Wednesday, December 15, 2010

IPv6 Mechanisms CCSP Coaching Institute in New Delhi

Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192


The changes to the 128-bit address length and IPv6 header format modified the underlying protocols that support IP. This section covers ICMPv6, IPv6 ND, address resolution, address assignment, and IPv6 routing protocols. These protocols must now support 128-bit addresses. For example, DNS adds a new record locator for resolving fully qualified domain names (FQDN) to IPv6 addresses. IPv6 also replaces ARP with the IPv6 ND protocol. IPv6 ND uses ICMPv6.

ICMPv6

ICMP needed some modifications to support IPv6. RFC 2463 describes the use of ICMPv6 for IPv6 networks. All IPv6 nodes must implement ICMPv6 to perform network layer functions. ICMPv6 performs diagnostics (ping), reports errors, and provides reachability information. Although IPv4 ICMP uses IP protocol 1, IPv6 uses a Next Header number of 58.
Informational messages are
  • Echo request
  • Echo reply
Some error messages are
  • Destination unreachable
  • Packet too big
  • Time exceeded
  • Parameter problem
The destination-unreachable messages also provide further details:
  • No route to destination
  • Destination administratively prohibited
  • Address unreachable
  • Port unreachable
Other IPv6 mechanisms use ICMPv6 to determine neighbor availability, path MTU, destination address, or port reachability.

IPv6 Network Discovery (ND) Protocol

IPv6 does not implement the ARP that is used in IPv4. Instead, IPv6 implements the ND protocol described in RFC 2461. Hosts use ND to implement plug-and-play functions that discover all other nodes in the same link, check for duplicate addresses, and find routers in the link. The protocol also searches for alternative routers if the primary fails.
The IPv6 ND protocol performs the following functions:
  • Address autoconfiguration— The host can determine its full IPv6 address without the use of DHCP.
  • Duplicate address detection— The host can determine whether the address it will use is already in use on the network.
  • Prefix discovery— The host finds out the link's IPv6 prefix.
  • Parameter discovery— The host finds out the link's MTU and hop count.
  • Address resolution— The host can determine the MAC address of other nodes without the use of ARP.
  • Router discovery— The host finds local routers without the use of DHCP.
  • Next-hop determination— The host can determine a destination's next hop.
  • Neighbor unreachability detection— The host can determine whether a neighbor is no longer reachable.
  • Redirect— The host can tell another host if a preferred next hop exists to reach a particular destination.
IPv6 ND uses ICMPv6 to implement some of its functions. These ICMPv6 messages are
  • Router Advertisement (RA)— Sent by routers to advertise their presence and link-specific parameters.
  • Router Solicitation (RS)— Sent by hosts to request RA from local routers.
  • Neighbor Solicitation (NS)— Sent by hosts to request link layer addresses of other hosts. Also used for duplicate address detection.
  • Neighbor Advertisement (NA)— Sent by hosts in response to an NS.
  • Redirect— Sent to a host to notify it of a better next hop to a destination.
The link address resolution process uses Neighbor Solicitation (NS) messages to obtain a neighbor's link layer address. Nodes respond with a Neighbor Advertisement (NA) message that contains the link layer address.

IPv6 Name Resolution

IPv4 uses A records to provide FQDN name-to-IPv4 address resolution. DNS adds a resource record (RR) to support name-to-IPv6-address resolution. RFC 3596 describes the addition of a new DNS resource record type to support transition to IPv6 name resolution. The new record type is AAAA, commonly known as "quad-A." Given a domain name, the AAAA record returns an IPv6 address to the requesting host.
RFC 2874 specifies another DNS record for IPv6; it defines the A6 resource record. The A6 record provides additional features and is intended as a replacement for the AAAA RR. Current DNS implementations need to be able to support A (for IPv4), A6, and AAAA resource records, with type A having the highest priority and AAAA the lowest.

Path MTU Discovery

IPv6 does not allow packet fragmentation throughout the internetwork. Only sending hosts are allowed to fragment. Routers are not allowed to fragment packets. RFC 2460 specifies that the MTU of every link in an IPv6 must be 1280 bytes or greater. RFC 1981 recommends that nodes should implement IPv6 path MTU discovery to determine whether any paths are greater than 1280 bytes. ICMPv6 packet-too-big error messages determine the path MTU. Nodes along the path send the ICMPv6 packet-too-big message to the sending host if the packet is larger than the outgoing interface MTU.
Figure 8-5 shows a host sending a 2000-byte packet. Because the outgoing interface MTU is 1500 bytes, Router A sends an ICMPv6 packet-too-big error message back to Host A. The sending host then sends a 1500-byte packet. The outgoing interface MTU at Router B is 1300 bytes. Router B sends an ICMPv6 packet-too-big error message to Host A. Host A then sends the packet with 1300 bytes.


IPv6 Address-Assignment Strategies

An IPv6 host can obtain its address through autoconfiguration or from the DHCP. DHCP is a stateful method of address assignment. IPv6 nodes might or might not use DHCPv6 to acquire IP address information.
Autoconfiguration of Link-Local Address
IPv6 hosts can use a stateless autoconfiguration method, without DHCP, to acquire their own IP address information. Hosts obtain their link-local addresses automatically as an interface is initialized. First, the host performs a duplicate address-detection process. The host joins the all-nodes multicast group to receive neighbor advertisements from other nodes. The neighbor advertisements include the subnet or prefix associated with the link. The host then sends a neighbor-solicitation message with the tentative IP address (interface identifier) as the target. If a host is already using the tentative IP address, that host replies with a neighbor advertisement. If the host receives no neighbor advertisement, the target IP address becomes the link-local address of the originating host.
DHCPv6
DHCPv6 is the updated version of DHCP that provides dynamic IP address assignment for IPv6 hosts. DHCPv6 is described in RFC 3315. It provides the same functions as DHCP, with more control than stateless autoconfiguration, and it supports renumbering without routers. DHCPv6 assignment is stateful, whereas IPv6 link-local autoconfiguration is not.

IPv6 Security

IPv6 has two integrated mechanisms to provide security for communications. It natively supports IP Security (IPSec). IPSec is mandated at the operating-system level for all IPSec hosts. RFC 2401 describes IPSec. Extension headers carry the IPSec AH and ESP header. The AH provides authentication and integrity. The ESP header provides confidentiality by encrypting the payload. For IPv6, the AH defaults to message digest algorithm 5 (MD5), and the ESP encryption defaults to data encryption standard-cipher block chaining (DES-CBC).
A description of the IPSec mechanisms appears in Chapter 13, "Security Solutions." More information also appears in RFC 2402, IP Authentication Header, and in RFC 2406, IP Encapsulating Security Payload (ESP).

IPv6 Routing Protocols

New routing protocols have been developed to support IPv6, such as RIPng, Integrated Intermediate System-to-Intermediate System (i/IS-IS), EIGRP for IPv6, and OSPFv3. Border Gateway Protocol (BGP) also includes changes that support IPv6. Enhanced Interior Gateway Routing Protocol (EIGRP) also now supports IPv6.
RIPng for IPv6
RFC 2080 describes changes to RIP to support IPv6 networks, called RIP next generation (RIPng). RIP mechanisms remain the same. RIPng still has a 15-hop limit, counting to infinity, and split horizon with poison reverse. Instead of User Datagram Protocol (UDP) Port 520 for RIPv2, RIPng uses UDP Port 521. RIPng supports IPv6 addresses and prefixes. Cisco IOS Software currently supports RIPng. RIPng uses multicast group FF02::9 for RIP updates to all RIP routers.
EIGRP for IPv6
Cisco has developed EIGRP support for IPv6 networks to route IPv6 prefixes. EIGRP for IPv6 is configured and managed separately from EIGRP for IPv4; no network statements are used. EIGRP for IPv6 retains all the characteristics (network discovery, DUAL, modules) and functions of EIGRP for IPv4. EIGRP uses multicast group FF02::A for EIGRP updates.
OSPFv3 for IPv6
RFC 2740 describes OSPF Version 3 to support IPv6 networks. OSPF algorithms and mechanisms (flooding, designated router [DR] election, areas, shortest path first [SPF] calculations) remain the same. Changes are made for OSPF to support IPv6 addresses, address hierarchy, and IPv6 for transport. Cisco IOS Software currently supports OSPFv3.
OSPFv3 uses multicast group FF02::5 for all OSPF routers and FF02::6 for all designated routers.
IS-IS for IPv6
Specifications for routing IPv6 with integrated IS-IS are currently an Internet draft of the IETF. The draft specifies new type, length, and value (TLV) objects, reachability TLVs, and an interface address TLV to forward IPv6 information in the network. IOS supports IS-IS for IPv6 as currently described in the draft standard.
BGP4 Multiprotocol Extensions for IPv6
RFC 2545 specifies the use of BGP attributes for passing on IPv6 route information. The MP_REACH_NLRI (multiprotocol-reachable) attribute describes reachable destinations. It includes the next-hop address and a list of Network Layer Reachability Information (NLRI) prefixes of reachable networks. The MP_UNREACH_NLRI (multiprotocol-unreachable) attribute conveys unreachable networks. IOS currently supports these BGP4 multiprotocol attributes to communicate reachability information for IPv6 networks.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)