Pages

IPv6 basics + testing with Windows7

Internet Protocol version 6 (IPv6) is a version of the Internet Protocol (IP) that is designed to succeed Internet Protocol version 4 (IPv4).
INTRO
The observable universe contains about 3 × 1024 stars.
IPv6 address include 2128 adresses or ~  3,4 × 1038 IPs.

Theory

6to4
is a mechanism where a router with a public IPv4 address can be an IPv6 gateway/provider for a whole set of LANs. The IPv6 prefix starts with 2002: followed by the 32 bits of the public IPv4 address. This gives a /48 prefix which can be used to provide 65536 LANs with a /64 each. The problem is that to reach the normal IPv6 internet the 6to4 router needs to use public 6to4 relays, and these relays are not always reliable. Add to this that the inbound and outbound traffic use different relays most of the time, and the reliability of 6to4 networks leaves a lot to be desired. These days using 6to4 is strongly discouraged.

Teredo is a built-in mechanism in Windows systems that is used to give a single system behind an IPv4 NAT access to IPv6. Like 6to4 it uses public relays. Teredo combines this with a setup protocol using Teredo servers (by default those hosted by Microsoft) to detect and break through the IPv4 NAT. It is not very reliable, but Teredo is only used when explicitly connecting to an IPv6 address and not when connecting to a hostname and looking up the addresses in DNS. This happens for example when using BitTorrent, and there the lesser reliability doesn't matter a lot.
2001:0000 means it's a Teredo address, and the next XXXX:XXXX -- 4137:9e76 in the case of this Windows system ( Microsoft's Teredo server teredo.ipv6.microsoft.com dy default) -- is the encoded address of the server to talk to in order to start finding your way through the Teredo process. The address also imbeds the UDP port to use in communicating.
In order to get from point A to point B via Teredo, you need two helpers:  the Teredo Server (run by Microsoft probably, with its IP address packed into your Teredo address), and the "Teredo Relay," which does most of the work.  Teredo relays are typically near a destination, and so some domains might have them, some might not.  You can get to Google over Teredo because Google has a Teredo relay.

ISATAP is a managed technology for providing IPv6 on an IPv4 network. It emulates IPv6 connectivity on the IPv4 infrastructure. IPv6 Router Discovery usually uses multicast. This isn't possible on an infrastructure based on IPv6-over-IPv4 tunnels, so ISATAP solves that in a different way. An ISATAP router is provided on the network and its IPv4 address is made known to the ISATAP hosts (usually using the hostname isatap. in DNS). The ISATAP hosts then can use that address to set up their IPv6 connectivity.
what ISATAP does to your intranet, whether it's currently two subnets or two hundred subnets:  it makes your entire intranet one subnet.
ISATAP is not used for communications over the public Internet.

In all cases it is better to get native IPv6 on your networks. Preferably through your ISP, and otherwise through a tunnelbroker like tunnelbroker.net or sixxs.net.
http://www.minasi.com/newsletters/nws1303.htm

How to enable/disable IPv6 or its components in Windows
https://support.microsoft.com/kb/929852


Windows implements RFC 3484 and uses a prefix table to determine which address to use when multiple addresses are available for a name.
By default, it favors IPv6 global unicast addresses over IPv4 addresses.
You can view/change the prefix policy through netsh:
// Open an elevated command prompt
// Enter the IPv6 context
> netsh int ipv6

// Then use one of the following commands
show prefixpolicies
set prefixpolicy




TESTING
To test IPv6 now is possible with Free IPv6 Tunnel Broker (encapsulate IPv6 in IPv4 packets) from Hurricane Electric.
Steps:
1) Create free accounts (up to 5) on http://www.tunnelbroker.net/
   1.1) Select “Create Regular Tunnel” successfully.
   1.2) Select “Example IPv6 Tunnel Configurations by OS (Windows, Linux, etc.)
          http://www.tunnelbroker.net/tunnel_detail.php?tid=your_id
   1.3) Create a “Windows Vista/2008/7” tunnel configuration
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 99.99.99.99 216.66.80.98
netsh interface ipv6 add address IP6Tunnel 2001:470:25:957::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:25:957::1
with NAT: use Private IP
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.121 216.66.80.98
2) start cmd.exe with Administrator rights
    2.1) execute config provided
C:\Windows\system32>netsh interface teredo set state disabled
Ok.
C:\Windows\system32>netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.1.142 216.66.80.98
C:\Windows\system32>netsh interface ipv6 add address IP6Tunnel 2001:470:25:957::2
C:\Windows\system32>netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:25:957::1
Ok.
    2.2) check interfaces
C:\Windows\system32>netsh interface ipv6 show interfaces
Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface 1
 12          10        1280  connected     IP6Tunnel
 11          10        1500  connected     Local Area Connection
3) Try your IPv6 navigation
C:\Windows\system32>ping ipv6.google.com
Pinging ipv6.l.google.com [2a00:1450:8005::67] with 32 bytes of data:
Reply from 2a00:1450:8005::67: time=78ms
Reply from 2a00:1450:8005::67: time=76ms
Reply from 2a00:1450:8005::67: time=76ms
Reply from 2a00:1450:8005::67: time=77ms
Ping statistics for 2a00:1450:8005::67:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 76ms, Maximum = 78ms, Average = 76ms
Remember: The Windows Vista/7/Server 2008 stack will always prefer using IPv6 when it can find an IPv6 address for the remote system it needs to talk to.

IPv6 Addressing
An IPv6 address consists of 8 sets of 16-bit hexadecimal values separated by colons (:), totaling 128 bits in length.
For example:
2001:0db8:1234:5678:9abc:def0:1234:5678
Leading zeros can be omitted, and consecutive zeros in contiguous blocks can be represented by a double colon (::).
Double colons can appear only once in the address. For example:
2001:0db8:0000:130F:0000:0000:087C:140B can be abbreviated as
2001:0db8:0:130F::87C:140B
As with the IPv4 Classless Inter-Domain Routing (CIDR) network prefix representation (such as 10.1.1.0/24), an IPv6 address network prefix is represented the same way:
2001:db8:12::/64
URL addres  http:[2001:0db8:0:130F::87C:140B]/index.html

Types of IPv6 Addresses

Address type Binary prefix IPv6 notation
Unspecified 00 . . . 0 (128 bits) ::/128
Loopback 00 . . . 1 (128 bits) ::1/128
Multicast 11111111 FF00::/8
Link-local unicast
devices can communicate without routing

IPv4 analogy to 169.254/16
11111110 10 FE80::/10
FE9
FEA
FEB
Unique local address
devices can communicate with routing, without routing in Internet
IPv4 analogy to 192.168/16
(Site-local unicast deprecated
FEC0::/10)
1111 110x

1111 1110 11
FC00::/7

Global unicast
routable in Internet
(everything else)

0:0:0:0:0:0:0:0 (OR ::) src address then using stateful config (DHCP), equiv IPv4 0.0.0.0
0:0:0:0:0:0:0:1 (OR ::1) localhost, equiv IPv4 127.0.0.1
0:0:0:0:0:0:0:192.168.0.1 IPv4 add written in IPv4/IPv6 mixed netw enviroment
2000::/3 Global unicast range
FC00::/7 Unique local unicast range
FE80::/10 Link-local unicast range
FF00::/8 Multicast range
3FFF:FFFF::/32 Examples and documentation
2001:0DB8::/32 Examples and documentation
2002::/16 For 6to4 transition

Scope - a group of computers set for communication isolation.

Unicast  = one-to-one:
- global         = The scope is global (IPv6 Internet addresses)
- link-local    = The scope is the local link (nodes on the same subnet)
- site-local    = The scope is the organization (private site addressing).
- IPv4-compatible

Multicast address = one-to-many
 - Address of a set of interfaces
 - Delivery to all interfaces in the set

Anycast = one-to-nearest
  - Unicast Address of a set of interfaces
    Subnet router anycast address : subnet prefix::/n
  - Delivery to a single interface in the set

Reserved
No more broadcast address (replaced with multicast)

CISCO ROUTER CONFIGURATION
Enable  IPv6 routing, by default is disabled
MyRouter(config)# ipv6 unicast-routing

Set manul IPv6 address on interface
MyRouter(config-if)# ipv6 address 2001:db8:3c4d:1:2:3:4:5:6/64
OR EUI-64 transformation autoconfig
MyRouter(config-if)# ipv6 address 2001:db8:3c4d:1::/64 eui-64
Configure router to only uses  link-local addresses
MyRouter(config-if)# ipv6 enable
dc


IPv6 Configuration Types
IPv6 addresses may be assigned in several different ways:
1) manually configured
2) auto-configured from a 48-bit MAC address (e.g.,Ethernet address), expanded into a 64-bit EUI-64
3) assigned via DHCPv6
4) auto-generated pseudo-random number (to counter some privacy concerns)
5) possibly other methods in the future


IPv6 unicast addresses generally use 64 bits for the Network ID and 64 bits for the Host ID
2001:0db8:0000:130F :0000:0000:087C:140B
     Network ID         Host ID
     64 bits            64 bits
The Network ID is administratively assigned,and the host ID can be configured manually or auto-configured by any of the following methods:
  - Using a randomly generated number
  - Using DHCPv6
  - Using the Extended Unique Identifier (EUI-64) format. This format expands the device interface
48-bit MAC address to 64 bits by inserting FFFE into the middle 16 bits (see Figure 2-2). Cisco
commonly uses the EUI-64 host ID format for Cisco IP Phones, gateways, routers, and so forth.

MAC Address:                          00:04:E2:00:D0:17
IPv6 Address:         fe80:0000:0000:0000:0204:e2ff:fe00:d017
                               fe80::204:e2ff:fe00:d017




Global IPv6



1) The global routing prefix is assigned to a service provider by the Internet Assigned Numbers Authority
(IANA).
  2) The site level aggregator (SLA), or subnet ID, is assigned to a customer by their service provider.
     3) The LAN ID represents individual networks within the customer site and is administered by the customer.
        4) The Host or Interface ID has the same meaning for all unicast addresses. It is 64 bits long and is typically
created by using the EUI-64 format.

Example of a global unicast address:
2001:0DB8:BBBB:CCCC:0987:65FF:FE01:2345

IPv6 mask

2001:0db8:0123:4567:89ab:cdef:1234:5678
|||| |||| |||| |||| |||| |||| |||| ||||
|||| |||| |||| |||| |||| |||| |||| |||128   Single end-points and loopback
|||| |||| |||| |||| |||| |||| |||| ||124
|||| |||| |||| |||| |||| |||| |||| |120
|||| |||| |||| |||| |||| |||| |||| 116
|||| |||| |||| |||| |||| |||| |||112
|||| |||| |||| |||| |||| |||| ||108
|||| |||| |||| |||| |||| |||| |104
|||| |||| |||| |||| |||| |||| 100
|||| |||| |||| |||| |||| |||96
|||| |||| |||| |||| |||| ||92
|||| |||| |||| |||| |||| |88
|||| |||| |||| |||| |||| 84
|||| |||| |||| |||| |||80
|||| |||| |||| |||| ||76
|||| |||| |||| |||| |72
|||| |||| |||| |||| 68
|||| |||| |||| |||64   Single End-user LAN (default prefix size for SLAAC)
|||| |||| |||| ||60   Some (very limited) 6rd deployments
|||| |||| |||| |56   Proposed minimal end sites assignment[3] (used by some providers for SOHO, some 6rd deployments)
|||| |||| |||| 52
|||| |||| |||48   Default end sites assignment[4] (ideal for automatic hierarchies and general purpose end-site deployments)
|||| |||| ||44
|||| |||| |40
|||| |||| 36   possible future Local Internet registry extra-small allocations
|||| |||32   Local Internet registry minimum allocations
|||| ||28   Local Internet registry medium allocations
|||| |24   Local Internet registry large allocations
|||| 20   Local Internet registry extra large allocations
|||16
||12   Regional Internet Registry allocations from IANA[5]
|8
4




From:
www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/ipv6/basics.pdf
publib.boulder.ibm.com/infocenter/
http://technet.microsoft.com/en-us/library/cc757359%28WS.10%29.aspx
http://en.wikipedia.org/wiki/IPv6_subnetting_reference
LIR IPv6  -  http://habrahabr.ru/company/selectel/blog/99535/ 

http://www.freshports.org/net-mgmt/sipcalc/  for PTR v6

No comments:

Post a Comment