Juniper Ipv6

  • Published on
    09-Mar-2015

  • View
    368

  • Download
    2

Embed Size (px)

Transcript

<p>Junos Intermediate Routing</p> <p>Appendix A: IPv6</p> <p> 2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Worldwide Education Services</p> <p>Chapter Objectives After successfully completing this appendix, you will be able to:Describe some differences between IPv4 and IPv6 List IPv6 address types and describe the IPv6 addressing format Enable an interface for IPv6 operation Configure and monitor routing for IPv6 environments Tunnel IPv6 traffic over an IPv4 network</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Agenda: IPv6Introduction to IPv6 Routing Protocol Configuration Examples Tunneling IPv6 over IPv4</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>What Is IPv6? Next Generation Protocol:Defined by the IETF Defined as RFC 2460 Intended to replace IPv4</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>IPv4 Versus IPv6IPv432-bit (4-byte) address supports 4,294,967,296 addresses NAT can be used to extend address space limitations Administrators must use DHCP or static configuration to assign IP addresses to hosts IPsec support is optional Options are integrated into the base header</p> <p>IPv6128-bit (16-byte) address supports 2128 (about 3.41038) addresses Does not support NAT by design Hosts use stateless address autoconfiguration to assign an IP address to themselves IPsec support is necessary Improved support for options using extension headers and overall simplification of the header formatWorldwide Education Serviceswww.juniper.net | A-</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>IPv6 Structure The IPv6 header has the following improvements:Fixed length of 40 bytes Simple, more efficient processing Extension headers handle additional options Several IPv4 fields have been removed: Header length, identification, flags, fragment offset, and header checksum</p> <p>Version (4)</p> <p>Traffic (8) Class</p> <p>Flow Label (20) Hop Limit (8)40 bytes</p> <p>Payload Length (16)</p> <p>Next Header (8) Source Address (128)</p> <p>Destination Address (128) 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>IPv4 Header Versus IPv6 HeaderIPv4 HeaderVersion IHL TOS Total Length Flags Fragment Offset Identification Time to Live Protocol</p> <p>IPv6 HeaderVersion Traffic Class Flow Label Next Header Hop Limit</p> <p>Payload Length</p> <p>Header Checksum</p> <p>Source Address Destination Address</p> <p>Source Address Destination Address Options Padding</p> <p>KeyFields the same in IPv4 and IPv6 Fields removed in IPv6 Name and position changed in IPv6 New field in IPv6</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>IPv6 Extension Headers Simple packet headers provide faster processingIPv6 deals with IP options using extension headers</p> <p> IPv6 defines six extension headers:Hop-by-hop options header Routing header Fragment header Destination options header Authentication header Encrypted security payload header</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>IPv6 Addressing Extending address space is a major reason for IPv6IPv4 address exhaustion is predicted to occur in the near future 128-bit (16-byte) address supports 2128 (about 3.41038) addresses 295 addresses for each person on Earth 252 addresses for each observable star in the known universe</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>IPv6 Address Types Address types:Unicast: Unique address that identifies an IPv6 node Multicast: Group of IPv6 interfaces Anycast: Assigned to multiple interfaces on multiple nodes</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Address Notation Each IPv6 address has 128 bitsEight 16-bit hexadecimal blocks separated by colons Use abbreviations to simplify the notation You can omit leading zeros Double colon can replace consecutive zeros, leading zeros, or trailing zeros, but can not be used twice in an address 2bfc:0000:0000:0000:0217:cbff:fe8c:5c85 2bfc:0:0:0:217:cbff:fe8c:5c85 2bfc::217:cbff:fe8c:5c85Leading zeros omitted Double colon</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Prex Notation Prefix identifies the subnetDefined in RFC 4291 Similar to IPv4 in text presentation: IPv6 address/prefix length</p> <p>IPv6 Address 2bfc:0000:0000:0000:0217:cbff:fe8c:5c85/6416 bits 16 bits 16 bits 16 bits</p> <p>64-bit prefix</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Address Allocation Organizations and end users get an address allocation from their ISPYou must follow a few rules, as defined in RFC 3177Subscriber Home network subscribers, connecting through on-demand or always-on connections Small and large enterprises Very large subscribers Mobile networks, such as vehicles or mobile phones with an additional network interface A single PC, with no additional need to subnet, dialing-up from a hotel room 48-bit prefix 48-bit prefix 47-bit, or multiple 48-bit prefixes 64-bit prefix, which allows multiple connections through a single prefix 128-bit address can be assigned as part of a 64-bit prefixwww.juniper.net | A-</p> <p>Prefix</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>Special Addresses The prefix 0000 0000 is reserved for special addressingUnspecified address: Also called the all-zeros address 0:0:0:0:0:0:0:0, or ::</p> <p>Loopback address: Commonly used for testing the IP stack on the localhost 0:0:0:0:0:0:0:1, or ::1</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Address Scope IPv6 addresses have scope, which identifies the application suitable for the addressUnicast and multicast addresses support scoping Scope can be local or global</p> <p>InternetAddresses with local scope are used within the same routing domain. Addresses with global scope are used between routing domains.</p> <p>Company ABC</p> <p>Company XYZ</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Link-Local Unicast Addresses Link-local unicast addresses:Use a common prefix on all subnets (FE80:0:0:0::/64) Are guaranteed to be unique only on a single link Are generated by the interface</p> <p>1111111010</p> <p>0000..0000</p> <p>Interface ID</p> <p>Prefix (10 bits)</p> <p>Zero (54 bits)</p> <p>Interface Identifier (64 bits)</p> <p>R1fe80::226:88ff:fe02:7481 ge-0/0/1.0 2010 Juniper Networks, Inc. All rights reserved.</p> <p>fe80::226:88ff:fe02:7482 ge-0/0/2.0Worldwide Education Serviceswww.juniper.net | A-</p> <p>Site-Local Unicast Addresses Site-local unicast addresses:Are not guaranteed to be unique on the Internet Are similar to IPv4 RFC 1918 private addresses Use a common prefix in all organizations (FEC0:0:0::/48)1111111011 Subnet ID Interface ID</p> <p>Prefix (10 bits)</p> <p>Subnet ID (54 bits) Company ABC</p> <p>Interface Identifier (64 bits)</p> <p>R1::1 ge-0/0/1.0 FEC0:0:0:2003::/64 ::2 ge-0/0/1.0</p> <p>R2</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Global Unicast Addresses Global unicast addresses are globally unique and are used to connect to and route through the InternetSimilar to IPv4 public addressesPublic TopologyFP (3 bits) Global Routing Prefix (45 bits)</p> <p>Site TopologySID (16 bits)</p> <p>Interface IdentifierInterface ID (64 bits)</p> <p>Internet</p> <p>Company ABC 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Company XYZ Worldwide Education Serviceswww.juniper.net | A-</p> <p>Interface ID Interface IDUniquely identifies a host on a subnet Is 64 bits long Is based on IEEE EUI-64 address Is a permutation of the interface MAC address (if available)</p> <p>Interface IdentifierFP (3 bits) Global Routing Prefix (45 bits) SID (16 bits) Interface ID (64 bits)</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Stateless Autoconguration (1 of 2) Allows local hosts to autoconfigure IPv6 addressesEliminates the need for stateful configuration elements, such as DHCP Elements of stateless autoconfiguration: Extended unique identifier Router advertisement message Router solicitation message Prefix list</p> <p> Neighbor discovery:The process of tracking reachability status for neighbors in a local link Specified in RFC 2461</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Stateless Autoconguration (2 of 2) Address autoconfiguration1 Link-Local Address: Autoconfigured Global Addresses Fe80::1234:abff:fecd:5678 2bfc::1234:abff:fecd:5678 3afc::1234:abff:fecd:5678 2caf::1234:abff:fecd:5678 2 RS 3 RA 1 Link-Local Address: Autoconfigured Global Addresses Fe80::9876:dcff:feba:5432 2bfc::9876:dcff:feba:5432 3afc::9876:dcff:feba:5432 2caf::9876:dcff:feba:5432 RS RA 4 Host A MAC Address: 1234.abcd.5678 Host B MAC Address: 9876.dcba.5432 Router</p> <p>Trust</p> <p>Untrust</p> <p>5</p> <p>A</p> <p>B</p> <p>5</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Stateful Autoconguration Allows DHCP to configure address assignmentAlso known as stateful DHCPv6 in RFC 3315 Possible reasons for DHCPv6: You require a specific IPv6 addressing scheme You require dynamic assignment of DNS servers You require dynamic updates to DNS servers You do not wish to have the MAC address as part of the IPv6 address</p> <p>DHCPv6 and DHCPv4 are independent and require separate configurations</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Interface Conguration ExampleUse family inet6 for IPv6 operations[edit interfaces] user@R1# show ge-0/0/1 { unit 0 { family inet6 { address fec0:0:0:2003::1/64; } } } [edit interfaces] user@R2# show ge-0/0/1 { unit 0 { family inet6 { address fec0:0:0:2003::2/64; } } }</p> <p>Site-local addresses</p> <p>Company ABCR1::1 ge-0/0/1.0 FEC0:0:0:2003::/64 ::2 ge-0/0/1.0</p> <p>R2</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Interface Verication Example Use the show interface terse command to verify interface status and basic detailsuser@R1&gt; show interfaces terse ge-0/0/1 Interface Admin Link Proto ge-0/0/1 up up ge-0/0/1.0 up up inet6 Local Remote fe80::226:88ff:fe02:7481/64 fec0:0:0:2003::1/64</p> <p>Each interface has automatically determined its own link-local address</p> <p>user@R2&gt; show interfaces terse ge-0/0/1 Interface Admin Link Proto ge-0/0/1 up up ge-0/0/1.0 up up inet6</p> <p>Local</p> <p>Remote</p> <p>fe80::226:88ff:fe02:6b81/64 fec0:0:0:2003::2/64</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Displaying IPv6 Routing Information Use the show route table inet6 command to view IPv6 routing informationuser@R1&gt; show route table inet6 inet6.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both fe80::/64 *[Direct/0] 00:59:12 &gt; via ge-0/0/1.0 fe80::226:88ff:fe02:7481/128 *[Local/0] 00:59:12 Local via ge-0/0/1.0 fec0:0:0:2003::/64 *[Direct/0] 00:59:12 &gt; via ge-0/0/1.0 fec0:0:0:2003::1/128 *[Local/0] 00:59:12 Local via ge-0/0/1.0</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Displaying the IPv6 Neighbor List Use the ping command followed by the show ipv6 neighbors command to learn then display neighborsuser@R1&gt; show ipv6 neighbors user@R1&gt; ping fec0:0:0:2003::2 PING6(56=40+8+8 bytes) fec0:0:0:2003::1 --&gt; fec0:0:0:2003::2 16 bytes from fec0:0:0:2003::2, icmp_seq=0 hlim=64 time=19.912 ms 16 bytes from fec0:0:0:2003::2, icmp_seq=1 hlim=64 time=18.091 ms 16 bytes from fec0:0:0:2003::2, icmp_seq=2 hlim=64 time=1.828 ms 16 bytes from fec0:0:0:2003::2, icmp_seq=3 hlim=64 time=2.324 ms ^C --- fec0:0:0:2003::2 ping6 statistics --4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/std-dev = 1.828/10.539/19.912/8.489 ms user@R1&gt; show ipv6 neighbors IPv6 Address Linklayer Address fe80::226:88ff:fe02:6b81 00:26:88:02:6b:81 fec0:0:0:2003::2 00:26:88:02:6b:81 State stale stale Exp Rtr Secure Interface 1187 yes no ge-0/0/1.0 747 yes no ge-0/0/1.0</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>IPv6 Multicast Address Identifier for a set of interfaces that typically belongs to different nodesAll members of the multicast group process an incoming multicast packet More efficient than broadcast Three types of multicast addresses: Solicited-node multicast addresses for Neighbor Solicitation messages All-nodes multicast address for Router Advertisement messages All-routers multicast address for Router Solicitation messages</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>IPv6 Anycast Address Identifier for a set of interfaces, typically belonging to separate nodesDefined in RFC 2526 Packet travels to just one of the interfaces identified in the group Routing protocol typically determines the closest interface</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Agenda: IPv6 Introduction to IPv6 Routing Protocol Configuration Examples Tunneling IPv6 over IPv4</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Static Route Conguration Example Sample IPv6 static route configuration:[edit routing-options] user@R1# show rib inet6.0 { static { route 0::/0 { next-hop FEC0:0:0:2003::2; preference 250; } } }</p> <p>IPv6 default static route</p> <p>Company ABCR1::1 ge-0/0/1.0 FEC0:0:0:2003::/64 ::2 ge-0/0/1.0</p> <p>R2 Internet</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>Displaying the Static Routes Use the show route table inet6.0 protocol static command to view static routesuser@R1&gt; show route table inet6.0 protocol static inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both ::/0 *[Static/5] 00:00:24 &gt; to fec0:0:0:2003::2 via ge-0/0/1.0</p> <p>Company ABCR1::1 ge-0/0/1.0 FEC0:0:0:2003::/64 ::2 ge-0/0/1.0</p> <p>R2 Internet</p> <p> 2010 Juniper Networks, Inc. All rights reserved.</p> <p>Worldwide Education Services</p> <p>www.juniper.net | A-</p> <p>OSPFv3 Conguration Example Sample OSPFv3 single-area configurationOSPFv3 continues to use a 32-bit RID[edit] user@R1# show routing-options router-id router-id 192.168.100.1; [edit] user@R1# show protocols ospf3 area 0.0.0.0 { interface ge-0/0/1.0; } [edit] user@R2# show routing-options router-id router-id 192.168.100.2...</p>