IPv6: Transitioning from IPv4 to IPv6

The theory is that when you begin to migrate your IPv4 network towards IPv6, you start at the edge of the network and work your way towards the core. This requires thought on how we will have IPv4 and IPv6 working with each other side by side.

To achieve this, we have 2 approaches with 3 overall methods.

  1. Translating
  2. Encapsulating
  • Dual Stack
  • 6-to-4 Tunnel
  • NAT-PT

Dual Stack

A host runs dual stack when it runs both IPv4 and IPv6. Dual stack helps meet the migration challenge we face when end users want to keep using their favorite IPv4-based apps while the network moves forward to IPv6-based apps.

6-to-4 Tunnel

Cisco documentation states that setting up a 6-to-4 tunnel is very simple on the host ends of the tunnel. A 6-to-4 tunnel is also automatic, is torn down when the session ends and is a scalable solution.

6-to-4 tunnelling is accomplished by taking an IPv6 packet and encapsulating it into an IPv4 packet (protocol type 41) for transport across the IPv4 section of the network, then de-encapsulating it when the remote edge router is ready to route it across the IPv6 network. The IPv6 networks shown in this method are sometimes referred to as IPv6 islands.

6-to-4 tunnels also have a reserved IPv6 address prefix for edge routers. These prefixes begin with 2002 and are followed by the router’s IPv4 address expressed in hex. These prefixes carry a /48 prefix, such as 2002:1234:83cd::/48.

Hex Example of IPv4 to Hex Conversion

The IPv4 address of the interface involved in the tunneling is vital in determining the correct IPv6 address for the tunnel. Let’s say the IPv4 address of one of the routers is 220.200.18.42. We know the address for the corresponding tunnel interface begins with 2002, to complete the rest we break down each octet into hex:

  • 220 = 13 units of 16, 12 units of 1 = hex value is DC
  • 200 = 12 units of 16, 8 units of 1 = hex value is C8
  • 18 = 1 unit of 16, 2 units of 1 = hex value is 12
  • 42 = 2 units of 16, 10 units of 1 = hex value is 2A

The IPv6 address for the tunnel interface is 2002:DCC8:122A::/48.

NAT-PT

NAT-Protocol Translation works much the same as normal NAT.  If you have IPv6 hosts that need to intercommunicate with IPv4 hosts on another segment, NAT-PT may be the perfect solution.

NAT routers translate private IPv4 addresses to public IPv4 addresses, and back again; NAT-PT routers translate IPv6 addresses to IPv4 addresses, and back again.

IPV6: OSPFv3

A Sample OSPFv3 Configuration

Before we begin the configuration, we need to enable IPv6 packet forwarding with ipv6 unicast-routing, the IPv6 version of Cisco Express Forwarding (CEF) with ipv6 cef, and the OSPF v3 process with ipv6 router ospf.

R1(config)#ipv6 unicast-routing
R1(config)#ipv6 cef
R1(config)#ipv6 router ospf 1
R1(config-rtr)#
R2(config)#ipv6 unicast-routing
R2(config)#ipv6 cef
R2(config)#ipv6 router ospf 1
R2(config-rtr)#

If you don’t have any IPv4 addresses configured on the router, you must configure an OSPF RID with the router-id command.

R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 1.1.1.1
R2(config)#ipv6 router ospf 1
R2(config-rtr)#router-id 2.2.2.2

OSPF v3 interfaces are placed into areas at the interface level.

R1(config-rtr)#int fast 0/1
R1(config-if)#ipv6 ospf 1 ?
area Set the OSPF area ID
R1(config-if)#ipv6 ospf 1 area 0
R2(config-rtr)#int fast 0/1
R2(config-if)#ipv6 ospf 1 area 0

OSPFv3 commands are very similar to OSPFv2:

R2(config-if)#ipv6 ospf ?
<1-65535> Process ID
authentication Enable authentication
cost Interface cost
database-filter Filter OSPF LSA during synchronization and flooding
dead-interval Interval after which a neighbor is declared dead
demand-circuit OSPF demand circuit
flood-reduction OSPF Flood Reduction
hello-interval Time between HELLO packets
mtu-ignore Ignores the MTU in DBD packets
neighbor OSPF neighbor
network Network type
priority Router priority
retransmit-interval Time between retransmitting lost link state advertisements
transmit-delay Link state transmit delay

Debug OSPFv3 Adjacency

*Mar 4 16:13:48.623: %OSPFv3-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/1 from LOADING to FULL, Loading Done

Verify OSPF v3 adjacencies with show ipv6 ospf neighbor

R2#show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
1.1.1.1 1 FULL/BDR 00:00:30 10 FastEthernet0/1

To see more details about the neighbor, run show ipv6 ospf neighbor detail. The output is just a little different than OSPF v2.

R2#show ipv6 ospf neighbor detail
Neighbor 1.1.1.1
In the area 0 via interface FastEthernet0/1
Neighbor: interface-id 10, link-local address FE80::20A:41FF:FE64:31C2
Neighbor priority is 1, State is FULL, 6 state changes
DR is 2.2.2.2 BDR is 1.1.1.1
Options is 0x84EFB26D
Dead timer due in 00:00:34
Neighbor is up for 00:06:52
Index 1/1/1, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

show ipv6 ospf interface and show ipv6 ospf database. The first command shows the link-local address of both the local router and the BDR (R1). The second command indicates the use of OSPF v3 in the output almost immediately.

R2#show ipv6 ospf interface fast 0/1
FastEthernet0/1 is up, line protocol is up
Link Local Address FE80::20F:F7FF:FE69:8D21, Interface ID 5
Area 0, Process ID 1, Instance ID 0, Router ID 2.2.2.2
Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 2.2.2.2, local address FE80::20F:F7FF:FE69:8D21
Backup Designated router (ID) 1.1.1.1, local address
FE80::20A:41FF:FE64:31C2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Index 1/1/1, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 4
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
R2#show ipv6 ospf database
OSPFv3 Router with ID (2.2.2.2) (Process ID 1)
Router Link States (Area 0)
ADV Router Age Seq# Fragment ID Link count Bits
1.1.1.1 415 0x80000003 0 1 None
2.2.2.2 408 0x80000003 0 1 None

The IPv6 equivalent of OSPF IPv4’s show ip ospf is show ipv6 ospf. This command also indicates the use of OSPF v3.

R2#show ipv6 ospf
Routing Process "ospfv3 1" with ID 2.2.2.2
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
SPF algorithm executed 3 times
Number of LSA 6. Checksum Sum 0x0293F7
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

Here are some general IPv6 commands and their output you should be familiar with:

R2#show ipv6 route
IPv6 Routing Table - 5 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O 4DDE:EEEE:1::/64 [110/1]
via ::, FastEthernet0/1
C 5DDE:EEEE:1::/64 [0/0]
via ::, FastEthernet0/1
L 5DDE:EEEE:1::1/128 [0/0]
via ::, FastEthernet0/1
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R2#show ipv6 interface
FastEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::20F:F7FF:FE69:8D21
Global unicast address(es):
5DDE:EEEE:1::1, subnet is 5DDE:EEEE:1::/64
R2#show ipv6 interface brief
FastEthernet0/0 [administratively down/down]
unassigned
Serial0/0 [administratively down/down]
unassigned
FastEthernet0/1 [up/up]
FE80::20F:F7FF:FE69:8D21
5DDE:EEEE:1::1
Serial0/1 [administratively down/down]

IPv6: IPv6 Routing + OSPF v3

IPv6 Routing

To go along with the new address types, we have new variations of:

  • RIP for IPv6 – the actual name is RIPng (new generation)
  • EIGRP for IPv6
  • ISIS for IPv6
  • OSPF v3 (Version 3, defined in RFC 2740.)
  • Static routes are still available with IPv6
  • Multiprotocol BGP V4 (MPBGPVer4 or simply MPBGP)

We need to enable a Cisco router’s IPv6 routing capabilities with ipv6 unicast-routing.

R1(config)#ipv6 unicast-routing

OSPF for IPv6 (OSPF v3)

During an IPv4 to IPv6 migration, you may run OSPF v2 and OSPF v3 side by side.

In IPv6, you’re not going to start an OSPF configuration with router ospf. One major difference between v2 and v3 is that v2 is enabled in router config mode and v3 is enabled on a per-interface basis.

This will automatically create a routing process.

R1(config-if)#ipv6 ospf 1 area 0

OSPF v3 is going to use the exact same set of rules to determine the local router’s RID – and v3 is going to use an IPv4 address as the RID

OSPFv2 and V3 differences

  • The basic operational theory of v3 is very similar to that of v2. The Hello packet is still around, as are the LSAs and LSAcks.
  • Stub, total stub, and NSSAs are still around, and the Area 0 rule still exists (as do virtual links).
  • The general rules for neighbor discovery and adjacencies are the same.
  • v3 NBMA configurations require neighbor statements, just like v2.
  • One major difference between the two is that v3 allows a link to be part of multiple OSPF instances, where v2 would allow a link to be part of only one.
  • v3 point-to-point and point-to-multipoint configurations do not elect DRs and BDRs, just like v2.
  • v3 headers are smaller than v2, since v3 headers have no authentication fields.
  • The v2 reserved address 224.0.0.5 is represented in v3 by FF02::5.
  • The v2 reserved address 224.0.0.6 is represented in v3 by FF02::6.
  • We can still use the area range command, and IPv6 does make summarisation more effective – but when you use the area range command in v3, the OSPF cost of that summary is simply the highest of the individual route costs.

IPv6: Autoconfiguration Process

IPv6 The Autoconfiguration Process

IPv4 provides us with DHCP, the equivalent in IPv6 is simply called ‘autoconfiguration’ and we have 2 different flavours: ‘stateful‘ and ‘stateless

Stateful autoconfiguration is used when the host obtains an IPv6 address and other information from a server. Much like normal IPv4 DHCP, only this is called DHCPv6.

With Stateless autoconfiguration, there’s no such dependency, and the entire process starts with the IPv6 host configuring its own link-local address.

An IPv6 address is 128 bits, and here’s where they come from in this instance:

  • The first 64 bits of this self-generated address will be 1111 1110 10 (FE80) followed by 54 zeroes. = 64
  • The last 64 bits are the interface identifier. (We already know about this from a previous post)

The address is tentative at this point. It’s been successfully calculated, but now we must make sure that no other host is using the same address. That’s a remote possibility, but still a possibility, and that’s where DAD comes in – the Duplicate Address Detection feature.

DAD Process

  1. The host will send a Neighbor Solicitation (NS) message to see if any other host on the link is using that same link-local address.
  2. If another host on the link is using that address, that host will respond with a Neighbor Advertisement (NA). When the host that sent the NS receives the NA, it will disable its link-local address.
  3. If no response to the NS is received, the local host is satisfied that it has a unique link-local address.

To complete the addressing process..

The host will send a Router Solicitation (RS) onto the segment. The destination for the RS will be FF02::2, the “all-routers” multicast address.

The host requires more information, therefore a RS is sent, however routers generally send these Router Advertisements (RA) periodically without an express request from a host, but even though the host would only have to wait 10 seconds or so, polling the router now with an RS does speed up the overall process.

Router Advertisement

  • Flags indicating whether the host should use DHCP for addressing information.
  • If DHCP is in use, the RA tells the host where the DHCP server is.
  • If not, the RA contains the prefix and prefix lifetime information.

If DHCP is not in use, the router attaches the network prefix to the host’s link-local address, which results in the host’s full IPv6 address complete with network prefix.

IPv6: IPv4 vs IPv6 Visual Comparison

Thought this were great for a visual comparison of the 2: (Click to enlarge)

750px-Ipv4_address.svg

760px-Ipv6_address_leading_zeros.svg

IPv6 Address representation

  • The 128 bits of an IPv6 address are represented in 8 groups of 16 bits each.
  • Each group is written as 4 hexadecimal digits and the groups are separated by colons (:). The address 2001:0db8:0000:0000:0000:ff00:0042:8329 is an example of this representation.

Each ‘octet’ being 4 Hexadecimal values, on the binary scale this being 4 bits:

0 0 0 0

IPv6 address

IPv6: Address Types

To recap on IPv4 address types:

  • Unicast – represents a single host
  • Multicast – represents a group of hosts
  • Broadcasts – represents all hosts

IPv6 Address Types:

  • Unicast – one to one
  • Multicast – one to group
  • Anycast – one to more than one! (More to follow)

Aggregateable Global Unicast Address

  • Or otherwise known as ‘Global Unicast Address‘ 🙂
  • This address is equivalent to the public IPv4 address classes.
  • These addresses are fully routable and can be used for Internet access.
  • The word “aggregateable” refers to the ability to aggregate, or summarize, these addresses to make routing more efficient.
  • The range of IPv6 global unicast addresses is 2000::/3 (any address that begins with 001).

Link Local Address

  • An address that is kept on the local link.
  • Prefix of  Fe80::/10 followed by the interface identifier from the previous post.

More to follow!

Site Local Address (NO LONGER A PART OF IPv6)

These addresses were originally designed to be the equivalent of an IPv4 RFC 1918 private IP address.

Identifying IPv6 Addressing

  • 001 – Global address
  • 1111 1111 – Multicast (FF)
  • 1111 1110 10 – Link Local (FE80)
  • ::x.x.x.x or 0:0:0:0:0:0:x.x.x.x – IPv4-compatible address (Any IPv6 address with the first 96 bits set to zero is an IPv4-compatible address.)

Reserved IPv6 Addresses

IPv4 has the Loopback IP address of 127.0.0.1, the IPv6 equivalent is:

  • IP v6 Loopback: 0000:0000:0000:0000:0000:0000:0000:0001
  • Using Leading Zero Compression Only: 0:0:0:0:0:0:0:1
  • Combining Leading Zero and Zero Compression: ::1

Unspecified IPv6 Address

  • IPv6 Unspecified Address: 0000:0000:0000:0000:0000:0000:0000:0000
  • Using Zero Compression: 0:0:0:0:0:0:0:0, or just ::/128
  • Since the unspecified address is ::/128, it follows that the default route for IPv6 is ::/0

IPv6 to IPv4 Conversion Example

IPv6 Address To Convert: ::D190:4E71

The double-colon is zero compression in action, so now we need to convert the lower 32 bits into decimal.

  • Hex D1 = Decimal 209 (D = 13, 13 * 16 = 280 + how many 1s go into 1? 1! = 209. Hex revision? ;))
  • Hex 90 = Decimal 144
  • Hex 4E = Decimal 78
  • Hex 71 = Decimal 113

The IPv4 address that was embedded into the IPv6 address is 209.144.78.113.

Multicasts

  • IPv4 multicast addresses are Class D addresses with a first octet value of 224 – 239.
  • Any address that begins with “1111 1111”, or “FF” in hex, is a multicast address — the full prefix being FF00::/8.

Local Link Only Notable Addresses

  • FF02::1 — All nodes on the local link
  • FF02::2 — All routers “”
  • FF02::9 — All RIP routers “”
  • FF02::A — All EIGRP routers “”
  • FF02::1:FFzz:zzzz/104 — Solicited-node address. These are used in Neighbor Solicitation messages – more about these very soon. The “z”s are the rightmost 24 bits of the unicast/address of the node.

Anycasts

  • This is a combination of a unicast and multicast.
  • An anycast address is a unicast address assigned to multiple interfaces.
  • A sender transmits an anycast packet in the same manner it would a unicast packet and when the router receives the anycast packet, the router then sends that packet to the closest device with that anycast address.

How IPv6 defines what is ‘closest’?

  • It’s the first learned directly connected neighbor – if there are directly connected neighbors.
  • If that’s not the case, it’s simply the closest neighbor as determined by the routing protocol metric.

More to follow..

IPv6: Introduction & Zero Compression Technique

Why IPv6?

  • IPv4 exhaustion
  • IPv6 addressed are 128-bits in size, offering a hugh amount of addresses. (IPv4 being 32-bits)
  • IPv6 doesn’t use broadcasts
  • NAT will be a thing of the past. NAT is also a hinderance to progression.
  • IPv6 was designed with route aggregation/summarisation in mind.
  • IPv6 offers greater security capabilities
  • DHCP is still available, but IPv6 nodes can assign themselves an address without the help of a DHCP server via autoconfiguration.
  • QoS capabilities with IPv6 are far greater, due to many more values within the IPv6 header.

IPv6 + IPv4 Headers

93_ipv6_fig1_lg

There are eight header fields in IPv6:

  1. version – This is set to “6” in IPv6.
  2. traffic class – In IPv4, this was the Type Of Service (TOS) field. The “traffic class” name comes from this field’s ability to allow us to assign levels of importance to a packet via QoS.
  3. flow label – No equivalent in IPv4, this field allows a packet to be labeled as part of a particular flow. This also helps with QoS, allowing us to prioritize traffic flows rather than individual packets.
  4. payload length – IPv4’s equivalent is the Total Length field
  5. hop limit – Roughly equivalent to IPv4’s Time To Live (TTL) field. Every hop decrements this counter by one, and when that counter hits zero — the “time to live” becomes the time to be discarded.
  6. next header – Equivalent to IPv4’s Protocol field
  7. source address, destination address – they’re now 128 bits.

There are some IPv4 fields that are not represented in IPv6:

  • Header Length
  • Identification
  • Flags
  • Fragment Offset
  • Header Checksum

Bye bye! 😦

The IPv6 Address Format

  • Typical IPv4 address: 129.14.12.200
  • Typical IPv6 address: 1029:9183:81AE:0000:0000:0AC1:2143:019B

With IPv6, our non-compressed address has eight sections of four hex values, separated by a total of seven colons.

Zero Compression And Leading Zero Compression

If you have consecutive fields of zeroes, they can be expressed with two colons.

The key rule: you can only do this zero compression once in an IPv6 address.

Example:

Original format: 1234:1234:0000:0000:0000:0000:3456:3434

Using zero compression: 1234:1234::3456:3434

Leading zeroes in any 16-bit field can be dropped, but each block you do this with must have at least one number remaining. If the block is all zeroes, you have to leave one zero. This is leading zero compression.

Example:

Original format:

1234:0000:1234:0000:1234:0000:0123:1234

With leading zero compression:

1234:0:1234:0:1234:0:123:1234

Recap..

Zero compression: Allowed only once per address.

Leading zero compression: Perform as often as you like in an address.

Identifying An Interface In IPv6

Every interface on a given IPv6 link has to have a unique identifier, and once again the name is the recipe with these interface identifiers.

This value will always be 64 bits in length, and in the case of an Ethernet interface, the identifier is dynamically created from the MAC address of the interface.

The 48-bit MAC address.

To make this up to 64-bits, we need to add something..

The hex value “FFFE” is inserted directly in the middle of the MAC address, right between the OUI and the vendor code.

(In the MAC address 00-01-02aa-bb-cc, the OUI is 00-01-02 and the vendor code is aa-bb-cc.)

Example with unique identifier: 00-01-02-FF-FE-aa-bb-cc.

The Universal/Local Bit.

The seventh bit in the 1st octet defines wether this address is universally unique or locally unique. (to this link). The assumption is that a MAC address is universally unique in the world, therefore the bit is turned on resulting in 00000010. Binary to decimal this ends up being a 2, therefore the MAC address becomes:

02-01-02-FF-FE-AA-BB-CC

  • Universal Unique = seventh bit set to 1
  • Local Unique = seventh bit set to 0

The G Bit/The Group Bit

This is the eighth bit in the 1st octet which defines wether this is a unicast or multicast based address.

  • Unicast being an individual with the eighth bit set to 0
  • Multicast being a group with the eighth bit set to 1