Friday, 25 August 2017

Configuring IPv6 Address on Cisco Router





























































































Device



Interface



IPv6 Address



Prefix Length



Default Gateway



Router0



G0/0



2001:0DB8:C21A:1::



64



N/A



G0/0



FE80::1


 

Link-Local



S0/0/0



2001:0DB8:C21A:2::



64



N/A



S0/0/0



Dynamic Link-Local


 

Link-Local



Router1



G0/0



2001:0DB8:C21A:3::



64



N/A



G0/0



FE80::1


 

Link-Local



S0/0/0



2001:0DB8:C21A:2::1



64



N/A



S/0/0/0



Dynamic Link-Local


 

Link-Local


 



Laptop0



NIC



2001:0DB8:C21A:1::2



64



FE80::1



Laptop1



NIC



2001:0DB8:C21A:1::3



64



FE80::1



Laptop3



NIC



2001:0DB8:C21A:3::2



64



FE80::1



Laptop4



NIC



2001:0DB8:C21A:3::3



64



FE80::1



Objectives



  • Set Up topology or download Topology and Configure Basic setting for Router 

  • Configure IPv6 Addresses for Router and Computers

  • Verify IPv6 Configuration and End-to-End Connectivity by Ping command and data transferring


 Background of the Lab


This is the practice lab for the students to configure hosts and device interfaces with IPv6 addresses and look at how the all-router multicast group is assigned to a router. You will use show commands to view IPv6 unicast and multicast addresses. You will also verify end-to-end connectivity using the ping command. This lab is consist of following steps.


Step 1            Assign IPv6 address to Router0 Interfaces


Step 2            Assign IPv6 address to Router1 Interfaces


Step 3            Enable IPv6 Routing on both Routers


Step 5            Assign IPv6 address to PCs


Step 6            Configure Static IPv6 routing on both Routers


Step 8            Verify router configuration and end-to-end connectivity


If you have a real router then setup the topology according to the topology diagram given above. If you have no router, then you can do this with Cisco packet tracer. You can download Cisco Packet tracer from here. You can also download the above topology from here. Here we will discuss the Cisco packet tracer topology.


Assign IPv6 address to Router0 Interfaces


Assign IPv6 link-local and global unicast addresses to G0/0 and Serial 0/0/0 Interfaces of Router0 listed in the Addressing Table.









(config)# interface g0/0


Router0(config-if)# ipv6 address 2001:0DB8:C21A:1::/64


Router0(config-if)# ipv6 address FE80::1 link-local


Router0(config-if)# no shutdown


Router0(config-if)# exit


Router0(config)# interface s0/0/0


Router0(config-if)# ipv6 address 2001:0DB8:C21A:2::/64


Router0(config-if)# no shutdown


Router0(config-if)# end


Router0#



Note:- Packets with a link-local address never leave the local network and each interface of the router is a separate network. So, you can assign the same link-local address on both interfaces of the router.


Assign IPv6 address to Router1 Interfaces









(config)# interface g0/0


Router1(config-if)# ipv6 address 2001:0DB8:C21A:3::


Router1(config-if)# ipv6 address FE80::1 link-local


Router1(config-if)# no shutdown


Router1(config-if)# exit


Router1(config)# interface s0/0/0


Router1(config-if)# ipv6 address 2001:0DB8:C21A:2::1/64


Router1(config-if)# no shutdown


Router1(config-if)# end


Router1#



Enable IPv6 Routing on both Routers


To Enable IPv6 routing on Both Routers, apply the following command.









Router0 # configure terminal


Router0(config)# ipv6 unicast-routing


Router0(config)# exit


Router0#



 









Router1# configure terminal


Router1(config)# ipv6 unicast-routing


Router1(config)# exit


Router1#



Assign IPv6 address to PCs


Now Open the IP address setting of laptop0 and laptop1 and change the IPv6 configuration to Auto Config, you will get the Global unicast IPv6 address for an interface and link-local address of the Router0 interface as a default gateway. Also,  see the link-local address of the computer which is by default derived from MAC address of the PC. You can also configure link-local and global unicast address manually. Do the same for laptop2 and laptop3.


Configuring IPv6 Static routing on both Routers


Configure IPv6 static route on Router0 with following commands.









Router0 # configure terminal


Router0(config)# ipv6 route 2001:DB8:C21A:3::/64 serial 0/0/0


Router0(config)# exit


Router0#



 


2001:DB8:C21A:3::/64 is the IP address of destination network and Serial 0/0/0 is the local interface towords the destination network. Now do the same for another router.









Router1 # configure terminal


Router1(config)# ipv6 route 2001 2001:DB8:C21A:1::/64 serial 0/0/0


Router1(config)# exit


Router1#



 


Verify router configuration and end-to-end connectivity


Use the show ipv6 interface brief command to verify that the correct IPv6 unicast and link-local addresses just assigned to G0/0 interface.









Router0# show ipv6 interface brief


GigabitEthernet0/0                                 [up/up]


          FE80::1


          2001:DB8:C21A:1::


GigabitEthernet0/1         [administratively down/down]


GigabitEthernet0/2         [administratively down/down]


Serial0/0/0                                                 [up/up]


          FE80::2E0:8FFF:FEB4:6D01


          2001:DB8:C21A:2::


Serial0/0/1           [administratively down/down]


Vlan1                 [administratively down/down]



 


You can see that IP addresses against Gigabit Ethernet 0/0 and Serial 0/0/0. The both interfaces are up and its link is up. The other interfaces are administratively down and its link down.


The link-local address displayed with serial interface S0/0/0 is based on EU I-64 addressing, which automatically uses the interface Media Access Control (MAC) address to create a 128-bit IPv6 link-local address. We have not assigned any ipv6 link-local address to the serial interface of the router. If you see FFFE in the center of this address, that means it is derived from MAC address of the interface using EUI-64 process.


You can also use the show ipv6 interface g0/0 command to show and verify the detail parameter for an individual interface.


You can do the same for Router1. Observe that the IP address of serial interfaces of the both routers is in the same subnet.


You can also use show runing-config command to verify the configuration. 


To check end-to end configuration open the command prompt of all PCs in the topology and ping all PCs one by one for example 


PC0>ping  IPv6 address of PC1, PC2 or PC3


 


 

Posted by at No comments:
Labels: , , , , , , ,

Monday, 14 August 2017

EUI-64 Process and Randomly Generated IPv6 Addresses

When SLAAC or SLAAC with stateless RA message is received to a client, the Theiacouture.com/ client is required to generate its own Interface ID. The client gets the prefix portion of the IPv6 address from the RA message but the RA message not held the information about the interface ID for the client. There for the client must create its own Interface ID. The Interface ID can be created using the EUI-64 process (Derived from MAC address ) or a randomly generated 64-bit number.


EUI-64 Process


Extended Unique Identifier (EUI) or modified EUI-64 is the process defined by IEEE. This process uses a client’s 48-bit Ethernet MAC address and inserts an extra 16 bits in the middle of the 48-bit MAC address to create a 64-bit Interface ID. Ethernet MAC addresses are usually represented in hexadecimal and are made up of two parts:



  • Organizationally Unique Identifier (OUI)– An OUI is a 24-bit number that uniquely identifies a vendor or manufacturer of the device. They are purchased and assigned by the IEEE. The OUI is basically the first three octets of a MAC address.

  • Device Identifier– The device identifier is a unique 24-bit (6 hexadecimal digits) value within a common OUI. The last three octets of the MAC address is device identifier.


An EUI-64 Interface ID is represented in binary and is made up of three parts:



  • 24-bit OUI from the client MAC address, but the 7th bit is reversed. This means that if the 7th bit is a 1, it becomes a 0, and vice versa.

  • 24-bit Device Identifier from the client MAC address

  • The inserted 16-bit value FFFE (in hexadecimal) between OUI and Device Identifier.


Following is the EUI-64 process using MAC address of 45:70:fa:b5:f8:75




  • Get the mac address of the PC or device for example 45:70:fa:b5:f8:75

  • Insert ff:fe in the middle: 45:70:fa:ff:fe:b5:f8:75

  • Reorder to IPv6 notation 4570:faff:feb5:f875

  • Now it’s 4 hextet, convert the first octet from hexadecimal to binary: 45-> 01000101

  • Flip the 7th bit: 01010010 ->01010000 

  • convert octet back to hexadecimal: 01010000 ->50

  • Change first octet with newly calculated one: 5070:faff:feb5:f875

  • Insert the link-local prefix at the beginning : fe80::5074:f2ff:feb1:a87f


An easy way to identify that an address was more than likely created using EUI-64 is the FFFE located in the middle of the Interface ID. The benefit of EUI-64 is the Ethernet MAC address can be used to find out the Interface ID. The Network administrators can easily track an IPv6 address to an end-device using the unique MAC address. but, this also caused privacy among users, because their packets can be traced to the actual physical computer. So, a randomly generated Interface ID may be used in its place.


Randomly Generated Interface IDs


The device can use a randomly generated Interface ID instead of using the MAC address and the EUI-64 process, Depending on the operating system. For example,  Windows Vista uses a randomly generated Interface ID instead of one created with EUI-64. Windows XP and previous Windows operating systems used EUI-64. After the Interface ID is established, both through the EUI-64 process or through random generation, it can be combined with an IPv6 prefix in the RA message to create a global unicast address. To avoid IP address duplicate addressing the client can use DAD (duplicate address detection). This is similar to ARP request for its own address.

Posted by at No comments:
Labels: , , , , , ,

Saturday, 12 August 2017

Router Advertisement (RA) Messages

The RA message option 1, SLAAC is the default option for the router. The router interface can be  configured for three options:



  1. SLAAC – Which says I'm all you need (Prefix, Prefix-length, Default Gateway)"

  2. SLAAC and DHCPv6 stateless–My information are here but you also need to get other information like DNS addresses from a DHCPv6 server.

  3. DHCPv6 Only – I can’t give you any information. Send a request to DHCPv6 server for all your required information.


RA Option 1- SLAAC


The ICMPv6 RA message is a suggestion to a device on how to get an IPv6 global unicast address. The 



device operating system is final authority to get an IPv6 address.This message suggests that the receiving device use the information in the RA message to create its own IPv6 global unicast address. The DHCPv6 services are not required for SLAAC.


Basically, SLAAC is no central server required to allocate global unicast addresses. The SLAAC is not keeping a list of devices and their addresses. The client device uses the information in the RA message to create its own global unicast address. The host device sends a request for addressing information to the local router. The local router advertises its addressing information (Prefix, Prefix length and Default Gateway) through RA message towards host computer. The two parts of the address are created as follows:



  • Prefix– Received in the RA message

  • Interface ID– Uses the EUI-64 process or by generating a random 64-bit number


RA Option 2 - SLAAC and DHCPv6 stateless


The router’s interface can be configured to send a router advertisement using SLAAC and stateless DHCPv6. A stateless DHCPv6 server distributes DNS server addresses and domain names only. It does not allocate global unicast addresses.The RA Option 2 (SLAAC and Stateless DHCPv6) functions are here:



  • SLAAC to create its own IPv6 global unicast address, router’s link-local address and the RA’s source IPv6 address for the default gateway address.

  • A stateless DHCPv6 server to obtain other information like DNS server address and a domain name.


RA Option 3 - Stateful DHCPv6


Stateful DHCPv6 is work just like DHCP for IPv4 addresses. A device can get its addressing information including a global unicast address, prefix length, and the addresses of DNS servers automatically using the services of a stateful DHCPv6 server. This option suggests devices:



  • The link-local address of the router, the RA’s source IPv6 address for the default gateway address.

  • A stateful DHCPv6 server to obtain a global unicast address, DNS server address, domain name and all other information.


A stateful DHCPv6 server allocates and maintains a list of devices which receive IPv6 address.The default gateway address can only be obtained from the RA message. The stateless or stateful DHCPv6 server does not afford the default gateway address.

Posted by at No comments:
Labels: , , , , , , ,

Friday, 11 August 2017

Configuration of Global IPv6 Unicast Address

Static Configuration - Router


Most of the configuration commands in the Cisco routers are similar for both IPv4 and IPv6. The only difference is the use of ipv6 in place of IP within the commands. The command to configure an IPv6 global unicast address on any interface is “ipv6 address ipv6-address/prefix-length “


Example Configuration on Router fa0/0 and fa0/1 interfaces










Router>enable


Router#configure terminal


Router(config)interface fa/0/0


Router(config-if)#ipv6 address 2001:DB8A:AACA:A::1/64


Router(config-if)no shutdown


Router(config-if)exit


Router(config)interface fa/0/1


Router(config-if)#ipv6 address 2001:DB8A:AACA:B::1/64


Router(config-if)no shutdown


Router(config-if)exit


Router(config) do wr


Building configuration...


[OK]



Static Configuration- Host


Manual configuration of the IPv6 address is similar to configure an IPv4 address. As shown in Figure, the default gateway address configured for PC1 is 2001:DB8A:AACA:A::1. This is the global unicast address of the Router Fast Ethernet interface 0/0 on the same network. Link-local address of the router can also be configured as the gateway for the host. Both configurations will work.


configuration


Configuring static addresses on clients is best for a small network. For larger network dynamic assignment of IPv6 addresses is best practice.


There are two ways in which a device can get an IPv6 global unicast address automatically:



  • Stateless Address Auto Configuration (SLAAC)

  • Dynamic Host Configuration Protocol version 6 (DHCPv6)


Using DHCPv6 or SLAAC, the local router's link-local address will automatically be specified as the default gateway address for the host.


Dynamic Configuration - SLAAC


The SLAAC is a unique feature for IPv6 addresses. Stateless address configuration means that a device to obtain its prefix, prefix length, default gateway address, and other information from an IPv6 router without the use of a DHCPv6 server. All Cisco devices have the capability of the SLAAC. By default, SLAAC does not provide anything to the client outside of an IPv6 address and a default gateway. Using SLAAC, devices rely on the local router’s ICMPv6 Router Advertisement (RA) messages to obtain the necessary information.


IPv6 enabled routers to send out ICMPv6 RA messages after every 200 seconds, to all IPv6-enabled devices on the network. An RA message will also be sent in response to a host sending an ICMPv6 Router Solicitation (RS) message.


IPv6 routing is not enabled by default. To enable a router IPv6 following command will be used.









Router>enable


Router#configure terminal


Enter configuration commands, one per line. End with CNTL/Z.


Router(config)#ipv6 unicast-routing


Router(config)#



The ICMPv6 RA Message


The ICMPv6 RA message is a suggestion to a device on how to get an IPv6 global unicast address. The device operating system is final authority to get the IPv6 address. The ICMPv6 RA message consists of:



  • Network prefix and prefix length

  • Default gateway address

  • DNS addresses and domain name


There are three options for RA messages which used to get an IPv6 address automatically:


1. SLAAC


2. SLAAC with a stateless DHCPv6 server


3. DHCPv6 (no SLAAC)


All Three option will be discussed in next lesson.

Posted by at No comments:
Labels: , , , , , , , , , , ,

Sunday, 6 August 2017

Structure of Global IPv6 Addresses

Currently, Internet Assigned Numbers Authority (IANA) and The Internet Committee for Assigned Names and Numbers (ICANN) allocates IPv6 address blocks to the five RIRs. Only global unicast addresses with the first three bits of 001 or 2000::/3 are being assigned to various Internet address registries. This is only very small portion of available IPv6 addresses. A global unicast address has three parts which are illustrated in the figure below:-



  • Global routing prefix

  • Subnet ID

  • Interface ID


Global Routing Prefix


This is the network portion of the global IPv6 address, which is assigned by the provider, such as an ISP, to a customer or site. In general, RIRs assign a /48 global routing prefix to customers as shown in the above figure. This can use everyone from business networks to individual households.


global routing prefix


The figure shows the structure of a global unicast address using a /48 global routing prefix with 16-bit subnet ID. /48 prefixes are the most common global routing prefixes assigned. The range of global IPv6 prefix in the first hextet is 0010 0000 0000 (2000) to 0011 1111 1111 (3FFF).


Subnet ID


The Subnet ID is used by departments to recognize subnets within its site. The larger the subnet ID, the more subnets available.


Interface ID


This is the host portion of the IPv6 address like the host portion of an IPv4 address. The term Interface ID is used for the reason that a single host may have multiple interfaces, each having one or more IPv6 addresses. It is extremely recommended that in most cases /64 subnets should be used.


Example of IPv6 Address


2001:A01B:ACBA:0001:0000:0000:0000:0001/64


shown in the above IP address, in a /64 global unicast address the first four hextets are for the network portion of the address which is indicated in red, with the fourth hextets indicating the Subnet ID. The remaining four hextets are for the Interface ID.

Posted by at No comments:
Labels: , , ,

The IPv6 Unicast Addresses

We already learn about IPv4 unicast addresses. A unicast address is the most common form of an IP address and is assigned to one network interface.  An IPv6 unicast address uniquely identifies an interface on an IPv6-enabled device. This address used for one to one communication in a network. A packet sent to a unicast address is received by the interface that is assigned that address. Just like to IPv4, a source IPv6 address must be a unicast address. The destination IPv6 address can be both a unicast or a multicast address.


IPv6 unicast have five different unicast IPv6 address types: global unicast addresses (GUA), link-local addresses, site-local addresses, unique local IPv6 unicast addresses, and special addresses. The most common are global unicast and link-local unicast addresses. The figure below illustrates IPv6 Unicast addresses:-


Unicast addresses


IPv6 Global Unicast Addresses


A global unicast address is comparable to a public IPv4 address. These addresses are worldwide unique and routable across the whole Internet. Global unicast addresses can be configured statically or assigned dynamically.


Currently, Internet Assigned Numbers Authority (IANA) has assigned only 2000::/3 addresses to the global pool. Only 2001::/16 are assigned to various Internet address registries.A global IPv6 address consists of two parts:


Subnet ID – 64 bits long. Contains the site prefix (obtained from a Regional Internet Registry) and the subnet ID (subnets within the site)
interface ID – 64 bits long. typically composed of a part of the MAC address of the interface. The figure below illustrates the parts of the global IPv6 address.


Unicast addresses


The first three bits are set to 001. Therefore, the address prefix of a global IPv6 address is 2000::/3 because 0010000000000000 is 2000 in hexadecimal.


The next 45 bits are the global routing prefix. This is the part that is assigned to organizations. The next 16 bits are for the subnet ID, which a network administrator can use for hierarchical addressing in their network. The last 64 bits indicate the interface ID, which is the part of the IPv6 address that must be unique within a subnet.


IPv6 Link-local Addresses


Link-local addresses are used to communicate with other devices on the same local link. Link local address starting with FE (hexadecimal). With IPv6, the term link refers to a subnet. Link-local addresses cannot be routed to the public network and limited to the local network. The link-local addresses are auto configured similarly to IPv4 link-local (169.254.0.0/16) addresses. In IPv4 network, link-local addresses are assign because of some problem on the network but in IPv6 network, link-local addresses are configurable and can be used for communication within the local network.The address must be unique within the local link.These addresses never are routed over a public network.


IPv6 Link Local addresses are identified among IPv6 addresses by reserving the left most 64 bits as FE80 (hexadecimal). Binary of FE80 is 1111 1110 1000 0000, So first 16 bits are reserved for the prefix. The network of link-local is FE80 : : /64. IPv6 Link Local addresses are used by devices for communicating with other nodes on the same link. The scope of an IPv6 Link Local address is the local link. The figure below illustrates the link-local address bits distribution.


Unicast addresses


This link-local IPv6 is derived from the NIC’s mac address.A mac address is 48 bits, an IPv6 address is 128 bits. Here’s the conversion process step by step:



  • Get the mac address of the PC or device for example 45:70:fa:b5:f8:75

  • Insert ff:fe in the middle: 45:70:fa:ff:fe:b5:f8:75

  • Reorder to IPv6 notation 4570:faff:feb5:f875

  • Now it's 4 hextet, convert the first octet from hexadecimal to binary: 45-> 01000101

  • Flip the 7th bit: 01010010 ->01010000 

  • convert octet back to hexadecimal: 01010000 ->50

  • Change first octet with newly calculated one: 5070:faff:feb5:f875

  • Insert the link-local prefix at the beginning : fe80::5074:f2ff:feb1:a87f

  • You were done!


IPv6 Unique Local Addresses


The IPv6 unique local addresses have some similarities to IPv4 private addresses, but there are major differences. The Unique local addresses are used for local addressing inside of a site or between a limited number of sites. These addresses must not be routable in the global IPv6 and must not be translated to a global IPv6 address. The of unique local addresses are FC00::/7 to FDFF::/7. The address block is further divided into two /8 groups (fc00::/8 and fd00::/8).


The group fc00::/8 has not been defined yet. The group fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string. This results in the format fdxx:xxxx:xxxx:: for a prefix in this range offers a suggestion for generating the random identifier to obtain a minimum-quality result if the user does not have access to a good source of random numbers.


With IPv4, NAT (Network Address Translation) uses a pool of public addresses that are mapped one-to-one to the private addresses, using the port number together. PAT (Port Address Translation) uses a single public address and maps multiple private addresses to it using different port numbers. This is done for the reason that of the limited availability of IPv4 address space. Many sites use the private nature of RFC 1918 addresses to secure or hide their network from possible security risks. However, this was never the deliberate use of these technologies. Unique local addresses can be used for devices that will never need or have access from another network.


IPv6 Loopback Address


The loopback addresses both in IPv4 and IPv6 is an address which represents the same interface of a computer. Whenever we communicate to a loopback address the TCP/IP protocol stack will loop the packets back on the same interface, without even leaving the interface. The loopback addresses are typically for testing of network applications without having network configurations.


The IPv6 address reserved for loopback use is 0000:0000:0000:0000:0000:0000:0000:0001/128. The simplified and short form of this IP address is ::1/128.


IPv6 Unspecified Addresses


Unspecified address in IPv6 is the IPv6 address with all binary bits set to "0".  Unspecified address is used by an Operating System before an IPv6 address is configured on it. The IPv4 and IPv6 routers will not forward packets with the unspecified address. The unspecified IP address in IPv6 is 0000:0000:0000:0000:0000:0000:0000:0000/0. The simplified and short form of this address is ::/0.

Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)