addresses

FF01::1
All IPv6 nodes on the local interface
FF02::1
All nodes on the local link
FF01::2
All IPv6 routers on the local interface
FF02::2
All IPv6 routers on the local link
FF05::2
All IPv6 routers on the local site
RFC 2375 has the complete list

The Solicited-Node multicast address (SNMA)
hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh
24 bits
ff02::1:ffhh:hhhh/104
Computed for each unicast/anycast address
Different addresses with same lower 24 bits have same SNMA
Example of a Solicited-Node multicast address
4037::01:800:200e:8c6c
24 bits
ff02::1:ff0e:8f6c/104
Example of Solicited-Node multicast addresses

#show ipv6 interface g0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::CA9C:1DFF:FE6B:B6A0
Description: [Link to R1]
Global unicast address(es):
2001:43F8:90:C0::2, subnet is 2001:43F8:90:C0::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FF6B:B6A0
Mapping multicast to Ethernet addresses
ffhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh
32 bits
33-33-hh-hh-hh-hh
Multicast MAC address
Multicast MAC address examples
ff02::1
ff02::2
ff02::1:ff3f:21ac
33-33-00-00-00-01
33-33-00-00-00-02
33-33-ff-3f-21-ac
What addresses must a node identify itself by?

[Mandatory] Link-Local address of each interface
[Mandatory] Loopback address (::1)
[Mandatory] All-Nodes multicast addresses (ff0x::1)
Any unicast or anycast addresses of each interface
Solicited-Note multicast addresses for each of (4)
Multicast addresses of all groups to which it belongs
What addresses must a router identify itself by?
All addresses by which hosts identify themselves

The All-Routers multicast addresses (ff0x::1)
Subnet-router anycast address for all routed interfaces
Any configured anycast addresses
IPv6 address literals in URLs

Problem: The colon has another meaning in urls
It is a core part of the url specification (http://)
It is also used to specify the port
Solution: enclose the IPv6 address in square brackets

http://[2001:db8:85a3::7348]/
http://[2001:db8:85a3::7348]:80/
IPv6 literals in UNC path names

Problem: The colon is illegal character in UNC pathnames
The solution:
Replace each colon in the address with a dash
Replace any % in the zoneID with an s
Append .ipv6-literal.net to the address
2001:db8::7348 >> 2001-db8--7348.ipv6-literal.net
Which of the following EUI-64 IIDs could NOT

have been generated from MAC address 00-1E33-3B-5A-94?
QUIZ
a)
b)
c)
d)
2001:bd8:c001::021e:33ff:fe3b:5a94/64
2001:bd8:c001::021e:33fe:ff3b:5a94/64
2001:bd8::021e:33ff:fe3b:5a94/64
2001:021e::33ff:fe3b:5a94/64
Which of the following a EUI-64 IIDs could NOT

have been generated from MAC address
00:1E:33:3B:5A:94
QUIZ
a)
b)
c)
d)
2001:bd8:c001::021e:33ff:fe3b:5a94/64
2001:bd8:c001::021e:33fe:ff3b:5a94/64
2001:bd8::021e:33ff:fe3b:5a94/64
2001:021e::33ff:fe3b:5a94/64
Performing
Basic IPv6 Configuration

Section Objectives
Configure and verify IPv6 on

Windows operating systems

Linux operating systems
the MAC OS X operating system
Cisco IOS
Junos
IPv4 Exhaustion
IPv6 Address Types

LLA | GUA | ULA etc
1
2
IPv6 Address Basics
Basic Configuration
3
hosts and routers
Most OSes have IPv6 enabled by default
http://j.mp/OSv6-support
Host Configuration: Windows Vista/7
Host configuration: Mac OS X
Host configuration: Linux

(/etc/network/interfaces)
Configure a static address

auto eth0
iface eth0 inet6 static
address <v6address>/<prefix>
DHCPv6
auto eth0
iface eth0 inet6 dhcp
SLAAC
auto eth0
iface eth0 inet6 auto
Configure DNS resolver (/etc/resolv.conf)

nameserver <dns_resolver_v6_address>
nameserver <dns_resolver_v6_address>
Using privacy addresses

Recall EUI-64 addresses facilitates host tracking
To increase privacy hosts can use random IIDs
Status of privacy extensions by OS
Windows Vista/7/8: enabled by default
OS X 10.8+ : enabled by default
Linux - not enabled by default
Disabling privacy addressing

Windows
c:\netsh interface ipv6 set privacy state=enabled

c:\netsh interface ipv6 set global randomizeidentifiers=enabled
Mac OS X (/etc/sysctl.conf)
net.inet6.ip6.use_tempaddr=1
net.inet6.ip6.temppltime=XX
Linux (/etc/sysctl.conf)
$echo "1" > /proc/sys/net/ipv6/conf/default/use_tempaddr

Configuring basic IPv6 on Cisco IOS

Enable IPv6 on an Interface
(config)#ipv6 enable
Assign an IPv6 address with automatic interfaceID
#ipv6 address <prefix/length>
eui-64
Assign a static IPv6 address

#ipv6 address <address/length> [link-local | anycast]
Enable IPv6 routing and CEF
(config)#ipv6 unicast-routing
(config)#ipv6 cef
Configuring basic IPv6 on Junos

Enable IPv6 on an Interface
#edit interfaces <interfacename> unit <unit_no>
Assign an IPv6 address with automatic interfaceID
#set family inet6 address <prefix/prefix-length>
eui-64
Assign a static IPv6 address

#set family inet6 address <ipv6address/prefix-length>
Troubleshooting tools: Linux

Ping
ping6
ping
Traceroute
traceroute6
traceroute
Interface info
ifconfig
ifconfig
Route table
netstat -A inet6 -rn
netstat -A inet -rn
Neighbor table
ip -6 neighbor show
arp -an
Testing basic IPv6 connectivity
ping6 <hostname> | <address>

ping6 I <interface> <mcast-addr>
ping <address>
Troubleshooting tools: OS X & *BSD

Ping
ping6
ping
Traceroute
traceroute6
traceroute
Interface info
ifconfig
ifconfig
Route table
netstat -f inet6 -rn
netstat -f inet -rn
Neighbor table
ndp -an
arp -an
Troubleshooting tools: Windows Vista and higher

Ping
ping -6
ping -4
Traceroute
tracert -6
tracert -4
Interface info
ipconfig /all
ipconfig /all
Route table
netsh interface ipv6

show route

show route
Neighbor table

show neighbours
arp -a
Testing basic IPv6 connectivity
ping 6 <hostname>
ping <address[%scopeID]>
Test reachability to the following
1. Your neighbors link-local address

EXERCISE 2. All IPv6 hosts on the subnet single
3. All IPv6 routers on the subnet
4. Trace the IPv6 path to certi6.io
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert
Understanding
IPv6 from an IPv4 Perspective

Section Objectives
Describe the IPv6 header & how it differs from the IPv4
Identify the IPv6 equivalents of key IPv4 protocols
IPv6 vs IPv4
Neighbor Discovery
Address Planning
Provisioning
7
The IPv6 packet structure

4 bits
8 bits
20 bits
Version Traffic Class

Payload Length
Flow Label
Next Header
Hop Limit
Source Address
40
bytes
Destination Address
Next Header
Extension Header Information

Data
Variable
length
IPv6 extension headers
Similar to IPv4 Protocol field

Encode additional Internet-layer information
Between base & upper-layer headers
Next Header field holds unique value for each header
IPv6 packet with no extension header

Version
Traffic Class
Payload Length
Flow Label
Next Header = UL
Hop Limit
Source Address
40
bytes
Destination Address
Upper Layer (e.g. TCP, UDP, ICMPv6, OSPFv3, tunnel etc.) Header
Data
Variable
length
IPv6 packet with extension headers

Version
Traffic Class
Payload Length
Flow Label
Next Header = EH1
Hop Limit
Source Address
Destination Address
Next Header = EH2
Next Header = UL
EH1 Header
EH2 Header
Upper Layer (e.g. TCP, UDP, ICMPv6, OSPFv3, tunnel etc) Header
Data
40
bytes
List and order of IPv6 extension headers

Order
Header
Code
Description
Basic IPv6 header
Hop-by-hop options
Destination options
60
Examined only by destination node
Routing
43
Specify the route for a datagram (mobile v6)
Fragment
44
Fragmentation parameters
Authentication (AH)
51
Verify packet authenticity
ESP
50
Encrypted data
Destination options
60
Examined only by destination node
Mobility
135
Parameters for use with mobile IPv6
Examined by all hosts in path
Examine http://j.mp/v6cap
Select packet #67
a)
EXERCISE
b)
c)
d)
What is the Flow label?

What information does this packet carry?
How long is the packets data portion
How many routers will forward this?
Examine: http://j.mp/v6rh
Select packet #67
EXERCISE a) List the two extension headers in the
packet
b) What information does the packet carry?
Packet header structure changes from IPv4

Version
IHL
Flags
Identification
Time to Live
Total length
Type of Service
Protocol
Fragment Offset
Header Checksum
Source Address
Destination Address
Options
Padding
Field eliminated from IPv6
Field removed from IPv6 base header
Field renamed in IPv6 header
Field maintained
IPv4 vs IPv6 key functionality comparison
IPv4
IPv6
Automatic configuration of hosts & CPEs
DHCP
DHCPv6
PPPoE
Stateless Address configuration
PPPoE
Network to Link-layer Address Resolution
ARP
ICMPv6 (NS, NA)
Broadcast
Multicasts
IPv4
IPv6
Domain name to address resolution
DNS
DNS
A resource records
AAAA resource records
in-addr-arpa reverse zone
ip6.arpa reverse zone
Joining a multicast group
IGMPv1, IGMPv2, IGMPv3
MLDv1 and MLDv2
Default gateway auto-provisioning
DHCP , IRD or Passive RIP
RA (ICMPv6)
IPv4
IPv6
Supported Open Dynamic Routing Protocols
RIPv1 , RIPv2
RIPng
OSPFv2, IS-IS
OSPFv3 , IS-IS
BGPv4 (IPv4 Address Family) BGPv4 (IPv6 Address Family)
Minimum Supported MTU size
576 bytes
1280 bytes
Supported Communication Modes
Unicast, multicast, broadcast Unicast, multicast
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert
EXERCISE
IPv6 Lab Manual

Exercise 2.2
Creating an
IPv6 Address Plan

Section Objectives
Subnet an IPv6 prefix

Estimate the IPv6 addressing needs of your network
Carve out your allocated addresses and assign them
Basic Configuration
hosts and routers
Neighbor Discovery
5
6
Address Planning
Provisioning
7
The faces of a subnetting problem

Break 2001:db8:c001::/48, into
equal 150 blocks
Break 2001:db8::/32 into /40s
You have 125 sites each of

which needs a /60, what
prefix size should you reserve
for all your sites?
The generic IPv6 subnetting problem

Prefix/L
s-prefix1/L s-prefix2/L
..
s-prefixn/L
L > L in length (in size, shorter is larger)

L = L + s (s = number of subnet bits)
Subnetting is finding s and the values s-prefix1 n
Forsake thy bad IPv4 subnetting habits

Why we subnet
IPv4: conserve address space
IPv6: Optimize for routing or security
No VLSM in IPv6 same prefix length on every LAN
Only subnets matter, number of hosts dont
Therell rarely be a need to expand a /64 subnet!
IPv6 subnetting procedure

Inputs
Prefix & lengths L , L
OR no. of subnets
Prefix & length L
Subnet bits s
Process
Find no. of subnet bits (s)
Find subnet hexits
Sub-prefix length L
Find subnetID increment (B)
Sub-prefix length L
List the subnets

Formula
s = L- L or
s = log N/log 2
s/4
B = 216 (L%16)
Use sipcalc or any
online tool (trust me!)
Step #1: How to find the subnet bits (s)

No. of sub-prefixes required
Sub-prefix length
s = L L
s=
prefix length
log N
log 2
Ex: break 2001:db8:c000::/36 to 700 subnets
We know the number sub-prefixes N = 700

s = log 700 log 2 = 9.81 10 bits
Step #2: How to find the number of subnet hexits

Sub-prefix length L = L + s
Host portion
s bits
L bits
Original prefix
SubnetID
64 bits
InterfaceID
No. of hexits = s 4

We know number sub-prefixes N = 700
s = log 700 log 2 = 9.81 10 bits
No. of hexits = 10 4 = 2.5 3 hexits
Thus each of the sub-prefixes will have the form
2001:db8:cHHH::/46
Step #3: How to find the increment or Block (B)

Sub-prefix length
B=
16
(L%16)
2

We know number sub-prefixes N = 700
s = log 700 log 2 = 9.81 10 bits
No. of hexits = 10 4 = 2.5 3 hexits
Each sub-prefix looks like 2001:db8:cHHH::/46
HHH changes by B = 216 (46%16) = 216-14 = 22 = 4
Step #4: How to list the subnetIDs
subnetID1 + B
<prefix>:<subnetID0>::/L
subnetIDn-1 + B
<prefix>:<subnetIDn>::/L
subnetID0 + B
Step #4: Listing subnetIDs the NERDY way

The nth subnetID
The block you calculated
an = (n-1)B
Useful for whats the 79th subnet type questions
Step #4: How to list the subnetIDs with sipcalc

Original prefix & length
Sub-prefix length
sipcalc <prefix::/L> --v6split=<L>

OR
sipcalc <prefix::/L> -S /<L>

E.g: sipcalc 2001:db8:c000::/36--v6split=46
Step #4: How to find the nth subnet with sipcalc

Original prefix & length
Sub-prefix length
sipcalc <prefix::/L> -S /<L> | grep

Network | nl | grep n
sipcalc 2001:db8:c000::/36 S /46 | grep Network | nl |grep 975

Step #4: Listing the subnets example

Ex: Break 2001:db8:c000::/36 to 700 subnets
The nth subnet is an = 4(n-1)
1st subnetID: a1= 4(0) = 0 (0x0)
1st subnet: 2001:db8:c000::/46
Last subnet: a1024 = 4(1023) = 4092 (0xFFC)
Last subnet: 2001:db8:cffc::/46
264th subnetID: a264 = 4(263) = 1052 (0x41C)
26th subnet: 2001:db8:c41c::/46
Subnetting example : problem
An ISP with operations in 10 cities just got a

2001:db8:: /32 allocation from AFRINIC,
subnet this prefix equally between the 10
cities.
Sipcalc example and output

sipcalc 2001:db8::/32 v6split=36 | grep Network
Network
- 2001:0db8:0000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 1000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 2000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 3000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 4000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 5000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 6000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 7000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 8000:0000:0000:0000:0000:0000 Network
- 2001:0db8: 9000:0000:0000:0000:0000:0000 Network
- 2001:0db8: a 000:0000:0000:0000:0000:0000 Network
- 2001:0db8: b 000:0000:0000:0000:0000:0000 Network
- 2001:0db8: c000:0000:0000:0000:0000:0000 Network
- 2001:0db8: d 000:0000:0000:0000:0000:0000 Network
- 2001:0db8: e000:0000:0000:0000:0000:0000 Network
- 2001:0db8: f000:0000:0000:0000:0000:0000 -
Solution to subnetting problem
Number of subnets: N = 10
Subnet bits required: s = log 10 log 2 = 3.322 4
4 bits gives 16 (i.e. 24) subprefixes. 6 spares
Length of each sub-prefix L= 36 (i.e 32 + 4)
Number of subnet hexits = s/4 = 1
SubnetID increment B = 216-(36%16) = 4096 (0x1000)
Subnetting example : analysis

First subnetID
a1= 4096(1-1) = 0 (0x0) [from an=(n-1)B]
First subnet: 2001:db8:000::/36
Last subnetID
a16 = 4096(16-1) = 61440 (0xf000)
Last subnet: 2001:db8:f000::/36
Verify your answer using sipcalc
sipcalc 2001:db8::/32 v6split=36
Some clarifications on address planning

Dont fit your network into RIR minimums (/32, /36 & /48)
Typical prefix lengths
Multi-host LAN subnets: /64
Inter-router links: /127
Loopback addresses: /128
Plan a hierarchical scheme to optimize for aggregation
Ensure all prefixes fall on nibble (4 bit) boundaries
Best practice: use /127 for inter-router links

<prefix>:<subnetID>::/127
Improves security by eliminating
Forwarding loops (ping pong) on some p2p links
Neighbour Exhaustion Attacks
Addresses with the following 64 bits must NOT be used
0000:0000:0000:0000
ffff:ffff:ffff:ff7f :ffff
About using only LLA on infrastructure links

Do configure a GUA on a loopback address for
Management plane traffic (ssh, telnet, SNMP, etc)
Source ICMPv6 error messages destined off-subnet
Advantages
Smaller routing tables which leads to
less memory consumption
faster routing convergence
Accelerated forwarding due to smaller RIBs & FIBs
Simpler address management
Lower configuration complexity (nothing to do)
Simpler DNS (you dont put LLA into zone files)
Reduced attack surface
Caveats
Router-interfaces not ping-able from off-link (fix: ping the loopback)
Traceroutes to these interfaces break
Hardware dependency LLAs change if line cards change
NMS functions that are interface-address specific will break
MPLS RSVP-TE which creates LSPs with strict sequence of IP addresses
Sample hierarchy for a country ISP network

ASN
Level 1
City #1
Level 2
Site #1
Level 3 (End networks)
City #2
City #n
Site #2
Customer
#1
Site #n
Customer
#2
Customer
#n
Sample prefix format | ISP network

Determined by your allocation from RIR
n bits
x bits
y bits
64-n-x-y bits
allocation
cities
sites
customers
64 bits
InterfaceID
Calculated from your actual network size

Sample hierarchy for a university network

ASN
Level 1 Campus #1
Level 2
Building #1
Campus #2
Building #2
Department #1
Campus #n
Building #n
Department #2
Department #n
Sample prefix format | University network

n bits
x bits
y bits
64-n-x-y bits
64 bits
assignment
campus
buildng
department
InterfaceID

Sample hierarchy for an enterprise network

ASN
Level 1
HQ
Level 2
Data
Branch #1
Branch #n
Voice
Sales
Video
Marketing
Operations
Sample prefix format | enterprise network

n bits
x bits
y bits
64-n-x-y bits
64 bits
assignment
branch
type
department
InterfaceID

Estimating number of prefixes needed| University

ASN
Campus #1
Building #1
Campus #2
Building #2
Department #1
Campus #n
Building #n
Department #2
Department #n
N = #Campuses x #Buildings x Departmentsmax

Estimating total number of prefixes needed| ISP

ASN
City #1
Site #1
City #2
Site #2
Client #1
City #n
Site #n
Client #2
Client #n
N = #Cities x #Sites x Clientsmax

Aim for nibble boundaries

/20, /24, /28, /32, /36, /40, /44, /48, /52, /56, /60, /64
Cities
Sites
Campuses
Buildings
etc
4n
2
16 (24x1)
256 (24x2)
4096 (24x3)
65536 (24x4)
1048576 (24x5)
16777216 (24x6)
268435456 (24x7)
4294967296 (24x8)
68719476736 (24x9)
Round up your estimates to the nearest fourth power

Address ranges of nibble-aligned prefix are easier to

determine
2001:db8:3c00::/40
2001:db8:3c00::/42
2001:db8:3c00::
2001:db8:3c00::
2001:db8:3cff:ffff:ffff:ffff:ffff:ffff 2001:db8:3c3f:ffff:ffff:ffff:ffff:ffff
Calculating how much space to request

Inputs
# networks (N)
Customer network
profiles
s & sn
Process
Find no. of bits (s)
Formula
s = log N/log 2
Chose a prefix for endnetworks (sn)
Calc size to request from RIR

s - sn
Dont worry, there are enough addresses!
2000::/3
World population
3500 X
35 trillion
/48 blocks
9.3 billion
Year 2050 projections
IPv6 address planning | example
An ISP has operations in 10 cities. The largest city has 50

POPs, the largest of which has about 2700 clients. How much
space should it request from AFRINIC if it plans to give each
of its customers a /48?
Address planning example analysis and solution

We know
#Cities = 10 [round to 16]
#SITEs = 50 [round up to 256]
#Clientsmax = 2700 [round up to 4096]
Calculate
Total number of end-network prefixes required is N
N =16 x 256 x 4096 = 16,777,216
Number of subnet bits required: s = log16,777,216/log 2 = 24.
Allocation size: 48 24 = 24
Thus the ISP needs to request a /24 from AFRINIC.
Address planning considerations for virtualisation

Traditional servers
Management VLAN
Storage VLAN
Data VLAN
One subnet each
Virtualized servers
Management VLAN
Storage VLAN
Several data VLANs ()
Plan a /64 for each of your
data VLANs
The 3 phases of IP address planning
Estimate
addressing
needs
Apply for
space from
AFRINIC
Assign sub-prefixes
to different parts of
the network
Two approaches to assigning sub-prefixes

Subnet #1
Subnet #1
Subnet #3
Subnet #3
Subnet #5
1
Subnet #4
10 11 12
Subnet #4
Subnet #2
Bisection
10 11 12
Subnet #5
Subnet #2
Sequential
EXERCISE
Creating an IPv6 Address Plan
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert
Understanding
IPv6 Neighbor Discovery

Section Objectives
Describe the importance and functioning of IPv6 ND

Describe how ND is used in other key IPv6 functions
Basic Configuration
hosts and routers
Neighbor Discovery
5
6
Address Planning
Provisioning
7
Key Functions of IPv6 Neighbor Discovery (ND)

Address configuration (SLAAC)
NODE
Link-layer address resolution

Link-layer address change notification
Neighbour Unreachability Detection (NUD)
HOST
Router discovery
Parameter (MTU, prefixes, hop limits etc) discovery
Advertise their presence & parameters
ROUTER
Advertise on-link prefixes

Determine next hops
Redirect hosts to better next hops
IPv4
ND ARP + IRDP + Redirect + NUD

New to IPv6
ND defines and uses 5 ICMPv6 messages
Neighbor
Solicitation
Router
Solicitation
Redirect
Neighbor
Advertisement
Router
Advertisement
General ND message format

ND message
Base
IPv6 header
(Next Header = 58)
ND (ICMPv6)
message Header
ND (ICMPv6)
message options
Source
Link-layer address
Target
Link-layer address
Prefix
Information
Redirected
Header
Maximum
Transmit Unit
Route
Information
Recursive
DNS Server
DNS
Search List
What ND messages use what options?

Source LLA
Target LLA
Prefix Information
Redirected header
MTU
Route information
RDNS
DNSSSL
RS
RA
NS
YES
YES
YES
NA
Red.
YES
YES
YES
YES
YES
YES
YES
YES
The Router Solicitation (RS)

Sent by Hosts (when an IPv6 interface is enabled)
Purpose Requests routers for network parameters
Source IP of querying interface if one exist
address Unspecified address (::) if there is no IP address yet
Destination
FF02::2 (all-routers)
address
Notes ICMP type 133, ICMP code 0
Sample RS packet capture
The Router Advertisement (RA)

Sent by IPv6 router
Purpose
Advertise its presence, prefixes, MTU, hop limits

Sent periodically or in response to RS
Source
Sending interfaces link local address
address
Destination [periodic broadcasts] FF02::1
address [Solicited] Source address of invoking RS
Sample RA (1/2)
Sample RA (2/2)
Configuring RA on Cisco IOS

Set interval of RA retransmission
(config-if)#ipv6 nd ra interval { max [min]}
(config-if)#ipv6 nd ra interval {msec max [min]}
Set the lifetime of RA messages
(config-if)#ipv6 nd ra lifetime <secs>

Suppress RA messages on a LAN interface
(config-if)#[no] ipv6 nd ra suppress [all]
The Neighbour Solicitation (NS)

Sent by IPv6 host
Determine a neighbor's L2 address
Purpose Duplicate address detection
Verify that a neighbour is reachable
Src address
IP of querying interface if one exists

Unspecified address (::) if there is no IP address yet
Dst address
Target neighbours address if known

Solicited node multicast address of target otherwise
The Neighbour Advertisement (NA)

Sent by IPv6 host
Purpose
Response to a neighbour solicitation (NS)

Announce an L2 address change i.e. unsolicited
Src address Any address on originating interface.

Dst address
IP address of the node which sent the NA.

FF02::1 for periodic advertisements.

Sample solicited NA from a router
Sample solicited NA from a host
The Redirect message

Sent by IPv6 router
Purpose Informs node of a better next-hop for the destination
Src address Link local address of router
Dst address IP address of requesting node
Sample packet at http://j.mp/v6redirect

Recap: how the 5 interact
Neighbor
Solicitation
Router
Solicitation
Redirect
Neighbor
Advertisement
Router
Advertisement
Duplicate Address Detection (N2)

N2 tries to configure same address 2001:db8:c001::10
ICMPv6 Type I35 (NS)
source ::
destination ff02::1:ff00:0010
target 2001:db8:c001::10
ICMPv6 Type I36 (NA)
source 2001:db8:c001::10
N1
destination ff02::1
target 2001:db8:c001::10
2001:db8:c001::10
N1 already has address

N2
Duplicate Address Detection
Host N1 is about to assign address A on its interface I

Interface I joins multicast groups:
ff02::1 -- All IPv6 nodes

ff02::ff00:0:a solicited node multicast address for A
N1 sends NS message to ff02::ff:0:a sourced from ::
N1 listens for any NS messages to ff02::ff00:0:a from ::
DAD fails under any of the following circumstances
N1 receives an NS for a tentative address prior to sending one.
More NSs are received than those expected based on loopback semantics
Further DAD details

Done for ALL unicast addresses before assignment
NEVER done for the following:
Anycast addresses
Interfaces specifically thus configured
If DAD fails for an address
It cant be assigned to the interface
All addresses with same IID are also not unique
A system management error must be logged
States of every IPv6 address

Valid
pass
Tentative
TX RX
DAD
fail
Duplicate
TX RX
pltime
>0
yes
no
vltime
>0
no
Invalid
TX RX
Preferred
TX RX
NEW
yes
Deprecated
TX RX
EXISTING
Sample NS packet for DAD
Examine http://j.mp/v6dad
For what address is DAD being done?

EXERCISE Whats the SNMA for the address in (1)?
Write down the following MAC addresses
The device with duplicate IP
The device which already owns that IP
Tweaking DAD on Cisco IOS
Set no. of NS sent during DAD

(config-if)#[no]ipv6 nd dad attempts <value>
Set NS retransmit interval for DAD
(config-if)#[no] ipv6 nd dad time [millisecs]
Resolving link-layer address (of N2)
NS
2001:db8:c001::10
source 2001:db8c001::10
destination ff02::1:ff00:0020
target 2001:db8:c001::20
N2
NA
source 2001:db8:c001::20
destination 2001:db8:c001::10
target 2001:db8:c001::20
target L2 addr b8:e8:56:4a:fe:ac
2001:db8:c001::20
[b8:e8:56:4a:fe:ac]
N1
Examine j.mp/v6-MAC-addr-resolv
EXERCISE
Whats the IP of the host with unknown MAC

address?
Which node (IP address) is looking for the
MAC address?
What is destination address of packet #1
What is the MAC address of node in (2)?
What is the MAC address of node in (1)?
Neighbour Unreachability Detection (NUD)

Has N2 failed?
N1
Has the forward path

to N2 failed?
Track neighbours in ACTIVE sessions

N2
How NUD confirms an active neighbour
Hint from upper layer protocol e.g TCP ACK

Solicit a NA using a unicast probe (NS)
ND improvements over IPv4 protocols

ROUTER ADVERTISEMENTS
Carry link-layer addresses thus no additional packet exchange is
needed to resolve the router's link-layer address.
Carry prefixes for a link; there is no need to have a separate mechanism
to configure the "netmask for purposes of on-link determination.
Enable Address Auto-configuration.
Carry MTU advertisements, ensuring that all nodes use the same MTU
value on links lacking a well-defined MTU.
By integrating Router Discovery; hosts dont need to "snoop routing
protocols to find out routers
L2 ADDRESS RESOLUTION
Multicast messages are "spread" over 16 million (224) addresses, greatly
reducing address-resolution-related interrupts on non-target nodes
Non-IPv6 nodes should not be interrupted at all.
Because it happens via ICMPv6 (Layer 2), its more media-independent
than ARP thus generic IP-layer authentication and security mechanisms
can be used as appropriate.
REDIRECTS
Contain the link-layer address of the new first hop thus separate address
resolution is not needed upon receiving a redirect.
Handles traffic redirection for prefixes that arent specified as on-link.
Unlike IPv4, the recipient of an IPv6 redirect assumes that the new nexthop is on-link. In IPv4, a host ignores redirects specifying an off-link (as
determined by netmask) next-hop.

Useful on non-broadcast and shared media links in which it is
undesirable or not possible for nodes to know all prefixes for on-link
destinations.
NEIGHBOR UNREACHABILITY DETECTION IS PART OF THE BASE,
Significantly improves the robustness of packet delivery in the presence
of
failing routers
partially failing or partitioned links,
nodes that change their link-layer addresses.
E.g mobile nodes can move off-link without losing connectivity due
to stale ARP caches.
Detects dead routers and switch to working ones so Preference field
not required in RA like for ICMP Router Discovery
Detects half-link failures thus avoids sending traffic to neighbors with
which two-way connectivity is absent (unlike ARP).
MISCELLEANEOUS
Use of LLAs to uniquely identify routers means hosts can maintain the
router associations in the event renumbering to use new global prefixes.
Setting the Hop Limit to 255 prevents off-link nodes from accidentally or
intentionally sending ND messages. (unlike in IPv4 where off-link senders
can send both ICMP Redirects & Router Advertisement messages.
Configuring NUD on Cisco IOS

Set no. of times NUD re-sends NS messages
(config-if)#ipv6 nd nud retry <base> <interval> <max-attempts>
Set the length of time before an ND cache entry expires
(config-if)#ipv6 nd cache expire <time> [refresh]

Let ND glean an entry from an unsolicited NA
(config-if)#ipv6 nd na glean
NS packet capture for NUD
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert
Provisioning IPv6 Configuration

Section Objectives
Describe IPv6 parameter provisioning in IPv6

Describe, and verify how SLAAC works
Describe and verify how DHCPv6 works
Describe how DHCPv6-PD works
Basic Configuration
hosts and routers
Neighbor Discovery
5
6
Address Planning
Provisioning
7
Base address provisioning requirements

host
CPE
IPv6 address(es)
IPv6 default router(s)
DNS server(s)
IPv6 address(es)
IPv6 default router(s)
DNS server(s)
Delegated prefix(es)
Therere 2 key provisioning mechanisms

DNS config.
Address
RA-based (SLAAC)
Address
Default gateway
DNS config.
DHCPv6
Delegated prefix
DNS via RAs recently added, no global support yet

Others
Comparing the capabilities of the methods
SLAAC
Yes
Default
Gateway
Yes
Stateful DHCPv6
Yes
Stateless DHCPv6
RDNSS RA option
Addresses
DNS info.
Delegated
No
Prefix
No
No
Yes
Yes
No
No
Yes
No
No
No
Yes
No
Flags in RAs
Managed
configuration
Other
configuration
In RA messages
On-Link
Use for SLAAC
In Prefix Information
option within an RA
M & A flag influence on auto-configuration

M
0
0
A
0
1
Resulting non-Link Local addresses on client

No addresses will be auto-configured
Address(es) generated from prefix(es) in RAs
Address(es) generated from prefix(es) in RAs
Full address(es) from DHCP server
Full address(es) from DHCP server
The hosts must be set to obtain IP address automatically

All hosts always generate and use a Link Local address
Setting M & O flags in Cisco IOS
(config)#interface fastethernet 0/1

(config-if)#ipv6 nd managed-config-flag
(config-if)#ipv6 nd other-config-flag
Example: setting M, O & A flags [JUNOS]

protocols {
router-advertisement {
interface ge-0/1/0.0 {
managed-configuration;
other-stateful-configuration;
prefix 2001:db8:c00l::/64 {
no-autonomous;
}
}
}
}
The L flag indicates on-link neigbours

L
How to treat other addresses in the prefix
On-link: transmit directly, no need for router
Off-link: use default gateway to get to them
Setting L = 0 enforces PVLAN-like behavior on the subnet

Theres no way to indicate on-link status via DHCP
Hosts dont perform L2 address resolution for off-link addresses
Setting L & A flags in Cisco

Default: L = 1 & A = 1 for all advertise prefixes

(config-if)#ipv6 nd prefix <prefix> no-advertise
(config-if)#ipv6 nd prefix <prefix> offlink|no-onlink
Provisioning DNS information

Key DNS information required
1) One or more Recursive DNS Servers (RDNSS)
2) Domain Search List
If using DHCPv6
Configure the options on DHCP server
Set the M flag to 1
If using SLAAC
Configure the options on the router
If client supports RFC 6106, it will get the DNS information
If client doesnt support RFC 6106, set O flag to 1
Provisioning DNS information

Recursive DNS Servers
Domain Search list
First hop router
DHCPv6 server
[RA] M = 1
DHCPv6
client
[RA] O = 1
DHCPv6
client
RFC 6106
No
RFC 6106
How Stateless Address Auto-Configuration (SLAAC) works

Address: 2001:db8:c001:<EUI-64>/64
DNS:
2001:db8:cafe::53
2001:db8:c001::1/64
RS
RA
[PIO] 2001:db8:c001::/64 {A=1}
[RDNSO] 2001:db8:cafe::53
How Stateless Address Auto-Configuration (SLAAC) works

Host generates an interfaceID and a link-local address
Perform DAD on generated address
Query all routers (via RS messages) for additional information
Router responds with RA which contain
Allocated prefixes for the subnet
Indication if source router can be used as default router
DNS information (if RFC 6106 is supported)
For each prefix received,
Create an address by appending IID
Configure the address to the interface
Perform DAD
Host builds list of 'default routers' from RAs.
Other quirks on the effect of flags

Setting O when M is set is redundant
In practice, different DNS capabilities might require you to use both
Setting both A & L = 0 for a prefix is meaningless
DHCPv6 doesnt carry prefix length, so youll need a L=1 to avoid
PVLAN-like behavior
SLAAC only works with /64, no point setting A on longer prefixes
ALWAYS test your operating system with various flag combinations to

know what ACTUALLY does happen
Sample SLAAC configuration (Cisco)
(config-if)#ipv6 address 2001:db8:c001::1/64
(config-if)#no shutdown
Examine j.mp/SLAAC-1
EXERCISE
Whats the MAC of the host which wants an

address?
Whats the MAC of the responding router?
What IPv6 prefix did the router offer the host?
What are the values of the M, O, L & A flags?
How long are addresses obtained from this
prefix valid?
Write down one possible IPv6 address the host
can have
How stateful DHCPv6 works (1/2)
[ND]RS
M = 1 [RA]
[DHCP6] Solicit
Option Request Option
Advertise[DHCP6]
2001:db8:c001::face
{DNS} 2001:db8:cafe::53
How stateful DHCPv6 works (2/2)

Address: 2001:db8:c001::face
DNS:
2001:db8:cafe::53
[DHCP6] Request
2001:db8:c001::face
Reply [DHCP6]
2001:db8:c001::face
Pros & cons of stateful DHCPv6

DHCP is a mature, familiar protocol
More options to control how addresses are allocated e.g.
Restrict assignments to a small range of addresses
Map IP addresses to specific clients
Support for Dynamic DNS updates
Other parameters can be passed using options
Centralised accounting logs (troubleshooting and forensics)
Some OSes dont have built-in DHCPv6 clients (e.g, Android)
Cannot give default gateway to clients
Examine j.mp/DHCPv6-1
EXERCISE
Whats the IPv6 address of the DHCPv6 server?

From which protocol & port was the request sent?
To what protocol & port was the request sent?
Whats the clients unique identifier for this
session?
What parameters are the client requesting?
What IPv6 address did the server offer the host?
How long are addresses obtained from this prefix
valid?
What DNS parameters were offered the client?
How stateless DHCPv6 works (1/2)

3
Address: 2001:db8:c001:<EUI-64>/64
[ND]RS
O = 1 [RA]
[PIO] 2001:db8:c001::/64 {A=1}
How stateless DHCPv6 works (2/2)

Address: 2001:db8:c001:<EUI-64>/64
DNS: 2001:db8:c001::53
[DHCP6] Info-request
Option Request Option
Reply [DHCP6]
{DNS} 2001:db8:c001::53
Stateless DHCPv6 configuration example

(config)# ipv6 dhcp pool dhcp-pool
(config-dhcp)#dns server 2001:db8:face::53
(config-dhcp)#domain-name 6lab.afrinic.net
(config-dhcp)#exit
(config-dhcp)#interface fastethernet 0/1
(config-if)#ipv6 nd other-config-flag
Examine j.mp/SL-DHCPv6
EXERCISE
Whats the IPv6 address of the DHCPv6 server?

To what L4 protocol & port was the request sent?
What is the clients unique identifier for this
session?
What parameters is the client requesting?
What IPv6 address did the router offer the host?
How long are addresses obtained from this prefix
valid?
What DNS parameters were offered the client?
How DHCPv6 Prefix Delegation works (1/2)

Address: 2001:db8:face:<EUI-64>/64
DNS: 2001:db8:c001::53
1
3
Provision WAN addr & DNS
[DHCP6] Solicit
Option IA_PD
Advertise[DHCP6] 4
How DHCPv6 Prefix Delegation works (2/2)

Address: 2001:db8:face:<EUI-64>/64
DNS: 2001:db8:c001::53
Prefix: 2001:db8:dad:c000::/60
[DHCP6] Request
Option IA_PD
Reply[DHCP6]
{IA-PD} 2001:db8:dad:c000::/60
Sample DHCPv6-PD configuration [Server]

(config)#ipv6 dhcp pool dhcpv6
(config-dhcp)#prefix-delegation pool v6pool lifetime 1800 600
(config-dhcp)#ipv6 local pool v6pool 2001:db8:c000::/40 48
(config-if)#ipv6 address 2001:db8:f00d::a/64

(config-if)#ipv6 dhcp server dhcpv6
Sample DHCPv6-PD configuration [Client]

(config-if)#ipv6 address autoconfig default
(config-if)#ipv6 enable
(config-if)#ipv6 dhcp client pd DelegatedPrefix
DHCPv4 vs DHCPv6 comparison

DHCPv4
DHCPv6
Use of Managed Configuration flag
Not applicable
Used by router to control host configuration
Source and destination addresses of initial DHCP message

src: 0.0.0.0
dst: broadcast
src: Link-Local address

dst: ff02::1:2 (more efficient link utilization)
How server identifies clients
MAC address
DHCP Unique Id (DUID)

Reconfiguration message
Not applicable
Servers can ask clients to update their config

Identify Association
Not applicable
Clients can deal with multiple servers (redundancy)

Some DHCPv6 servers & their capabilities

Software
Some key options supported
ISC
DNS, NTP, NIS, SIP, Lifetime, Prefix Delegation, Relay IDs, FQDN
WIDE
DNS, NTP, NIS, SIP, Lifetime, Prefix delegation
Dibbler
DNS, NTP, NIS, SIP, Lifetime, Timezone, Prefix delegation, FQDN,
Windows
DNS, NIS, SIP, NTP, Lifetime, User class
Cisco IOS DNS, NTP, NIS, SIP, Lifetime, Relay IDs, Prefix Delegation
Source: http://ipv6int.net/software/index.html
RADIUS & IPv6: how the pieces work
CPE
NAS
RADIUS
RADIUS attributes for IPv6 (ala RFC 3162)

NAS-IPv6-Address
Address of requesting NAS
Framed-Interface-Id IID for the user

Framed-IPv6-Prefix
Delegated prefix for the user
Framed-IPv6-Route
Route for user (configured on the NAS)
Login-IPv6-Host
System with which to connect user
Framed-IPv6-Pool
Pool from which to assign user prefix

Which packets use what attributes?

REQUEST
ACCEPT
ACCOUNTING
REQUEST
NAS-IPv6-Address
0-1
0-1
Framed-Interface-Id
0-1
0-1
0-1
Framed-IPv6-Prefix
0+
0+
0+
Framed-IPv6-Route
0+
0+
0+
Login-IPv6-Host
0+
0+
Framed-IPv6-Pool
0-1
0-1
Sample DHCPv6 with RADIUS (Cisco)

1/2: Configure DHCPv6 to use RADIUS for pool
aaa authorization configuration IA_PD group radius

!
ipv6 dhcp pool PPP-Radius
prefix-delegation aaa method-list IA_PD lifetime 7200 300
dns-server 2001:db8:c001::53
domain-name 6lab.afrinic.net
Sample DHCPv6 with RADIUS (Cisco)

2/2: Configure virtual template interface
interface Virtual-Template01
ipv6 enable
ipv6 nd other-config-flag
no ipv6 nd ra suppress
ipv6 dhcp server PPP-Radius
Sample RADIUS user definition (FreeRADIUS)
Client-777 Cleartext-Password := Client-777"

Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IPv6-Prefix = 2001:db8:f00d:100::/64",
Delegated-IPv6-Prefix = 2001:db8:dead:bad0::/60"
IPv6 Lab Manual

EXERCISE Lab 2.3: Configure/verify SLAAC
Lab 2.4: Configure/verify stateful DHCPv6
Lab 2.5: Configure/verify DHCPv6-PD
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert
Basic IPv6 Routing

Section Objectives
Configure and verify static routing

Configure and verify basic OSPFv3
Configure and verify basic BGP for IPv6
Basic IPv6 Routing
static & OSPFv3
10
11
usage scenarios
END
List
EXERCISE
3 things
you know about IPv4 routing
Same key principles as IPv4 routing
Longest match on destination prefix by default

Routes can be static and/or from dynamic protocols
Administrative distance as indicator of trustworthiness
Principles of distance-vector vs link-state still apply
Most best practices apply
IGPs
Carry infrastructure addresses

NO customer or Internet prefixes
Minimise prefixes to aid convergence & scalability
iBGP
eBGP
Carry Internet prefixes across backbone

Carries customer prefixes
Exchange prefixes with other networks
Implement routing policy
Static routing example

(config)#ipv6 route 2001:db8:babe::/48 2001:db8:dead::1
2001:db8:babe::/48
R1
2001:db8:dead::/126
R2
2001:db8:face::/48
(config)#ipv6 route 2001:db8:face::/48 2001:db8:dead::1
List
EXERCISE
3 things
you know about OSPFv2 (IPv4)
OSPFv3: differences from OSPFv2

Addresses only carried in new Type 9 LSA
No authentication (relies on AH and ESP)
Operates per link , not per subnet thus advertises all
prefixes on the link, not just primary one.
Multiple instances per link - only routers in the same
instance will form adjacencies.
Use LLAs for neighbor communications (except virt. links)
www.afrinic.net | slide 231
OSPFv3 elements | LSA types

LSA
Type
Name
Description
Flooding
Scope
Router LSA
Describes routers link states and costs within one area
Area
Network LSA
Generated by a DR to describe aggregated link state and

costs for all routers in an area
Area
Inter-Area Prefix LSA

for ABRs
Originated by ABRs to describe an area to routers in

other areas
Area
Inter-Area Router LSA

for ASBRs
Originated by ABRs to advertise ASBR location
Area
AS External LSA
Originated by ASBR to describe redistributed routes
AS
OSPFv3 elements | LSA types

LSA
Type
8
Name
Description
Flooding
Scope
Link LSA
Advertises link-local address and prefixes to other routers on

the link
Link
Intra-Area Prefix LSA
Associate a list of IPv6 prefixes with a transit network by

pointing to a Network LSA OR
Associates a list of IPv6 prefixes with a router by pointing to a
Router LSA
Area
OSPFv3 configuration commands

Enable OSPFv3 on an Interface
(config-if)#ipv6 ospf pid area area-id [instance instance-id]

Summarize the routes from an area
(config)#ipv6 ospf pid

(config-router)#ipv6 area area-id range prefix/length
[advertise | not-advertise] [cost cost]
Verify OSPFv3
show
show
show
show
ipv6
ipv6
ipv6
ipv6
route
ospf neighbor
ospf interface
ospf database
OSPFv3 configuration example

2001:db8::1ce:123::/64
R1
R3
f1/0
Area 1 Area 0
f1/0
f1/1
R2
2001:db8::1ce::/64
f1/0
f1/0
ipv6 router ospf 1

router-id 2.2.2.2
interface FastEthernet1/0
ipv6 address 2001:DB8:1CE:123::2/64
ipv6 ospf 1 area 0
ipv6 address 2001:DB8:1CE::2/64
ipv6 ospf 1| area
1
learn.afrinic.net
slide 235
R4

2001:db8::1ce:123::/64
R1
R3
f1/0
Area 1 Area 0
f1/0
f1/1
R2
2001:db8::1ce::/64
f1/0
f1/0
ipv6 router ospf 1

router-id 3.3.3.3
ipv6 ospf 1 area 1
R4
R3
f1/0
Area 1 Area 0
f1/0
f1/1
R2
2001:db8::1ce::/64
R1
2001:db8::1ce:123::/64
f1/0
ipv6 router ospf 1

router-id 1.1.1.1
ipv6 ospf 1 area 1
f1/0
R4

2001:db8::1ce:123::/64
R1
R3
f1/0
Area 1 Area 0
f1/0
f1/1
R2
2001:db8::1ce::/64
f1/0
f1/0
R4
ipv6 router ospf 1

router-id 4.4.4.4
ipv6 address 2001:DB8:1CE::4/64
ipv6
ospf 1 area 0
learn.afrinic.net | slide
238
EXERCISE
Lab 2.7 Configure/verify multi-area OSPF
List
EXERCISE
3 things
you know about BGP (IPv4)
Overview of BGP for IPv6 | Purpose

Theres no BGPv6!!
BGP4 was extended for different address families
IPv4-AF : carry IPv4 prefixes
IPv6-AF : carries IPv6 prefixes
Others: VPNv4-AF , VPNv6-AF
IPv6 can be both payload & transport protocol
IPv6 and IPv4 prefixes over IPv4 transport

MP-BGP speakers
IPv4 BGP session
IPv6
IPv4
Must modify NEXT_HOP PA for v6 prefixes

IPv6 and IPv4 prefixes over IPv6 transport

MP-BGP speakers
IPv6 BGP session
IPv6
IPv4
Must modify NEXT_HOP PA for v4 prefixes

Separate IPv4 and IPv6 sessions

IPv4
Exchange v4 prefixes in v4 session
Exchange v6 prefixes in v6 session

IPv6
Sample BGP config: session setup

Prefixes:
203.0.113.0/24
2001:db8:dad::/48
Prefixes:
198.51.100.0/24
2001:db8:b00c::/48
router bgp 65000

template peer-session Internal
remote-as 65000
update-source Loopback0
no bgp default ipv4-unicast
neighbor 192.0.2.2 inherit peer-session Internal
neighbor 192.0.2.2 description Bamenda peer v4
neighbor 2001:db8:1ce::2 inherit peer-session Internal
neighbor 2001:db8:1ce::2 description Bamenda peer v6
Sample BGP config: exchange prefixes

Prefixes:
203.0.113.0/24
2001:db8:dad::/48
Prefixes:
198.51.100.0/24
2001:db8:b00c::/48
address-family ipv4
neighbor 192.0.2.2 activate
neighbor 192.0.2.2 inherit peer-policy Internal
network 203.0.113.0 255.255.255.0
address-family ipv6
neighbor 2001:db8:1ce::2 activate
neighbor 2001:db8:1ce::2 inherit peer-policy Internal
network 2001:db8:c001::/48
EXERCISE
Lab 2.8 Configure/verify basic MP-BGP
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert
Understanding
The Need for Transition Techniques

Section Objectives
Describe the need for transition techniques

Identify the transition problems of different networks
Basic IPv6 Routing
static & OSPFv3
10
11
usage scenarios
END
The fundamental WHY of Transition Techniques

fast (trial/overlay) v6 deployment
Incompatible software
Technology constraints
Legacy Access network
Previous network design decisions
Incompatible CPEs
Internet
Home
Access
Mobile
DETAILED NOTES
Enterprise
Core
Edge
Services
Campus
We need transition techniques if one or more of these blocks do not support IPv6
Scenario #1: provider doesnt support IPv6

v4 v6
Enterprise
Home
Internet
v4 v6
Access
Core
Edge
Mobile
Services
Campus
Scenario #2: Upstream doesnt support IPv6

v4 v6
Enterprise
Internet
v4 v6
Home
Access
Core
Edge
Mobile
Services
Campus
Scenario #3: IPv6-only network

v4 v6
Enterprise
Internet
Home
Mobile
v6 v4
Campus
v4 v6
Access
v4 v6
Core
Edge
Services
v4 v6
Scenario #4: MPLS-based network core

v4 v6
Enterprise
Internet
Home
v4 v6
Access
Core
Edge
Mobile
Services
Campus
Scenario #5: IPv6-only services

v4 v6
Enterprise
Internet
Home
v4 v6
Access
Core
v4 v6
Edge
Mobile
v6 v4
Services
Campus
Scenario #6: IPv6-only access network

v6 v4
Enterprise
v6 v4
Home
v6 v4
Mobile
v6 v4
Campus
v4 v6
Internet
v6 v4
Access
v4 v6
Core
v4 v6
Edge
Services
Other scenarios
IPv4 Internet access with <1 public IP per subscriber

Network needs more addresses than RFC1918 provides
IPv4 Internet access from an IPv6-only network
Access to private IPv4-only servers from IPv6 networks
Basic IPv6 Routing
static & OSPFv3
10
11
usage scenarios
END
Therere 3 categories of transition techniques
IPv4
IPv6
Dual stack
Tunneling
Translation
Understanding & Implementing
Manual Tunneling
Section Objectives
Describe infrastructural elements of Manual Tunneling

Describe how it works
Identify the best scenarios for using Manual Tunneling
Configure and verify Manual Tunneling
What is tunnel?
What is tunnel?
What is tunnel?
Transported
(encapsulated) protocol
Transport protocol
Transmission medium
What is tunnel?
Technique to encapsulate one protocol within another
Why we use tunnels
Network doesnt support the encapsulated protocol
Provide secure path through untrusted network
Elements of tunnels:
The transport protocol: supported by the network
Tunneled protocol: not supported by the network
Manual tunnels are point-to-point
Tunneling IPv6 over IPv4
Tunneling IPv4 over IPv6
v4
v6
v4
v6
v6
v4
Types of Manual Tunnels
Router-router tunnel: connect two IPv6 networks across

an IPv4-only network or vice-versa
Host-router tunnel: get IPv6 to a host on an IPv4 network
Host-host tunnel: link IPv6 hosts over IPv4 networks
Mitigating a providers v4-only access network

v4 v6
Enterprise
Home
Internet
v4 v6
Access
Core
Edge
Mobile
Services
Campus
The ISP could tunnel over its upstream

v4 v6
Enterprise
Internet
v4 v6
Home
Access
Core
Edge
Mobile
Services
Campus
How tunneling works
v4 v6
1 IPv6
IPv6
3
IPv6
IPv4 IPv6
6
IPv6 IPv4
IPv6 4
Requirements for creating a tunnel

Static addresses representing the tunnel endpoints
IPv4 addresses if tunneling v6 over v4
IPv6 addresses if tunneling v4 over v6
Ideally configured on a loopback interface
Normal network reachability to the endpoint addresses
Agreement between operators of the various endpoints
Configuring a Manual Tunnel on Cisco IOS

interface Tunnel0
no ip address
ipv6 2001:db8:12::1/64
tunnel source Loopback0
tunnel destination 198.51.100.1
tunnel mode ipv6ip
tunnel path-mtu-discovery
ipv6 route 2001:db8:2000::/64 Tunnel0
Loopback0: 198.51.100.1
v4 v6
interface Tunnel0
no ip address
ipv6 2001:db8:12::2/64
tunnel source Loopback0
tunnel destination 192.0.2.1
Loopback0: 192.0.2.1
tunnel mode ipv6ip
tunnel path-mtu-discovery
ipv6 route 2001:db8:1000::/64 Tunnel0
General problems with tunnels

Fragmentation due to increased packet size
Not a problem for IPv4
IPv6 doesnt permit non-source
fragmentation
Manual tunnels is not scalable
Possibly suboptimal routing of IPv6 packets
Examine j.mp/6in4-T
EXERCISE
Whats the source IPv6 address of the message?

Whats the destination IPv6 address?
Whats the protocol number of IPv6 in the IPv4
header?
What are the IPv4 addresses of the tunnel
endpoints?
EXERCISE
Lab Exercise 2.9

Configure/verify manual tunneling
Understanding & Implementing
NAT64 Translation
Section Objectives
Describe infrastructural elements of NAT64

Describe how it works
Identify the best scenarios for using NAT64
Scenario #3: IPv6-only network

v4 v6
Enterprise
Internet
Home
Mobile
v6 v4
Campus
v4 v6
Access
v4 v6
Core
How shall we connect these IPv6-only

devices to IPv4 services?
Edge
Services
v4 v6
Infrastructural elements of NAT64
DNS64 resolver
v6-only client
v4-only server
NAT64 translator
NAT64 translator
One IPv4 interface
One IPv6 interface
Translates IPv6 to IPv4 (UDP, TCP & ICMP only)
NAT64 translator: This is a dual-stacked device typically

at the edge of the network with at least two interfaces
as follows:
An IPv6-capable interface connected to the client
network
An IPv4-capable interface
DETAILED NOTES
INFRASTRUCTURAL ELEMENTS OF NAT64

NAT64
Does IPv6-IPv4 translation
Must be dual-stack
DNS64
Extension to normal DNS serve
Creates AAAA records for a given A record
Well-known prefix
How NAT64 & DNS64 works

4
Synthesize AAAA from A

using WKP 64:ff9b::/96
A
A
A
A
?
w
w
w
w
w
64 w.e
.e
:ff xa
xa
9b m
m
pl
::c ple
e.
00 .c
co
o
0: m
m
20 =
6
2
5 DNS64
3 www.example.co
m = 192.0.2.6
Inside: 2001:db8::1
Outside: 192.0.2.1
src:1
7
6
92.0
0
2
:
0
.2.1
0
d
0
s
c
t
:
:
192.
NAT64
b:
9
f
f
0
:
.2.6
4
src:1
::2
dst :6
8
9
|
b
2
d
.
2
:
0
9
::
1
.2.6
dst :1
:db8
:200
t
1
s
9
0
d
2
0
.0.2. 8
|
10
6 src:2
1
:206
0
0
0
c
:
:
9b
64:f f
|
:
c
r
s
Do v6<->v4 NAPT
Re-calc checksums
v6 Host
2001:db8::2
Regular DNS
A? www.examp
le.com
v4 Server
www.example.com
192.0.2.6
A
N
Q U E
O N S
W
E
R
S
@AFRINICtraining
@IPv6Cert

IPv6 Foundations v2016

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

IPv6 Foundations v2016

Hochgeladen von

Copyright:

Verfügbare Formate

Mukom Akong T.

#IPv6 #<city> #<country>

Write out your

ONE BURNING question

IPv6 Address Types

IPv6 Address Basics

notation, shortening rules

key functions comparison

ISPs, campuses, enterprises

Basic IPv6 Routing

static & OSPFv3

dual stack, tunnels, NAT64

Pre-requisite knowledge & skills

Implications of IPv4 Exhaustion

Describe the global situation with respect to IPv4 addresses

Timelines, Implications, Consequences

Central IPv4 pool as at 16.06.2010

Central IPv4 pool as at 31.01.2011

Global IPv4 address distribution is unbalanced

Number of IPv4 addresses per person

General IPv4 pool depletion timeline

Exhaustion drives up address costs & NATs

Implications for Africa: Scramble for Africa

How will you deal with IPv4 exhaustion?

Wait and see

Deploy NAT on Steroids

IPv6 the only sustainable response to exhaustion

Work comfortably with IPv6s hexadecimal notation

IPv6 Address Types

IPv6 Address Basics

notation, shortening rules

Recall: TCP/IP model (IPv4 32 bits)

TCP/IP model (IPv6 128 bits)

How to write IPv6 addresses (1/2)

How to write IPv6 addresses (2/2)

Full IPv6 address example

1011101011101000 0101011011111111 1111111001001010 1110110011111110

Rules for shortening IPv6 addresses

The Zero Suppression rule

Strip off all LEADING zeroes

The Zero Compression rule

Replace CONTIGUOUS groups of zeroes with ::

Example: shortening an IPv6 address

Example: shortening an IPv6 address

WRONG! IPv6 address shortening

Compress the following

IPv6 Address Types

Identify different types of IPv6 addresses

IPv6 Address Types

IPv6 Address Basics

notation, shortening rules

Therere 3 types of IPv6 addresses

No broadcast addresses (or communications) in IPv6

And address has scope = extent of uniqueness

Within a scope, an address can be used as a unique ID for

Global unicast addresses (GUA)

Global Routing Prefix

Link-local addresses (LLA)

Link-local reachability and scopeID

Which interface does the router send out the packet?

Resolving LLA ambiguity with zoneIDs

Quiz: Using ScopeIDs correctly

Write down the commands for

No, you cant use only LLAs in a network