Why do we need to deploy IPV6?

Why do we need to deploy IPV6?

· Limitations of IPv4:

1. Limitations of address space: the IP address space crisis has been around for a long time and is the main driving force for IPv6 upgrade.

2. Security: IPv4 has no security at the network layer. Security is always considered to be the responsibility of a layer above the network layer.

3. Automatic Configuration: the configuration of IPv4 nodes is complicated, making it difficult for many common users.

4. NAT: destroys the end-to-end network model of the Internet.

5. Due to the disorder of IPv4 Address Allocation and no hierarchy, network devices need to maintain a large route table.

6. IPv4 headers are too complex, making the processing efficiency of network nodes inefficient.

 

Benefits of IPV6:

1. Large address space

2. Global accessibility, no need to use NAT

3. Global redeployment, planning, and easy aggregation

4. automatic configuration for out-of-the-box use

5. Convenient re-addressing

6. the Baotou is simple. The new technology can be expanded in the future through the expanded Baotou technology.

 

During ipv4 route forwarding, the IP packet changes the checksum (checksum) and TTL (each time a router passes through a TTL value minus one)

Ipv6 only changes to TTL without checksum

 

The CPU does not support 128-bit forwarding.

It is best to only 64-bit.

 

· Theoretical limit: 4.3 billion (billion) 4.3 billion

Practical limit: 250 million (million) 0.25 billion

 

Over 420 million Internet in Y2001

(Less than 10% of the worldwide population)

 

 

No broadcast. multicast replaces broadcast. So there is no ARP.

Broadcast in IPv4 can lead to a decrease in network performance or even a broadcast storm ). in IPv6, the concept of broadcast does not exist. Instead, multicast and anycast are used.

 

The protocol ID of IPV6 over Ethernet is 0x86DD.

 

<IPV6 address representation>

· IPv4 point decimal 32bit

IPv6 Colon: hexadecimal 128bit

0000: 0000: 0000: 0000: 0000: 0000: 0000 => ::

0000: 0000: 0000: 0000: 0000: 0000: 0000 => 0: 0: 0: 0: 0: 0: 0: 0: 1 = >:: 1

2001: 0000: 0000: 1234: 0000: 0000: 00ff => 0567: 2001: 0: 0: 1234: ff can only have one ::

Fe80: 0000: 0000: 0000: 0000: 0000: 0000: 0009 => fe80: 9

 

 

IPV6 address representation of the URL

To distinguish between the colon in the IPV6 address and the colon Before the port number, you must enclose the IPV6 address in [].

<Www.example.net: 8080/index.html>

<Https: [2001: 410: 0: 1: 250: fcee: e450: 33ab]: 8443/abc.html>

 

Mask representation in IPV6:

In IPV6, the mask can only use CIDR notation.

 

2001: 410: 0: 1: 45ff/128

2001: 410: 1/64

 

Note: There are no broadcast addresses and reserved network numbers in IPV6.

 

Bytes ------------------------------------------------------------------------------------------

 

<IPV6 address type>

It can be divided into three categories:

1. Unicast address

2. multicast address

3. Any stream play address

 

Unicast -- Unicast: one to one

· Unicast addresses are used for one-to-one connection.

· There are six types of IPv6 unicast addresses:

　1-Aggregate Global Unicast Address 2xxx: xxxxx/3-3FFF: FFFF

2001:/16 IPV6Internet address

2002:/16 6to4Transition address

2-Link Local Address　　　FE80:/10 (Before10BitwiseFE80Start)

3-Site Local Address (Private) FEC0:/10

4-Unspecified Address　　0: 0: 0: 0: 0: 0: 0/128 = >::/128

5-Loopback Address　　　0: 0: 0: 0: 0: 0: 0: 1/128 = >:: 1/128

　6-IPv4 Compatible Address: 192.168.30.1 = >:c0a8: 1E01

 

Here are some specific descriptions of unicast addresses:

1. Aggregate global unicast address

 

Public IP addresses that can be routed globally assigned by IANA

 

Currently, allocated Prefix: 2000:/3 occupies 12.5% of the IPV6 address space.

2000: 0000: 0000: 0000: 0000: 0000: 0000--3FFF: FFFF

 

This prefix contains a total of 8192/16 prefixes.

The actual prefix for IPV6 Internet operation: 2001:/16

2002:/16 is reserved for nodes that use the 6-TO-4 Transition Mechanism

3ffe:/16 prefix used for 6bone Testing

 

2. local link address: link-local address

When IPV6 is enabled on a node, each interface at the start time automatically generates a link-local address

Its prefix 64 bits are standard-specified, and the last 64 bits are constructed in EUI-64 format

Note: On this Link, the next hop shown in the route table is the Link Local address of the Peer end, not the public IP address.

 

Prefix: FE80:/10

Range: it can only be used on a local link and cannot be routed between subnets.

 

Why link-local --You can configure many IPv6 addresses on one interface, so you may have many next hops when learning routes.

The Link Local address uniquely identifies a node. The Local Link shows that the next hop is the Local Link address of the Peer Link.

The Link Local address of the node and Router does not change during network re-addressing, so it is easy to make a change without worrying about network accessibility.

 

R1(Config-if) # ipv6 address FE80: 0: 0: 0: 0123: 0456: 0789: 0abc link-localManually specifyLink-localAddress

 

3Local site address: Site-local address

IPV6Private Network Address,Just likeIPV4The private network reserved address in is the same

Takes up only 0.1% of the total IPV6 address space

 

Prefix: FEC0:/10. The 54 BITs are used for the subnet ID. The last 64 bits are used for the host ID.

Scope: it can only be used on this site and cannot be used on the Internet.

 

For example, allocate 10 subnets locally.

1. FEC0: 0: 0: 0001:/64

2. FEC0: 0: 0: 0002:/64

3. FEC0: 0: 0: 0003:/64

10. FEC0: 0: 0: 000A:/64

 

The local site address is designed for devices that will never communicate with the Global IPV6 Internet, such as printers, Intranet servers, and network switches.

 

4, Unspecified addressUnspecified address

 

Format: 0: 0: 0: 0: 0: 0: 0: 0

Indicates that the address is not specified, or all the routes in the table are written in the default routing time.

 

5. Loopack address

 

Format: 0: 0: 0: 0: 0: 0: 0: 1

Similar to the 127.0.0.1 address in IPV4, it indicates the node itself.

 

6. IPV6 addresses embedded with IPV4 addressesIPv4 Compatible Address

1. IPV4-compatible IPV6 address: Used to establish an automatic tunnel on an IPV4 network to transmit IPV6 packets.

Where the high 96 bit is set to 0, followed by the 32bit IPV4 address

0000: 0000: 0000: 0000: 0000: 0000: 206.123.31.2

0000: 0000: 0000: 0000: 0000: ce7b: 1f02

 

Because this mechanism is not very good, it is no longer in use now. Instead, it adopts a better transitional mechanism.

 

2. ing IPV4 IPV6 addresses-used only for the local range of IPV4 and IPV6 Dual-protocol stack nodes

Set 80 bits to 0, 16 bits to 1, and IPV4 addresses.

0000: 0000: 0000: 0000: 0000: ffff: 206.123.31.2

0000: 0000: 0000: 0000: 0000: ffff: ce7b: 1f01

 

EUI-64 format: Extended Unique Identifier

In IPV6, the stateless automatic configuration mechanism uses the EUI-64 format to automatically configure IPV6 addresses

The so-called stateless automatic configuration is a mechanism that allows nodes to configure their own IPV6 addresses without a DHCP server in the network.

 

Construction Rules for EUI-64 --An IPV6 address is generated based on the MAC address of the interface and a fixed prefix.

 

Working principle: the 48-bit Ethernet MAC address is automatically extended to 64bit, and then hung behind a 64bit prefix to form an IPV6 address

 

1. Separate 48-bit MAC addresses from the center and insert a fixed value FFFE

0050: 3EE4: 4C00 --> 0050: 3EFF: FEE4: 4C00

 

2. Reverse the 7th bits. If the original value is 0, it is changed to 1. If the original value is 1, it is changed to 0.

0050: 3EFF: FEE4: 4C00 --> 0250: 3EFF: FEE4: 4C00

 

III,Prefix-- FE80: 0250: 3EFF: FEE4: 4C00This is a completeIPV6Address

 

Reason for reversal:

InMACAddress in process,The7Bit:1Indicates Local Management,Is0Global Management

In EUI-64 format, 7th bits are 1 to indicate globally unique, 0 to indicate local unique

 

Multicast address Multicast

No broadcast in IPV6, instead of Multicast

 

Prefix: FF00:/8 occupies 0.38% of the IPV6 address space

1111 1111 4bit 4bit

| → Fixed value limit | → flag limit | → range limit |

 

 

The following are some multicast addresses:

FF02: 1 all nodes in the local link range

FF02: 2 all routers in the local link range

FF02: 5 all ospf routers

FF02: 9 all rip routers all routers running RIP

FF02

FF05: 2 all routers within the same site

 

<Basic IPV6 commands>

 

R1 (config) # ipv6 unicast-routing enable IPV6 routing on the router

R1 (config-if) # ipv6 enable enables IPV6 under the interface, a link-local address is automatically generated

R1 (config-if) # ipv6 address 2001: 1/64 specifies an IP address.

Show ipv6 interface e0DisplayIPV6Interface Information,IncludingIPV6Address, Link-localAddress,Added multicast addresses and requested node multicast addresses

IPV6 route:

 

<Static Routing>

Recommended Syntax:

Ipv6 route 2001:/64 2001: 2Next Hop address

 

<RIP> -- ripng

Use port UDP521 in IPV6 and port 520 in IPV4

Use multicast address: FF02: 9

Operation radius: 15 hops

 

Ipv6 unicast-routing

Ipv6 router rip ABC must have a process number

Int s1/0

Ipv6 rip ABC enable must enter the RIP enabled under the interface

Show ipv6 route

Show ipv6 route rip

 

 

<OSPF>

OSPFV3 is used in IPV6

 

R1 (config) # Ipv6 router ospf 110

R1 (config-router) # Router-id 2.2.2.2Note::You must useIPV4Address ID,Must be manually specified,Cannot be automatically selected

R1 (config) # Int s0

R1 (config-if) # Ipv6 ospf 110 area 0It is also advertised under the interface

R1 (config) # Int lo0

R1 (config-if) # Ipv6 ospf 110 area 0The loopback port is still a host route, 128Bit,You can change the network type.

 

Show ipv6 route ospf

 

<PAPAuthentication>Send password in plaintext

 

· PAPAuthentication(PPP Password Authentication Protocol):

Between host and Router, PAPYes one-way authentication

Between Routers, PAPYes two-way authentication

 

1)Enable PPP encapsulation under the interface:

　R2/R4 (config-if) # encapsulation ppp

 

2)Create a local user database and user name&Password

　R2 (config) # username R4 password R4The user name and password must be sent to me.

　R4 (config) # username R2 password R2

 

3) Enable PAP authentication under the interface:

　R2/R4 (config-if) # ppp authentication pap

　

4) SendPeer-createdUsername & password:

　R2 (config-if) # ppp pap sent-username R2 password R2

 

 

<CHAPAuthentication> (Challenge Handshake Authentication Protocol)

 

1)InR2AndR4OfSerial0:

　R2/R4 (config-if) # encapsulation ppp

 

2) create a user name and password:

User name:Hostname of the other party (case sensitive)

Password:Both parties must be consistent (note space, case sensitive)

　R2 (config) # username R4 password cisco

　R4 (config) # username R2 password cisco

 

3) Enable CHAP authentication on the interface:

　R2/R4 (config-if )#Ppp authentication chap