And now on to IPv6, which was a pretty brief part of the chapter really, but I wanted to devote a page all to itself, since the last post was so long. IPv6 was designed to fix the Internet address space problem permanently. And amazingly enough, they managed to complicate things more than a lot.
- The author asks (somewhat rhetorically) why the world hasn’t moved to IPv6 yet, but hasn’t given quite the right answer, IMHO. The right answer is that IPv6 is too stinkin’ complex if you’re used to IPv4. IPv6 is not simply IPv4 with more bits. It’s more bits, true, but it’s also a non-intuitive addressing method that changes syntactically depending on what you’re addressing and a whole new classification of addresses depending on what the purpose of the address is (just when you were getting used to multicasts, etc.) I’m not trying to make IPv6 seem impossible to grasp or anything like that – far from it. It’s just that IPv6 solves problems that most of us don’t have in light of NAT, plus it’s rather different from IPv4, so you have to work with it a while to get comfortable with it. And THAT’S why it’s not gotten wide acceptance. IPv6 is a pain, and we “in the trenches” engineer types have enough to do with figuring out a whole new addressing scheme if we don’t really need it.
- My rant notwithstanding, Cisco rightfully expects that a CCIE is going to know a thing or three about IPv6. Such as…
- IPv6 addresses are 128-bit. (Compare to IPv4’s 32-bit.)
- IPv6 addresses have 8 quartets of hex digits, separated by colons. (Instead of dotted quads, will we have coloned quarts?? Nah…)
- In a quartet, leading hex 0’s can be omitted. You don’t have to, but they can be.
- If you have one or more consecutive null quartets (all 0’s), you can represent this will a ::, no matter how many null quartets there were. So, 0000:0000 could be represented by :: . But, 0000:0000:0000:0000 could be represented by :: as well. You have to infer how many null quartets are represented by the :: by looking at the rest of the address. However…you can only use one :: in an IPv6 address, since you’d be unsure otherwise of how many null quartets you had where. (At least someone had some sanity while making this up. I grasp the point of the shortcut, but stuff like that makes me nuts. I’m sure we’ll all get used to it.)
- Here’s examples of 3 valid ways, lifted right from the book, to write the same IPv6 address:
- A router will show you the briefest form of the IPv6 address that it can.
- Publicly registered addresses are called “aggregatable global unicast addresses”. Aggregatable in that they can be summarized easily to keep the Internet routing tables tidy. Global in that they are for the public Internet. Most people call these global addresses.
- Global addresses have this format:
Global routing prefix – 48 bits, where the first 3 bits are always 001, leaving 45 bits for the IANA to assign.Subnet ID – 16 bits, where you can chop up the block into subnets, just like you would with IPv4, 65,000+ subnets potentially available.Interface ID – 64 bits of 24 bits + 16 bits + 24 bits, where the first 24 bits is the first 3 bytes of the interface MAC address, 16 bits is hex FFEE, and 24 bits is the last 3 bytes of the interface MAC. This 64 bit field is called the EUI-64 format, because it’s good to have standards. If the interface in question doesn’t HAVE a MAC (the horror), a pseudo-MAC will be used, either created from the local device serial number, mooched from another interface with a MAC, or what have you.
- “ipv6 unicast-routing” enabled IPv6 routing on the router.
- “ipv6 cef” does (you guessed it you smart person) enable CEF switching of IPv6 packets.
- At an interface level, “ipv6 address 2001:0:0:2::/64 eui-64” assigns an IPv6 address to the interface, believe it or not. The /64 means that the notation thus far represents the 64-bit prefix (48+16), and that the router should figure out what to use for the rest, using eui-64 format. (Just reflected on that nugget of truth for a moment. Man. You can really put a lot of hosts on one subnet in this world. Yikes. Then again, broadcast traffic is much more controlled in an IPv6 world, so maybe that’s not so bad. Then again, most of us separate networks by L3 as security boundaries. Okay, brain off, back to my paraphrasing.)
- “ipv6 router ospf 1” creates an IPv6 OSPF process.
- At an interface level, “ipv6 ospf 1 area 0” will put this interface into that specific OSPF process in area 0…and would also have created the router process if you hadn’t done that already.
- “show ipv6 interface brief” does what you’d think, although you may get more than 1 IPv6 address assigned to an interface, if other IPv6 addresses are needed for other purposes.
- Other types of IPv6 addresses:
Link-local unicast – not routable, used for processes on the local link only.Site-local-unicast – for use in a site (whatever a “site” may be). Defined in RFC 3512, but dumped in RFC3879 (farewell, we barely knew thee).Centrally assigned unique local – Sort of your RFC1918 stuff. A block of IPv6’s that will not be used on the public Internet.IPv4-compatible unicast – for migration. 96 bit’s worth of 0’s, followed by the IPv4 address.Anycast – Using the same IPv6 address on multiple hosts, with IPv6 routing traffic to the closest host. For redundant identical services and load-balancing. (Nifty!)
Multicast – Large range starting with FF, some routable, some not. Used instead of broadcast addresses.
Broadcast – We don’t have these in IPv6. ARP uses ND (neighbor discovery) instead, using a reserved IPv6 multicast address.
- And finally – check the “Links” page above for my link to IPv6 supplemental white papers on cisco.com. Which I haven’t read. But I will.
- Oh, not quite finally. One thing I needed to write up from the very end of chapter 4. All the fields in the IP header:
Version – IPv4 of IPv6, 4 bits.Header Length – the length of the header, not the entire packet. The header must always be a multiple of 4 in length, so this number is to be multiplied by 4 to get the IP header byte length, 4 bits.DS field – the differentiated services field. Called Type of Service or ToS at one time, it’s now called DS as of RFC2474. Used to mark packets for quality of service purposes, 8 bits.
Packet length – how long the entire packet is, including the data (note the difference from the header length, which is just the header), 16 bits.
Identification – a numeric used in case the packet gets fragmented. Each fragment will have the same identification number, so the Humpty Dumpty packet can get put back together again, 8 bits.
Flags – used by the IP fragmentation process (conveniently located right next to the identification field also used by the fragmentation process), 3 bits
Fragment offset – tells you where this fragment lives inside of the larger packet. It seems to be an actual counting of bytes, in blocks of 8 octets, as opposed to “this is fragment 1” “this is fragment 2” and so on. I had to check RFC791 to figure this out, and I’m still not exactly thrilled with the answer I came up with. Time to break out a sniffer and look, I suppose. 13 bits.
Time to Live (TTL) – Used to prevent routing loops. This value gets decremented by 1 each time the packet gets forwarded. When it gets to 0, the packet is discarded. 8 bits.
Protocol – This tells us what the payload is. A “6” would mean TCP data is coming. “50” would be ESP, etc. 8 bits.
Header checksum – this is the frame check sequence value. If this FCS value is different from the value computed by the destination, it’s implied that there was a problem along the way. 16 bits.
Source IP address – the 32-bit address of the sender.
Destination IP address – the 32-bit address of the recipient.
Optional header fields and padding – this is to support future enhancements to the IP protocol. If the optional headers don’t take up some multiple of 4 bytes, this field will be padded such that the header will be a multiple of 4 bytes long. 32 bits.
- Also mentioned are some common IP protocols with their protocol numbers. To wit: ICMP-1, TCP-6, UDP-17, EIGRP-88, OSPF-89, PIM-103.Header checksum –