IPv6 summary

2022-12-07

计算机网络学习博客

Word count: 2.5k | Reading time≈ 12 min

[toc]

IPv6

Introduction

same function with IPv4 but stucture is different.

why IPv6
- IPv4 address exhaustion
  
  IPv4耗尽
- IPv6 Much larger address space
  
  更大的地址空间
- Multicast
  
  多播
- Jumbograms
- Faster routing.
  
  更快的路径
- Network Layer Security
  
  更安全的网络层
- Mobility.
  
  流动性，移动
IPv6 security
- Security features are standardised and mandated, i.e. all implementation must offer them.
  
  安全功能是标准化的，也是强制性的，即所有的设施必须提供这些功能。
- Extension of RFC-2401 Security Architecture for the Internet Protocol (IPSec)
  
  RFC-2401互联网协议安全架构（IPSec）的扩展
- Authentication and Encryption.
  
  认证和加密。
- Invisible to applications as it operates within the IP layer.
  
  由于它在IP层内运行，对应用程序来说是不可见的。
- It protects all upper layer protocols.
  
  它保护所有上层协议。
- It protects both end-to-end and router-to-router communication (secure gateway).
  
  它既能保护端到端的通信，又能保护路由器到路由器的通信（安全网关）。
IPv6 address scope

IPv6地址范围
- Unicast addressing
  - Link-local Addresses (LLA)
  - loopback address
  Link-local Addresses (LLA) and the loopback address have link-local scope, which means they are to be used in the directly attached network (link) only.
  
  链接本地地址（LLA）和回环地址具有链接本地范围，这意味着它们只能在直接连接的网络（链接）中使用。
- other addresses
  - Global Unicast Addresses (GUA)
  including Global Unicast Addresses (GUA), have global (or universal) scope, which means they are globally routable.
  
  包括全局单播地址（GUA），具有全局（或通用）范围，这意味着它们是全球可路由的。
mobile IPv6
- IPv6 was designed to support mobility.
  
  IPv6是被设计成支持移动的
- IPv6 ND and SLAAC allow hosts to operate in any locations without any special support.
  
  IPv6 ND(neighbor) 和 SLAAC(Stateless Address Auto-configuration) 允许主机在任何地方运行，不需要任何特殊支持。
- It is more scalable and the performance is better because less traffic passes through the home link and less redirection and less rerouting.
  
  它的可扩展性更强，性能也更好，因为通过主链路的流量更少，重定向和重路由更少。
- No single point of failure.
  
  没有单点故障。
IANA(Internet Assigned Numbers Authority) responsible for the entire IPv6 address space and they assign certain prefixes to the RIRs (Regional Internet Registry).

IANA(互联网号码分配局)机构负责整个IPv6地址空间并且他们分配了前缀给RIRs（区域互联网注册机构）
- RIRs
  - ARIN 北美
  - LACNIC 南美
  - RIPE 欧洲和亚洲北部
  - APNIC 亚洲
  - AFRINIC 非洲
RIPE issued the block 2001:4000::/23 by IANA
IANA: 2000::/3

RIPE 通过 IANA发布了区块 2001:4000::/23 欧洲和亚洲北部
- ISP(Internet service provider) 2001:41f0::/32
  
  ISP互联网服务供应商
  - Customer :2001:41f0:4060::/48
ARIN北美 2001:0400::/23
only global routing-prefix or site-prefix is /48, otherwise interface ID all would be /64

只要全局路由前缀和站点前缀是/48，其他的接口ID都是/64
We can use 16bits to create subnet

剩下16位可以创建子网

Ip address planning

1. IPv4 and IPv6 overall

如上图所示，IPv6需要一次性完成4bits的分配，而且直接使用该范围内分配，不需要利用出事分配规模来计算

如下图所示

2. Questions

Structure

1. Address

Address format
- Contiguous groups of ‘0‘ can be replaced with ‘::’
- Only one double colon used in an address.
- prefix
前缀
- Interface
- Character must be represented in lowercase.
必须用小写a-f.
Anycast type
- Unicast
- multicast
- anycast
IPv4 Broadcast concept disappears –Replaced by All hosts multicast.

IPv4广播概念消失 -被所有主机多播取代。
IPv6 Network Notation

网络标记
Special address
- Unspecial address
  
  ::
- Default route address
- Loopback
- Link-local IPv6 Address (LLA)
  - LLA prefix must be fe80::

2. IPv4 vs IPv6 fields

Similar and evolving fields

remove fields

3. IPv4 vs IPv6 header

IPv6 extension headers
- Hop by Hop options header.
- Destination options header.
- Routing header.
- Fragment header.
- Authentication header (AH).
- Encapsulation security payload (ESP) header.
  
  封装安全有效载荷（ESP）头。

4. Prefix Terminology

Prefix terms

IPv6 Relative Network Sizes

Prefix assignments
- Provider Aggregatable (PA) Assignments
集体提供者（PA）的分配
- From LIR(Local internet registry) allocation (minimum /32)
- Register by LIR in RIR(Regional Internet Registry) IRRDB(Internet router registry data base).
- Provider Independent (PI) Assignments
独立提供者（PI）的任务
- Minimum size is /48
- Cannot be sub-assigned.
- Exercise:

5. Link Local Address(LLA)

EUI-48 :34ed:8432:5476
EUI-64: 36ed:84ff:fe32:5476
LLA IPv6 Host ID: fe80::36ed:84ff:fe32:5476

Example

EUI-48 to EUI-64

6. Multicast

1. Scope and ground

IPv6 multicast flags

IPv6 multicast Scope

Ff02:: is link local address prefix, which is importance.

Multicast Group ID

每个GroupID的含义在Link local

每个GroupID的含义在site local

2. MAC

Multicast MAC is associated with each multicast address.

多播MAC与每个多播地址相关。

For IPv6 multicast addresses, the last 32 bits of the IPv6 address are OR’d with 33:33:00:00:00:00.

对于IPv6组播地址，IPv6地址的最后32位与33:33:00:00:00:00进行OR’d

Example

Multicast ip address: ff02::1

mac address : 33:33:00:00:00:01

3. Solicited-Node Multicast Address (SNMA)

Solicited-Node Multicast Address(被请求的节点多播地址)

Every device that uses an IPv6 address will also compute and join a SNMA group for each IPv6 address.

每个使用IPv6地址的设备也将为每个IPv6地址计算并加入一个SNMA组。

This address is required for the IPv6 NDP(Neighbor Discovery Protocol).
Example

last 24 bits of Interface ID, interface ID : 32:5476

Ff02::1:ff SNMA

7. IPv6 Assigned Prefixes

Address Type indicated by Format Prefix (FP).

由格式前缀（FP）表示的地址类型。

Anycast addresses allocated from unicast prefixes.

从单播前缀分配的任播地址。

Assigning a unicast address to more than one interface turns a unicast address into an anycast address.

将一个单播地址分配给一个以上的接口，会使单播地址变成任播地址。

Exercise

IPv6 application

DHCP(Dynamic Host Configuration Protocol)v6
- Stateless - > Used with SLAAC(Stateless Address Auto-configuration).
- Stateful -> Similar to DHCP use in IPv4.
DNS(Domain Name System)v6

ICMP(Internet Control Message Protocol)v6
- Much more important than ICMP
- Critical to the operation of IPv6.

Neighbour Dicovery(ND)

IPv6 Neighbour Discovery (ND)
- For Nodes
  - Address configuration (SLAAC)
  - Link-layer address resolution
  - Link-layer address change notification
  - Neighbour Unreachability Detection (NUD)
- For Hosts:
  - Router discovery
  - Parameter discovery (MTU, prefixes, hop limits).
- For Routers:
  - Advertise their presence & parameters
  - Advertise on-link prefixes
  - Determine next hops
  - Redirect hosts to better next hops.
- Stateless auto-configuration (SLAAC)
  - Creation of Global Unique Address (GUA)
  - Based in ICMPv6 (ND protocol).
  - Creation of Link-local Address (LLA)
    - Assumes that each interface can provide a unique identifier.
    - Use Duplicate Address Detection (DAD).
    - Plug & play.
- Stateful auto-configuration
  - Use of Stateful DHCPv6.

SLAAC process

process

Host creates a Solicited-Node Multicast Address (SNMA)
Host registers a Multicast Listener Report(MLR) for SNMA address to join group
- from ( :: ) to ff02::16 Multicast Listener Discovery (MLD)
左边发送到右边
- Destination Mac : ::
- Source Mac: ff02::16
Host creates a Link Local Address (LLA)
- Sends Neighbour Solicitation (NS) (135) from ( :: ) to SNMA with LLA target
- Source mac is ::
- Destination mac is ff02::1:ffaa:2
ff02::1 which mean all node on the link local
- No Neighbour Advertisement (136) is received
- No duplicate(重复) for LLA detected
- If Neighbour Advertisement (NA) (136) received auto-configuration stops.
Host registers a Multicast Listener Report for SNMA address to join group
- from LLA to ff02::16 MLD
- source mac fe80::200:ff:feaa:2
fe80:: link local address
- Destination mac is ff02::16
ff02::16 Multicast Listener Discovery (MLD)
Host sends Router Solicitation (RS) (133) to ff02::2 ‘All routers’ from LLA

Source Mac is fe80::200:ff:feaa:2

Destination Mac is ff02::2

Ff02::2 all router on link local

Router sends Router Advertisement (RA) (134) to ff02::1 ‘All nodes’ from its LLA with prefix

source Mac : Fe80::200:ff:feaa:3

Destination Mac : ff02::1

ff02::1 all node on link local

Host creates Globally Unique Address (GUA) from prefix and MAC
- Sends NS (135) from ( :: ) to SNMA with GUA target
- If NA (136) received auto-configuration stops.
Finish SLAAC.

RA Flags

如果M标志被设置为0，O标志被设置为1，则使用DHCPv6来获得额外的配置参数。

example

M:1 DHCPv6 stateful(有状态)

M:0 and O:1 SLAAC & DHCPv6 stateless(无状态)。

M:0 and O:0 RDNSS(Recursive DNS server), DNSSL(DNS Search List Option)

RDNSS:递归DNS服务器 ;DNSSL:DNS搜索列表选项

LLA&SNMA generation

LLA

IPv6 – Neighbor Discovery Protocol (NDP)

第一步检查邻居的缓存表里是否有PC2

如果有，则直接创建Link local frame，然后PC2的MAC address就是目标address

无，则第二步

第二步

发送neighbour discovery (ND) 向PC2询问它的MAC地址

Neighbor Request(NR)邻居请求被发送到PC 2的被(SNMA)请求节点组播地址上

ff02::1:ff is SNMA

IPv6 – Link Local address (LLA)

一旦为接口分配了IPv6地址（或启用了IPv6），操作系统就会自动分配一个LLA。

LLA可以由管理员静态分配。

路由器将不转发以LLA为目的地的数据包。

LLA地址fe80::/10 - fe80::eui-64或静态分配fe80::和最重要的64位。- fe80:: 是link local address

静态分配的LLA将优先于自动生成的LLA。

Link Local Address (LLA) automatic assignment

第一步，检查带有FF：FE的64 bit

第二步，将EUI-64变回EUI-48, 020c:cffff:fec1:2601 -> 00:0c:cf:c1:26:01

所以MAC address 是00:0c:cf:c1:26:01

Link Local Address (LLA) Static assignment

SNMA

IPv6 – Solicited Node Multicast Address (SNMA)

一个被请求的节点多播地址(SNMA)是通过获取单播或任播地址中最不重要的24位并将其附加到前缀ff02::1:ff00:0/104来创建的。

每个放在接口上的IPv6地址都会产生一个SNMA。

该接口加入了一个请求节点多播组地址(SNMA)。(它监听以IPv6征求节点多播地址为目的地的流量）。

第一步，找到SNMA

第二步，mac 是33:33:fe:30:96:01

Mapping Solicited Node Multicast Addresses to MAC addresses

PC X performs a ND for PC A

Question ask

Question and summary

1. Questions

Question 1

SNMA

Destination MAC is 33:33:00:00:00:02 Which means all routers on the Linklocal

Source IP is ::

Destination IP is ff02::2

Router IP link local : fe80::210:ffff:ffd6:58c0

Question 2

SNMA, DAD

destination MAC: 33:33:FE:23:47:33

Source address: ::

Destination address: ff02::1:ff:23:4733

question 3

Router advertisement

Destination MAC: 33:33:00:00:00:01

Source address: fe80::210:ffff:fed6:58c0

Destination address: ff02::01

source Link-layer address is fe80::210:ffff:fed6:58c0

question 4

snma

Destination Mac: 33:33:ff:23:47:33

source address is fec0:0:0:f282:210:ffff:fed6:58c0 -site local address

Destination address is ff02::1:ff:23:47:33

Host A IP:fec0::f282:2b0:d0ff:fe23:4733

question5

Destination MAC is 33:33:ff:23:47:33

Source address: 3ff3:2900:d005:f282:210:ffff:fed6:58c0

destination address is 3ffe:2900:d0005:f282:2b0:d0ff:fe23:4733