Chapter 4: Preparing for the Advent of IPv6

In This Chapter

Grasping the basic IPv6 address structure

Collapsing, identifying, and assigning addresses

Integrating with IPv4 and IPv6 networks

The first question you may ask about Internet Protocol version 6 (IPv6) is, “What is wrong with IPv4? Why do we need a new type of IP addressing structure?” Well, the answer is really a testament as to the popularity of the Internet. IPv4 has been around since the late 1970s when most computers were mainframes and minicomputers. Minicomputers tended to have a couple of network connections, but most devices — such as terminals and printers — were connected to it via serial connections. The expectation of the time was that if all the computers in the world started using TCP/IP, there would still be millions of addresses left available.

Well, who knew that 40 years later, not only would there be at least one computer in every household, but multiple computing devices that needed their own addresses, too. For example, my house has a media server, three media server front ends, five computers, three smartphones (with Wi-Fi), three iPods (with Wi-Fi), a Nintendo Wii, and a Microsoft Xbox, bringing my five-person household to 17 active IP addresses.

You look at private addresses in Chapter 1 of this minibook and Network Address Translation/Port Address Translation (NAT/PAT) in Book VI, Chapter 3 as alternatives to save addresses, but they do not work in every situation. Moving forward, you need a much bigger address space to work with, and that is the biggest gift IPv6 offers.

The transition to IPv6 was a slow one because it was conceived with a working IP name: Next Generation (IPng) in RFC 1550 in 1993. IPv6 underwent a few tweaks and was given the designation of IP version 6 (IPv6) in RFC 1883 in 1995. (IPv6 was used as the designation because IPv5 had already been assigned to another protocol that was being tested.) Over the years, IPv6 has been fine-tuned and supporting protocols have been designed and tested, with the largest hurdle being how to actually implement and migrate the world over to IPv6. Well, that has mostly been worked out; more products support IPv6, such as Microsoft Windows 7. In another 16 years or so, IPv6 will be standard.

I recommend having some concept as to what IPv6 is and how it works. It may still be quite a while before you are forced to move to IPv6 because of application requirements or your Internet service provider (ISP). Until that time, try not to sweat it too much. The change will happen eventually, and there is nothing to worry about. This chapter gives you the basic orientation that you need to prepare yourself for that time.

Reviewing Address Structure

When working with IPv4, you have a 32-bit address format broken into byte size units, or octets. IPv4 allows for a total of 4.3 billion addresses (2^32). After you get rid of special address spaces such as loopback, multicast, and reserved blocks, you have only about 3.7 billion addresses to work with. Of that, approximately 2.4 billion are already assigned to exiting users, so you do not end up with very many left for all the new people and their myriad of devices. Well, IPv6 increases that address space up to 128 bits, or 2^128 addresses, or 3.4 × 10^38 addresses. Now that is a lot. Check out Table 4-1, where it might make a little more sense.

You may have noticed the rather odd-looking alternate IPv6 address in the table. That is done to keep you from getting a cramp in your hand when writing decimal numbers. This is hex-colon notation, which takes 16 bits and converts them to four hexadecimal numbers, rather than six decimal numbers in dotted-decimal notation. You can find a primer on other number systems in Book I, Chapter 3.

Collapsing Addresses

When working with IPv6 address, it can take a lot to write your addresses — after all, they are 128 bits long. To make life simpler, here are some rules you can use to condense this notation:

• Leading zeros in the address are optional. So, for an address block, 0A45 would be equal to A45, and 0000 would be equal to 0.

• Multiple fields of zeros can be expressed as ::, but this can be done only once per address.

• An unknown or unspecified address, even in IPv4, is typed as all zeros; as such, it can be represented in IPv6 as ::.

Most addresses that you write can likely be compressed in some fashion. Table 4-2 shows some examples of this type of compression.

Identifying Special Addresses

With IPv4, you have seen that there may be special address groups that existed within the total IP address space. In addition to Class A, B, and C addressees, you also have the loopback address block (anything starting with 127) as well as multicast address space and Automatic Private IP Addressing (APIPA) addresses. Well, IPv6 handles addresses a little differently. Within IPv6 are three main types of addresses, which are

• Unicast: A single unique address for a network interface. There are several types of unicast addresses, which I discuss in just a bit.

• Multicast: A one-to-many relationship in which the IP address is actually a group address and many devices can belong to the group. (See Chapter 1 in this minibook for more details). Unlike IPv4, there is no such thing as a broadcast address that is processed by every device on a network; instead, IPv6 relies on multicast and anycast addresses to be able to send data to more than a single unicast device on your network. Also, unlike IPv4, this new multicast address range is substantially larger than its predecessor, so it should be a long time before anyone runs into address limitations.

• Anycast: A one-to-nearest relationship using unicast addresses. The difference between this and normal unicast traffic is that multiple devices use the same address, similar to a multicast group address. Communication might start with a unicast packet being sent to a multicast address in which the device that is closest to the sender would answer the request. Anycast addresses are a perfect solution for load-balancing problems (such as a web server farm) because multiple devices can use and share the same address, and only one device will respond to network requests from each client device. Because anycast addresses are allocated from the unicast pool, the address format for them is the same as that of the unicast addresses.

When configuring network interfaces for IPv6, a single network interface could have a number of addresses associated with it. This may be a mixture of these address types. Within the unicast type there are three main address groups:

• Global addresses: These globally routable addresses are the addresses that are assigned by your ISP and include addresses in the 2000::/3 range. This range would include from 2000:: through to 39FF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. Global addresses represent about one-eighth of all IPv6 addresses, and the numbers are handed out by the IANA, as they are with IPv4.

• Reserved addresses: The Internet Engineering Task Force (IETF) reserved several addresses of the global address space to be implemented if it decides to introduce new features. This reserved space amounts to approximately 1 of every 256 IPv6 addresses.

• Private addresses: All private addresses start with FE in the first two positions of this address, followed by another digit from 8 to F. This could also be written as FE80::/9. Like with IPv4, these addresses cannot be routed over the Internet. These private addresses fall into these major categories:

• Site-local addresses are a section of the main private address space and include addresses in the FEC0::/10 block, which are all addresses that start with FE and have C, D, E, or F for their third character. These addresses are used to assigned IPv6 addresses to a site or organization (using an IPv6 DHCP server), and do not route outside that area or to the Internet. Internal routers forward data to these addresses on internal interfaces, but routers do not forward data to these out to the Internet. Because of a lack of definition around how site-local addresses were to be used, they were deprecated (marked and obsolete) in 2004, and replaced with a unique-local address in 2005.

I continue to mention site-local addresses to you because, although deprecated, you will likely encounter the term from time to time and in older documentation.

• Unique-local addresses are designed for an organization to assign internal addresses across its organization. These addresses are defined by the FC00::/7 address block, with the second half of the block, FD00::/8, allocated for use on networks and a description for FC00::/8 address block still in the works. As with the description of site-local addresses, these addresses are for internal-use only and are never routed out to the Internet.

• Local-link addresses are similar to APIPA addresses, which I cover in Chapter 1 of this minibook, because they are self-generated and allow for IPv6 communications with other devices on that data link or network segment. These addresses all start with FE, and the third digit is 8, 9, A, or B, or FE80::/10. All IPv6 within a given data link that have local-link addresses can talk to each other. No routers, internal or external, forward traffic to or from these addresses.

Assigning Addresses

When assigning addresses to your IPv6 network cards, you need to know that just like IPv4 addresses (see Chapter 1 of this minibook), there is a network portion of the address and a host portion of the address. Both portions are 64-bits long, so the first 64-bits of an IPv6 address is the network address (sometimes referred to as a network ID or network prefix), and the last 64-bits of an IPv6 address is a unique host ID for the specific network ID. The four methods of assigning IPv6 addresses are

• Manual Interface ID Assignment: An address is manually assigned to an interface. This is fairly easy to do with most Cisco devices from the interface configuration with a command like

Router1(config-if)# ipv6 address 2001:DB8:1111:2222::54/64

As with any manual system, it is easy to assign one address to one interface; but you may not want to manually assign addresses to every device on your network manually.

• EUI-64 Interface ID Assignment: This is similar to a full manual address, but instead of specifying full address, you configure only the network portion of the address, and the remainder of the address is derived from the interface’s Media Access Control (MAC) address. When configuring this from the interface prompt, the command looks like this:

Router1(config-if)# ipv6 address 2001:DB8:1111:2222::/64 eui-64

The MAC address on your network interface is a 48-bit number and may sometimes be referenced as MAC-48 to denote the length. Because the MAC address is a unique identifier, it can also be referred to as an Extended Unique Identifier (EUI) of 48-bits or EUI-48. MAC refers to a network interface identifier, whereas EUI-48 could be assigned to other devices. When designing IPv6, the designers wanted to have unique identifiers that were larger than the current EUI-48, so they lengthened the identifier to 64-bit and created the EUI-64 identifier. So an EUI-64 is simply a globally unique identifier.

This configuration makes address assignment much easier because all devices on the same data link share the same network ID, and all you need to have automatically assigned is the host ID, which is guaranteed unique because it is based on the already globally unique MAC address.

• Stateless Auto-Configuration: This is by far the easiest way to configure an IP address on an interface, allowing full automatic configuration. This configuration mode was created to allow all devices on the same data link to automatically configure themselves, reducing administrative overhead for the network administrators. In addition to full auto-configuration, Stateless Auto-Configuration sends a request for a router advertisement (RA), which is used by the client as a 64-bit network ID prefix to the client’s IP address. This means that if you have configured your routers with their 64-bit network IDs, your network devices use those network IDs; otherwise, all your network IDs for your internal network are assigned automatically. The 64-bit network ID could be a global or private address, but the remaining 64 bits of the address are chosen automatically by the client.

• DHCPv6 (Stateful): Dynamic Host Configuration Protocol (DHCP) servers that have the appropriate extensions installed for IPv6 can process DHCP address requests. This process for handing out addresses is similar to IPv4; the server is configured with an address pool to hand out, and it randomly fills the address requests from this pool. This process allows for complete control over the assigned client IP address, as well as being able to view the list of assigned addresses. In DHCPv6, the client first checks for a router advertisement; and if there is, the client is allowed to use DHCP. If there is no router or the router allows for DCHP, the client sends a multicast request to all DHCP agents on the network; if there are no router advertisements or DHCP responses, the client uses the local-link address.

Integration with IPv4

Because the entire world is currently running IPv4, one of the big questions that have been haunting the staff at IANA and IEFT is how to move people from IPv4 over to IPv6. It is not like they can just announce that on January 1 the Internet will use only IPv6. That just would not work. So instead, they had to come up with a way to slowly migrate people to the new addressing scheme while allowing them to keep everything that they currently have in place. To that goal, there are three basic methods of compatibility:

• Dual-stack: In dual-stack configuration, the device is configured for both IPv4 and IPv6 network stacks like the routers in Figure 4-1. The dual-stack configuration can be implemented on a single interface or with multiple interfaces. In this configuration, the device decides how to send the traffic based on the destination address of the other device.

As of IOS 12.2(2), Cisco is IPv6-ready. To support dual-stack routing on a single interface, you need to configure IPv6 on your routing device. The following commands allow for forwarding of IPv6 data packets:

Router1> enable

Router1# configure terminal

Router1(config)# ipv6 unicast-routing

Router1(config)# interface ethernet0

Router1(config-if)# ip address 192.168.75.1 255.255.255.0

Router1(config-if)# ipv6 address 2123:AFFF::192:168:75:1/120

Router1(config-if)# exit

Router1(config)# exit

Router1# copy running-config startup-config

• Tunneling: Tunneling refers to passing IPv6 data over an IPv4 network by placing the IPv6 packet into the data section of an IPv4 packet, as shown in Figure 4-2. The four main types of tunneling are

• Manual IPv6-to-IPv4 tunneling encapsulates an IPv6 packet in an IPv4 packet. So as to not fragment the packet from adding the IPv4 header to it, the data packet needs to be reduced by 20 bytes if the IPv4 has an optional protocol field, or 20 octets if it does not, as well as require routers support both IP stacks.

• Dynamic 6-to-4 tunneling routes data between islands of IPv6 routers across your network.

• Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunneling uses the existing IPv4 network as the link layer of the IPv6 network and routes the data between the IP networks via routers supporting both IP stacks.

• Teredo tunneling performs the tunneling work at the dual-stacked host on either end of the connection rather than at a gateway router.

• Proxying and translation (NAT-PT): Network Address Translation-Protocol Translation (NAT-PT) places a translation mechanism on the network, which translates traffic going back and forth between IPv4 and IPv6.

With these methods available to companies, ISPs, and users, the path to migrate your network to IPv6 does not need to be long or difficult.