Weitere ähnliche Inhalte Ähnlich wie I pv6 autoconfig20c (20) I pv6 autoconfig20c1. IPv6 Autoconfiguration
for Plug and Play !
The whole process In-Depth fully explained!
Version 2.0c
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-1
2. About the Author
§ 15 years experience in IPv6
– IPv6 Forum Certified Gold Engineer
– IPv6 Forum Certified Gold Trainer
– 7 years Cisco IOS IPv6 Software Engineer (NSSTG Group)
§ 20+ years experience with CISCO, TCP/IP
– 15 years CCIE #3013 (it was only R&S in 1997!)
– 18 years CCSI #33517 since 1994 (it was #95003)
– 3 years Cisco Network Consultant (CA Group)
§ 12+ years experience in MPLS
Meet me on:
– Twitter: FredBovy
– Skype: FredericBovy
– Blogs: http://www.fastlaneus.com/blog
– LinkedIn, owner of 3 IPv6 Groups
– Email me: fred.bovy@fastlaneus.com
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-2
3. What is Autoconfiguration ?
§ With Autoconfiguration, a network node can
configure itself completely and modify its configuration
anytime needed. This is Plug and Play !
Network Addresses, default route,
DNS, SIP and Others Servers addresses, domain name,
Dynamic DNS Updates…
§ How Autoconfiguration is used:
For Offices or Campuses:
- Renumbering if a new prefix must be used for a site or a company
- For privacy, the Interface ID can be changed with a random value every day
- With Mobile IPv6 enabled, support the Mobile users. They keep using their office home addresses
while they are roaming.
Roaming devices without Mobile IPv6
- Autoconfigured is used to get addresses for each visited access network
- Application must be restarted each time as sockets are differents
- This is how MOST devices are currently operating !
Mobile IPv6: Mobile Routers (NEMO), MANET, Sensors (6LowPAN)
- The home Address is the only address known by the end-user Application
- A new Address (COA) acquired by Autoconfig is used for each visited network (Wifi, 3G)
- Because the home address is the same, the same socket is used, there is no interruption, no
need to restart the applications. Stay always connected !
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-3
4. Autoconfiguration (SLAAC) on Linux!
Autoconfiguration is Enabled by default on
most platforms but Linux !
For Linux use sysctl -w or add in the /etc/
sysctl.conf the following configuration:
To Enable Autoconfig use:
This is only about Stateless Address
Autoconfiguration (SLAAC) and has
nothing to do with Mobile IPv6.
We will introduce Mobile IPv6 later in
this presentation
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-4
5. Autoconfig Addresses in Tentative Mode
Autoconfiguration First Step is the Tentative Mode to verify the IPv6
Addresses which are configured or could be configured on the interface
IPV6 INTERFACE IS GOING UP…
§ First, the Link local address is generated and tested to enable the interface for IPv6
§ The Link Local address is verified with Duplicate Address Detection (DAD)
§ The Link-Local address MUST be valid or Autoconfig exits and the Interface is disabled for
IPv6
§ Once the Link-Local passed DAD, the IPv6 Interface is Up and other addresses are also
generated from the RA or allocated by DHCPv6 and validated by DAD
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-5
6. Autoconfig Address is in Preferred state
n The « NORMAL » state for an address in production.
n The address verified by DAD can be used to send and receive unicast traffic.
n The address can be used for new connections or by existing one
n The Preferred Lifetime is determined by the field Preferred Lifetime included
in the RA Prefix Information or the Preferred-Lifetime Option in the DHCPv6
As long as the derived Address is refreshed with RA Prefixes or the
allocated address is reniewed by DHCPv6, the address state will
remain Preferred!
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-6
7. Autoconfig Address is in Deprecated state
The Address was not refreshed by a RA or DHCPv6 for Preferred timer…
n Can be used for Renumbering, during the transition to a NEW prefix
n New connection SHOULD not use this address
n Existing communications SHOULD still be able to use this address as source.
« An implementation MAY prevent any new communication from
using a deprecated address, but system management MUST have
the ability to disable such a facility, and the facility
MUST be disabled by default. » RFC4862!
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-7
8. Autoconfig Address is in Valid state
The address can be used to send and received unicast traffic
Valid state = Preferred + Deprecated
The Valid Lifetime is determined by the field Valid Lifetime
included in the RA Prefix Information or the Valid-Lifetime
Option in the DHCPv6 IA Address
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-8
9. Autoconfig Address is in Invalid State
The address cannot be used to send or receive traffic
The address reaches the Invalid state when the Valid Lifetime has
expired
« An address (and its association with an interface) becomes
invalid when its valid lifetime expires. An invalid address MUST
NOT be used as a source address in outgoing communications and MUST
NOT be recognized as a destination on a receiving interface. »
RFC4862!
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-9
10. Client initializes the Link-Local Address
Start
Derive the link-local
address Set Hop Limit,
FE80::[Interface ID] Reachable Time,
Retrans Timer, MTU
Send NS to the solicited
node multicast address Prefix Yes
DAD derived from the link- Information A
local present ?
No
Yes B
NA received ? Stop
Managed
Address Yes
No Configuration
Flag = 1 ?
Initialize the link-local
No
Other Yes
Send RS Configuration Use DHCPv6
Flag = 1 ?
No No
RA Received ? Use DHCPv6
and exit Stop
Yes
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-10
11. 1. IPv6 Interface is going up
1. Initialize and check the Link-Local Address
2. Send a Router Solicitation (RS) message to get the
Autoconfiguration info from the Router Advertizements (RA).
Initialize and validate default Parameters and other Addresses
derived from the Prefixes learned from the Router Advertizement
(RAs)
3. Check if DHCPv6 must be used for Addresses ? Other
configurations ?
fe80::202:b3ff:fe1e:8329
To A’s Solicited node address FF02::1:FF1E:8329
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-11
12. Ubuntu performing DAD (NS) Captured
IPv6 Neighbor Solicitation
IPv6 Router Solicitation
message to the All-Routers
ff02::2
Neighbor
Solicitation
IPv6 Source address is ::
Dst address is the solicited
node multicast address:
ff02::1:ff30:3386
For address
fe80::20c:29ff:fe30:3386
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-12
13. Client Sends Request and get Autoconf parameters
Start
Derive the link-local
address Set Hop Limit,
FE80::[Interface ID] Reachable Time,
Retrans Timer, MTU
Send NS to the solicited
node multicast address Prefix Yes
derived from the link- Information A
local present ?
No
Yes B
NA received ? Stop
Managed
Address Yes
No Configuration
Flag = 1 ?
Initialize the link-local
No
Other Yes
Send RS Configuration Use DHCPv6
Flag = 1 ?
No No
RA Received ? Use DHCPv6
and exit Stop
Yes
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-13
14. 2. IPv6 Intf is Going Up!
1. Link-Local Address initialized and unique !
2. Send a Router Solicitation (RS) message to get the
Autoconfiguration info from the Router Advertizements (RA).
Initialize and validate default Parameters and other Addresses
derived from the Prefixes learned from the Router
Advertizement (RAs)
3. if Check DHCPv6 must be used for Addresses ? Other
conffigurations ?
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-14
15. DO NOT Block the RA on the Routers LAN intf to force
DHCPv6
If no RA is received, the client tries DHCPv6 and Exits
Autoconfiguration!
By default the RA are enabled on a LAN interface and disabled on a
Serial Point to Point.
RAs are very useful to provide many other important IPv6 parameters like a
default route, link MTU, the default Hop-Limit or the Neighbor Unreachability
(NUD) parameters and more.
For the clients to use DHCPv6:
Set the Managed Addr Config and Other Config flags.
IPv6 is not IPv4
Suppressing the RA will not convert IPv6 to IPv4
DHCPv6 cannot provide a default route !
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-15
16. To Accept RA on Linux clients
For Linux, it must be configured with sysctl command or
editing the /etc/sysctl.conf file.
Use sysctl -w or add in the /etc/sysctl.conf the
following config:
To Accept the RA use:
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-16
17. Router Advertisements (RA) information
• The Router is a candidate for default Route?
The Lifetime timers is how long a Router will remain a valid next hop without any refresh.
If Lifetime = 0, the router cannot be used as a default route
if Lifetime > 0, the Link-local IPv6 Address must be used as a default next hop.
The Router Lifetime applies only to the router's usefulness as a default router; it does not apply to information
contained in other message fields or options. Options that need time limits for their information include their own
lifetime fields. A router which can’t be used as a default router or shutting down sends a RA with Lifetime=0
The RA also contains a Router Preference: Low, Medium or High.
The router MAC Address is also provided in the SLLA Option.
• Other Important Configuration:
Hop Limit and MTU for the Link
Reachable Timer and Retransmit interval used by NUD
DNS Servers Addresses in the DNS Option (RFC6106)
A List of zero or more prefix(es) for SLAAC.
§ Should we also use of DHCPv6 for more Autoconfig?
Managed and Other Config Flags
Warning: RFC6104. Rogue RA !!!
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-17
18. ISP 6RD RG RA
Router Solicitation and
Router Advertisement
Router Advertisement
sent to the All-IPv6 Nodes multicast
ff02::1
Router Lifetime: 1800 secondes
Don’t modify the Reachable
Timer and the Retrans timer
Prefix Option:
2a01:e35:2f26:d340::/64
On-Link Bit Flag Set
Autonomous Bit Flag Set
Valid Lifetime: 86400 sec
Preferred Lifetime: 86400 sec
DNS Servers Option (RFC6106):
2a01:e00::1
2a01:e00::2
MTU Option:
1480 bytes
Source Link Layer Address
Option
f4:ca:e5:44:10:ef
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-18
19. Walking through the prefix list
A
Take the first
Yes Do not initialize
prefix NA
the stateless
Received ?
information address
No
Yes
On-Link Ignore Initialise the
Flag = 0 ? the prefix Stateless
address
No
Yes
Autonomous Ignore
Flag = 0 ? the prefix Other prefixes to No
process B
No
Preferred > Yes Ignore Yes
Valid the prefix
No
Yes
Ignore
Valid = 0
the prefix Go to next prefix
Derive the Stateless
address
Prefixe:[interface ID]
DAD Send NS to the
matching solicited
node multicast
address
ipv6 nd prefix <prefix/mask>[Valid]
[Preferred][no-advertise| off-link | no-autoconfig]
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-19
20. Client process the Optional RA Prefix(es) List
Each Prefix comes with:
§ The Length of the Prefix
§ 2 bits or Flags: the On-Link bit and the Autonomous bit
– Both flags MUST be SET for the Prefix to be used by SLAAC
A full Stateless 128 bits address can be derived from the prefix adding an Interface ID
– The 64 bits Interface ID can be built:
- From the MAC Address: EUI-64 format or
- With a Random Number if Privacy Extension is configured (RFC4941)
§ 2 Timers: the Preferred Timers and the Valid Timers.
– This is how long the addresses derived from the RA advertized prefix if learned from
SLAAC will remain in the Preferred and in the Valid States. These timers are also
managed when the addresses are allocated by a DHCPv6 Stateful Server.
– The Timers can be reset by the periodic RA, in this case, the unsolicited RA transmission
interval must be set to refresh the SLAAC derived addreses before they get deprecated or
invalid. The Timers can also be refreshed by DHCPv6 protocol.
– Statically configured IPv6 addresses have Infinite Preferred and Valid Timers.
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-20
21. Accept Prefixes from RA on Linux clients
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-21
22. The Client derives an Address from each Prefix
The Prefix is selected if both On-Link and Autonomous bits are set:
Use EUI-64: Interface ID is derived from the MAC Address
00 90 59 02 E0 F9
O 00 90 59 FF FE 02 E0 F9
Mac Address 48 bit
X=1 Unique
R 000000X0
X=0 Not Unique
Use Privacy Extension (RFC4941): Interface ID is selected randomly
On Windows
netsh interface ipv6 set privacy=enabled
On Mac OS X
sysctl net.inet6.ip6.use_tempaddr=1
On Linux
sysctl net.ip6.conf.if.use_tempaddr=2
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-22
23. Client checks if DHCPv6 must be used
Start
Derive the link-local
address Set Hop Limit,
FE80::[Interface ID] Reachable Time,
Retrans Timer, MTU
Send NS to the solicited
node multicast address Prefix Yes
derived from the link- Information A
local present ?
No
Yes B
NA received ? Stop
Managed
Address Yes
No Configuration
Flag = 1 ?
Initialize the link-local
No
Other Yes
Send RS Configuration Use DHCPv6
Flag = 1 ?
No No
RA Received ? Use DHCPv6
and exit Stop
Yes
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-23
24. 3. IPv6 Interface is going Up!
1. Link-Local Address Validated, IPv6 Intf is UP!
2. A Router Solicitation (RS) message was sent and a Router
Advertizements (RA) was Received. Initialize and validate the
default Parameters and other Addresses derived from the
Prefixes learned from the Router Advertizement (RAs)
3. Check if DHCPv6 must be used for more Addresses ?
DHCPv6 for other configurations ?
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-24
25. Clients check if DHCPv6 MUST be used
In each RA there are 2 flags to advertize the use of DHCPv6!
Managed Address Configuration Flag
The Managed Address or M flag tells the clients to use DHCPv6 to configure
IPv6 Address(es)
Actually when the M bit is set, DHCPv6 is used to request all the available
DHCPv6 configuration other information and the O is redundant
Cisco Interface config « ipv6 nd managed-config-flag »
Other Configuration Flag
The Other or O flag tells the clients to use DHCPv6 to configure everything but
the IPv6 addresses.
In this case the IPv6 Address(es) must be configured using SLAAC or manually
Cisco interface config « ipv6 nd other-config-flag »
DHCPv6 Cannot be used to configure a default route!
Some drafts exist but still no RFC!
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-25
26. IPv6 Autoconfiguration Modes
Stateless Address Autoconfiguration
§ NO DHCPv6, all the configuration is loaded with RA or or PPP
Statefull DHCPv6 Autoconfiguration
§ DHCPv6 provides addresses and other parameters (DNS, domaine
name, SIP…)
§ The Managed and the Other Config flags are set
Stateless DHCPv6 Autoconfiguration
§ SLAAC is used for address autoconfiguration
§ DHCPv6 for the other informations (DNS, Domain Name)
DHCPv6 Prefix Delegation
§ The CPE which is a DHCPv6-PD Client receives a block of address (IPv6
Subnet) from the SP, the DHCPv6-PD Server. This block can be
subnetted to configure multiple LAN interfaces. The CPE DHCPv6-PD
Client can also be a DHCPv6 Stateless server for instance.
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-26
27. Stateless Address AutoConfiguration
n RFC 4862, IPv6 Stateless Address Autoconfiguration
n RS/RA To request prefixes available to build addresses
n DAD to test the new addresses
n NO DHCPv6 Server required!
Autoconfiguration is configurable on Linux!
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-27
28. Statefull DHCPv6 Autoconfiguration
RA are still needed. Default Route cannot be provided by DHCPv6 !
Address and
Other parameters
are configured
from DHCPv6
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-28
30. DHCP Prefix Delegation
DHCPv6 PD Server allocates a block of addresses for
the DHCPv6-PD Client.
The block received by the client is then subnetted to
configure each interface
© Frédéric Bovy 30
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-30
31. DHCPv6-PD Client and DHCPv6 Stateless Server
Host
PE DHCPv6-PD Server DHCPv6-PD CPE DHCPv6 Lite
Client Server
ISP E1 E0
DHCP Client DHCP Server
ISP Provisioning System
1. CPE Sends DHCP Solicit with
ORO = PD
3. RADIUS Responds with 2. PE Sends RADIUS Request
User’s Prefix(es) for the User
4. PE Sends DHCP REPLY with Prefix
Delegation Options
6. Host Configures
5. CPE Configures Addresses from Addresses Based on
The Prefix on Its Downstream the Prefixes Received
Interfaces, and Sends an RA. in the RA. As the O-bit
O-bit Is Set to On Is on, It Sends a DHCP
Information-request
Message, with an
7. CPE Sends a DHCP REPLY
ORO = DNS
Containing Request Options
AAA DHCP ND/DHCP
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-31
32. Autoconfiguration for 6RD CPEs
6rd 6rd
IPv4 + IPv6
IPv4 + IPv6 IPv4 + IPv6
Core
IPv4 + IPv6
BR
RG
IPv4
RG Configuration can be pushed via DHCP Option 212, RFC 5969
- IPv4MaskLen
The number of high-order bits that are identical across all CE IPv4 addresses within a given 6rd domain. This may be
any value between 0 and 32. Any value greater than 32 is invalid.
- 6rdPrefixLen
The IPv6 prefix length of the SP's 6rd IPv6 prefix in number of bits. For the purpose of bounds checking by DHCP
option processing, the sum of (32 - IPv4MaskLen) + 6rdPrefixLen MUST be less than or equal to 128.
- 6rdBRIPv4Address
One or more IPv4 addresses of the 6rd Border Relay(s) for a given 6rd domain.
- 6rdPrefix
The service provider's 6rd IPv6 prefix represented as a 16-octet IPv6 address. The bits in the prefix after the
6rdPrefixlen number of bits are reserved and MUST be initialized to zero by the sender and ignored by the receiver.
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-32
33. Remember the Preferred state !
n This is the « NORMAL » state for an address in production.
Each address has the two timers constantly updated from the
system clock: Preferred and Valid
As long as the derived Address is refreshed with RA Prefixes or the
allocated address is reniewed by DHCPv6, the address state will
remain Preferred!
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-33
34. Autoconfigured addresses have a finite
Valid and Preferred Lifetime
When the Interface has been started and is used by IPv6,
each address which has been autoconfigured only has a
limited Preferred and Valid Lifetime.
• Addresses derived from a Prefix Option advertized in a
RA must be refreshed by another RA annoucing the
same prefix with same or different Preferred and Valid
Lifetime
• Addresses which are allocated by DHCPv6 also have
a Valid and a Preferred Lifetime which must also be reset
by DHCPv6 Reniew.
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-34
35. Refreshing the SLAAC Addresses Timers
• An address which has been derived from a RA must
be refreshed by new RAs advertizing the same prefix
• The RA Interval must be consistent with the Preferred
and the Valid Timers for the addresses to be refreshed
in time
ipv6 nd ra-interval 200 seconds by default
ipv6 nd ra-lifetime 1800 seconds or 30 minutes default
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd prefix <prefix/mask>[Valid][Preferred][no-advertise| off-link | no-autoconfig]
• To Be used by SLAAC:
- The On-Link and Autonomous Bits Must be Set
- If Preferred Lifetime > Valid lifetime, ignore the Prefix
Information option.
A node MAY wish to LOG a system management ERROR in this case….
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-35
36. Update the Address Preferred and Valid Timers
• The preferred lifetime of each address is reset to the
Preferred Lifetime in the received advertisement.
• The Valid Lifetime depends on RemainingLifetime, the
remaining time to the valid lifetime expiration of the
previously autoconfigured address.
1. If the received Valid Lifetime is greater than 2 hours or greater than
RemainingLifetime, set the valid lifetime of the corresponding address to the
advertised Valid Lifetime.
2. If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix
Information option with regards to the valid lifetime. if SeND is used, the
Advertizes Valid Lifetime is used to update Valid Lifetime.
3. Otherwise, reset the valid lifetime of the corresponding address to 2 hours.
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-36
37. SLAAC Prefix Refreshed and Timers Updated by RA
2100
1900
Unsolicited Periodic RA
1600 RA Interval default: 200 seconds
RA Lifetime default: 1800 seconds
1400
Prefix: 2001:db8:4:1::/64
200s IPv6
On-Link, Autonomous
Preferred and Valid Timers Preferred:1800, Valid:2100
at the Workstations
RA are sent every 200 seconds +/-jitter
Preferred: 1600-200 = 1400 seconds
Valid = 2100 - 200 = 1900 seconds
SLAAC Timers just Before receiving the RA:
Preferred: 1600-200 = 1400 seconds
Valid = 2100 - 200 = 1900 seconds
After receiving the RA: 2001:db8:4:1::1/64 2001:db8:4:1::2/64
Preferred is reset to 1600 seconds initial timers: Preferred:1400, Valid:1900
Valid was 1900 seconds, RemainingLifetime= 1900 Preferred:1800, Valid: 2100
Received Valid = 2100 is greater than RemainingLifetime=1900 Same Principle than other Workstation
Just before receiving RA
So Valid Lifetime is reset to Received Valid Lifetime = 2100 Preference:1400, Valid: 1900
After Receiving the RA
Preference: 1800, Valid: 2100
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-37
38. Theses Timers are also in DHCPv6 Addresses
Addresses are coded as DHCPv6 Options
• IA Address Option (IADDR)
- The IA Address option is used to specify IPv6 addresses
associated with an IA_NA (Non Temporary) or an IA_TA
(Temporary).
- The IA Address (IADDR) option must be encapsulated in the
Options field of an IA_NA or IA_TA option.
- The Options field encapsulates those options that are
specific to this address.
preferred-lifetime
The preferred lifetime for the IPv6 address in the option, expressed in units of seconds.
valid-lifetime
The valid lifetime for the IPv6 address in the option, expressed in units of seconds.
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-38
39. Address Refreshed by DHCPv6-PD Renew
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-39
40. Principle of Renumbering for IPv6
Renumbering can be performed thanks to RA or DHCPv6
1. Old prefix is announced with Preferred Lifetime very
small or null and the new prefix with a normal
Preferred Lifetime
2. Hosts will have two prefixes
3. Addresses built from the old prefix will be deprecated
4. New connections use the new prefix
5. After some time, all the remaining connections will be
set on the new prefix
6. Router only announces the new prefix
7. Old prefix will be invalid
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-40
41. Renumbering Scenario using RA
Routers Configuration Valid
interface Ethernet0
ipv6 nd prefix 2001:db8:cafe:1::/64 43200 0 Preferred
ipv6 nd prefix 2001:db8:cafe:2::/64 43200 43200
Host
Preferred address: 2001:db8:cafe:2:1:4567:9f0:1
Deprecated address: 2001:db8:cafe:1:4567:9f0:1
Preferred Prefix: 2001:db8:cafe:2::/64
Deprecated Prefix: 2001:db8:cafe:1::/64
RA
© Frédéric Bovy 41
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-41
42. Mobile IPv6
• keep your home address anywhere you go
• Stay always online and only logout when you want to
not when you move to a new location
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-42
43. Mobile IPv6 for dummies…
Without Mobile IPv6
§ Everytime you visit a new access network, your network
applications must be restarted using a new socket (Src Address)
With Mobile IPv6
§ The user (MN) can roam from subnet to subnet getting a new
IPv6 address for each visited network but the same home network
address is always presented to the application! No need to restart
any session, you can stay always connected!
§ Without NAT session to keepalive, we don’t need to send a
packet on a regular basis to maintain NAT states! SW2
§ The fixed node (CN) always sends packets to the Home Network
Address and packets received by the fixed node (CN) are always
originated from the Mobile node Home Network Address!...
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-43
44. Mobile IPv6 is supported on Linux and Free BSD
§ For MAC OS X check KAME Free BSD
– KAME Mobile IPv6 How To
§ http://www.kame.net/newsletter/20031007/
§ Linux
– Project NATISBAD
– The KAME project ported to Linux
§ http://natisbad.org/MIPv6/#racoon
§ Windows
– Very limited support with Windows 7
– Only CN Mode w/o Route Optimization
netsh interface ipv6 set mobility correspondentnode=enabled
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-44
45. Mobile Node visits a new access network
§ MN must acquire its Care-of-Address (CoA)
§ Autoconfiguration with SLAAC or DHCPv6…as usual!
Mobile Node
acquires its Care of
Address from SLAAC
or DHCPv6
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-45
46. Mobile Node (MN) initializes its new location
§ The Mobile Node (MN) registers its CoA with the Home Agent
The Home Agent is Automatically discovered using an Anycast Reserved address.
§ MIPv6 Signaling uses an IPv6 Mobility Option in an IPSec ESP
protected tunnel ( )
§ An IPv6 in IPv6 IPSec Tunnel is setup between the Mobile Node
and the Home Agent
1
2
Mobile Node
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-46
47. Why the Applications don’t need to restart
their Transport Connection (i.e TCP)?
Mobile Node
Out Src Out Dst In Src In Dst Src @ Dst @
1) The HA replaces the COA
MN IPv6 HA IPv6 MN IPv6 CN IPv6 src addr with the the MN MN IPv6 CN IPv6
CoA @ Home @ @ IPv6 Home Address. Home @ @
Out Src Out Dst In Src In Dst Src @ Dst @
2) The HA replaces the HA
MN IPv6 CN IPv6 MN IPv6 dst addr with the the MN CN IPv6 MN IPv6
HA IPv6 @
CoA @ Home @ IPv6 Home Address @ Home @
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-47
48. Build a direct tunnel to bypass the HA?
1. The Corresponding Node (CN) must support Mobile IPv6 with
Route Optimization
2. The Mobile Node (MN) initiates this by sending a Binding
Update to the Corresponding Node (CN)
3. The Corresponding Node (CN) sends Keygen Tokens to the
Mobile Node (MN) at both its CoA and its Home Address.
If the MN receives both, it has proven its identity to the CN!
It receives a Binding Ack and the Tunnel setup!
te
Upda
Bin ding
in g Ac
k MN proves to the CN that it
Bind
receives the Keygen Tokens
© 2012 Fred Bovy. EIRL – IPv6 For Life! Node
Mobile IPv6AutoConfig—1-48
49. Why the CN Application receives packets of the MN
originated from the MN Home Network Address?
Mobile Node
The CN replaces the MN IPv6
CoA with the IPv6 Home @
Dst Opt Src @ Dst @
from the Destination Option:
MN IPv6 MN IPv6 CN IPv6 Datagram comes from the MN
Home @ CoA @
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-49
50. Why the MN Application receives a packet with
the Home Network Addr as the dst Addr?
Mobile Node
The MN replaces the MN IPv6 CoA with the MN IPv6 Home @ from the Routing
Option: Datagram is sent to the MN Home @
Src @ Dst @ Routing
CN IPv6 MN IPv6 MN IPv6
@ CoA Home @
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-50
51. Mobile IPv6 Applications Å
§ Proxy Mobile IPv6 (PMIPv6) for LTE and 4G
§ Mobile Router or Nemo
– RFC3963: NEMO Basic Support Protocol
– A router is moving with all its networks and connected hosts
– RFC5555: Mobile IPv6 Support for Dual Stack Hosts and
Routers
– UMIP Project on Linux
– http://natisbad.org/MIPv6/#umip
§ Ad Hoc dynamic mobile networks or Manet
– Nodes discover their neighbors dynamically and join the
network
§ Wireless Sensors Networks (6LoWPAN)
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-51
52. Proxy MIPv6 converts ND to MIPv6 Signaling
To offload the Mobile IPv6 Signaling and IPSec
Protection complexity from the Smartphones to
a Network device Local The LMA provides the
Mobility Mobile IPv6 HA function
Anchor
(LMA1)
The MN can be configured using SLAAC or DHCPv6
2
PBA/PBU Signaling must be protected with IPSec ! PBU
Data Protection is Optional PBA including the MN home network
Mobile prefixe(s)
Access
Gateway
(MAG1) 3
Mobile Node
MN1
1 RS
RA
4
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-52
53. The Mobile Router: Nemo
§ Mobile Router can receive a block of addresses from DHCPv6-PD
§ The Mobile Router Can be a Smartphone to provide access Internet
via 4G to local nodes with WiFi or Bluetooth access.
Home
Agent
Corresponding
Home Network IPv6 Internet node
WLAN
3G Network
NEMO
Router Dual Stack avec DSMIPv6
Bluetooth or WiFi
IPv4 IPv6
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-53
54. Mobile Ad Hoc Networking: Manet
With MANET, the nodes discover automatically configure their
neighbors and build a dynamic Network
To manage the neighbors a node can use:
– OSPFv3
Wireless
– EIGRP Uplink
What if these nodes have sensors?
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-54
55. Wireless Sensors Networks (6LoWPAN)
The Network of Sensors can be built dynamically
using Dynamic MANET On-demand for
6LoWPAN (DYMO-low).
Possible Applications:
• Localized weather monitoring
• Structural Health monitoring (Earthquake prone areas)
• Battlefield troop detection, movement
• Intelligent Transportation Systems (ITS)
• Green app: Building environment management
– Lights, HVAC, Security Access, smart power outlets, etc.
– Building demo - ~20% MRC cost savings
© 2012 Fred Bovy. EIRL – IPv6 For Life! IPv6AutoConfig—1-55
56. Thank you for attending!
This concludes IPv6 Autoconfiguration In-depth Presentation
Fred Bovy
IPv6 Forum Gold Certified Engineer
IPv6 Forum Gold Certified Trainer
CISCO 15 years CCIE #3013
CISCO 18 years CCSI #33517 (before was #95003)
Meet me on
Twitter: FredBovy
Skype: FredericBovy
Blog: http://www.fastlaneus.com/blog
Email: fred.bovy@fastlaneus.com