Académique Documents
Professionnel Documents
Culture Documents
! Understand IPv4 exhaustion and its implications ! Identify IPv6 addresses ! Create an IPv6 addressing plan ! Congure and verify IPv6 on a LAN
www.afrinic.net | slide 2
Module Assumptions !
Fundamentals of IPv6 !
! Fundamental concepts of TCP/IPv4 ! Building basic IPv4 networks. ! Using the command line interface for common routing
www.afrinic.net | slide 3
Module deliverables !
Fundamentals of IPv6 !
Implications of exhaustion
Describe differences between IPv4 and IPv6 Key protocols Basic configuration
www.afrinic.net | slide 4
Understanding!IPv4!Exhaustion!Implications !
After this section, you should be able to: ! Describe the world situation with respect to v4 addresses ! Describe the implications of IPv4 exhaustion
www.afrinic.net | slide 6!
www.afrinic.net | slide 7!
Source: www.ipv4depletion.com
www.afrinic.net | slide 8!
www.afrinic.net | slide 9!
Exhaustion Consequence: demand for IPv4 addresses may increase its price !
behind in IPv4-land !! Cost of connecting to the rest of the world increases !! We miss any market opportunities v6 adoption presents "! Scenario #2: A rush for Africas pool by other regions !! African networks deprived of critical v4 needed to facilitate transition to v6 !! We are forced to deploy greeneld IPv6 (good) !! Use of NAT increases (bad)
www.afrinic.net | slide 13!
IPv6!Addressing!Basics !
After this section, you should be able to:
! Work comfortably with IPv6s hexadecimal notation ! Identify, write and shorten IPv6 addresses
What is IPv6? !
Understanding IPv6 Addressing !
!! 128 bits long (296 times the total IPv4 address space) !! Runs on the same physical infrastructure !! The same applications can also run on IPv6 !! Incompatible with IPv4!
"! The only sustainable answer to IPv4 exhaustion
!! Enables continued growth of the Internet !! Restores end-to-end model !! Enables the Internet of Things
www.afrinic.net | slide 15
"! The 8 groups of hexits are separated by colons "! Addresses are conventionally written in lower case
www.afrinic.net | slide 16
Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
www.afrinic.net | slide 17
IPv6 pre"xes !
Understanding IPv6 Addressing !
"! IPv6 is all CIDR i.e. no subnet masks "! A prex is written as:
aaaa:bbbb:cccc:dddd:eeee:ffff/prex length "! Prex length is a decimal in the range [0 , 128] "! Examples of prex notation: !! 2001:db8::/32 --- a prex assigned to an organisation !! 2001:db8:1ce:c001::/64 --- a prex assigned to a LAN !! 2001:db8:1ce:c001::a/64 ---an address out of a /64 prex
www.afrinic.net | slide 18
A leading zero is that which comes immediately after a colon Each group must still contain at least one hexit ! Zero-compression: substitute two or more consecutive groups of zeroes with one double colon (::) !! This should only be done once to avoid ambiguity !! If more than substitution is possible, make that which replaces the most groups !! In case of two equal possible substitutions, make the leftmost one.
www.afrinic.net | slide 19!
!! !!
Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
www.afrinic.net | slide 20
Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
www.afrinic.net | slide 21
Jeff L. Carrell, Implementing IPv6 , the Nuts and Bolts about It, 2011
www.afrinic.net | slide 22
IPv6!Address!Types !
After this section, you should be able to:
! Identify different types of IPv6 addresses ! Describe the structure and scopes these addresses
Unicast addresses ! Identifies and interface of an IPv6 node ! Can be used as source and destination of a packet ! An interface can have multiple valid IPv6 addresses Multicast addresses ! Identifies a group of IPv6 addresses ! Can only be used as the destination of a transmission ! An interface can belong to multiple multicast addresses Anycast addresses ! Same address on multiple nodes ! Packet to anycast address is delivered only to nearest one ! Packets are never sourced from an anycast address
www.afrinic.net | slide 24!
Link Layer!
fe80::/10 These scopes do not apply to multicast addresses and the unspecified address
www.afrinic.net | slide 25
3 bits
16 bits
64 bits InterfaceID
001
SubnetID
IANA>>LIR>>ISP
"! Fixed high order bits of 001 => prex of 2000::/3 "! Example: 2001:db8:dead:beef:c001:babe:0000:aaaf
www.afrinic.net | slide 26
54 bits 0
64 bits InterfaceID
1111 1110 10
"! First 10 bits are 1111 1110 10 thus prex fe80::/10 "! Scope is link local thus not forwarded off-link by routers "! One per interface is always automatically congured when IPv6 is enabled "! Used for
!! !! !! !!
Automatic address conguration Default gateway on hosts Routing protocol updates Neighbor discovery
www.afrinic.net | slide 27
Fe 0/1
Fe 0/0
M2 fe80::212:6bff:fe17:fc0f
M1 fe80::245:bcff:fe47:1530
If you ping fe80::212:6bff:fe54:f99a (N1), what egress interface will router R use? see solution next slide
www.afrinic.net | slide 28
!! Provides the extra routing information required !! Automatically assigned by the operating system !! Only locally signicant !! [Windows] ping fe80::245:bcff:fe47:1530%11 !! [Linux] ping6 fe80::245:bcff:fe47:1530%eth0
www.afrinic.net | slide 29
"! A full link-local address is written as : address%zoneID "! Examples of some full link-local addresses with zoneIDs:
"! Windows Host X: fe80::1ce:c01d:dead:babe%7 "! Windows Host Y: fe80::dead:beef:1ce:c01d%10 "! Ping from X -> Y is accomplished thus
!! Use the link local address of Host Y !! Append the ZoneID of Host X on the same broadcast domain !! ping fe80::dead:beef:1ce:c01d%7 [correct] !! ping : fe80::dead:beef:1ce:c01d%11 [wrong]
www.afrinic.net | slide 30
40 bits Global ID
16 bits
64 bits InterfaceID
SubnetID
1111 110L
"! Private address space anyone can use without going to an ISP or
RIRs "! Prex fc00::/7 and L ag indicates whether the prex is locally assigned (1) or globally assigned (0) !! For L=1, we have fd00::/8 for ULAs that anyone can assign. !! For L=0, we have fc00::/8 for ULAs that are centrally assigned. "! Scope is global but they are usually ltered by e-BGP routers
www.afrinic.net | slide 31
40 bits Global ID
16 bits
64 bits InterfaceID
SubnetID
1111 110L
1.! Get the current time on the day in 64bit NTP format. 2.! Get the EUI-64 identier from the MAC address or other unique
identier. 3.! Concatenate (1) and (2) 4.! Compute the SHA-1 digest of (3) 5.! Use the least signicant 40 bits of (4) as your globalID
www.afrinic.net | slide 32
64 bits InterfaceID
SubnetID
w.x.y.z
"! IPv4-derrived address used in the 6to4 transition mechanism "! WWXX:YYZZ is the hex form of public v4 address w.x.y.z "! Each public IPv4 address gives an entire /48 IPv6 prex
www.afrinic.net | slide 33
!! The EUI-64 algorithm. !! A pseudo-random number. !! A public key (e.g. in the CGAs)
"! Reserved interfaceIDs (RFC 5433)
www.afrinic.net | slide 35
!! The EUI-64 interfaceID is xed !! It is re-used with the prex of any network encountered !! The prex says what network a user is on !! The MAC address can be inferred from the interfaceID
80 bits 0
16 bits
ffff
"! An IPv4 address represented in IPv6 format "! Form: ::ffff:w.x.y.z/96 where w.x.y.z is a normal IPv4 address. "! Internally represents a v4 node to a v6 node "! Never used as a source or destination v6 address
www.afrinic.net | slide 37
64 bits Prefix
32 bits 0000:5efe
"! An IPv6 address formed from an private IPv4 address "! Automatically generated and assigned to ISATAP tunnels "! Form: 64bitPrex:0:5efe:a.b.c.d
Multicast addresses !
Understanding IPv6 Addressing !
8 bits 4 bits 4 bits
112 bits
Scope Flags
GroupID
1111 1111
"! Used as the destination of multicast communication "! Start with bits 1111 1111 which is prex: ff00::/8 "! Bits 8 16 specify further characteristics of the address
www.afrinic.net | slide 39
Description Reserved (must be set to 0) Rendezvous Point address is embedded (1) or not (0) Address is based on a unicast prefix (1) or not (0) Address is well-known (0) or dynamically assigned (1)
www.afrinic.net | slide 40
Hex 0x1 0x2 0x4 0x5 0x8 0xe Interface Link Administrative Site Organisation Global
Scope
Unassigned or Reserved
www.afrinic.net | slide 41
FF02::1:FFXX:XXXX 2=Link
www.afrinic.net | slide 42
"! Multicast address for all nodes with the same IPv6 address "! Constructed as follows:
!! Prex FF02::1:FF00:/104 !! Last 24 bits of the IPv6 unicast address !! See examples next slide
www.afrinic.net | slide 43
http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/ http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:80/
pathnames "! The solution: !! Replace all colons in the address with a dash !! Replace any % in the zoneID with an s !! Append .ipv6-literal.net to the address
"! Example: 2001:db8:85a3:8d3:1319:8a2e:370:7348
2001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net
"! Example: fe80::1%4
fe80--1s4.ipv6-literal.net
www.afrinic.net | slide 46!
Structure (16 bit boundaries) GlobalID fe80 fc00 fd00 0 0 0 <IPv4 Addr.> SubnetID <64bit v6 Prex> 0 0001 0 0 SubnetID SubnetID SubnetID InterfaceID InterfaceID InterfaceID InterfaceID ffff <IPv4 Addr.>
www.afrinic.net | slide 48
IPv6!from!an!IPv4!Perspective !
After this section, you should be able to:
! Describe the IPv6 header, noting differences from the v4 header ! Identify the IPv6 equivalents and functioning of key IPv4 protocols
www.afrinic.net | slide 50
"! Fixed header size of 40 bytes (320 bits) "! Fragmentation not allowed by routers, only end hosts "! Minimum supported MTU is 1280 bytes "! Optional layer 3 information is put in extension headers
www.afrinic.net | slide 51
"! Serve similar functionality to IPv4 Options headers "! Processed only at packet's destination, except for Hop-
by-Hop Options header "! Only appear once in a packet, except for the Destination Options header which appears twice "! A node discards the packet with a Parameter Problem message in the following circumstances "!It sees an un-recognized extension header "!A Next Header value 0 appears in a header other than the xed header
www.afrinic.net | slide 52
Courtesy: cisco.com
Courtesy: cisco.com
Version
Version
Source Address
Source Address
www.afrinic.net | slide 56
www.afrinic.net | slide 57
IPv4 header fields removed from the base IPv6 header !! Fragmentation fields [Identification, flags, fragment offset] !! Options IPv4 header fields eliminated in IPv6 !! Header checksum !! Header length Revised fields !! TTL # Hop count !! Protocol # Next header !! Precedence and ToS fields # Traffic class New fields !! Flow label
www.afrinic.net | slide 58
IPv4
IPv6
Network Access Layer !! Ethernet and variants !! Ethernet and variants !! PPP for serial links !! PPP for serial links !! ATM !! ATM !! DHCP Host auto-configuration !! DHCPv6 !! Stateless Address configuration
Network to Link-layer Address Resolution !! ARP broadcasts !! NDP via ICMPv6 (NS, NA)
www.afrinic.net | slide 59
IPv6 FQDN to IP-address resolution !! DNS client-server !! DNS client-server !! A resource records !! AAAA resource records !! In-addr-arpa. reverse zone !! ip6.arpa reverse zone !! IGMPv1 !! IGMPv2 Host multicast group membership !! MLDv1
IPv4
Automatic default gateway configuration !! DHCP, IRDP, passive RIP !! NDP via ICMPv6 (RA)
www.afrinic.net | slide 60
Minimum MTU size !! 576 bytes !! 1280 bytes Sending packets to all hosts on subnet !! Broadcast to subnet Multicast to ALL_NODES (ff02::1) broadcast
www.afrinic.net | slide 61
!! AAAA records for IPv6 to FQDN mapping !! PTR records under ip6.arpa. TLD for FQDN to IP
mapping "! DNS is transport-protocol agnostic i.e. !! A query over IPv4 could yield AAAA records !! A query over IPv6 could yield A records
www.afrinic.net | slide 62
IP Address to FQDN
[PTR record] [PTR record] 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.6.0.0.0 77.0.1.197.in-addr.arpa .0.0.0.0.7.4.0.1.0.0.2.ip6.arpa IN PTR PTR voyager.stareet.org voyager.stareet.org
www.afrinic.net | slide 63
! Write the IPv6 address in full reverse ! Separate each hexit by a period ! Append the ip6.arpa domain "! Example with sipcalc
www.afrinic.net | slide 64
www.afrinic.net | slide 65
The!Key!IPv6!Functionality!Protocols !
After this section, you should be able to:
! Describe the importance and functioning of IPv6 ND ! Describe how ND is used in other key functions of IPv6
depends "! Used by both hosts and routers "! Consists of a set of ICMPv6 messages "! Works at network layer, thus can use IPsec "! Different message exchanges deliver various functionalities
www.afrinic.net | slide 67
Pre"x discovery!
Redirect
ND
Router Advertisement
www.afrinic.net | slide 69
Router Solicitation
www.afrinic.net | slide 70
Sent by IPv6 host Purpose Find out what routers are present on the link! !!IP of querying interface if one exist Src address !!Unspecied address (::) if there is no IP address yet Dst address FF02::2 (all-routers) Notes ICMP type 133, ICMP code 0
www.afrinic.net | slide 71
www.afrinic.net | slide 72
Sent by IPv6 router !!Advertise its presence prexes, MTU, hop limits Purpose !!Sent periodically or in response to a RS Src address Routers link local IPv6 address !!FF02::1 (all-v6-nodes) for periodic broadcasts Dst address !!v6 address of querying node if responding to a RS Notes ICMP type 134, ICMP code 0
www.afrinic.net | slide 73
www.afrinic.net | slide 74
www.afrinic.net | slide 75
www.afrinic.net | slide 76
Sent by IPv6 host !!Find out link layer address of another host. Purpose !!Duplicate address detection. !!Verify that a neighbour is reachable. !!IP of querying interface if one exist Src address !!Unspecied address (::) if there is no IP address yet Dst address !!Target neighbours address if known !!Solicited node multicast address of target otherwise!
Sent by IPv6 host !!Response to a neighbour solicitation (NS) Purpose !!Periodically to update neighbors. !!Manual or auto congured address of originating Src address interface. Dst address !!IP address of the node which sent the NA. !!FF02::1 for periodic advertisements.!
www.afrinic.net | slide 79
www.afrinic.net | slide 80
Sent by IPv6 router Purpose Informs a node of a better next-hop router. Src Link local address of router. address Dst IP address of requesting node.! address Notes ICMP type 137, ICMP code 0
www.afrinic.net | slide 81
1 src: :: 2 NA
NS
IP: 2001:db8::2:260:8ff:fe53:f9d8
www.afrinic.net | slide 82
"! DAD is performed on ALL unicast addresses "! DAD is NEVER performed for anycast addresses "! If DAD fails
!! That address cannot be assigned to the interface. !! All addresses using that InterfaceID are also not unique !! A system management error must be logged
www.afrinic.net | slide 83
!! ff02::1 -- All IPv6 nodes !! ff02::ff00:0:a solicited node multicast address for A
! N1 sends NS message to ff02::ff:0:a sourced from :: ! N1 listens for any NS messages to ff02::ff00:0:a from :: ! DAD fails under any of the following circumstances !! N1 receives an NS for a tentative address prior to sending one. !! More NSs are received than those expected based on loopback semantics
www.afrinic.net | slide 84
www.afrinic.net | slide 85
NS
src: IPv6 address [N1] dst: Solicited node multicast [N2] data: Link layer address [N1] query: "what's your link layer address?"
NA
src: IPv6 address [N2] dst: IPv6 address [N1] data: Link layer address [N2]
N2
www.afrinic.net | slide 86
neighbour could be a router (not the nal destination) "! How it works: !! Send a probe to desired hosts solicited node multicast address and receiving a NA or RA in response !! Receive a clue from higher level protocol that to say communication is happening e.g TCP ACK
www.afrinic.net | slide 87
www.afrinic.net | slide 88
Basic!IPv6!Configuration !
After this section, you should be able to:
! ! ! ! ! Congure and verify IPv6 on Windows operating systems Congure and verify IPv6 on Linux operating systems Congure and verify IPv6 on the MAC OS X operating system Congure and verify IPv6 on Cisco IOS Congure and verify IPv6 on Junos
Operating system Windows Mac OS X GNU Linux FreeBSD Cisco IOS Junos
IPv6 supported Windows XP Service Pack 2 and up 10.4 (Tiger) and up Kernel 2.6 and up FreeBSD 4.0 and up IOS 12.4; 12.3; 12.xT from 12.2T and up Junos 5.1 and up
www.afrinic.net | slide 91
www.afrinic.net | slide 92
www.afrinic.net | slide 93
!! Windows Vista/7 Enabled by default !! Mac OS X Not enabled by default !! Linux - not enabled by default
Windows Vista/7
c:\netsh interface ipv6 set privacy state=enabled|disabled c:\netsh interface ipv6 set global randomizeidentiers=enabled|disabled
Mac OS X
In /etc/sysctl.conf net.inet6.ip6.use_tempaddr=0|1 net.inet6.ip6.temppltime=XX //lifetime of temporary address
Linux
#echo "1" > /proc/sys/net/ipv6/conf/default/use_tempaddr
www.afrinic.net | slide 95
www.afrinic.net | slide 96
www.afrinic.net | slide 97
Address!Provisioning!in!IPv6 !
After this section, you should be able to: ! ! ! ! Describe the options for provisioning addresses in IPv6 Describe, and verify how SLAAC works Describe and verify how DHCPv6 works Describe how DHCPv6-PD works
Provision requirements !
IPv6 Address Provisioning !
Device! Hosts! IPv6 address! Default gateway! DNS server! CPEs! IPv6 address! Default gateway! DNS server! Prefix for LAN(s)!
learn.afrinic.net | slide 99!
Automatic IP Con"guration !
IPv6 Address Provisioning !
"! The Problem with Traditional DHCP
It's a link-layer protocol and thus can't be routed without use of relays on every subnet. !! Network and server staff are usually different thus close coordination is needed (plus usual OSI Layer 8 issues!!) !! Difcult to implement redundancy. !! Susceptible to rogue DHCP servers. !! If the lease database is corrupted, addresses can be given to multiple machines. "! Because there are no broadcasts in IPv6, traditional DHCP wont work. "! The options in IPv6 are: !! Stateless Auto-Conguration - new to IPv6 !! Stateful Auto-Conguration - DHCPv6
www.afrinic.net | slide 100
!!
Automatic IP Con"guration !
IPv6 Address Provisioning !
Typical conguration parameters For client WAN address Required by clients and CPEs Required by clients and CPEs Required by CPEs to automate LAN-side conguration
!! IPv6 address for the hosts interface !! Default routers !! DNS resolvers & other options
!! IPv6 address for CPE WAN interface !! Default route to be used by client network !! Prex to be use for CPE LAN interface(s)
SLAAC does not hand out DNS server addresses DHCPv6 does not hand out default router address CPEs need auto-delegated prex for simplicity "! Options: Stateful & stateless DHCPv6 and SLAAC+RDNSS
Stateful DHCP IPv6 Address Default routers DNS resolver Delegated prefix DHCPv6 RA DHCPv6 DHCPv6-PD Stateless DHCP RA RA DHCPv6 DHCPv6-PD SLAAC+RDNSS RA RA RA N/A
!! !! !!
R1
2
[RA] 2001:db8:a::
N2
1
[RS] RA?
M2
3
[RA] 2001:db8:d::
address for each of the advertises prexes 2001:db8:a::/64 and 2001:db8:d/64. "! Hosts will also auto-congure 2 default routers
R2 Network X
allocated prexes for the subnet and indicates if it can provide routing services to connected hosts. ! For each prex received, the host adds its 64bit interfaceID congures an address and does DAD. ! Host build a list of 'default routers' from RAs. There's no single default gateway like in IPv4.
www.afrinic.net | slide 105
Appropriate IPv6 addresses on their interfaces. Desired prexes for use on the subnet. Someday: List of DNS servers to send to hosts [RFC6106] "! If the router advertise multiple prexes, the host(s) will autocongure an address for each of the prexes. "! If multiple routers advertise themselves as default, host typically chooses and uses one till it fails, then it uses other.
!! !! !!
"! No separate servers or relays needed on each subnet "! No need to involve server admins with management of IP "! "! "! "!
addresses Easy to provide redundancy by plugging in more routers since they don't keep state No risk of duplicate addresses even after a router fails Rogue routers less likely and if they do occur, their prex will just be in addition to the correct prexes Enables network re-numbering on the y
R1
2
[RA] 2001:db8:a::
N2
1
[RS] RA?
M2
3
[RA] 2001:db8:d::
R2 Network X
"! Central server can keep state of who has what address "! A host will use DHCPv6 instead of SLAAC if it gets an RA
message with the M ag = ON and A ag=OFF "! Multicast addresses used by DHCPv6 !! All_DHCP_Relay_Agents_and_Servers (FF02::1:2) !! All_DHCP_Servers (FF05::1:3) "! DHCP Messages: !! Clients listen on UDP port 546 !! Servers and relay agents listen on UDP port 547 "! Currently does not support a default gateway option!!
www.afrinic.net | slide 109
10
11
12
Stateful DHCPv6 !
Advantages: a)! Similar to DHCPv4, so will be familiar to most operators. b)! More options to control how addresses are allocated e.g. !! Restrict assignments to a small range of addresses !! Map IP addresses to specic clients. c)! Dynamic DNS (DDNS) updates from a central server is more secure than permitting individual host to update the DNS. d)! It has options to congure other services. e)! Can produce centralized accounting logs (troubleshooting and forensics). Disadvantages: a)! No DHCPv6 clients yet on some operating systems e.g, Android. b)! Conguration information for addresses and DNS resolvers must be maintained in separate locations.
www.afrinic.net | slide 111
Stateless DHCPv6 !
IPv6 Address Provisioning !
Client Router DHCP Server
[DHCP] Solicit Options e.g DNS server [DHCP-RELAY] Advertise DNS server address
Stateless DHCPv6 !
Advantages: !! Support for SLAAC is ubiquitous. !! Non-DHCPv6 hosts will still be able to get basic connectivity. (the DNS resolvers can be manually congured ) !! Like stateful DHCPv6, other options possible (e.g NTP etc) Disadvantages: !! Zero control over how addresses are allocated !! If using DDNS, permitting DDNS updates from all clients is insecure. !! Privacy concerns if EUI-64 method is used for interfaceID !! No centralized log for forensics
www.afrinic.net | slide 113
SLAAC + RDNSS !
IPv6 Address Provisioning !
"! SLAAC plus the Recursive DNS server option "! Advantages:
!! Single protocol (IPv6 ND) thus simpler conguration !! Support for SLAAC is ubiquitous !! RDNSS option not widely supported !! No other parameters besides DNS resolver are possible
www.afrinic.net | slide 114
"! Disadvantages:
DHCPv6 - PD !
IPv6 Address Provisioning !
CPE
1
DHCP Server
PE
Provision CPE WAN address
"! Used to assign a delegated prex to CPE to use on its LAN. "! The PE inserts a static route for the delegated prex in its table
www.afrinic.net | slide 115
IPv6!Address!Planning !
After this section, you should be able to: ! ! ! ! Subnet an IPv6 prex Describe how IPv6 addresses are globally managed Estimate the IPv6 addressing needs of your network Carve out your allocated addresses and assign them
IPv6 subnetting !
Parent prefix
Sub-prefix #1
Sub-prefix #2
Sub-prefix #3
Sub-prefix #n
IPv6 subnetting !
IPv4: conserve address space IPv6: planning and optimization for routing or security ! VLSM vs SLSM theres no point to do VLSM in IPv6 ! Subnets vs hosts number of hosts is rarely relevant in v6
!! !!
IPv6 subnetting !
Enumerate subnetIDs!
s = L L1 Ex: breaking a /32 to /56s needs 56-32=24 bits b)! Only the number of desired subnets is known
logN 2 ! N thus s = log2
s
!! Knowing number of subnet bits s !! Knowing that 1 hexit = 4 bits, then !! Number of subnet hexits = s/4 (round up)
"! Ex: Breaking 2001:db8:c000::/36 to 900 subnets
!! s = log 900 log 2 = 9.81 10 !! # subnet hexits = 10/4 = 2.5 3 !! Each of the subnets will be like: 2001:db8:cHHH::/46
www.afrinic.net | slide 123
B = 216!(L'%16) "! Ex: Breaking 2001:db8:c000::/36 to 900 subnets !! s = 3 (calculated in previous slides) !! L = L + s = 36 + 10 = 46 !! Format 2001:db8:cHHH::/46 (calculated previously) 16!(46%16) 16!14 2 =2 = 2 = 4 (0x4) !! B = 2
progression with following characteristics !! Common difference d = block B !! Initial term = 000 "!Any term of the progression is an = a0 + (n ! 1)d
"!Substituting for d = B and initial term = 000 "!The nth term is: an = (n ! 1)B
www.afrinic.net | slide 125
!! s = 3 (calculated in previous slides) !! L = L + s = 36 + 10 = 46 !! Format 2001:db8:cHHH::/46 (calculated previously) !! B = 4 (0x4) - as previously calculated !! [Decimal]: a1= 4(1-1) = 0 (0x0) !! First subnet: 2001:db8:000::/46 !! [Decimal]: a1024 = 4(1024-1) = 4(1023) = 4092 (0xFFC) !! [Hex]: a400= 4(400-1) = 4(3ff) = FFC !! Last subnet: 2001:db8:ffc::/46
www.afrinic.net | slide 126
IPv6 subnetting !
An ISP with operations in 10 cities just got a 2001:db8:: / 32 allocation from AfriNIC, subnet this prex accordingly
s=
!! Well need to use 4 bits !! Those 4 bits give us 24 = 16 subnets (weve 6 spare subnets) !! Prex length of each subnet is /36 (32 + 4 = 36) !! e.g. sipcalc 2001:db8::/32 v6split=36
www.afrinic.net | slide 128
"! Use the procedure discussed to enumerate the various subnets "! Verify your answer using subnet tools
12 ! w ! 24
y ! x ! 32 y ! x ! 32 yy !! xx !! 32 32 yy !! xx !! 32 32
y ! x ! 32
xx !! yy !! [48 || 52 || 56 || 60] [48 52 56 60] xx !! yy !! [48 | 52 | 56 || 60] [48 | 52 | 56 60] x ! y ! [48 | 52 | 56 | 60] x ! y ! [48 | 52 | 56 | 60]
x ! y ! [48 | 52 | 56 | 60]
[48 || 52 || 56 || 60] !! zz !! 64 [48 52 56 60] 64 [48 | 52 | 56 | 60] ! z !! 64 [48 | 52 | 56 | 60] ! z 64 [48 | 52 | 56 | 60] ! z ! 64
[48 | 52 | 56 | 60] ! z ! 64
InterfaceID InterfaceID InterfaceID InterfaceID InterfaceID InterfaceID InterfaceID
"! /32 for LIRs is just minimum size according to most RIR policies. "! If you can show that you need more, you usually can get more!
!! Do NOT start with /32 [or /48] and try to t in. !! INSTEAD analyse your needs and apply based on them.
"! RFCs recommend /64 for all subnets (even p2p and loopbacks)
!! DO allocate a /64 for all links but, !! DO congure what makes operational sense (e.g /127 for p2p !!
and /128 for loopbacks) Do understand what will break if you use longer prexes
! Ensure that all prexes fall on nibble boundaries ! Plan a hierarchical plan to allow for aggregation
Site: any logical L3 aggregation point (POP, building, oor, ) Region: a collection of site Autonomous System ! Assign at least one /48 per site ! Reserve one /48 per region for infrastructure needs !! Loopback addresses assign from the rst bottom of range !! Inter-device links assign a /64 but congure what makes operational sense (/126 , /127 ) ! Use same prex lengths for all prexes of the same level (SLSM)
www.afrinic.net | slide 132
!! !! !!
! ! ! !
Estimate the number of end-networks in it now Adjust for growth in 5 years Round to nearest nibble boundary. (maxSITEsize) Estimate the number of #SITEs in your largest region (round to nibble boundary) #of end-site prexes: N = #regions x #SITEs x maxSITEsize log N Subnet bits required to give us N prexes: s = 10 log10 2 Allocation size is !! 48 s [if assigning /48s per end-site] !! 52 s [if assigning /52s per end-site]
www.afrinic.net | slide 133
!! !! !!
Try to align allocation units to nibble boundaries !! Round up your estimates to 2n where n is a multiple of 4 [16, 256, 4096, 65536 etc] !! Ensure your prexes fall on the following nibbles: /12, /16, /20, /24, /28, /32, /36, /40, /44, /48, /52, /56, /60, /64
"! Consider the range of addresses for 2001:db8:3c00::/40 [rst] 2001:db8:3c00:0000:0000:0000:0000:0000 [last] 2001:db8:3cff:ffff:ffff:ffff:ffff:ffff
An ISP has operations in 10 provinces. The largest province has 50 POPs, the largest of which has about 2700 clients. Estimate the IPv6 addressing needs of this ISP
!! Number of regions: #regions = 10 [round to 16] !! Number of sites: #SITEs = 50 [round up to 256] !! maxSITEsize = 2700 [round up to 4096] !! Total number of end-network prexes required is N !! N=16 x 256 x 4096 = 16,777,216 !! Number of subnet bits required: s=log16,777,216/log2 = 24. !! 48 24 = 24 [Assuming /48s to end-sites] !! 52 24 = 28 [Assuming /52s to end-sites]
! We calculate
"! Thus the ISP needs to request a /24 or /28 from AfriNIC.
www.afrinic.net | slide 137