IPv6 Overview

1
IPv6 Overview

• CIS 185 Advanced Routing (CCNP 1)
• Spring 2006
• Rick Graziani
• Based on Chapter 2 IPv6 Overview, Routing TCP/IP
  2nd Edition, Jeff Doyle and Jennifer Carroll

2
Resources

• Information for this presentation is largely
  based on the following book
• Routing TCP/IP, Volume 1, 2nd EditionBy Jeff
  Doyle, Jennifer DeHaven CarrollISBN 1587052024
• Thank you to Jeff Doyle, Jennifer Carroll, and
  Cisco Press for the use of their graphics and
  other materials for this presentation.

3
Resources

• For more in depth information and especially for
  instructors, I highly recommend the following
  book
• Cisco IP Routing Packet Forwarding
  Intra-domain Routing Protocolsby Alex Zinin
  ISBN 0201604736
• Thank you to Alex Zinin for the use of his
  materials for this presentation.

4
Note to instructors

• This presentation is not solely based on
  information from the Cisco Academy CCNP 1
  curriculum.
• Much of the information for this presentation is
  from Routing TCP/IP, Volume 1, 2nd EditionBy
  Jeff Doyle and Jennifer Carroll.
• Alex Zinins book, Cisco IP Routing, has also
  been very helpful in creating this presentation.
• I feel the information in this book does a more
  adequate job of discussing the objectives and
  outcomes necessary for understanding the
  concepts, implementation, and troubleshooting of
  routing protocols, whether it is for university
  academics, certification, or professional
  advancement.

5
Background

• And when Vint Cerf and Bob Kahn invented TCP/IP
  for these networks, no one envisioned the
  Internet as it now is.
• 32-bit address space, yielding almost 4.3 billion
  addresses, seemed inexhaustible.
• The problem of IPv4 address exhaustion was
  recognized in the early 1990s, when various
  experts made projections showing that if the
  increasing rate of the allotment of IPv4
  addresses continued, the entire address space
  could be depleted in just a few short years.
• A new version of IPknown in the development
  stage as IP Next Generation or IPng, and which is
  now IPv6was the proposed solution.
• But it was recognized that developing the new
  standards would take time, and that a short-term
  solution to IPv4 address depletion also was
  needed.

6
Background

• That short-term solution was Network Address
  Translation (NAT).
• Behind the NAT device, private IP addresses as
  specified in RFC 1918.
• NAT has been so successful in slowing IPv4
  address depletion, and has become such a standard
  part of most networks, that to this day many
  still question the need for a new version of IP.
• There are two fundamental drivers behind the
  growing recognition of the need for IPv6.
• The first is widespread vision of new
  applications using core concepts such as mobile
  IP, service quality guarantees, end-to-end
  security, grid computing, and peer-to-peer
  networking.
• NAT stifles innovation in these areas, and the
  only way to get NAT out of the way is to make
  public IP addresses abundant and readily
  available.

7
Background

• The second fundamental driver for IPv6 is the
  rapid modernization of heavily populated
  countries such as India and China.
• A compelling statistic is that the number of
  remaining unallocated IPv4 addresses is almost
  the same as the population of China about 1.3
  billion.
• IPv6 replaces the 32-bit IPv4 address with a
  128-bit address, making 340 trillion trillion
  trillion IP addresses available.

8
(No Transcript)
9
(No Transcript)
10
IP Headers

• The IPv4 header contains 12 basic header fields,
  followed by an options field and a data portion
  (usually the transport layer segment).
• The basic IPv4 header has a fixed size of 20
  octets.
• The variable-length options field increases the
  size of the total IP header.
• IPv6 contains five of the 12 IPv4 basic header
  fields.
• The IPv6 header does not require the other seven
  fields.

11

• Routers handle fragmentation in IPv4, which
  causes a variety of processing issues.
• IPv6 routers do not perform fragmentation.
• Instead, a discovery process determines the
  optimum maximum transmission unit (MTU) to use
  during a given session.
• In the discovery process, the source IPv6 device
  attempts to send a packet at the size that is
  specified by the upper layers, such as the
  transport or application layer.
• If the device receives an ICMP packet too big
  message, it retransmits the MTU discover packet
  with a smaller MTU and repeats the process until
  it gets a response that the discover packet
  arrived intact.
• Then it sets the MTU for the session.

12
Address Representation

• 128-bit IPv6 addresses are represented by
  breaking them up into eight 16-bit segments.
• Each segment is written in hexadecimal between
  0x0000 and 0xFFFF, separated by colons.
• An example of a written IPv6 address is
•     3ffe19440100000a000000bc25000d0b

13
Rule 1 Leading 0s

• Two rules for reducing the size of written IPv6
  addresses.
• The first rule is
• The leading zeroes in any 16-bit segment do not
  have to be written if any 16-bit segment has
  fewer than four hexadecimal digits, it is assumed
  that the missing digits are leading zeroes.
• Example
• 3ffe 1944 0100 000a 0000 00bc 2500
  0d0b
• 3ffe 1944 100 a 0 bc 2500
  d0b

14
Rule 1 Leading 0s

• Practice
• 3ffe 0404 0001 1000 0000 0000 0ef0
  bc00
• 3ffe 0000 010d 000a 00dd c000 e000
  0001
• ff02 0000 0000 0000 0000 0000 0000
  0005

15
Rule 1 Leading 0s

• Practice
• 3ffe 0404 0001 1000 0000 0000 0ef0
  bc00
• 3ffe 404 1 1000 0 0 ef0
  bc00
• 3ffe 0000 010d 000a 00dd c000 e000
  0001
• 3ffe 0 10d a dd c000 e000
  1
• ff02 0000 0000 0000 0000 0000 0000
  0005
• ff02 0 0 0 0 0 0
  5

16
Rule 1 Leading 0s

• Notice that only leading zeroes can be omitted
  trailing zeroes cannot, because doing so would
  make the segment ambiguous.
• You would not be able to tell whether the missing
  zeroes belonged before or after the written
  digits.
• 3ffe 1944 100 a 0 bc 2500
  d0b
• Correct Original Address
• 3ffe 1944 0100 000a 0000 00bc 2500
  0d0b
• OR
• Wrong, Ambiguous Original Address
• 3ffe 1944 1000 a000 0000 bc00 2500
  d0b0

17
Rule 2 Double colon equals 00000000

• The second rule can reduce this address even
  further
• Any single, contiguous string of one or more
  16-bit segments consisting of all zeroes can be
  represented with a double colon.
• ff02 0000 0000 0000 0000 0000 0000
  0005
• ff02 0 0 0 0 0 0
  5
• ff02
  5
• ff025

18
Rule 2 Double colon equals 00000000

• Only a single contiguous string of all-zero
  segments can be represented with a double colon.
• Example Both of these are correct
• 2001 0d02 0000 0000 0014 0000 0000
  0095
• 2001 d02 14 0 0 95
• 2001 d02 0 0 14 95
• 2001 0d02 0000 0000 0014 0000 0000
  0095
• 2001 d02 14 0 0
  95
• OR
• 2001 d02 0 0 14
  95

19
Rule 2 Double colon equals 00000000

• Using the double colon more than once in an IPv6
  address can create ambiguity.
• Example
• 2001d021495
• Illegal because the length of the two all-zero
  strings is ambiguous it could represent any of
  the following IPv6 addresses
• 20010d0200000000001400000000009520010d02
  00000000000000140000009520010d0200000014
  0000000000000095

20
Network Prefixes

• IPv4, the prefixthe network portion of the
  addresscan be identified by a dotted decimal or
  hexadecimal address mask or a bitcount.
• 255.255.255.0 or /24
• IPv6 prefixes are always identified by bitcount.
• The address is followed by a forward slash and a
  decimal number indicating how many of the first
  bits of the address are the prefix bits.
• 3ffe1944100a/64

21
All 0s IPv6 Address

• An IPv6 address consisting of all zeroes can be
  written simply with a double colon.
• There are two cases where an all-zeroes address
  is used.
• Default address, discussed in Chapter 12,
  "Default Routes and On-Demand Routing," in which
  the address is all zeroes and the prefix length
  is zero
• /0
• Unspecified address, which is used in some
  Neighbor Discovery Protocol procedures (later).
• An unspecified address is a filler, indicating
  the absence of a real IPv6 address.
• When writing an unspecified address, it is
  differentiated from a default address by its
  prefix length
• /128

22
Three types of IPv6

• The three types of IPv6 address follow
• Unicast
• Anycast
• Multicast
• Unlike IPv4, there is no IPv6 broadcast address.
• There is, however, an "all nodes" multicast
  address, which serves essentially the same
  purpose as a broadcast address.

23
Global Unicast Addresses

• A unicast address is an address that identifies a
  single device.
• A global unicast address is a unicast address
  that is globally unique.
• Global unicast addresses, we mean an address with
  global scope.
• That is, an address that is globally unique and
  can therefore be routed globally with no
  modification.

24
Global Unicast Addresses
Replaced with

• Note This format, specified in RFC 3587,
  obsoletes and simplifies an earlier format that
  divided the IPv6 unicast address into Top Level
  Aggregator (TLA), Next-Level Aggregator (NLA),
  and other fields. However, you should be aware
  that this obsolescence is relatively recent and
  you are likely to encounter some books and
  documents that show the old IPv6 address format.

25
Global Unicast Addresses

• The host portion of the address is called the
  Interface ID.
• The reason for this name is that a host can have
  more than one IPv6 interface, and so the address
  more correctly identifies an interface on a host
  than a host itself.
• But that subtlety only goes so far
• A single interface can have multiple IPv6
  addresses, and can have an IPv4 address in
  addition.

26
Global Unicast Addresses

• Most striking difference between IPv4 addresses
  and IPv6 addresses, (aside from their lengths)
  location of the Subnet Identifier
• Subnet Identifier is part of the network portion
  of the address rather than the host portion.

27
Global Unicast Addresses

• A big benefit of making the IPv6 Subnet ID field
  a part of the network portion of the address is
  that the Interface ID can be a consistent size
  for all IPv6 addresses, simplifying the parsing
  of the address.
• And making the Subnet ID a part of the network
  portion creates a clear separation of functions
• The network portion provides the location of a
  device down to the specific data link
• and
• the host portion provides the identity of the
  device on the data link.

28
Global Unicast Addresses

• With very few exceptions
• Interface ID is 64 bits long
• Subnet ID field is 16 bits
• provides for 65,536 separate subnets
• The IANA and the Regional Internet Registries
  (RIRs) assign IPv6 prefixesnormally /32 or /35
  in lengthto the Local Internet Registries
  (LIRs).
• The LIRs, which are usually large Internet
  Service Providers, then allocate longer prefixes
  to their customers. In the majority of cases, the
  prefixes assigned by the LIRs are /48.

29
Global Unicast Addresses

• Exceptions
• If the customer is very large, a prefix shorter
  than /48 might be assigned.
• If one and only one subnet is to be addressed, a
  /64 might be assigned.
• If one and only one device is to be addressed, a
  /128 might be assigned.

30
Correction in book
FE80/10
FEC0/10
31
Identifying IPv6 Address Types
FE80/10
FEC0/10

• The first few bits of the address specify the
  address type.
• For example, the first three bits of all global
  unicast addresses currently are 001, they all
  start with either 2 or 3.
• Binary 001 is expected to suffice for global
  unicast addresses for some time to come.

32
Local Unicast Addresses
FE80/10
FEC0/10

• Global unicast addresses, we mean an address with
  global scope.
• That is, an address that is globally unique and
  can therefore be routed globally with no
  modification.
• IPv6 also has a link-local unicast address, which
  is an address whose scope is confined to a single
  link.
• Its uniqueness is assured only on one link.
• An identical address might exist on another link.
• The address is not routable off its link.
• The first 10 bits of the link-local unicast
  address are always 1111111010 (FE80/10).

33
Local Unicast Addresses
FE80/10
FEC0/10

• Link-local addresses used for
• Neighbor Discovery Protocol that communicates
  only on a single link.
• Devices that do not or have not yet been assigned
  global prefixes, ability to communicate with
  other devices.

34
Site-Local Unicast Addresses

• IPv6 originally defined a site-local unicast
  address, similar to RFC 1918 IPv4 Addresses.
• However, the IETF IPv6 Working Group determined
  that site-local unicast addresses introduced a
  number of difficulties.
• As a result of these concerns, and after some
  heated debate, the IPv6 Working Group deprecated
  site-local addresses in RFC 3879.
• An assurance has been given to those who see
  advantages in site-local addresses to introduce
  another scheme with similar "bigger scope than
  link but smaller scope than global" benefits, but
  as of this writing such a replacement scheme has
  yet to be seen.

35
Anycast Addresses

• An anycast address represents a service rather
  than a device
• The same address can reside on one or more
  devices providing the same service.

36
Anycast Addresses

• A service is offered by three servers, all
  advertising the service at the IPv6 address
  3ffe205110015.
• The router, receiving advertisements for the
  address, does not know that it is being
  advertised by three different devices instead,
  the router assumes that it has three routes to
  the same destination and chooses the lowest-cost
  route.
• In this is the route to server C with a cost of
  20.

Preferred route
37
Anycast Addresses

• The advantage of anycast addresses is that a
  router always routes to the "closest" or
  "lowest-cost" server.
• So servers providing some commonly used service
  can be spread across a large network and traffic
  can be localized or scoped to the nearest server,
  making traffic patterns in the network more
  efficient.
• And if one server becomes unavailable, the router
  routes to the next nearest server.

Preferred route
38
Multicast Addresses
FE80/10
FEC0/10

• A multicast address identifies not one device but
  a set of devicesa multicast group.
• A packet being sent to a multicast group is
  originated by a single device therefore a
  multicast packet normally has a unicast address
  as its source address and a multicast address as
  its destination address.
• A multicast address never appears in a packet as
  a source address.
• IPv6 does not have a reserved broadcast address
  like IPv4, but it does have a reserved all-nodes
  multicast group. (FF021)

39
Multicast Addresses

• Multicasting is essential to the basic operation
  of IPv6, particularly some of its plug-and-play
  features such as router discovery and address
  autoconfiguration.
• These functions are a part of the Neighbor
  Discovery Protocol, discussed later.

40
Multicast Addresses
41
Embedded IPv4 Addresses

• There are several transition technologiesmeans
  of helping to transition a network from IPv4 to
  IPv6 or otherwise help IPv4 and IPv6 to
  coexistthat require an IPv4 address to be
  communicated within an IPv6 address.
• The individual technology specifies how the IPv4
  address is to be embedded in the IPv6 address,
  and the implementation of the technology knows
  where among the 128 bits of the IPv6 address to
  find the 32 bits of the IPv4 address.
• We will not cover this here.

42
Topics we wont discuss

• Because of time we will not discuss the following
  topics, but I do suggest that you read this
  chapter.
• IPv6 Packet Header Format
• Extension Headers
• ICMPv6

43
Neighbor Discovery Protocol

• Neighbor Discovery Protocol (NDP) is the enabler
  of these plug-and-play features, using the
  following functions
• An IPv6 node can.
• Router Discovery Discover the local routers
  without
• Prefix Discovery Discover the prefix or prefixes
  assigned to that link.
• Parameter Discovery Discover other parameters
  such as the link MTU and hop limits for its
  connected link.
• Address Autoconfiguration Determine its full
  address, without DHCP.
• Address Resolution Discover the link-layer
  addresses of other nodes on the link without the
  use of Address Resolution Protocol (ARP).
• Next-Hop Determination Determine the link-layer
  next hop for a destination, either as a local
  destination or a router to the destination.
• Neighbor Unreachability Detection Determine when
  a neighbor on a link, either another host or a
  router, is no longer reachable.
• Duplicate Address Detection Determine if an
  address it wants to use is already being used by
  another node on the link.
• Redirect A router can notify a host of a better
  next-hop than itself to an off-link destination.
  The redirect function is a part of basic ICMP
  functionality in IPv4, but is redefined as part
  of NDP in IPv6.

44
NDP Messages

• NDP is defined in RFC 2461.
• It uses ICMPv6 to exchange the messages necessary
  for its functions specifically, five new ICMPv6
  messages are specified in RFC 2461
• Router Advertisement (RA) messages are originated
  by routers to advertise their presence and
  link-specific parameters such as link prefixes,
  link MTU, and hop limits.
• These messages are sent periodically, and also in
  response to Router Solicitation messages.
• Router Solicitation (RS) messages are originated
  by hosts to request that a router send an RA.
• Neighbor Solicitation (NS) messages are
  originated by nodes to request another node's
  link layer address and also for functions such as
  duplicate address detection and neighbor
  unreachability detection.
• Neighbor Advertisement (NA) messages are sent in
  response to NS messages. If a node changes its
  link-layer address, it can send an unsolicited NA
  to advertise the new address.
• Redirect messages are used the same way that
  redirects are used in ICMP for IPv4 they have
  merely been moved from being a part of the base
  ICMPv6 protocol to being a part of NDP.

45
NDP Messages
RA (Router Advertisement)
- Address, prefix, link MTU
Redirect
- Suggest another Gateway
RS (Router Solicitation)
- Need RA from Router
NS (Neighbor Solicitation)
- Request another node's link layer address
NA (Neighbor Advertisement)
- Sent in response to NS
46
NDP - Router Discovery

• A router makes its presence known, along with any
  parameters it has been configured to advertise,
  by periodically sending RAs on its attached
  links.
• Period between transmissions of RAs is between 4
  and 1800 seconds.
• Minimum period between advertisements of RAs with
  a default of 200 seconds.
• Unsolicited RAs have a source address set to the
  link-local IPv6 address of the router's
  interface.
• The destination address is the all-nodes
  multicast address (FF021).
• Cisco routers automatically send RAs on Ethernet
  and FDDI interfaces whenever IPv6 is enabled on
  the router with the command
• Router(config) ipv6 unicast-routing
• The default interval is 200 seconds, and can be
  changed with the command
• Router(config) ipv6 nd ra-interval

47
NDP - Router Discovery
RA (Router Advertisement)
- Address, prefix, link MTU
- All-nodes multicast address (FF021)
- Sent between 4 - 1,800 seconds, default every
200 seconds
48
NDP - Router Discovery

• 200 seconds is a long time for a host that has
  just attached to an interface to wait for an RA.
• So when a host first becomes active on a link, it
  can send an RS to solicit the immediate
  transmission of an RA.
• The source of the RS can either be the
  unspecified address () or the host's link-local
  IPv6 address.
• The destination is always the all-routers
  multicast (FF022).
• When a router receives an RS, it sends (after a
  delay of .5 seconds) an RA in response.
• If the source address of the RS that triggered
  the RA is a host's link-local address, the RA is
  unicast to the host using its link-local address.
  
• If the source address of the RS was unspecified,
  the solicited RA is multicast to the all-nodes
  address.
• When a host receives an RA, it adds the router to
  its default router list (unless the RA indicates
  by a Router Lifetime value of 0 that it cannot be
  used as a default).
• If there is more than one router on the default
  router list, how the host selects a default
  router is implementation-specific.
• It could either rotate through the list, or
  select and keep a single router as default. In
  either instance, the Redirect function is
  essential for updating the host when a different
  default than the one it selected should be used.

49
NDP - Router Discovery
RS (Router Solicitation)
Source Add () or link-local layer
Dest. Add all-routers multicast (FF022)
Immediate (.5 second delay) RA (Router
Advertisement)
Host adds router to default router list
Dest. Add unicast if source was link-local,
otherwise multicast to all-nodes (FF021)
50
NDP - Address Autoconfiguration

• When an IPv6 host first becomes active on a link,
  it can self-configure its own interface address.
• The first step in this process is the
  determination of the 64-bit Interface ID portion
  of the address.
• On broadcast interfaces (where hosts are most
  likely to appear), a mechanism called
  MAC-to-EUI64 conversion is used.
• Quite simply, this mechanism
• takes the 48-bit Media Access Control (MAC)
  address of the interfacewhich can normally be
  assumed to be globally unique
• converts it into a 64-bit Interface ID by
  inserting a reserved 16-bit value of 0xFFFE into
  the middle of the MAC address
• "flipping" the Universal/Local (U/L) bit of the
  MAC address to 1 (Universal).

51
NDP - Address Autoconfiguration Interface ID
52
NDP - Address Autoconfiguration Link Local
Prefix

• Start with getting a Link-Local IPv6 Address
• The Interface ID is only half of the IPv6
  address a 64-bit prefix is also required.
• The link-local prefix is a reserved, well-known
  value of 0xFE80/10.
• Using this as a full 64-bit prefix (0xFE80/64),
  it can be added onto the derived Interface ID,
  and the host now has a complete IPv6 address that
  can be used for communication with other devices
  on the same link.
• For example, combining the link-local prefix with
  the Interface ID gives a link-local address of
• FE8002000BFFFE0A2D51

53
NDP - Address Autoconfiguration Link Local
Prefix
FE80 02000BFFFE0A2D51 1111111
0 10000000 48 0s Interface ID 64 bits

• Original MAC 00000B0A2D51
• Converted MAC 02000BFFFE0A2D51
• LINK LOCAL Add FF8002000BFFFE0A2D51

54
NDP - Address Autoconfiguration Link Local
Prefix

• Example of a link-local address, Ethernet
  interface "en1" on a Macintosh OS X host.
• Using the link-local prefix FF80/10 and a
  MAC-to-EUI64 conversion, an IPv6 interface
  derives its link-local address with no help from
  any other device

55
NDP - Address Autoconfiguration Global Prefix

• If the host only needs to communicate with
  devices on the link, autoconfiguring its
  link-local address is sufficient.
• But if it needs to communicate with devices
  off-link, it needs an address with a wider
  scopenormally a global IPv6 address.
• There are two ways it can acquire this address
• stateful address autoconfiguration
• stateless address autoconfiguration

56
NDP - Address Autoconfiguration Global Prefix
RA (Router Advertisement)
- Use DHCPv6 Server
DHCPv6 Request

• Stateful Address Autoconfiguration (Like IPv4
  DHCP)
• Consults a DHCPv6 server for the necessary
  address information
• Preconfigured to find a DHCPv6 server
• or
• Received RA might have its M flag set telling it
  to use DHCPv6
• DHCPv6, described in RFC 3315, is not much
  different in its end results than DHCP for IPv4.

57
NDP - Address Autoconfiguration Global Prefix
RA (Router Advertisement)
- Prefix of 3FFE11044041/64
Original MAC 00000B0A2D51 Conv
erted MAC 02000BFFFE0A2D51 Rou
ter Adv 3FFE11044041/64 Global Add
3FFE1104404102000BFFFE0A2D51

• Stateless Address Autoconfiguration
• Host acquires one or more link prefixes from the
  RAs it receives.
• It then adds the prefix to its previously
  determined Interface ID, and it now has a
  globally unique IPv6 address.
• Example, if the host received an RA advertising a
  prefix of 3FFE 11044041/64, it would add
  that prefix to its Interface ID for a global
  address of 3FFE1104404102000BFFFE0A2D51.

58
NDP - Duplicate Address Detection
My Global Address is 3FFE1104404102000BFFFE
0A2D51
Tentative Need to do Duplicate Address
Detection

• Use of MAC addresses to derive an Interface ID
  almost always guarantees a unique address of any
  scope.
• Still wise to ensure that the address is unique.
• Whenever a device acquires a unicast address, it
  must perform Duplicate Address Detection before
  using the address.
• Required for stateful configuration, stateless
  configuration, or statically configured.
• The only exception to the rule is an anycast
  address, because anycast addresses by definition
  can appear on more than one device.
• There is also an exception for link local
  addresses.

59
NDP - Duplicate Address Detection
My Global Address is 3FFE1104404102000BFFFE
0A2D51
Tentative Need to do Duplicate Address
Detection
NS (Neighbor Solicitation)
- Target Address 3FFE1104404102000BFFFE0A
2D51

• A node that has acquired a new address classifies
  the address as tentative.
• The address cannot be used until verified with
  the Duplicate Address Detection.
• The node sends an NS with the Target Address
  field set to the address to be verified.
• Source address of the NS is the unspecified
  address
• Destination of the NS is a solicited-node
  multicast address.

60
NDP - Duplicate Address Detection
My Global Address is 3FFE1104404102000BFFFE
0A2D51
Tentative Need to do Duplicate Address
Detection
NS (Neighbor Solicitation)
- Target Address 3FFE1104404102000BFFFE0A
2D51
- Destination Solicited-Node Multicast Address
FF021FF0A2D51

• The Destination, solicited-node multicast address
  is formed by prepending the prefix
  FF0200001 FF00/104 to the last 24 bits of
  the target address.
• For example, given the Interface ID derived in ,
  the solicited-node multicast address is
  FF021FF0A2D51.
• This is a sort of broadcast for any device with
  these 24 bits in their Interface ID.
• The reason for this is that if a node has
  autoconfigured more than one interface address,
  the last 24 bits of all of its addresses should
  be the same.
• So the one NS with a solicited-node multicast
  address should match all of its interface
  addresses.

61
NDP - Duplicate Address Detection
My Global Address is 3FFE1104404102000BFFFE
0A2D51
Tentative Need to do Duplicate Address
Detection
NS (Neighbor Solicitation)
- Target Address 3FFE1104404102000BFFFE0A
2D51
NA (Neighbor Advertisement)
- Target and Destination Address
3FFE1104404102000BFFFE0A2D51
Cant use this Global Address!

• If a node receives an NS and the target address
  matches one of its assigned addresses, it sends
  an NA with the Target Address and the destination
  address set to the tentative address.
• The node that had originated the NS, on receipt
  of the NA, knows that the tentative address is
  duplicate and cannot be used.

62
NDP - Neighbor Address Resolution
DNS Server
examplehost.com
IPv6 packet for examplehost.com
DNS Query for examplehost.com
DNS Reply 3FFE52124001521124FFFE23334E

• IPv4 uses ARP (Address Resolution Protocol) to
  discover Layer 2 data link addresses, when it
  knows an IPv4 destination address.
• IPv6 uses NDP
• Example, a node might want to send a packet to
  examplehost.com.
• A DNS query returns the address
  3FFE52124001521124FFFE23334E
• The sending node must now discover the link-layer
  address to use as a destination address of the
  frame for the local link.

63
NDP - Neighbor Address Resolution
RA (Router Advertisement) Link Layer address
DNS Server
examplehost.com
IPv6 packet for examplehost.com
DNS Query for examplehost.com
DNS Reply 3FFE52124001521124FFFE23334E
Is the prefix returned the same as my prefix?
NO, send to router, YES, send directly.

• When the node examines the prefix of the IPv6
  address returned by DNS, it either concludes that
  the destination is a neighbor on the local link
  or that it is off-link and therefore reachable
  through the default router.
• If the latter is the case, the node should
  already know the link-layer address of the
  default router from the RAs.
• Similar to IPv4.

64
NDP - Neighbor Address Resolution
RA (Router Advertisement) Link Layer address
DNS Server
examplehost.com
IPv6 packet for examplehost.com
DNS Query for examplehost.com
DNS Reply 3FFE52124001521124FFFE23334E
Is the prefix returned the same as my prefix?
YES, check neighbor cache.

• But if the destination is on the local link, the
  node first looks in its neighbor cache to see if
  the address is known.
• The neighbor cache in IPv6 is very similar to the
  ARP cache in IPv4 it records known network-layer
  addresses and the link-layer addresses associated
  with them.

65
NDP - Neighbor Address Resolution
RA (Router Advertisement) Link Layer address
DNS Server
examplehost.com
IPv6 packet for examplehost.com
DNS Query for examplehost.com
DNS Reply 3FFE52124001521124FFFE23334E
Is the prefix returned the same as my prefix?
YES, check neighbor cache for an IPv6 MAC
address match.
66

• The neighbor cache in IPv6 is very similar to the
  ARP cache in IPv4 it records known network-layer
  addresses and the link-layer addresses associated
  with them.
• The following shows a neighbor cache from a
  Microsoft Windows XP host.
• The neighbor cache stores known IPv6 addresses
  and their associated link-layer addresses.

67
NDP - Neighbor Address Resolution
RA (Router Advertisement) Link Layer address
DNS Server
examplehost.com
IPv6 packet for examplehost.com
NS (Neighbor Solicitation)
- Target Address 3FFE52124001521124FFFE23
334E
- Destination, Solicited-Node Multicast Address
FF021FE23334E

• If the address is not in the neighbor cache, it
  is entered but tagged Incomplete, indicating that
  address resolution is in progress.
• The node then sends an NS to the solicited-node
  multicast address associated with the target
  node.

68
NDP - Neighbor Address Resolution
RA (Router Advertisement) Link Layer address
DNS Server
examplehost.com
IPv6 packet for examplehost.com
NS (Neighbor Solicitation)
- Target Address 3FFE52124001521124FFFE23
334E
- Destination, Solicited-Node Multicast Address
FF021FE23334E
NA (Neighbor Advertisement)
- Data Link Layer Address 00112423334E
Add to neighbor cache.

• If the solicited node exists and the NS is valid,
  it responds with an NA.
• The soliciting node, upon receipt of the NA, can
  add the target node's link-layer address to the
  neighbor cache entry and change the entry from
  Incomplete to Reachable.

69
NDP - Neighbor Address Resolution
70
Privacy Addresses Final Note

• Even if a device moves from subnet to subnet or
  even major network to major network, its
  Interface ID always remains the same and if the
  Interface ID remains the same, it can be tracked.
  
• At the least, this becomes a privacy issue.
• For example, suppose you are using IPv6 to
  connect to your company network.
• Recording and analyzing packets coming into some
  part of the network can identify you by your
  unchanging Interface ID.
• And by further analyzing the different prefixes
  prepended to that Interface ID, your employer can
  infer where you are at all times at work, at
  home, traveling, or whatever.
• More insidious uses can also be made of such
  tracking, keeping record of your location and
  activities for everything from marketing to
  criminal exploitation.
• RFC 3041 addresses this security concern by
  defining IPv6 privacy addresses.
• A privacy address is one in which the Interface
  ID is generated by an algorithm using a
  pseudo-random number.
• What is significant about it, and makes it
  reasonably private, is that the Interface ID
  changes approximately once a day (or on some
  configurable period) and also whenever the node
  acquires a new IPv6 prefix.

71
IPv6 Overview

• CIS 185 Advanced Routing (CCNP 1)
• Spring 2006
• Rick Graziani
• Based on Chapter 2 IPv6 Overview, Routing TCP/IP
  2nd Edition, Jeff Doyle and Jennifer Carroll