IPv6 Configuration

In IPv4 there are public addresses, where in IPv6 there are global unicast addresses which can trasfer data quicker and are fully hierarchichal, fully routable and can be aggregated. In IPv4 there are also private IP adresses, where in IPv6 there are local addresses which are divided into link local addresses which is very narrow in scope, therefore local to a physical address and site local addresses which are wider in scope and is equivalent to the local address in IPv4, used to access local network but not the public network. Besides unicasts, there are also multicast addresses which starts with the prefix (FF00::/8). There is also anycasts addresses which are assigned to multiple interfaces, and an anycast packet is delivered to only ONE member, which is the closest member in an anycast group that shares the anycast address. The closest member is the first one that was learned by the router on a LAN, and the routing protocol metric on a WAN.

Site Level Aggregator in IPv6 is used to aggregate routes or subnetting in IPv4, but there are more routes in SLA then in IPv4 subnetting. It is 16 bits long and supports over 65.000 subnets.

Autoconfiguration in IPv6 is almost the same as DHCP configuration. There are 2 types of autoconfiguration which are stateless and stateful configuration. Stateful autoconfiguration is also known as DHCPv6 which has the same concepts as DHCP. The host will request an IP address to the server and obtain an information from it. With stateless autoconfiguration the (Duplicate Address Detection) DAD procedure will be executed where the host will configure its own link-local address using FE80:: followed by the MAC address of the host. After configuring its initial IPv6 configuration it will send an Neighbor Solicitation (NS) message to the multicast address FF02::1 (all host multicast address) to check out whether there is another host using the same address. If there is another host using that address (which is supposed not to happen, because each MAC address is unique) the other host will send an Neighbor Advertisement message and the host will disable its MAC address. If this does not happen, than the address is valid and it will send and Router Solicitation (RS) message to the all router multicast address which is FF02::2 to ask the router for other configuration such as the network prefix. The router will send an Router Advertisement to the host and the IPv6 address of the host is complete.

There are also routing protocols in IPv6 some of them are RIP for IPv6/RIPng (new generation), EIGRP for IPv6, ISIS for IPv6, OSPFv3, Multiprotocol BGP/MGBPv4. However, there is no IGRP is not covered in IPv6. To enable Cisco’s router IPv6 routing capabilities use the command config#ipv6 unicast-routing.

For OSPFv3, the process is enable per interfaceas opposed to global configuration in OSPFv2. To enable it on an interface use the command (config-if)#ipv6 ospf area . To create a router ID if there is none, use the command (config-router)#router-id . Other notes for OSPFv3 is that OSPFv3 NBMA configuration still needs neighbor statements and point-to-point and point-to-multipoint configurations do not elect DR and BDR such as in IPv4. OSPFv3 allows a link to be a part of multiple instances, whereas in IPv4 to only 1 instance. OSPFv3 headers are smaller because they have no authentication fields. The OSPF reserved address 224.0.0.5 in IPv6 is FF02::5 and 224.0.0.6 in IPv6 is FF02::6.

Basic configuration to create an adjecency on the routers using ospf is to configure the following on the adjacent routers:

(config)#ipv6 unicast-routing

(config)#ipv6 cef

(config)#ipv6 router ospf 1

(config-rtr)#router-id

(config)#int

(config-if)#ipv6 ospf area

To verify, the following commands can be used:

#show ipv6 ospf neighbor or #show ipv6 ospf neighbor detail

#show ipv6 ospf interface or #show ipv6 ospf interface

To clear/reset the configuration use the command #clear ipv6 ospf process

There are 3 known ways to migrate from IPv4 to IPv6 which are dual stack, 6-4 tunnel and NAT PT (Network Address Translation – Protocol Translation). With dual stack, an interface has 2 IP addresses which are IPv4 address and IPv6 address. With a 6-4 tunnel, an IPv6 packet is encapsulated to an IPv4 packet and sent through the IPv4 network. When it reaches the end, it will decapsulate the packet and sent through the IPv6 network again using the original IPv6 address. This is a scalable and easy solution, and the network will be torn down if the session ends.The edge routers will have a unique address which is 2002:IPv4 address of the router in hex ::/48 prefix. NAT PT work similar to original NAT, except that NAT PT routers translate IPv4 addresses to IPv6 addresses and in reverse.

To create a tunnel use the command:

(config)#int

(config-if)#ip address

(config-if)#int tunnel

(config-if)#ipv6 address 2002:HHHH:HHHH::/48

-- 13 April 2011 --

IPv6 header, IPv4 to IPv6 conversion, IPv6 addressing, zero compression & leading zero compression

Slowly but sure, there is a migration from IPv4 to IPv6 because of the shortage of IP address. There has been previous tricks being done to avoid this migration such as doing NAT and DHCP, but as the number of devices that needs IP addresses increases and to provide a more secure network, migration to IPv6 is necessary. The major difference in IPv4 and IPv6 is that IPv6 has more addresses available then IPv4. IPv4 uses 32 bits that is divided into 4x8bits. IPv6 uses 128 bits that is divided into 8x16bits hexadecimal. An example of IPv4 is 123.145.167.189 where an example of IPv4 is 1234:5678:9ABC:DEF0:1234:5678:9ABC:DEF0. IPv6 has several important uses such as Mobile IP, which is usually found on GPS, that allows devices to move without losing its connectivity and IPSec which is a protocol suite to secure IP communications.

IPv4 and IPv6 have different header fields (bits) with the comparison as below:

IPv4 (160 bits) = Version(4), IHL(4), Type of Service(8), Total Length(16), Identification(16), Flags(4), Fragment Offset(12), Time to Live(8), Protocol(8), Header Checksum(16), Source Address(32) and Destination Address(32).

IPv6 (320 bits)=Version(4), Traffic Class(8), Flow Label(20), Payload Length(16), Next Header(8), Hop Limit(8), Source Address(128), Destination Address(128)

In total, 3 fields are still the same (Version, Source Address and Destination Address), 5 fields removed from IPv4 to IPv6 (IHL, Identification, Flags, Fragment Offset, Header Checksum), 1 new field in IPv6 (Flow Label) and 4 fields has modified names but almost the same function (Type of Service = Traffic Class, Total Length = Payload Length, Protocol = Next Header, TTL = Hop Limit)

IPv4 uses a range from 0-255 decimal from binary octets, whereas IPv6 has a range of 0000-FFFF hexadecimal. To convert IPv4 compatible adresses, each 2 hexadecimal numbers in IPv6 represent an octet in IPv4. The formula for converting IPv6 into IPv4 is (first digit*16)+second digit. To convert back from IPv4 to IPv6 divide the IPv4 number by 16 (first digit) and the remaining value as the second digit.

For example:

IPv4 to IPv6: 123.145.167.189 = (7*16)+11 - (9*16)+1 - (10*16)+7 - (11*16)+13 = 7B91:A7BD

IPv6 to IPv4 : 65AB:4F23 = (6*16)+5 - (10*16)+11 - (4*16)+15 - (2*16)+3 = 101.171.79.35

IPv6 has 128 bits which are considered very long. There are 2 methods to shorten IPv6 address which are leading zero compression and zero compression. In leading zero compression, all zeros leading in a field can be omitted, but if there are 4 hexadecimal zeros on the field, one zero must be still left. In zero compression, several fields that has only zeros, can be joined together with the symbol :: However, zero compression can only be applied ONCE in an IPv6 address, whereas leading zero compression can be implemented multiple times.

For example:

12AB:0000:0000:0000:0012:023F:0000:FAF8 can be written as below:

Using leading zero compression ==> 12AB:0:0:0:12:0:FAF8

Using zero compression ==> 12AB::12:0:FAF8

There are several addresses with the following initial bits to remember which are:

001 (starting with 0010 hex = 2 decimal or 0011 hex = 3 decimal) = global address

1111 1111 (FF00::/8 hex) = multicast (in IPv4 = 224.0.0.0 – 239.255.255.255)

1111 1110 1 (FEXX) = private address

1111 1110 1100 (FEC0) = site local

1111 1110 1000 (FE80) = link local

::x.x.x.x = IPv4 compatible address

0:0:0:0:0:0:0:1 or ::1 = loopback address (in IPv4 = 127.0.0.1)

0:0:0:0:0:0:0:0 or ::/128 = unspecified address

::/0 = default route

-- 13 April 2011 --

ISIS part 3

ISIS knows 2 types of addresses which are NSAP (Network Service Access Point) address and NET (Network Entity Title) address. The NSAP address is the layer 2 (network layer) address for CLNS packets. The majority of routers have only 1 NSAP address. The NET address is the address of the host router and has the same fields as NSAP address. The difference is that NET address has the network selector bit set to 0.

The NSAP/NET address has 3 major segments which are: areaID.systemID.NSEL.

The area ID is used to route between the areas (L2 routing), and contains 2 or more digits. The area ID must be the same for every router in the same area. This address contains of AFI (Authentication and Format ID) to identify the assigning authority, IDI (Inter-Domain ID) to identify the domain, and High Order DSP to identify sub domain/area. Routers will check the area ID upon arriving packets and determines whether the area ID is the same. If it is the same, then it does an L1 routing. If the area ID is different, it will send the packet to an L1/L2 router where it will send the packet to another area.

The system ID is used to route routers or hosts in an area (L1 routing), and contains exactly 12 digits. Every L2 router must have a unique system ID in the entire domain, while every L1 router must have a unique system ID in the entire area.

The NSEL (Network Selector) field is used to do the routing within the ES (on a router it is marked by 0x00), and contains 2 digits. If the NSEL is set to 00, then it is the NET address instead of NSAP address.

A basic router setup using ISIS is as below:

(config)#int

(config-if)#ip router isis

(config)# router isis

(config-router)#net AA.BBBB.BBBB.BBBB.BBBB.CC (A=Area ID, B=System ID, C=NSEL).

IP router isis has to be set on every interface in the ISIS process. If a new router comes to the area, the new router interface to the existing neighbor router has to configure the router isis and net A.B.C command. In the meanwhile, on the neighbor router the router isis command needs to be applied to the interface connected to the new router.

-- 1 March 2011 --

ISIS part 2

ISIS router has 2 network types which are broadcasts (LAN and Multipoint WAN) and point-to-point (everything else). If the router configuration is point-to-point, the adjacency will be formed and the routers will send a complete sequence number package, which contain the routers link-state database and can therefore synchronize with the other. If the routers are in a broadcast network, the network will elect a DIS (Designated Intermediate System) to send the latest configuration to the other routers. The DIS is elected to the router with the highest ISIS interface priority (default = 64). If the interface priorities are the same, the highest SNPA (Sub network Point of Attachment) will determine the DIS. The SNPA is the highest MAC address if it is a LAN configuration, and the highest DLCI number in a Frame Relay configuration. A DIS does not sync with all other routers. Therefore, a pseudonode (a virtual router) is created by the DIS. In this way, all routers forms an adjacency with the pseudonode, including the DIS. The DIS can detect problems quickly because it sends hello packets every 3.3 seconds, whereas CSNP sends hello packets every 10 seconds.

ISIS has 4 types of PDU which are Hello, LSP, CSNP and PSNP packets.

Hello packets consists of 3 different packets:

1. - ESH (End System Hello) which is sent by an ES (host) to an IS (router)

2. - ISH (Intermediate System Hello) which is sent by IS and listened by ES.

3. - IIH (IS-IS Hello) which is send from an IS to another IS to form and adjeceny.

The router is able to send multiple hello packets at the same time (ISH and IIH).

LSP (Link State Packets) is used to build a link-state database sent from adjacent routers, which are necessary to build a routing table together with the SPF algorithm. There are 2 types of LSP which are the L1 LSP and L2 LSP.

CSNP (Complete Sequence Number PDU) contains a complete list of LSP, sent to adjacent routers to update and sync the adjacent router. This list is sent by the DIS every 10 seconds.

PSNP (Partial Sequence Number PDU) is used to request LSP and to acknowledge if an LSP has been received.

-- 1 March 2011 --

ISIS part 1

IS-IS (Intermediate System to Intermediate System) is one of the routing protocols using the SPF/Dijkstra algorithm. ISIS has an AD of 115 and has a default metric of 10. ISIS itself is originally designed to work at layer 2 (network layer) using CLNS (Connectionless Network Service), while its layer 3 routing protocol uses CLNP (Connectionless Network Protocol). There are some key terminologies in ISIS protocol. The protocol is divided into logical entities (domain and area) and physical bodies (end system –ES = host, and intermediate system-IS = router).

There are 3 types of ISIS routers:

1. L1 (Level 1) router which is placed in a single area. This router has only a database of the neighboring L1 routers. An L1 router can only connect to another L1 router in the same area. If this router wants to connect to an L1 router in another area, is has to through a L1/L2 router as its default gateway.

2. L2 (Level 2) router which is placed into border areas. This router can be used to route between different areas. L2 routers has only a database of the neighboring L2 routers and therefore can connect to only L2 routers in different border areas. If it wants to go to a L1 router, it has to connect to a L1/L2 router.

3. L1/L2 router is a router that can act as a L1 router (intra area) and L2 router (inter area). Therefore, this router has 2 databases, each for L1 routes and L2 routes. The L1/L2 router together with the L2 router makes sending data possible to other areas. The L1/L2 router can connect to another L1/L2 area in any area, to L2 router in any area, and to L1 router in the same area.

The L1 router acts as an access router, where the backbone routers consist of L1 /L2 routers, L2 routers or a combination of both. L1 has different hello packets than that of L2, and maintains adjacency with its neighboring L1 router only. The only possible way for an L1 router to communicate with an L2 router is through the L1/L2 routers (gateway). Changing the levels is possible, and can be done on the interface (locally) or on the router (globally).

To configure this on the interface use the command:

(config)#interface

(config-if)#isis circuit-type

To configure this on the router use the command:

(config)#router isis

(config-router)#is-type

To see the levels on the neighboring routers use the (config)#show clns neighbor command.

ISIS can do route summarization. The routes can be shown using the #show ip route isis command. This route summarization needs to be configured on the border router (L1/L2 or L2 router), else the summarization will not work. If there are multiple routes from an isis area to another isis area (load balancing), both of the border routers needs to have the same summary routes, else all the traffic goes to the non-summarized router.

-- 1 March 2011 --