Embed Size (px)
DESCRIPTION
Regional Cisco Networking Academy Conference 2014. Giving you the knowledge and confidence to teach IPv6. DHCPv6-PD (Prefix Delegation) IPv6 Address Allocation to the Home Rick Graziani CS/CIS Instructor Cabrillo College. The World of IPv4 – DHCPv4 and NAT. NAT. - PowerPoint PPT Presentation
Citation preview
1© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
Regional Cisco Networking Academy Conference 2014
Giving you the knowledge and confidence to teach IPv6
DHCPv6-PD (Prefix Delegation) IPv6 Address Allocation to the Home
Rick GrazianiCS/CIS Instructor Cabrillo College
2© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
The World of IPv4 – DHCPv4 and NAT
• ISP only has to deliver a public IPv4 address for Home router interface.
• DHCPv4 and RFC 1918 private address space is used for home network.
• NAT is used for translation – but has its drawbacks!
• No NAT (like that… kind of) for IPv6
ISP HOME
Public IPv4 Addressfor the interface
G0/1 G0/1
10.0.0.0/8172.16.0.0/12192.168.0.0/16
G0/0
Private IPv4 Address
NAT
DHCPv4 DHCPv4
3© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
The World of IPv6 – DHCPv6-PD (Prefix Delegation)
• IPv6 End-to-end reachability:• Home network gets its own IPv6 prefix (public address)• No NAT
• ISP router is known as the Delegating Router (DR)• HOME router is known as the Requesting Router (RR)
ISP-DR HOME-RRG0/1 G0/1 G0/0
Complete IPv6 ReachabilityDelegating Router (DR)
Requesting Router (RR)
Global IPv6 Address Global IPv6 Address
4© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
The World of IPv6 – DHCPv6-PD (Prefix Delegation)
After getting an IPv6 address on its ISP-facing interface, HOME-RR needs to:
Step 1: Request a Prefix for its LAN(s)
Step 2: Subnet the prefix for its LANs (optional) – Get a /48 but assign /64s
Step 3: Assign an IPv6 address from the prefix to its LAN interface
Step 4: Advertises the prefix in a Router Advertisement to devices on the LAN
ISP-DR HOME-RRG0/1 G0/1 G0/0
Complete IPv6 ReachabilityDelegating Router (DR)
Requesting Router (RR)
Global IPv6 Address Global IPv6 Address
5© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
The World of IPv6 – DHCPv6-PD (Prefix Delegation)
• First, HOME’s ISP facing interface needs an IPv6 address.
• Similar to any IPv6 client it may dynamically get an address using:• SLAAC - Using prefix in RA• Stateless DHCPv6 – Using prefix in RA and perhaps DNS address from DHCPv6 server• Stateful DHCPv6 - Like DHCPv4
• What about the address for the HOME LAN?
ISP-DR HOME-RR
IPv6 Address for the interface:• SLAAC • DHCPv6 (Stateful or Stateless)
G0/1 G0/1 G0/0
Complete IPv6 ReachabilityDelegating Router (DR)
Requesting Router (RR)
?
6© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
The World of IPv6 – DHCPv6-PD (Prefix Delegation)
Step 1. HOME asks the ISP for an address to allocate for it’s LANs • DHCPv6-PD is initiated by the RR!
Step 2. ISP delegates an IPv6 prefix for HOME• Example: ISP sends HOME a /48 prefix
Step 3. HOME advertises prefix using SLAAC RA messages (currently only option)• HOME advertises the prefix out its interfaces using ICMPv6 Router Advertisement messages• HOME assigns the prefix or subnets of the prefix to one or more interfaces• Example: HOME interfaces are assigned /64 subnets from the /48 prefix
ISP-DR HOME-RRG0/1 G0/1 G0/0
Delegating Router (DR)
Requesting Router (RR)
DHCPv6-PD REQUEST
DHCPv6-PD REPLY with /48 prefix
RA with /64 prefix
G0/1 RA with /64 prefix
1
2
3
3
7© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
Our Example - DHCPv6-PD
• ISP will deliver an IPv6 address for HOME’s G0/1 interface using SLAAC
• ISP will delegate the 2001:DB8:AB00::/48 prefix to HOME to allocate to its LANs
• HOME will use the 2001:DB8:AB00:1::/64 subnet for its G0/0 interface.
• Assign :1 to the G0/0 interface
• G0/0 LAN will receive the 2001:DB8:AB00:1::/64 prefix and other information using SLAAC (RA).
ISP-DR HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
Router Advertisement2001:DB8:AB00:1::/64
Router Advertisement
2001:DB8:FEED:6::/64
DHCPv6Prefix Delegation
Prefix Delegation for the HOME
2001:DB8:AB00:/48
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
SLAACSLAAC
8© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
RA and DHCPv6-PD Messages
ISPDR
HOMERR
G0/1 G0/1 G0/0
SOLICIT: Prefix Delegation request
ADVERTISE
REQUEST
REPLY: Include Prefix
ICMPv6 Router Advertisement (RA)
The RR must be enabled with the PD option
In the case where the RR only has one DRthe rapid commit option omits these twosteps.
ICMPv6 Router Advertisement
ICMPv6 Router Solicitation
SLAAC
DHCPv6-PD
SLAACNote: If instead of SLAAC, HOME uses DHCPv6 for its G0/1 address, a separate set of DHCPv6 messages will be exchanged between the two routers.
9© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
HOME-RR Configuration
HOME-RR(config)# ipv6 unicast-routing ! Required to send RAHOME-RR(config)# interface gig 0/1HOME-RR(config-if)# ipv6 address autoconfig default ! Use RA & add defaultHOME-RR(config-if)# ipv6 dhcp client pd DHCPV6-PREFIX-FROM-ISP ! Request DHCPv6-PD. ! rapid-commit option ! can be used.HOME-RR(config)# interface gig 0/0HOME-RR(config-if)# ipv6 address DHCPV6-PREFIX-FROM-ISP 0:0:0:1::1/64 ! RA /48 from PD
Router Advertisement
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR1
2001:DB8:FEED:6::/48
Router Solicitation
DHCPv6 PD Request
2
3
10© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
HOME-RR Configuration
HOME-RR(config)# interface gig 0/1HOME-RR(config-if)# ipv6 address autoconfig defaultHOME-RR(config-if)# ipv6 dhcp client pd DHCPV6-PREFIX-FROM-ISP HOME-RR(config)# interface gig 0/0HOME-RR(config-if)# ipv6 address DHCPV6-PREFIX-FROM-ISP 0:0:0:1::1/64 ! For G0/0 & RA
2001:DB8:AB00::/48 2001:DB8:AB00:1::/64 Router Advertisement
2 3
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR
2001:DB8:AB00:1::1/64
First 48 bits replaced by the prefix received by DHCPv6-PD2001:DB8:AB00::
Subnet-ID Interface ID
DHCPv6 PD Request 1
DHCPv6 PD Reply
3
11© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
ISP-DR Configuration
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR(config)# ipv6 unicast-routingISP-DR(config)# interface gig 0/1ISP-DR(config-if)# ipv6 address 2001:db8:feed:6::1/64ISP-DR(config-if)# ipv6 address fe80::feed:1 link-localISP-DR(config-if)# ipv6 dhcp server DHCPV6-CLIENT-ADDRESS ! Also a DHCPv6 server
ISP-DR(config)# ipv6 dhcp pool DHCPV6-CLIENT-ADDRESSISP-DR(config-dhcpv6)# prefix-delegation pool DHCPV6-PD-POOLISP-DR(config-dhcpv6)# dns-server 2001:DB8:AAAA::1
ISP-DR(config)# ipv6 local pool DHCPV6-PD-POOL 2001:DB8:AB00::/40 48
ISP-DRRouter
Advertisement2001:DB8:FEED:6::/
64Prefix Delegation for the HOME
2001:DB8:AB00:/64DHCPv6-PD
SLAAC For G0/1 interface
For HOME LANs
Pool can include address prefix command if stateful DHCPv6 is used instead of SLAAC.
12© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
ISP-DR Configuration
ISP-DR(config)# ipv6 dhcp pool DHCPV6-CLIENT-ADDRESSISP-DR(config-dhcpv6)# prefix-delegation pool DHCPV6-PD-POOL ! DHCPv6 address poolISP-DR(config-dhcpv6)# dns-server 2001:DB8:AAAA::1 ! DNS address for DHCPv6-PD
ISP-DR(config)# ipv6 local pool DHCPV6-PD-POOL 2001:DB8:AB00::/40 48 ! PD pool
Reserve a /40 to allocate addresses for ISP’s DHCPv6-PD clients2001:DB8:ABxx::/40 From the /40 each DHCPv6-PD client will get a /48
2001:DB8:AB00::/482001:DB8:AB01::/48 2001:DB8:AB02::/48 …2001:DB8:ABFF::/48
2001:DB8:AB00:1::/64 Router Advertisement
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR
DHCPv6 PD Reply2001:DB8:AB00::/40
ipv6 address DHCPV6-PREFIX-FROM-ISP 0:0:0:1::1/64
13© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
Verifying DHCPv6-PD
ISP-DR HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
Router Advertisement2001:DB8:AB00:1::/64
Router Advertisement
2001:DB8:FEED:6::/64
DHCPv6Prefix Delegation
Prefix Delegation for the HOME
2001:DB8:AB00:/48
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
SLAACSLAAC
14© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
ISP-DR Verification
ISP-DR# show ipv6 dhcp interface gig 0/1GigabitEthernet0/1 is in server mode Using pool: DHCPV6-CLIENT-ADDRESS Preference value: 0 Hint from client: ignored Rapid-Commit: disabledISP-DR#
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR
ISP-DR(config)# interface gig 0/1ISP-DR(config-if)# ipv6 dhcp server DHCPV6-CLIENT-ADDRESS
ISP-DR(config)# ipv6 dhcp pool DHCPV6-CLIENT-ADDRESSISP-DR(config-dhcpv6)# prefix-delegation pool DHCPV6-PD-POOLISP-DR(config-dhcpv6)# dns-server 2001:DB8:AAAA::1
ISP-DR(config)# ipv6 local pool DHCPV6-PD-POOL 2001:DB8:AB00::/40 48
rapid-commit option not included
15© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
ISP-DR Verification
ISP-DR# show ipv6 local pool DHCPV6-PD-POOLPrefix is 2001:DB8:AB00::/40 assign /48 prefix1 entries in use, 255 available, 0 rejected0 entries cached, 1000 maximumUser Prefix Interface 00030001885A923B29E000040001 2001:DB8:AB00::/48 ISP-DR#
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR
ISP-DR(config)# interface gig 0/1ISP-DR(config-if)# ipv6 dhcp server DHCPV6-CLIENT-ADDRESS
ISP-DR(config)# ipv6 dhcp pool DHCPV6-CLIENT-ADDRESSISP-DR(config-dhcpv6)# prefix-delegation pool DHCPV6-PD-POOLISP-DR(config-dhcpv6)# dns-server 2001:DB8:AAAA::1
ISP-DR(config)# ipv6 local pool DHCPV6-PD-POOL 2001:DB8:AB00::/40 48
Other verification commands:• show ipv6 dhcp binding• show ipv6 dhcp interface
16© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
HOME-RR Verification
HOME-RR# show ipv6 inter briefGigabitEthernet0/0 [up/up] FE80::1 2001:DB8:AB00:1::1GigabitEthernet0/1 [up/up] FE80::8A5A:92FF:FE3B:29E1 2001:DB8:FEED:6:8A5A:92FF:FE3B:29E1HOME-RR#
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR
HOME-RR(config)# ipv6 unicast-routing HOME-RR(config)# interface gig 0/1HOME-RR(config-if)# ipv6 address autoconfig default HOME-RR(config-if)# ipv6 dhcp client pd DHCPV6-PREFIX-FROM-ISP HOME-RR(config)# interface gig 0/0HOME-RR(config-if)# ipv6 address DHCPV6-PREFIX-FROM-ISP 0:0:0:1::1/64
SLAAC
17© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
HOME-RR Verification
HOME-RR# show ipv6 interface gig 0/0GigabitEthernet0/0 is up, line protocol is up General-prefix in use for addressing Global unicast address(es): 2001:DB8:AB00:1::1, subnet is 2001:DB8:AB00:1::/64 [CAL/PRE] <Output ommited> Hosts use stateless autoconfig for addresses.HOME-RR#
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR
HOME-RR(config)# ipv6 unicast-routing HOME-RR(config)# interface gig 0/1HOME-RR(config-if)# ipv6 address autoconfig default HOME-RR(config-if)# ipv6 dhcp client pd DHCPV6-PREFIX-FROM-ISP HOME-RR(config)# interface gig 0/0HOME-RR(config-if)# ipv6 address DHCPV6-PREFIX-FROM-ISP 0:0:0:1::1/64
Router Advertisement2001:DB8:AB00:1::/64
19© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
HOME-RR Verification
HOME-RR# show ipv6 routeIPv6 Routing Table - default - 7 entriesCodes: ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr – Redirect
ND ::/0 [2/0] via FE80::FEED:1, GigabitEthernet0/1S 2001:DB8:AB00::/48 [1/0] via Null0, directly connected<Output omitted>HOME-RR#
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR
HOME-RR(config)# ipv6 unicast-routing HOME-RR(config)# interface gig 0/1HOME-RR(config-if)# ipv6 address autoconfig default HOME-RR(config-if)# ipv6 dhcp client pd DHCPV6-PREFIX-FROM-ISP HOME-RR(config)# interface gig 0/0HOME-RR(config-if)# ipv6 address DHCPV6-PREFIX-FROM-ISP 0:0:0:1::1/64
Discard route
Default Route2001:DB8:AB00::/48X
20© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
HOME-RR Verification
PC> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
IPv6 Address . . . . . . . . . . 2001:db8:ab00:1:1005:b37e:7e61:7ceb Link-local IPv6 Address. . . . . fe80::1005:b37e:7e61:7ceb Default Gateway. . . . . . . . . fe80::1
HOME-RRG0/1:1
G0/1:EUI-64
G0/0:1
2001:DB8:AB00:1::/642001:DB8:FEED:6::/64
ISP-DR
Router Advertisement2001:DB8:AB00:1::/64
HOME-RR(config)# interface gig 0/0HOME-RR(config-if)# ipv6 address DHCPV6-PREFIX-FROM-ISP 0:0:0:1::1/64HOME-RR(config-if)# ipv6 address fe80::1 link-localFor a recognizable default gateway address
21© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
SLAACRouter(config)# ipv6 unicast-routingRouter(config-if)# no ipv6 nd suppress-ra ! This is the defaultStateless DHCPv6Router(config-if)# ipv6 nd other-config-flagRouter(config-if)# ipv6 dhcp server POOL-NAME
Router(config)# ipv6 dhcp pool POOL-NAMERouter(config-dhcpv6)# dns-server dns-addressRouter(config-dhcpv6)# domain-name domain-name
Stateful DHCPv6Router(config-if)# ipv6 nd managed-config-flagRouter(config-if)# ipv6 dhcp server POOL-NAME
Router(config)# ipv6 dhcp pool POOL-NAMERouter(config-dhcpv6)# address prefix ipv6-prefix/prefix-lengthRouter(config-dhcpv6)# dns-server dns-addressRouter(config-dhcpv6)# domain-name domain-name
DHCPv6-PD optionRouter(config-dhcpv6)# prefix-delegation pool ipv6-prefix/prefix-length ! Add to POOL-NAME
Router(config)# ipv6 local pool POOL-NAME ipv6-address-block/prefix-length subnet-prefix-length
Server ClientRouter AdvertisementRouter Advertisement
O=1Router Advertisement
M=1
To all DHCPv6 Servers
22© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
Server
DHCPv6Client(config-if)# ipv6 enable ! IPv6 link-local required to send DHCPv6 messagesClient(config-if)# ipv6 address dhcp
Client
Router as a DHCPv6 Client (Stateless or Stateful)
DR-facing Interface using SLAAC or DHCPv6Client(config-if)# ipv6 dhcp client pd POOL-NAME ! Request DHCPv6-PD
LAN-facing InterfaceClient(config)# ipv6 address POOL-NAME ::subnet-interfaceid-address/prefix-length
Router as a DHCPv6-PD Client
SLAACClient(config-if)# ipv6 address autoconfig [default] ! default option used for DHCPv6-PD
Router as SLAAC client
23© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
What we covered…• DHCPv4 – Remember IPv4?
• ICMPv6 – Used more than ICMPv4
• SLAACers – IPv6 Addressing without DHCPv6
• Stateless DHCPv6 – I have my address but need some other stuff
• Stateful DHCPv6 – Just like DHCPv4 (only different)
• DHCPv6-PD (Prefix Delegation) – IPv6 Prefix for the “home”
24© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
Web Site, Book, Etc.• Rick Graziani - [email protected]
• PowerPoints for CCNA, CCNP, IPv6• www.cabrillo.edu/~rgraziani• Username = cisco• Password = perlman
Shameless plug!
Quality time with my two
nieces…
25© 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada
And…… Thank you very much!Rick Graziani - [email protected]/~rgrazianiUsername = ciscoPassword = perlman
