Download pdf - Juniper Ipv6

© 2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Worldwide Education Services

Appendix A: IPv6

Junos Intermediate Routing

© 2010 Juniper Networks, Inc. All rights reserved. www.juniper.net | A-Worldwide Education Services

Chapter Objectives

§ After successfully completing this appendix, you will be able to:•Describe some differences between IPv4 and IPv6•List IPv6 address types and describe the IPv6 addressing

format•Enable an interface for IPv6 operation•Configure and monitor routing for IPv6 environments•Tunnel IPv6 traffic over an IPv4 network


Agenda: IPv6

àIntroduction to IPv6§ Routing Protocol Configuration Examples§ Tunneling IPv6 over IPv4


What Is IPv6?

§ Next Generation Protocol:•Defined by the IETF•Defined as RFC 2460•Intended to replace IPv4


IPv4 Versus IPv6IPv4 IPv6

32-bit (4-byte) address supports 4,294,967,296 addresses

128-bit (16-byte) address supports 2128 (about 3.4×1038) addresses

NAT can be used to extend address space limitations

Does not support NAT by design

Administrators must use DHCP or static configuration to assign IP addresses to hosts

Hosts use stateless address autoconfiguration to assign an IP address to themselves

IPsec support is optional IPsec support is necessary

Options are integrated into the base header

Improved support for options using extension headers and overall simplification of the header format


IPv6 Structure

§ The IPv6 header has the following improvements:•Fixed length of 40 bytes•Simple, more efficient processing•Extension headers handle additional options•Several IPv4 fields have been removed:

• Header length, identification, flags, fragment offset, and header checksum

Version (4) Traffic Class

Flow Label (20)Flow Label (20)Flow Label (20)

Payload Length (16)Payload Length (16)Payload Length (16) Next Header (8)

Hop Limit (8)Source Address (128)Source Address (128)Source Address (128)Source Address (128)Source Address (128)

Destination Address (128)Destination Address (128)Destination Address (128)Destination Address (128)Destination Address (128)

40 bytes

(8)


IPv4 Header Versus IPv6 HeaderIPv4 Header IPv6 Header

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

Version IHL TOS Total Length

Identification Flags Fragment Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Options PaddingKey

Fields the same in IPv4 and IPv6

Fields removed in IPv6

Name and position changed in IPv6

New field in IPv6


IPv6 Extension Headers

§ Simple packet headers provide faster processing•IPv6 deals with IP options using extension headers

§ IPv6 defines six extension headers:•Hop-by-hop options header•Routing header•Fragment header•Destination options header•Authentication header•Encrypted security payload header


IPv6 Addressing

§ Extending address space is a major reason for IPv6•IPv4 address exhaustion is predicted to occur in the near

future•128-bit (16-byte) address supports 2128 (about 3.4×1038)

addresses•295 addresses for each person on Earth•252 addresses for each observable star in the known

universe


IPv6 Address Types

§ Address types:•Unicast: Unique address that identifies an IPv6 node•Multicast: Group of IPv6 interfaces•Anycast: Assigned to multiple interfaces on multiple nodes


§ Each IPv6 address has 128 bits•Eight 16-bit hexadecimal blocks separated by colons•Use abbreviations to simplify the notation•You can omit leading zeros•Double colon can replace consecutive zeros, leading zeros,

or trailing zeros, but can not be used twice in an address

2bfc:0000:0000:0000:0217:cbff:fe8c:5c85

Address Notation

2bfc:0:0:0:217:cbff:fe8c:5c85

2bfc::217:cbff:fe8c:5c85

Leading zerosomitted

Double colon


§ Prefix identifies the subnet •Defined in RFC 4291•Similar to IPv4 in text presentation:

• IPv6 address/prefix length

2bfc:0000:0000:0000:0217:cbff:fe8c:5c85/64

Prefix Notation

16bits

16bits

16bits

16bits

IPv6 Address

64-bit prefix


Address Allocation

§ Organizations and end users get an address allocation from their ISP•You must follow a few rules, as defined in RFC 3177

Subscriber Prefix

Home network subscribers, connecting through on-demand or always-on connections

48-bit prefix

Small and large enterprises 48-bit prefix

Very large subscribers 47-bit, or multiple 48-bit prefixes

Mobile networks, such as vehicles or mobile phones with an additional network interface

64-bit prefix, which allows multiple connections through a single prefix

A single PC, with no additional need to subnet, dialing-up from a hotel room

128-bit address can be assigned as part of a 64-bit prefix


Special Addresses

§ The prefix 0000 0000 is reserved for special addressing•Unspecified address: Also called the all-zeros address

• 0:0:0:0:0:0:0:0, or ::•Loopback address: Commonly used for testing the IP stack

on the localhost• 0:0:0:0:0:0:0:1, or ::1


Address Scope

§ IPv6 addresses have scope, which identifies the application suitable for the address•Unicast and multicast addresses support scoping•Scope can be local or global

Internet

CompanyABC

CompanyXYZ

Addresses with local scope are used within the same routing domain.

Addresses with global scope are used between routing domains.


Link-Local Unicast Addresses

§ Link-local unicast addresses:•Use a common prefix on all subnets (FE80:0:0:0::/64)•Are guaranteed to be unique only on a single link•Are generated by the interface

1111111010 0000..0000 Interface ID

Prefix(10 bits)

Zero(54 bits)

Interface Identifier(64 bits)

R1

ge-0/0/1.0 ge-0/0/2.0

fe80::226:88ff:fe02:7481 fe80::226:88ff:fe02:7482


Site-Local Unicast Addresses

§ Site-local unicast addresses:•Are not guaranteed to be unique on the Internet•Are similar to IPv4 RFC 1918 private addresses•Use a common prefix in all organizations (FEC0:0:0::/48)

1111111011 Subnet ID Interface ID

Prefix(10 bits)

Subnet ID(54 bits)

Interface Identifier(64 bits)

R1 R2FEC0:0:0:2003::/64::1 ::2

ge-0/0/1.0 ge-0/0/1.0

Company ABC


Global Unicast Addresses

§ Global unicast addresses are globally unique and are used to connect to and route through the Internet•Similar to IPv4 public addresses

Global Routing Prefix Interface ID

(3 bits) (45 bits) (64 bits)

SIDFP

(16 bits)

Public Topology Site Topology Interface Identifier

Internet

CompanyABC

CompanyXYZ


Interface ID

§ Interface ID•Uniquely identifies a host on a subnet•Is 64 bits long•Is based on IEEE EUI-64 address•Is a permutation of the interface MAC address (if available)

Global Routing Prefix Interface ID

(3 bits) (45 bits) (64 bits)

SIDFP

(16 bits)

Interface Identifier


Stateless Autoconfiguration (1 of 2)

§ Allows local hosts to autoconfigure IPv6 addresses •Eliminates the need for stateful configuration elements,

such as DHCP•Elements of stateless autoconfiguration:

• Extended unique identifier• Router advertisement message• Router solicitation message • Prefix list

§ Neighbor discovery: •The process of tracking reachability status for neighbors in a

local link•Specified in RFC 2461


§ Address autoconfiguration

Untrust

Stateless Autoconfiguration (2 of 2)

Trust

Link-Local Address:Fe80::9876:dcff:feba:5432

Link-Local Address:Fe80::1234:abff:fecd:5678

1

5

2

3

4

Router

RS

RS

RA

RA1

5

Autoconfigured Global Addresses2bfc::1234:abff:fecd:56783afc::1234:abff:fecd:56782caf::1234:abff:fecd:5678

Autoconfigured Global Addresses2bfc::9876:dcff:feba:54323afc::9876:dcff:feba:54322caf::9876:dcff:feba:5432

Host A MAC Address:1234.abcd.5678

Host B MAC Address:9876.dcba.5432

A

B


Stateful Autoconfiguration

§ Allows DHCP to configure address assignment•Also known as stateful DHCPv6 in RFC 3315•Possible reasons for DHCPv6:

• You require a specific IPv6 addressing scheme• You require dynamic assignment of DNS servers• You require dynamic updates to DNS servers• You do not wish to have the MAC address as part of the IPv6

address•DHCPv6 and DHCPv4 are independent and require separate

configurations


Interface Configuration Example

[edit interfaces]user@R1# show ge-0/0/1 { unit 0 { family inet6 { address fec0:0:0:2003::1/64; } }}

[edit interfaces]user@R2# show ge-0/0/1 { unit 0 { family inet6 { address fec0:0:0:2003::2/64; } }}

Site-local addresses

Use family inet6 for IPv6 operations

R1 R2FEC0:0:0:2003::/64::1 ::2

ge-0/0/1.0 ge-0/0/1.0

Company ABC


Interface Verification Example

user@R1> show interfaces terse ge-0/0/1 Interface Admin Link Proto Local Remotege-0/0/1 up up ge-0/0/1.0 up up inet6 fe80::226:88ff:fe02:7481/64 fec0:0:0:2003::1/64

user@R2> show interfaces terse ge-0/0/1 Interface Admin Link Proto Local Remotege-0/0/1 up up ge-0/0/1.0 up up inet6 fe80::226:88ff:fe02:6b81/64 fec0:0:0:2003::2/64

Each interface has automatically determined its own link-local address

§ Use the show interface terse command to verify interface status and basic details


Displaying IPv6 Routing Information

user@R1> show route table inet6

inet6.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

fe80::/64 *[Direct/0] 00:59:12 > via ge-0/0/1.0fe80::226:88ff:fe02:7481/128 *[Local/0] 00:59:12 Local via ge-0/0/1.0fec0:0:0:2003::/64 *[Direct/0] 00:59:12 > via ge-0/0/1.0fec0:0:0:2003::1/128 *[Local/0] 00:59:12 Local via ge-0/0/1.0

§ Use the show route table inet6 command to view IPv6 routing information


Displaying the IPv6 Neighbor List

user@R1> show ipv6 neighbors

user@R1> ping fec0:0:0:2003::2 PING6(56=40+8+8 bytes) fec0:0:0:2003::1 --> fec0:0:0:2003::216 bytes from fec0:0:0:2003::2, icmp_seq=0 hlim=64 time=19.912 ms16 bytes from fec0:0:0:2003::2, icmp_seq=1 hlim=64 time=18.091 ms16 bytes from fec0:0:0:2003::2, icmp_seq=2 hlim=64 time=1.828 ms16 bytes from fec0:0:0:2003::2, icmp_seq=3 hlim=64 time=2.324 ms^C--- fec0:0:0:2003::2 ping6 statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max/std-dev = 1.828/10.539/19.912/8.489 ms

user@R1> show ipv6 neighbors IPv6 Address Linklayer Address State Exp Rtr Secure Interfacefe80::226:88ff:fe02:6b81 00:26:88:02:6b:81 stale 1187 yes no ge-0/0/1.0 fec0:0:0:2003::2 00:26:88:02:6b:81 stale 747 yes no ge-0/0/1.0

§ Use the ping command followed by the show ipv6 neighbors command to learn then display neighbors


IPv6 Multicast Address

§ Identifier for a set of interfaces that typically belongs to different nodes•All members of the multicast group process an incoming

multicast packet•More efficient than broadcast•Three types of multicast addresses:

• Solicited-node multicast addresses for Neighbor Solicitation messages

• All-nodes multicast address for Router Advertisement messages• All-routers multicast address for Router Solicitation messages


IPv6 Anycast Address

§ Identifier for a set of interfaces, typically belonging to separate nodes•Defined in RFC 2526•Packet travels to just one of the interfaces identified in the

group•Routing protocol typically determines the closest interface


Agenda: IPv6

§ Introduction to IPv6àRouting Protocol Configuration Examples§ Tunneling IPv6 over IPv4


§ Sample IPv6 static route configuration:

Static Route Configuration Example

[edit routing-options]user@R1# show rib inet6.0 { static { route 0::/0 { next-hop FEC0:0:0:2003::2; preference 250; } }}

R1 R2FEC0:0:0:2003::/64::1 ::2

ge-0/0/1.0 ge-0/0/1.0

Company ABC

Internet

IPv6 default static route


Displaying the Static Routes

§ Use the show route table inet6.0 protocol static command to view static routesuser@R1> show route table inet6.0 protocol static


::/0 *[Static/5] 00:00:24 > to fec0:0:0:2003::2 via ge-0/0/1.0

R1 R2FEC0:0:0:2003::/64::1 ::2

ge-0/0/1.0 ge-0/0/1.0

Company ABC

Internet


OSPFv3 Configuration Example

§ Sample OSPFv3 single-area configuration•OSPFv3 continues to use a 32-bit RID

[edit]user@R1# show routing-options router-id router-id 192.168.100.1;

[edit]user@R1# show protocols ospf3 area 0.0.0.0 { interface ge-0/0/1.0;}

R1 R2FEC0:0:0:2003::/64::1 ::2

ge-0/0/1.0 ge-0/0/1.0

Area 0.0.0.0

[edit]user@R2# show routing-options router-id router-id 192.168.100.2;

[edit]user@R2# show protocols ospf3 area 0.0.0.0 { interface ge-0/0/1.0;}

Note: The RID selection process is the same for OSPFv2 and OSPFv3. We recommend you manually set the RID, as shown in the example.


Monitoring OSPFv3 Operations

§ Most operational show commands for OSPFv3 are almost identical to OSPFv2; the key difference is you must replace ospf with ospf3:

OSPFv2 OSPFv3show ospf neighbor show ospf3 neighbor

show ospf interface show ospf3 interface

show ospf database show ospf3 database

show ospf route show ospf3 route

user@R1> show ospf3 neighbor ID Interface State Pri Dead192.168.100.2 ge-0/0/1.0 Full 128 36 Neighbor-address fe80::226:88ff:fe02:6b81


IS-IS Configuration Example

§ IS-IS configuration is identical for IPv4 and IPv6:

[edit interfaces]user@R1# show ge-0/0/1 { unit 0 { family iso; family inet6 { address fec0:0:0:2003::1/64; } }}lo0 { unit 0 { family iso { address 49.0002.1111.1111.1111.00; } family inet6 { address fec0:0:0:1001::1/128; } }}

[edit protocols]user@R1# show isis { interface ge-0/0/1.0; interface lo0.0;}

Interface Configuration Protocol Configuration


Monitoring IS-IS Operations

§ Use the same operational show commands for IS-IS in IPv4 and IPv6 environments:user@R1> show isis interface IS-IS interface database:Interface L CirID Level 1 DR Level 2 DR L1/L2 Metricge-0/0/1.0 3 0x2 R1.02 R1.02 10/10lo0.0 0 0x1 Passive Passive 0/0

user@R1> show isis adjacency Interface System L State Hold (secs) SNPAge-0/0/1.0 R2 1 Up 19 0:26:88:2:6b:81ge-0/0/1.0 R2 2 Up 20 0:26:88:2:6b:81

user@R1> show isis adjacency detail R2 Interface: ge-0/0/1.0, Level: 1, State: Up, Expires in 21 secs Priority: 64, Up/Down transitions: 1, Last transition: 00:18:10 ago Circuit type: 3, Speaks: IP, IPv6, MAC address: 0:26:88:2:6b:81 Topologies: Unicast Restart capable: Yes, Adjacency advertisement: Advertise LAN id: R1.02, IP addresses: 192.168.100.2 IPv6 addresses: fe80::226:88ff:fe02:6b81

…


BGP Configuration Example

§ BGP configuration is almost identical for IPv6 as it is for IPv4; the major difference is you specify an IPv6 address for the local and peer addresses:[edit routing-options]user@R1# show router-id 192.168.100.1;autonomous-system 64700;

[edit protocols bgp]user@R1# show group int-64700 { type internal; local-address fec0:0:0:1001::1; neighbor fec0:0:0:1002::1;}group ext-65100 { type external; peer-as 65100; neighbor fec0:0:0:2005::2;}


Monitoring BGP Operations

§ Use the same operational show commands for BGP in IPv4 and IPv6 environments:user@R1> show bgp summary Groups: 2 Peers: 2 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendinginet6.0 0 0 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...fec0:0:0:1002::1 64700 11 12 0 0 4:00 Establ inet6.0: 0/0/0/0fec0:0:0:2005::2 65100 11 12 0 0 4:05 Establ inet6.0: 0/0/0/0


Agenda: IPv6

§ Introduction to IPv6§ Routing Protocol Configuration ExamplesàTunneling IPv6 over IPv4


Tunneling IPv6 Traffic over IPv4 Networks

§ Tunneling:•Encapsulate the native IPv6 packet inside IPv4•Forwards the IPv4 packet through the IPv4 network•De-encapsulates the IPv6 packet and forward/process

natively§ Many approaches to tunneling:

•IPv4-compatible addresses•Configured tunnels•6to4•6over4


Internet

Case Study: Objective and Topology

§ Implement an IPv6-over-IPv4 tunnel to transport IPv6 traffic over the Internet and between sites A and B

R1 R2

User A User BFEC0:0:0:2000::/64 FEC0:0:0:2001::/64

::1 ::1 ::2::2

Site A Site B


Internet

Case Study: Defining the Tunnel Interface

[edit]user@R1# show interfaces gr-0/0/0 unit 0 { tunnel { source 192.168.1.1; destination 192.168.2.1; } family inet6 { address fec0:0:0:1000::1/126; }}

[edit]user@R2# show interfaces gr-0/0/0 unit 0 { tunnel { source 192.168.2.1; destination 192.168.1.1; } family inet6 { address fec0:0:0:1000::2/126; }}

R1 R2


::1 ::1 ::2::2

Site A Site B192.168.2.1192.168.1.1


Case Study: Defining the Required Routes

[edit]user@R1# show routing-options rib inet6.0 { static { route fec0:0:0:2001::/64 next-hop gr-0/0/0.0; }}static { route 192.168.2.1/32 next-hop 172.18.1.1;}

InternetR1 R2


::1 ::1 ::2::2

Site A Site B192.168.2.1192.168.1.1

Note: R2 requires a similar configuration.


Case Study: Verifying Operations (1 of 3)§ Use the show interfaces interface-name terse command to verify that the tunnel interface is up lab@R1> show interfaces gr-0/0/0 terse

Interface Admin Link Proto Local Remotegr-0/0/0 up up gr-0/0/0.0 up up inet6 fe80::226:88ff:fe02:7480/64 fec0:0:0:1000::1/126

lab@R2> show interfaces gr-0/0/0 terse Interface Admin Link Proto Local Remotegr-0/0/0 up up gr-0/0/0.0 up up inet6 fe80::226:88ff:fe02:6b80/64 fec0:0:0:1000::2/126

Remember that GRE tunnels are stateless, so you should always ensure that both sides are up.

InternetR1 R2


::1 ::1 ::2::2

Site A Site B192.168.2.1192.168.1.1


Case Study: Verifying Operations (2 of 3)

§ Use the show route command to ensure the required routes are installed on both tunnel endpointsuser@R1> show route 192.168.2.1

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both

192.168.2.1/32 *[Static/5] 01:49:40 > to 172.18.1.1 via ge-0/0/3.0

user@R1> show route table inet6.0 fec0:0:0:2001::/64


fec0:0:0:2001::/64 *[Static/5] 00:31:03 > via gr-0/0/0.0


Case Study: Verifying Operations (3 of 3)

§ Send traffic through the tunnel, and confirm interface statistics are increasing on the tunnel interfaceuser@R1> ping fec0:0:0:2001::2 source fec0:0:0:2000::1 rapid count 25 PING6(56=40+8+8 bytes) fec0:0:0:2000::1 --> fec0:0:0:2001::2!!!!!!!!!!!!!!!!!!!!!!!!!--- fec0:0:0:2001::2 ping6 statistics ---25 packets transmitted, 25 packets received, 0% packet lossround-trip min/avg/max/stddev = 1.492/3.185/8.064/2.521 ms

user@R1> show interfaces gr-0/0/0.0 detail | find "traffic statistics" Traffic statistics: Input packets: 25 Output packets: 25 …

InternetR1 R2


::1 ::1 ::2::2

Site A Site B192.168.2.1192.168.1.1


Summary

§ In this appendix, we:•Described some differences between IPv4 and IPv6•Listed IPv6 address types and described the IPv6

addressing format•Enabled an interface for IPv6 operation•Configured and monitored routing for IPv6 environments•Tunneled IPv6 traffic over an IPv4 network


Review Questions

1. Name three benefits of switching from IPv4 to IPv6.2. What types of unicast address exist?3. What command would you use to view IPv6 OSPF

neighbors?

Worldwide Education Services