slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
IPv6 Training Material Dave Wilson DW238-RIPE PowerPoint Presentation
Download Presentation
IPv6 Training Material Dave Wilson DW238-RIPE

Loading in 2 Seconds...

play fullscreen
1 / 54

IPv6 Training Material Dave Wilson DW238-RIPE - PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on

IPv6 Training Material Dave Wilson DW238-RIPE. Agenda. Basic differences between v4 and v6 Layer 2: types of connection Layer 3: how to route Gotchas. The Basics The Differences. Differences. Addresses are 128 bits long Subnets are still variable /64 is preferred for a single link

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IPv6 Training Material Dave Wilson DW238-RIPE' - july


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
IPv6 Training Material

Dave Wilson

DW238-RIPE

agenda
Agenda
  • Basic differences between v4 and v6
  • Layer 2: types of connection
  • Layer 3: how to route
  • Gotchas
slide3
The Basics

The Differences

differences
Differences
  • Addresses are 128 bits long
  • Subnets are still variable
  • /64 is preferred for a single link
  • /48 is usual for a “site”
why a 64
Why a /64?
  • It’s big
  • Automatic address assignmentbased on layer 2 features (e.g. EUI-64)
eui 64
EUI-64
  • It’s just an algorithm - it doesn’t assign addresses

00:06:5B:3F:AA:DA

2001:770:18:2:206:5bff:fe3f:aada/64

eui 641
EUI-64
  • It’s just an algorithm - it doesn’t assign addresses

00:06:5B:3F:AA:DA

2001:770:18:2:206:5bff:fe3f:aada/64

eui 642
EUI-64
  • Different physical interface
  • Different MAC address
  • Different EUI-64 addresses

salinger#show ipv6 neighbors | inc 18:2

2001:770:18:2:206:5BFF:FE8E:9319 0 0006.5b8e.9319

2001:770:18:2:206:2BFF:FE02:86 461 0006.2b02.0086

2001:770:18:2:206:5BFF:FE8C:3F37 60 0006.5b8c.3f37

2001:770:18:2:203:47FF:FEDF:2717 19 0003.47df.2717

2001:770:18:2:206:5BFF:FE3F:AADA 0 0006.5b3f.aada

2001:770:18:2:260:CFFF:FE20:F45C 15 0060.cf20.f45c

eui 643
EUI-64
  • Same physical interface
  • Same MAC address
  • Same EUI-64 addresses, different prefix

salinger#show ipv6 int brief

FastEthernet0/0 [up/up]

2001:770:18:1:210:A6FF:FEA8:DC00

FastEthernet0/0.2 [up/up]

2001:770:18:2:210:A6FF:FEA8:DC00

FastEthernet0/0.3 [up/up]

2001:770:18:3:210:A6FF:FEA8:DC00

FastEthernet0/0.4 [up/up]

2001:770:18:4:210:A6FF:FEA8:DC00

FastEthernet0/0.7 [up/up]

2001:770:18:7:210:A6FF:FEA8:DC00

eui 644
EUI-64

or assign the address yourself

2001:770:8:f::1/64

(short for...)

2001:0770:0008:000f:0000:0000:0000:0001

address scoping
Address scoping
  • Real addresses start with 2001:, 2002: or (until 6/06/06) 3FFE:
  • Every interface has an IPv6 addressthat only works on the local link

ping -I eth0 fe80::206:5bff:fe3f:aada

  • No need for ARP
other differences
Other differences

It’s just IP! The same rules apply.

agenda1
Agenda
  • Basic differences between v4 and v6
  • Layer 2: types of connection
  • Layer 3: how to route
  • Gotchas
ways that matter
Ways that matter
  • Native, IPv6 only
  • Native, dual stacked
  • Tunnelled, via configured endpoints
  • Tunnelled, via a tunnel broker
  • Tunnelled, via 6to4
native ipv6 only
Native, IPv6 only

interface Serial0

ipv6 address 2001:770:1000::1/64

ipv6 enable

interface Ethernet0

ipv6 address 2001:770:18:1::/64 eui-64

ipv6 enable

native ipv6 only1
Native, IPv6 only

interfaces {

so-0/0/0 {

description "IPv6 only link";

unit 0 {

family inet6 {

address 2001:770:1000::1/64

}

}

}

}

native dual stacked
Native, dual-stacked

interface Serial0

ip address 193.1.194.1 255.255.255.252

ipv6 address 2001:770:1000::1/64

ipv6 enable

interface Ethernet0

ip address 193.1.219.129 255.255.255.128

ipv6 address 2001:770:18:1::/64 eui-64

ipv6 enable

native dual stacked1
Native, dual-stacked

interfaces {

so-0/0/0 {

description "IPv6 only link";

unit 0 {

family inet {

address 193.1.194.1;

}

family inet6 {

address 2001:770:1000::1/64

}

}

}

}

configured tunnel
Configured tunnel

interface Loopback0

ip address 193.1.195.61 255.255.255.255

interface Tunnel1

description IPv6 in IPv4 Tunnel to TCD

no ip address

ipv6 address 2001:770:8::4/127

ipv6 enable

tunnel source Loopback0

tunnel destination 134.226.10.51

tunnel mode ipv6ip

configured tunnel1
Configured tunnel

Juniper requires a tunnel services PIC!

interfaces gr-1/0/0 {

unit 0 {

tunnel source 193.1.195.37;

tunnel destination 212.17.35.15;

family inet6 {

address 2001:770:8:10::1/64;

}

}

}

commands
Commands

salinger#sh ipv6 int fast0/0.2

FastEthernet0/0.2 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::210:A6FF:FEA8:DC00

Global unicast address(es):

2001:770:18:2:210:A6FF:FEA8:DC00, subnet is 2001:770:18:2::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FFA8:DC00

MTU is 1500 bytes

ICMP error messages limited to one every 0 milliseconds

ICMP redirects are enabled

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 200 seconds

. ND router advertisements live for 1800 seconds

Hosts use stateless autoconfig for addresses.

commands1
Commands

salinger#sh ipv6 int fast0/0.2

FastEthernet0/0.2 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::210:A6FF:FEA8:DC00

Global unicast address(es):

2001:770:18:2:210:A6FF:FEA8:DC00, subnet is 2001:770:18:2::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FFA8:DC00

MTU is 1500 bytes

ICMP error messages limited to one every 0 milliseconds

ICMP redirects are enabled

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

Hosts use stateless autoconfig for addresses.

commands2
Commands

salinger#show ipv6 route connected

IPv6 Routing Table - 563 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route

I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea

O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

C ::/96 [0/0]

via ::, Tunnel99

C 2001:600:4:8D4::/64 [0/0]

via ::, Tunnel4

C 2001:610:FF:6::/64 [0/0]

via ::, Tunnel2

C 2001:660:1102:4008::/64 [0/0]

via ::, Tunnel3

C 2001:770:8::/127 [0/0]

via ::, Loopback0

C 2001:770:8::2/127 [0/0]

via ::, ATM2/0.1

--More--

commands3
Commands

davew@callisto> show route table inet6 protocol local

inet6.0: 535 destinations, 746 routes (535 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

2001:770:800:1::1/128

*[Local/0] 7w3d 23:05:17

Local via so-0/0/2.0

2001:770:800:2::1/128

*[Local/0] 7w3d 23:05:17

Local via so-1/1/0.0

2001:770:800:3::1/128

*[Local/0] 7w3d 23:05:17

Local via fe-1/0/0.0

2001:770:800:4::1/128

*[Local/0] 1w4d 04:31:21

Local via so-0/0/0.0

---(more)---

funnies
Funnies
  • Separate IPv4 and IPv6 stats are not available on dual-stacked interfaces
  • Not all our routers support IPv6=> some workarounds in place
  • "ping" might not mean what you expect
agenda2
Agenda
  • Basic differences between v4 and v6
  • Layer 2: types of connection
  • Layer 3: how to route
  • Gotchas
routing protocols
Routing protocols
  • Statics => no change
  • OSPF => IS-IS (in HEAnet)
  • BGP => BGP4+ (or MBGP)
static routes
Static routes

ipv6 route 2001:770:10::/48 2001:770:8:3::2 100

ipv6 route 2002::/16 Tunnel0

0.0.0.0/0 is now known as ::/0

Hosts might use 2000::/3

is is
IS-IS
  • At the moment we only use static routes to customers
  • All our routers are in the same "area"
  • Trouble running IS-IS over IPv4 tunnels?
  • Need a unique NET address
configuring is is
Configuring IS-IS

!

router isis backbone

!

address-family ipv6

redistribute static

exit-address-family

net 49.0001.0770.0008.0000.00

!

configuring is is1
Configuring IS-IS

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ipv6 address 2001:770:18:2::/64 eui-64

ipv6 router isis backbone

!

  • Configure this on the loopback interface as well
monitoring is is
Monitoring IS-IS

salinger#sh ipv6 route 2001:770:8:10::

IPv6 Routing Table - 559 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route

I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea

O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

I1 2001:770:8:10::/64 [115/20]

via FE80::20A:8BFF:FE0B:3935, FastEthernet0/0.99

slide37
BGP4+
  • Same process as used for IPv4
  • Different IPv4 and IPv6 sessions to the same router
  • AS-path filter lists may be shared
  • Same best path selection algorithm applies
  • Different routing policy at the moment(subject to change)
configuring ipv6 bgp
Configuring IPv6 BGP

router bgp 1213

neighbor 2001:660:1102:4008::1 remote-as 2200

neighbor 2001:660:1102:4008::1 descriptionRENATER

!

address-family ipv6

network 2001:770::/35

neighbor 2001:660:1102:4008::1 activate

neighbor 2001:660:1102:4008::1 filter-list 40 out

exit-address-family

!

ip as-path access-list 40 permit _2128$

ip as-path access-list 40 permit ^$

configuring ipv6 bgp1
Configuring IPv6 BGP

router bgp 1213

bgp router-id 193.1.195.69

neighbor 2001:798:2019:10AA::1 remote-as 20965

neighbor 2001:798:2019:10AA::1 descript GEANTv6 Primary

neighbor 2001:798:2019:10AA::1 password 7 <passwd1>

neighbor 62.40.103.229 remote-as 20965

neighbor 62.40.103.229 description Geant STM-16 Primary

neighbor 62.40.103.229 password 7 <passwd2>

neighbor 62.40.103.229 version 4

configuring ipv6 bgp2
Configuring IPv6 BGP

!

address-family ipv6

neighbor 2001:798:2019:10AA::1 activate

neighbor 2001:798:2019:10AA::1 filter-list 41 out

exit-address-family

!

address-family ipv4

no neighbor 2001:798:2019:10AA::1 activate

neighbor 62.40.103.229 activate

neighbor 62.40.103.229 send-community

neighbor 62.40.103.229 route-map geantpri-in in

neighbor 62.40.103.229 route-map geantpri-out out

neighbor 62.40.103.229 filter-list 41 out

exit-address-family

!

bgp what s changed
BGP: What's changed
  • Protocol-specific stuff has moved
  • Activate or deactivate peers in address-families (to avoid next-hop madness)
  • Other networks have varying policies on what routes they accept
  • WHOIS not caught up
bgp what s the same
BGP: What's the same
  • A link is a link - native or tunnelled
  • route-maps, filter lists, localpref, path stuffing, communities - from BGP talk
  • Still need an iBGP full mesh, or route reflectors/confederations
  • next-hop is still an IP address, must be reachable through IS-IS
bgp what s the same1
BGP: What's the same
  • Still need next-hop-self on iBGP sessions
  • You still need to nail up the aggregate route

router bgp 1

address-family ipv6

network 2001:db8:100::/48

exit-address-family

ipv6 route 2001:db8:100::/48 null0

monitoring bgp
Monitoring BGP

Deimos#show bgp ipv6 summary

BGP router identifier 193.1.195.69, local AS number 1213

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

2001:770:8:: 4 1213 43554 29161 59095 0 0 5d00h 305

2001:770:8:10:: 4 1213 7433 29149 59095 0 0 5d03h 1

2001:770:88:8:: 4 1213 62765 29319 59095 0 0 5d02h 312

2001:770:90:6:: 4 1213 7445 29224 59095 0 0 5d03h 4

2001:770:400:3::

4 1213 21549 29141 59095 0 0 5d03h 1

2001:770:800:: 4 1213 14844 36616 59095 0 0 5d03h 1

2001:770:1000:: 4 1213 7433 29229 59095 0 0 5d03h 1

2001:770:1800:: 4 1213 7432 29205 59095 0 0 5d03h 1

2001:798:2019:10AA::1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

4 20965 18726 14866 59093 0 0 5d03h 272

Deimos#

monitoring bgp1
Monitoring BGP

Deimos#sh bgp ipv6 n 2001:798:2019:10AA::1 route

BGP table version is 59110, local router ID is 193.1.195.69

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* 2001:200::/35 2001:798:2019:10AA::1

0 20965 11537 2500 i

* 2001:200::/32 2001:798:2019:10AA::1

0 20965 11537 2500 i

* 2001:208::/32 2001:798:2019:10AA::1

0 20965 11537 7610 i

* 2001:218::/32 2001:798:2019:10AA::1

0 20965 11537 145 2914 i

*> 2001:220::/35 2001:798:2019:10AA::1

0 20965 1299 1752 9270 i

* 2001:228::/35 2001:798:2019:10AA::1

0 20965 11537 6939 2516 2915 i

--More--

monitoring bgp2
Monitoring BGP
  • Must specify exact prefix

Deimos#show bgp ipv6 2001:200::/35

BGP routing table entry for 2001:200::/35, version 15749

Paths: (2 available, best #1, table Global-IPv6-Table)

Not advertised to any peer

3425 2500

2001:770:88:8:: (metric 20) from 2001:770:88:8:: (193.1.195.41)

Origin IGP, metric 0, localpref 100, valid, internal, best

20965 11537 2500, (aggregated by 2500 192.50.36.15)

2001:798:2019:10AA::1 from 2001:798:2019:10AA::1 (62.40.102.45)

Origin IGP, localpref 100, valid, external, atomic-aggregate

Community: 11537:2501 20965:11537

Deimos#

monitoring bgp3
Monitoring BGP
  • Must specify exact prefix

Deimos#show bgp ipv6 2001:200::/35

BGP routing table entry for 2001:200::/35, version 15749

Paths: (2 available, best #1, table Global-IPv6-Table)

Not advertised to any peer

3425 2500

2001:770:88:8:: (metric 20) from 2001:770:88:8:: (193.1.195.41)

Origin IGP, metric 0, localpref 100, valid, internal, best

20965 11537 2500, (aggregated by 2500 192.50.36.15)

2001:798:2019:10AA::1 from 2001:798:2019:10AA::1 (62.40.102.45)

Origin IGP, localpref 100, valid, external, atomic-aggregate

Community: 11537:2501 20965:11537

Deimos#

agenda3
Agenda
  • Basic differences between v4 and v6
  • Layer 2: types of connection
  • Layer 3: how to route
  • Gotchas
slide50
Different routing protocols

Different layouts

Different routes

slide51
Performance

Hardware > Software > Tunnels

slide52
Application failover

Application ignorance

slide53
Autoconfiguration

and

automatic chaos

slide54
Lab
  • IPv6 connectivity is set up
  • Set up a tunnel to an isolated router
  • Run IS-IS between the main routers
  • Run an iBGP mesh between them, and eBGP to the isolated router