Professional Documents
Culture Documents
MTCINE WIZMASTER 20171103-20171108IPV6 Book PDF
MTCINE WIZMASTER 20171103-20171108IPV6 Book PDF
MTCINE + IPV6
MIKROTIK CERTIFIED INTER-NETWORKING ENGINEER
BOOTCAMP + IPV6 WORKSHOP
INSTRUCTOR
Lay Minh (Makito)
MikroTik Certified Trainer & Consultant
Chief Technology Officer @ i-BEAM
Experiences:
12 years in ISP industry since 2005 CCIE # 47682
Billing solutions for service providers
ISP core network design and operations
Certifications:
1
MTCINE Bootcamp + IPv6 Workshop
INSTRUCTOR
Phyo Phyo Hein
B. C. Tech (hons)
MikroTik Certified Trainer & Consultant
Director of Information Beam Co., Ltd.
Experiences:
Cisco instructor since 2005 at i-BEAM Co., Ltd
SingTel Mobile Support Network Engineer at NCS Co., Ltd
Nera Telecommunications (Singapore)
System Integration Manager at Yatanarpon Teleport
Enterprise/ISP Manager at Kinetic Myanmar Technology
Certifications:
Cisco CCNA R&S, CCNP R&S, CCIP, CCIE R&S Written
Juniper JNCIA-Junos, JNCDA
INTRODUCE YOURSELF
Please introduce yourself to the class.
Your name
Your company
Your previous knowledge about RouterOS
Your previous knowledge about networking
What do you expect from this course?
2
MTCINE Bootcamp + IPv6 Workshop
COURSE OBJECTIVES
Understand how BGP and the internet work.
Understand building blocks of next generation service
provider network.
Learn about service provider network design and
implementation.
Learn about MPLS and its enabled services.
MIKROTIK CERTIFICATIONS
Certification levels
3
MTCINE Bootcamp + IPv6 Workshop
MTCRE
Load Balancing & Load Sharing
Site-to-site VPN, VLAN
Dynamic routing protocol OSPF
Requires MTCNA
MTCINE
ISP routing protocol BGP
MPLS enabled applications L3VPN, L2VPN, Traffic Engineering
Requires MTCRE
MTCTCE
RouterOS packet flow
Advanced Firewall
Bandwidth management, Quality of Service (QoS)
DNS, DHCP, Web Proxy…etc.
Requires MTCNA
4
MTCINE Bootcamp + IPv6 Workshop
MTCIPv6E
Introduction to IPv6
Transition mechanism
IPv6 interoperability
Requires MTCNA
MTCINE EXAM
Prerequisite: MTCRE
Official certification exam will be conducted on the last
day of our training.
Rules of exam are the same as MTCNA and MTCRE.
25 single or multiple choice questions
You have one hour to complete it
Exam will end automatically once your time is running out
Passing score is 60%, score between 50%-59% will get
opportunity to take the exam again
Certificate will be expired after 3 years.
Same certification exam has to be taken when
certificate is expired.
5
MTCINE Bootcamp + IPv6 Workshop
CLASS SCHEDULE
Class Time
6 days full time bootcamp
November 03 – 08, 2017
Day 2 Day 5
Border Gateway Protocol Traffic Engineering (TE)
(BGP) (Cont.) Certification Exam
Day 3 Day 6
Service Provider BGP Design IPv6 workshop
Multiprotocol Label
Switching (MPLS)
6
MTCINE Bootcamp + IPv6 Workshop
CLASS FORMAT
This is an advanced official certification class.
Class topics are following to MTCINE training outline:
http://www.mikrotik.com/pdf/MTCINE_Outline.pdf
Each topic includes lecture and hand-on labs.
Live demo by instructor
Participants might need teamwork to complete some labs
Differs from other classes, all labs in this class are based on
Command Line Interface (CLI)
Some industry standards and design suggestions will be
discussed along the class.
The class will be running as workshop-style.
CLASS PREREQUISITE
Participants are assumed to know about followings already:
RouterOS Command Line Interface (CLI)
Bridging
Routing concepts
Categories of dynamic routing protocols
Distance Vector
Link State
7
MTCINE Bootcamp + IPv6 Workshop
8
MTCINE Bootcamp + IPv6 Workshop
9
MTCINE Bootcamp + IPv6 Workshop
AS100
AS200
Reject, AS100
already in the path
AS300
AS300 receives 10.1.0.0/24 from AS200, AS Path: 200,100.
10
MTCINE Bootcamp + IPv6 Workshop
BGP CAPABILITIES
BGP speaker advertises supported capability codes.
If received capability is not supported, remote peer
sends back notification.
BGP speaker attempts to peer without unsupported
capability.
Some of RouterOS advertised capabilities:
Route refresh
Multi-protocol extension
4-byte AS support
BGP TRANSPORT
Operates by exchanging
Network Layer Reachability Information (NLRI).
NLRI includes a set of BGP attributes and one or more
prefixes with which those attributes are associated.
Uses TCP port 179 as the transport protocol.
11
MTCINE Bootcamp + IPv6 Workshop
PACKET FORMAT
Uses TLVs (Type-Length-Value):
Marker (128-bit)
For authentication
Length (16-bit)
Type (8-bit)
Value
Message body
Keepalive
Does not contain data, sent to keep hold timer from expiring
Default keepalive timer is 30 seconds, and hold timer is 180 seconds.
Timers are negotiable, peers use the smaller timer
Update
Actual route updates
Contains NLRI and path attributes
Notification
Sent when error condition occurs, contains error code and sub-code
12
MTCINE Bootcamp + IPv6 Workshop
Keepalive
AS100 AS200
Route Refresh message
Update
ENABLE BGP
If Router ID is not specified, it is automatically set to
lowest IP address on the router.
/routing bgp instance
set default as=300 router-id=10.10.10.4
13
MTCINE Bootcamp + IPv6 Workshop
NETWORKS
Indicates what networks BGP should originate from the
router (max 200).
By default network is advertised only if corresponding
route is present in routing table.
Synchronization can be turned off if:
Your AS does not provide transit service
All the transit routers run BGP
Disabling sync allows BGP to converge faster.
Sync can be dangerous if routes are flapping a lot.
AS200
R2
eBGP AS300
AS100 R3
R1
R4
R5
iBGP
R6
eBGP
AS400
14
MTCINE Bootcamp + IPv6 Workshop
15
MTCINE Bootcamp + IPv6 Workshop
LOOPBACK INTERFACE
Physical interface may be up/down depends on:
Layer 1 connectivity
Layer 2 line protocol
Once physical interface is down, BGP peering sessions
using that interface will be down.
Loopback is a virtual interface, its state is always up.
16
MTCINE Bootcamp + IPv6 Workshop
17
MTCINE Bootcamp + IPv6 Workshop
18
MTCINE Bootcamp + IPv6 Workshop
19
MTCINE Bootcamp + IPv6 Workshop
NEXTHOP
IP address that is used to reach a certain destination.
For eBGP nexthop is neighbor's IP address.
172.16.0.0/24
AS100 Nexthop: 10.1.1.1
172.16.0.0/24
172.16.0.0/24 R1 10.1.1.1/30 Nexthop: 10.1.1.1
R3
10.1.1.2/30 R2
lo0: 10.30.1.2
lo0: 10.30.1.1
AS200
20
MTCINE Bootcamp + IPv6 Workshop
NEXTHOP SELF
Force iBGP speaker to send its local peer address as nexthop.
Use when P2P link between border router (R2) and eBGP peer (R1)
is not advertised in IGP (OSPF/IS-IS).
172.16.0.0/24
AS100 Nexthop: 10.1.1.1
172.16.0.0/24
172.16.0.0/24 R1 10.1.1.1/30 Nexthop: 10.30.1.1
R3
10.1.1.2/30 R2
lo0: 10.30.1.2
lo0: 10.30.1.1
AS200
[admin@R2] /routing bgp peer> set IBGP-R3-IPV4 nexthop-choice=force-self
WEIGHT
Weight is only significant locally to the router.
This attribute is not advertised to any peer
Use inbound filter to set weight
Prefix without assigned weight has default value of 0.
Path with higher weight is preferred.
21
MTCINE Bootcamp + IPv6 Workshop
LOCAL PREFERENCE
Local Preference is only significant within local AS.
This attribute is not advertised to eBGP peers
Can be set by either inbound or outbound filter
Indicates which path has preference to exit the AS.
Path with higher 10.1.1.0/24
AS100 AS200
Local Pref. is
preferred R1 R5
(default: 100).
AS300
10.1.1.0/24
Local Pref.: 200 R2 R4
Best Path R3 10.1.1.0/24
Local Pref.:100
10.1.1.0/24 via R2
AS PATH
List of AS numbers that an update has traversed.
AS300 AS200
R2
R3
10.1.1.0/24
10.1.1.0/24 10.1.1.0/24
AS Path:200,100 AS Path:100 AS100
AS400 R1
R4
10.1.1.0/24
AS Path: 300,200,100
22
MTCINE Bootcamp + IPv6 Workshop
ORIGIN
Information about how the prefix is originated into BGP.
Prefers IGP over EGP, and EGP over Incomplete.
IGP
Interior Gateway Protocol
Prefix is fed into BGP by the network command
EGP
Prefix learned via Exterior Gateway Protocol (now obsolete)
Incomplete
Origin is unknown
Occurs when prefix is redistributed from other protocols into BGP
Result of aggregation
MED
Multi Exit Discriminator or Metric, hint to external
neighbor about path preference into an AS.
Lower metric is preferred (Default: 0).
23
MTCINE Bootcamp + IPv6 Workshop
MED (CONT.)
10.1.1.0/24
AS100 10.1.1.0/24 AS300
MED: 10 MED not advertised
R1 R4
10.1.1.0/24
MED: 50
10.1.1.0/24 10.1.1.0/24
No MED MED: 100
R2 R3
10.1.1.0/24
AS200
• R1, R2 and R3 advertise the same network to R4 with different MED values.
• R4 only compares MEDs coming from the same AS (R2 and R3).
• MED coming from different AS (R1) is ignored.
• Other attributes are used to select best path between AS100 and AS200.
ROUTE DISTRIBUTION
IGP (Connected, Static, RIP, OSPF) routes can be
redistributed into BGP.
/routing bgp instance
set default redistribute-static=yes
set default redistribute-ospf=yes
24
MTCINE Bootcamp + IPv6 Workshop
ROUTING FILTER
Main tool to control and modify routing information.
Organized in chains similar to firewall.
25
MTCINE Bootcamp + IPv6 Workshop
PREFIX FILTERING
Can be configured to receive specific prefixes from peer,
or advertise specific prefixes to peer only.
Similar to “ip prefix-list” in Cisco IOS.
Accept any prefixes that has prefix length from /22 to /24 in
subnet 10.200.0.0/22, discard others
/routing filter
add chain=EBGP-AS200-IPV4-IN prefix=10.200.0.0/22 \
prefix-length=22-24 action=accept
add chain=EBGP-AS200-IPV4-IN action=discard
26
MTCINE Bootcamp + IPv6 Workshop
AS PATH FILTERING
Can be configured to receive prefixes from, or advertise
prefixes to certain ASN only.
Similar to “ip as-path access-list” in Cisco IOS.
27
MTCINE Bootcamp + IPv6 Workshop
28
MTCINE Bootcamp + IPv6 Workshop
29
MTCINE Bootcamp + IPv6 Workshop
PREFIX AGGREGATION
Summarization of more specific routes into supernet.
Can be used to hide topology.
R1
AS400 10.1.1.0/24
10.0.0.0/8
R4 AS300
R3 10.1.2.0/24 AS200
R2
SERVICE PROVIDER
BGP DESIGN
Route Reflector
Confederation
Multi-homing
BGP Community
ISP Routing Policies
30
MTCINE Bootcamp + IPv6 Workshop
R1 R3 R1 R3
R2 R2 RR
31
MTCINE Bootcamp + IPv6 Workshop
BGP CONFEDERATION
Confederation is another solution for avoiding iBGP full mesh.
Divides AS into multiple confederation ASes.
32
MTCINE Bootcamp + IPv6 Workshop
CONFEDERATION SETUP
AS200
AS Path: 100,300 R9 AS300
R8
R3 R4
AS20
R1
AS Path: (20,30)
AS10 R5 R6
R2
AS30
AS400 AS100
R7
SINGLE-HOMED
Stub network, has only one connection to the outside world.
Typically private ASN is used (64512-65534).
33
MTCINE Bootcamp + IPv6 Workshop
DUAL-HOMED
Stub network, has multiple connections to single ISP.
Typically private ASN is used (64512-65534).
PRIVATE AS REMOVAL
Global Internet
AS65500
ISP 172.16.0.0/24
172.16.0.0/16
34
MTCINE Bootcamp + IPv6 Workshop
MULTI-HOMED
Needs to request own IP/ASN from:
Upstream ISP
Local Internet Registry (LIR)
JPNIC, CNNIC, SGNIC…etc. Global Internet
Regional Internet Registry (RIR)
APNIC, ARIN, RIPE NCC…etc.
Typically receive full route AS200
AS100
from upstream ISPs.
R3
Advertise own address R1
space to upstream ISPs.
Supports independent routing policies. R2
35
MTCINE Bootcamp + IPv6 Workshop
BGP COMMUNITY
Attribute that groups prefixes for informational or
implementing routing policies.
32-bit value, written in format “XX:YY”
Provide extra information about the prefix, for instance:
“<ASN>:100” = Customer routes
“<ASN>:200” = Prefixes from private peering or Internet eXchange (IX)
“<ASN>:300” = Internet prefixes from upstream provider
36
MTCINE Bootcamp + IPv6 Workshop
AS300 AS100
R1
R3 AS200
R2
ISP
AS100
AS300 AS 500
37
MTCINE Bootcamp + IPv6 Workshop
38
MTCINE Bootcamp + IPv6 Workshop
MULTIPROTOCOL
LABEL SWITCHING (MPLS)
Introduction to MPLS
Static Label Mapping
Label Distribution Protocol (LDP)
Label Binding Filtering
Traceroute in MPLS
39
MTCINE Bootcamp + IPv6 Workshop
INTRODUCTION TO MPLS
Stands for Multiprotocol Label Switching.
Technology used to forward packets, based on short
labels.
Initial goal: more efficient forwarding than IP routing
(similar to ATM switching).
Serves as foundation for some “Advanced Services”:
Layer3 VPN
Layer2 VPN, Any Transport over MPLS (AToM)
MPLS Traffic Engineering
Guaranteed bandwidth services
40
MTCINE Bootcamp + IPv6 Workshop
Label is removed at
MPLS egress LER
Backbone
41
MTCINE Bootcamp + IPv6 Workshop
42
MTCINE Bootcamp + IPv6 Workshop
R1 R2 R3
43
MTCINE Bootcamp + IPv6 Workshop
Remote bindings
IGP Prefix 10.1.1.0/24 10.1.1.0/24 10.1.1.0/24
10.1.1.0/24 Label 21 Label 22 Label 23
44
MTCINE Bootcamp + IPv6 Workshop
LAB: LDP
Remove all static mappings from previous lab.
Enable LDP and set LSR ID and transport address the
same as loopback address.
[admin@R2] /mpls ldp> set enabled=yes \
transport-address=10.1.1.2 lsr-id=10.1.1.2
LABEL SPACE
Per interface label space.
Packet is forwarded based on both the incoming interface
and the label
Per platform label space.
Label is not unique per interface
Label1 Label1
Path 1 Path 1 Path 1
Path 1
Path 2
Label1 Label1
Path 2 Path 1
45
MTCINE Bootcamp + IPv6 Workshop
RESERVED LABELS
Default label range is 16-1048575.
Labels from 0 to 15 are reserved, but only 4 are used at
this point:
0 – explicit NULL
1 – router alert
2 – IPv6 explicit NULL
3 – implicit NULL
46
MTCINE Bootcamp + IPv6 Workshop
PHP
Implicit NULL
PHP
Explicit NULL
EXPLICIT NULL
If configured, penultimate LSR forwards packet with
NULL label, instead of popping stack.
Useful to preserve QoS.
47
MTCINE Bootcamp + IPv6 Workshop
TARGETED LDP
In some cases it is necessary to set up targeted LDP session.
Session between not directly connected LSRs
Targeted LDP is used to establish a Traffic Engineering (TE) tunnel
Configuration:
/mpls ldp neighbor add transport=<REMOTE_IP> send-targeted=yes
Targeted LDP
48
MTCINE Bootcamp + IPv6 Workshop
TRACEROUTE IN MPLS
ICMP error messages are switched further along LSP.
It will cause false increase in latency for that hop.
R1 R2 R3 R4
Label: 32 Label: 43
49
MTCINE Bootcamp + IPv6 Workshop
MPLS L3VPN
MPLS Layer 3 VPN is also known as IPVPN.
Service provider participates in customer routing.
Service provider takes care of convergence and fail-over.
Offers more flexibility and reliability compared to traditional
overlay and peer-to-peer VPNs.
Ease of service provision and maintenance
Cost effective and scalable
Can employ high availability and bandwidth-guarantee SLA
Service provider network MUST be MPLS enabled.
PE (Provider Edge) is a provider router that connecting to
customer site.
CE (Customer Edge) is a customer router that connecting to
provider.
50
MTCINE Bootcamp + IPv6 Workshop
CE CE
VPN B PE VPN A
Site 1 Site 2
CE
VPN A
iBGP VPNv4 VPN B
OSPF/BGP CE-PE Site 3
Site 3
51
MTCINE Bootcamp + IPv6 Workshop
VRF
Stands for Virtual Routing and Forwarding.
Functionality of completely independent routing tables
on one router.
Routing tables can be used for Policy Based Routing (PBR).
Multiple VRFs solves the problem of overlapping
customer IP prefixes.
Different customers can use the same IP address
When nexthop resolving fails it is not resolved in main
table (compared to PBR).
Any router management (Winbox, telnet, SSH...etc.) is
not possible from VRF interface.
Ping and traceroute tools are updated to support VRFs.
VRF CONFIGURATION
Create VRF and add interface to VRF:
/ip route vrf add routing-mark=VPN-A interfaces=ether4
52
MTCINE Bootcamp + IPv6 Workshop
ROUTE DISTINGUISHER
Route distinguisher (RD) is used to make IPv4 prefixes unique
when advertised into VPNv4 address family.
64-bit length
RD + IPv4 prefix = VPNv4 prefix (96-bit), so that different customers
can use overlapping addresses
Format:
<IP>:<Unique Number>
<ASN>:<Unique Number>
RD has to be configured in appropriate VRF for VPNv4 to work.
Normally one RD per VPN customer.
Some complex VPN scenarios may require more than one RD.
Load balancing to dual-homed VPN sites
53
MTCINE Bootcamp + IPv6 Workshop
ROUTE TARGET
Route Target (RT) identifies which VRF(s) keep which
VPN prefixes.
RT is an 8-byte BGP Extended Community attribute.
PE4 CE
VPN B Import: 200:1 VPN A
Site 2 Export: 200:1 Site 2
CE
54
MTCINE Bootcamp + IPv6 Workshop
CONFIGURING L3VPN
Create VRF instance.
/ip route vrf add routing-mark=VPN-A \
route-distinguisher=100:1 \
import-route-targets=100:1 \
export-route-targets=100:1
Results
/routing bgp vpnv4-route print
OSPF as PE-CE
Enable VRF-aware OSPF, redistribute VPNv4 routes into OSPF
/routing ospf instance set default \
routing-table=VPN-A redistribute-bgp=as-type-2
55
MTCINE Bootcamp + IPv6 Workshop
56
MTCINE Bootcamp + IPv6 Workshop
57
MTCINE Bootcamp + IPv6 Workshop
58
MTCINE Bootcamp + IPv6 Workshop
PSEUDOWIRE
Pseudowire provides a common intermediate format to
transport multiple types of network services over a
Packet Switched Network (PSN).
Pseudowire de-multiplexor field (PW Label) is used to
identify VPLS tunnel.
Pseudowire has MAC learning, flooding and forwarding
functionality.
Pseudowire technology provides Like-to-Like transport
and also Interworking (IW).
RouterOS does not have Interworking implementation, since
it supports only VPLS, which is Ethernet type media
59
MTCINE Bootcamp + IPv6 Workshop
BRIDGE HORIZON
Forward Ethernet frame coming from PE to connected CEs.
Packets are not forwarded to interfaces with the same
horizon value.
Horizon value is set in bridge port configuration.
[admin@PE-2] /interface bridge port>
add interface=VPLS-A-PE1 bridge=BR-VPLS-A horizon=1
add interface=VPLS-A-PE3 bridge=BR-VPLS-A horizon=1
CE1 CE3
PE1 PE3
1
1
CE2 1 1 CE4
PE2
60
MTCINE Bootcamp + IPv6 Workshop
61
MTCINE Bootcamp + IPv6 Workshop
62
MTCINE Bootcamp + IPv6 Workshop
63
MTCINE Bootcamp + IPv6 Workshop
MPLS MTU
MPLS MTU = IP MTU (L3) + MPLS headers.
MPLS MTU is adjustable from “/mpls interface” menu.
Default: 1508
If MTU is too large and next header is IP.
Then generate “ICMP Need Fragment” error
Else silently discard packet
Eth(14) VLAN(4) MPLS(4) IP(20) DATA(1480)
IP (L3) MTU
MPLS MTU
L2 MTU
Full Frame
64
MTCINE Bootcamp + IPv6 Workshop
VPLS L2MTU
L2MTU: 1500 Eth(14) IP(20) DATA(1480)
R1
R2
R3
L2MTU: 1522 Eth(14) VPLS(4) CW(4) Eth(14) IP(20) DATA(1480)
R4
L2MTU: 1500 Eth(14) IP(20) DATA(1480)
65
MTCINE Bootcamp + IPv6 Workshop
IP ROUTING LIMITATION
Traditional IP routing decision is based on packet
destination IP address.
After two IP traffic flows for the same destination are
merged, it is technically hard to split them and reroute
over different paths.
Overloaded link from Router C to Router E.
E
A C F
D
50Mbps traffic from A to F
B 50Mbps traffic from B to F
66
MTCINE Bootcamp + IPv6 Workshop
E
A C F
B TE Tunnel1 50Mbps
TE Tunnel2 50Mbps
HOW TE WORKS?
TE establishes/maintains the tunnel using RSVP-TE.
Resource Reservation Protocol Traffic Engineering extension
Tunnel path at any point is determined based on network
resources and tunnel requirements.
Available resources are flooded via OSPF.
67
MTCINE Bootcamp + IPv6 Workshop
RSVP-TE
Tunnel signaled with TE
extensions to RSVP.
Soft state maintained with
downstream PATH messages.
Soft state maintained with
upstream RESV messages.
New RSVP objects
LABEL_REQUEST (PATH)
LABEL (RESV)
EXPLICIT_ROUTE
RECORD_ROUTE (PATH/RESV)
SESSION_ATTRIBUTE (PATH)
MPLS Forwading table
populated using RSVP labels
allocated by RESV messages.
68
MTCINE Bootcamp + IPv6 Workshop
69
MTCINE Bootcamp + IPv6 Workshop
CONFIGURING TE
Enable MPLS TE feature in OSPF for your backbone area.
[admin@R9] /routing ospf>
set 0 mpls-te-area=backbone mpls-te-router-id=lo0
MONITORING TE
Monitor TE tunnel status.
[admin@R9] /interface traffic-eng> monitor 0
70
MTCINE Bootcamp + IPv6 Workshop
71
MTCINE Bootcamp + IPv6 Workshop
AUTO BANDWIDTH
By default TE tunnels do not apply rate limitations,
“bandwidth” settings are only for reservation accounting
To make tunnels more flexible two features were added:
“bandwidth-limit” – Hard rate limit allowed to enter the
tunnel, limit is percent of tunnel bandwidth.
Auto bandwidth adjustment – measures average rate during
“auto-bandwidth-avg-interval”, tunnel keeps highest average
rate seen during “auto-bandwidth-update-interval”. When
update interval expires, tunnel chooses new highest rate from
“auto-bandwidth-range”.
Both options can be used in combination.
72
MTCINE Bootcamp + IPv6 Workshop
73
MTCINE Bootcamp + IPv6 Workshop
MTCINE EXAM
This is an open book exam, you ARE ALLOWED to read
the book, use search engine, or login to the router.
YOU ARE NOT ALLOWED to print screen, record, capture,
copy, save, disclose, or share any exam question!
DO NOT talk to other participants during the exam!
If you face any technical problem on exam portal, please
RAISE YOUR HAND and talk to the trainer or training
assistant.
If you are going to do testing on your router, make sure
you are not accessing to exam portal via it.
74
MTCINE Bootcamp + IPv6 Workshop
INTRODUCTION TO IPV6
IPv6 Packet Format
IPv6 Addressing
IPv6 Subnetting
IPv6 Protocols
INTRODUCTION TO IPV6
New version of Internet Protocol version 6 which can
support 2128 bits – 340 decillion IPv6 addresses.
IPng protocol was initially developed in 1994 for solving
the issue of IPv4 addresses exhaustion.
IPv6 was also called IPng in the early days of IPv6
protocol development stage.
IPv6 deployment started in 1999.
75
MTCINE Bootcamp + IPv6 Workshop
76
MTCINE Bootcamp + IPv6 Workshop
IPV6 HEADER
Version = 4-bit value set to 6.
Traffic Class = 8-bit value.
Replaces IPv4 TOS field
Flow Label = 20-bit value.
Payload Length = 16-bit value.
The size of the rest of the IPv6 packet following the header –
replaces IPv4 Total Length
Next Header = 8-bit value.
Replaces IPv4 Protocol, and indicates type of next header
Hop Limit = 8-bit value.
Decreased by one every IPv6 hop (IPv4 TTL counter)
Source address = 128-bit value.
Destination address = 128-bit value.
HEADER FORMAT –
EXTENSION HEADERS
77
MTCINE Bootcamp + IPv6 Workshop
HEADER FORMAT –
COMMON HEADERS
Common values of Next Header field:
0 Hop-by-hop option (extension)
2 ICMP (payload)
6 TCP (payload)
17 UDP (payload)
43 Source routing (extension)
44 Fragmentation (extension)
50 Encrypted security payload (extension, IPSec)
51 Authentication (extension, IPSec)
59 Null (No next header)
60 Destination option (extension)
HEADER FORMAT –
ORDERING OF HEADERS
Order is important because:
Hop-by-hop header has to be processed by every
intermediate node
Routing header needs to be processed by intermediate
routers
At the destination fragmentation has to be processed before
other headers
This makes header processing easier to implement in
hardware.
78
MTCINE Bootcamp + IPv6 Workshop
IPv4:
32 bits
= 4,294,967,296 possible addressable devices
IPv6:
128 bits: 4 times the size in bits
=340,282,366,920,938,463,463,374,607,431,768,211,456
nodes
79
MTCINE Bootcamp + IPv6 Workshop
EXERCISE
2001:0db8:0000:0000:0000:0000:0000:0000
2001:0db8:0000:0000:d170:0000:1000:0ba8
2001:0db8:00a0:0000:0000:00f6:0000:00aa
2001:0db8:0fc5:007b:ab70:0210:0000:00bb
80
MTCINE Bootcamp + IPv6 Workshop
IPV6 ADDRESSING
Generally there are three address types:
Unicast : One to One (Global, Unique Local, Link local)
Anycast : One to Nearest (Allocated from Unicast)
Multicast : One to Many
There is no broadcast in IPv6.
A single interface may be assigned multiple IPv6
addresses of any type (unicast, anycast, multicast).
81
MTCINE Bootcamp + IPv6 Workshop
INTERFACE ID
Lowest order 64-bit field of unicast address may be
assigned in several different ways:
Auto-configured from a 64-bit EUI-64, or expanded from a
48-bit MAC address (e.g., Ethernet address)
Auto-generated pseudo-random number (to address privacy
concerns)
Assigned via DHCP
Manually configured
82
MTCINE Bootcamp + IPv6 Workshop
EUI-64
UNIQUE-LOCAL
83
MTCINE Bootcamp + IPv6 Workshop
LINK-LOCAL
MULTICAST USE
Broadcasts in IPv4:
Interrupts all devices on the LAN even if the intent of the request
was for a subset
Can completely swamp the network (“broadcast storm”)
Broadcasts in IPv6 are not used and replaced by multicast.
Multicast:
Enables the efficient use of the network
Multicast address range is much larger
84
MTCINE Bootcamp + IPv6 Workshop
RIPng:
The multicast address All RIP Routers is FF02::9
Note that 02 means that this is a permanent address and has
link scope
OSPFv3:
The multicast address All OSPF Routers is FF02::5
The multicast address All DR Routers is FF02::6
85
MTCINE Bootcamp + IPv6 Workshop
ANYCAST ADDRESS
Multiple hosts can have the same anycast address.
Send to any one member of this group (usually the nearest).
SUBNETTING
Network Engineer needs to know the solid
understanding how to subnet the network for efficiently
using the IPv6 addresses.
IPv6 Subnetting is similar concept with IPv4 subnetting.
86
MTCINE Bootcamp + IPv6 Workshop
SUBNETTING EXAMPLE
Provider A has been allocated an IPv6 block:
2001:0DB8::/32
Prefix-length is defined the same as CIDR value in IPv4.
Provider A will delegate /48 blocks to its customers.
SUBNETTING EXAMPLE
2001:0DB8:0000::/48
In bits
2001:DB8: 0000 0000 0000 0000 2001:DB8:0000::/48
2001:DB8: 0000 0000 0000 0001 2001:DB8:0001::/48
2001:DB8: 0000 0000 0000 0010 2001:DB8:0002::/48
2001:DB8: 0000 0000 0000 0011 2001:DB8:0003::/48
87
MTCINE Bootcamp + IPv6 Workshop
1.------------------------------
2.------------------------------
3.------------------------------
4.------------------------------
1.------------------------------
2.------------------------------
3.------------------------------
4.------------------------------
5.------------------------------
6.------------------------------
88
MTCINE Bootcamp + IPv6 Workshop
Auto-configures address.
89
MTCINE Bootcamp + IPv6 Workshop
NS AND NA MESSAGE
It is used to look for MAC Link Layer address as
replacement of ARP.
It can be used for DAD (Duplicate Address Detection)
ADDRESS CONFIGURATION
Auto configuration of link local address
Stateless
Stateful
DHCPv6
Static
Manually assign the IPv6 address on the interface
90
MTCINE Bootcamp + IPv6 Workshop
STATELESS AUTO-CONFIGURATION
DHCPV6
DHCP for IPv6 is called DHCPv6 and comes in two forms:
Stateless
Stateful
A stateless DHCPv6 server doesn’t keep track of
anything for clients.
When you use SLAAC, you still need stateless DHCPv6 to
learn about the DNS servers.
Stateful DHCPv6 works similar with DHCP for IPv4.
It provides IP information (IP addresses, Prefix Length,
Default Gateway, DNS Servers, and other DHCP options)
to clients.
DHCPv6 uses a Solicit, Advertise, Request and Reply
message.
91
MTCINE Bootcamp + IPv6 Workshop
STATELESS DHCPV6
If necessary additional configuration can be obtained
(for example static routes)
It is done by DHCPv6.
Configure:
Required interfaces and
Enable “Other Configuration”
92
MTCINE Bootcamp + IPv6 Workshop
IP → DNS.
DNS OVERVIEW
DNS maps one resource to another resource:
IP address to hostname (and vice versa)
Useful for long addresses (such as IPv6)
Globally distributed, hierarchical tree structure.
Three components: namespace, resolvers, servers.
93
MTCINE Bootcamp + IPv6 Workshop
94
MTCINE Bootcamp + IPv6 Workshop
95
MTCINE Bootcamp + IPv6 Workshop
IPV6 TRANSITION
TECHNOLOGIES
Dual-Stack
6to4 & 6in4
6RD
DS-Lite
Teredo
TRANSITION TECHNOLOGIES
Currently we are still using IPv4 networks.
We do need the transition technologies to let IPv6
compatibly work with IPv4.
There are some transition technologies we would like to
explain here:
Dual-Stack
6to4 & 6in4
6RD
Teredo
DS-Lite
96
MTCINE Bootcamp + IPv6 Workshop
DUAL-STACK
6TO4 TUNNEL
Allows isolated IPv6 domains to be connected over an
IPv4-only network.
Can be point-to-multipoint.
97
MTCINE Bootcamp + IPv6 Workshop
6TO4 OPERATIONS
Client connects to the nearest Relay from its routing
prospective.
Each client is automatically assigned a /48 by embedding
its public IPv4 address into 2002::/16 prefix:
2002:<client-public-ipv4>::/48
For example, client with IPv4 address 103.97.110.10 is
connecting to a 6to4 relay, its IPv6 prefix will be:
Convert 103.97.110.10 to Hexadecimal 67 61 6E 0A
Embed 67 61 6E 0A into 2002::/16 2002:6761:6E0A::/48
Client points default gateway to 6to4 relay for getting
internet access.
6TO4 EXAMPLE
98
MTCINE Bootcamp + IPv6 Workshop
6IN4
In contrast with 6to4, 6in4 requires manual configuration,
but it uses the same encapsulation (IP Protocol 41).
Two key components:
IPv6 Tunnel Broker Server
IPv6 Tunnel Broker Client
Works similar to EoIP/GRE, tunnel has to be configured
manually on both peers (server and client)
Static addressing.
No allocated prefix 2002::/16
Client’s IPv6 prefix have to be assigned manually
IPv6 prefix is independent from its public IPv4
IPv6 prefix won’t change when IPv4 endpoint changes
99
MTCINE Bootcamp + IPv6 Workshop
100
MTCINE Bootcamp + IPv6 Workshop
6RD
IPv6 Rapid Deployment is 6to4 derivative.
IPv6 relay is controlled by your ISP.
DS-LITE
Stands for Dual-Stack Lite.
IPv6-only links are used between the ISP and the client.
101
MTCINE Bootcamp + IPv6 Workshop
DS-LITE (CONT.)
NAT is centralized at ISP-level.
Clients use private IPv4 addresses.
e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
ISP → Client network is IPv6 only.
TEREDO
Teredo encapsulates IPv6 traffic into IPv4 UDP packets.
The traffic is sent through IPv4 Internet.
Described in RFC4380.
102
MTCINE Bootcamp + IPv6 Workshop
IPV6 ROUTING
IPv6 routing works similar to IPv4.
Static and dynamic routing can be used.
103
MTCINE Bootcamp + IPv6 Workshop
104
MTCINE Bootcamp + IPv6 Workshop
OSPFv3
No Prefix information in Type 1 and Type 2
Link-local addresses to be used for next hops – Type 8 LSA
Prefixes – Type 9 LSA
105
MTCINE Bootcamp + IPv6 Workshop
106
MTCINE Bootcamp + IPv6 Workshop
107
MTCINE Bootcamp + IPv6 Workshop
Workaround:
1. Manually configure static routes to all backbone router’s
Loopbacks, for BGP to look up
2. Implement routing filter, manually set all BGP next hops to be
appropriate IPv6 point-to-point address or link-local address
108
MTCINE Bootcamp + IPv6 Workshop
THE END
THANKS FOR YOUR ATTENTION!
Contact Me
training@informationbeam.net
109