1. IPv6
Chapter 13

2. Objectives Discuss the fundamental concepts of IPv6
Describe IPv6 practices
Implement IPv6 in a TCP/IP network

3. Overview

4. IPv4 and IPv6 Internet Protocol version 4 (IPv4)
Created around 1979
32-bit IP address space ► four billion IP addresses
Allocation methods wasted addresses
Internet Protocol version 6 (IPv6)
128-bit addresses
Improved security, routing, other features
3.4 x 1038 addresses
Note (p. 359): If you really want to know how many IP addresses IPv6 provides, here’s your number: 340,282,366,920,938,463,463,374, 607,431,768,211,456.

5. Test Specific
IPv6 Basics

6. IPv6 Basics IPv6 and IPv4 differ in implementation
Addressing numbers work differently
Addressing numbers do not look alike
IPv6 always uses link-local addressing
Subnetting works differently

7. IPv6 Address Notation IPv6 address notation
128 bits written in hexadecimal 2001:0000:0000:3210:0800:200C:00CF:1234
Colon separator rather than the period used in IPv4
Quartet (or hextet) groups: 0000 to FFFF
Note (p. 359): For those who don’t play with hex regularly, one hexadecimal character (for example, F) represents 4 bits, so four hexadecimal characters make a 16-bit group.
Exam Tip (p. 359): CompTIA calls shortcuts for IPv6 addresses address compression.

8. IPv6 Address Notation: Shortcuts
Leading zeros can be dropped from any group
Example: 00CF becomes CF 2001:0000:0000:3210:0800:200C:00CF:1234 becomes 2001:0:0:3210:800:200C:CF:1234
A pair of colons (::) can represent a string of consecutive groups with a value of zero
Only one double colon allowed per address
Example: 2001::3210:800:200C:CF:1234
Note (p. 359): For those who don’t play with hex regularly, one hexadecimal character (for example, F) represents 4 bits, so four hexadecimal characters make a 16-bit group.
Exam Tip (p. 359): CompTIA calls shortcuts for IPv6 addresses address compression.

9. IPv6 Address Notation (cont’d.)
IPv6 loopback address
::1
Represents 0000:0000:0000:0000:0000:0000:0000:0001
IPv6 uses the “/x” Classless Inter-Domain Routing (CIDR) nomenclature
Example address and subnet for a typical IPv6 host: FEDC::CF:0:BA98:1234/64
Cross Check: Loopback (p. 360)
You learned about the IPv4 loopback address in Chapter 7, so check your memory as you read about the IPv6 loopback address here. What IP address or addresses could you use for a loopback address? When might you ping the loopback address? How would this differ from loopback testing discussed in Chapter 6?
Note (p. 360): The unspecified address (all zeroes) can never be used, and neither can an address that contains all ones (all Fs in IPv6 notation).

10. Link-Local Address Self-generated (in manner of IPv4 APIPA)
In implementation, the first 64 bits are always FE80::/64
Interface identifier: the second 64 bits
Since Windows Vista, Windows clients have generated a 64-bit random number
Old operating systems use a device’s MAC address to create an Extended Unique Identifier (EUI-64)
Note (p. 361): Although only the FE80::/10 denotes the link-local address, according to the Request for Comments that defined link-local addressing (RFC 4291), the next 54 bits have to be zeroes. That means in implementation, a link-local address will start with FE80::/64.

11. Figure 13.1 Link-local address in Windows 8.1

12. IPv6 Subnet Masks Function like IPv4 subnet masks
Last 64 bits are generated by the NIC
Maximum of 64 bits for the subnet
No subnet is ever longer than /64
IANA passes out /48 subnets to big ISPs
ISPs and others will borrow another 16 bits for subnetting
ISPs pass out /64 subnets to end users

13. The End of Broadcast IPv6 link-local address is a unicast address
Multicast has existed a long time
Multicast address: a set of reserved addresses designed to go to certain systems
In IPv4, used Class D addresses ( /4)
Only specific applications used multicast
In IPv6, several IPv6-only multicast addresses are added to get specific jobs done

14. Multicasting (cont’d.)
Multicast packets are encapsulated into Ethernet frames
Address E-xx-xx-xx are reserved for IPv4 multicast frame destination addresses
Address xx-xx-xx-xx is used on Ethernet frames encapsulating IPv6 multicast packets
Every computer sees the multicast frame
Only processed by computers set up to process the frame

15. Figure 13.2 Multicast to routers

17. Anycasting Used commonly in DNS
Every DNS server keeps IP addresses of root servers in a root hints file
Anycasting gives clusters of computers the same IP address
Routers use the Border Gateway Protocol (BGP) to determine the closest computer and sends to its anycast address

18. Global Unicast Addressing
A global unicast address is required for Internet access
An IPv6-capable gateway router passes out global IPv6 addresses
When booted, the computer sends out a router solicitation message looking for a router
The router tells the computer the prefix

19. Figure 13.3 Getting a global address

20. Global Addressing: An Example
An IPv6-capable computer boots and sends out a router solicitation message (FF02::2)
Router sends the prefix (2001:470:B8F9:1/64)
The computer takes the prefix and adds the interface identifier or EUI-64 address
Example EUI-64 address: 20C:29FF:FE53:45CA
Global address results from the combination: 2001:470:B8F9:1:20C:29FF:FE53:45CA
Exam Tip (p. 364): Computers using IPv6 need a global address to access the Internet.

21. Figure 13.4 IPv6 configuration on OS X

22. Figure 13.5 Enabling prefix delegation on a SOHO router (called DHCP-PD on this router)

23. No-Default Routers Most routers have a default path
Tier-one routers that connect to other tier-one routers cannot have any default route
Known as no-default routers
Huge routing table (500,000 routes)

24. Figure 13.6 No-default routers

25. Aggregation
Every router uses a subset of the next higher router’s existing routes
Reduces size and complexity of routing tables
Gives detailed geographic picture of Internet organization
IP address indicates location
Part of IPv6
Note (p. 366): Keep this formula in mind: A 48-bit prefix from upstream router + 16-bit subnet from default gateway + 64-bit unique number = 128-bit IPv6 address.

26. Figure Aggregation

27. Aggregation (cont’d.) How aggregation works
The default gateway gives the first 64 bits of the IP address to computers
The router gets its 48-bit prefix from the upstream router
The router adds its own 16-bit subnet
Tech Tip: Regional Internet Registries (p. 366)
The IANA doesn’t actually pass out IPv6 prefixes. This job is delegated to the five Regional Internet Registries (RIRs):
American Registry for Internet Numbers (ARIN) supports North America.
RIPE Network Coordination Centre (RIPE NCC) supports Europe, the Middle East, and Central Asia.
Asia-Pacific Network Information Centre (APNIC) supports Asia and the Pacific region.
Latin American and Caribbean Internet Addresses Registry (LACNIC) supports Central and South America and parts of the Caribbean.
African Network Information Centre (AfriNIC) supports Africa.

28. Figure 13.8 An IPv6 group of routers

29. Figure 13.9 Adding the first prefix

30. Figure 13.10 Adding the second prefix

31. Aggregation and Router Changes
Example: change from ISP1 to ISP2
The new ISP passes out a different 32-bit prefix
Example: 2AB0:3C05/32
The downstream routers make an “all nodes” multicast ► all clients get the new IP addresses
IPv6 address changes are rare but a normal aspect of using IPv6

32. Figure 13.11 New IP address updated downstream

33. Using IPv6

34. Enabling IPv6
Table 13.2 lists IPv6 status of popular operating systems
To check to see if IPv6 is running
ipconfig in Windows
ip addr in Linux or Mac OS X

36. Figure 13.12 IPv6 enabled in Windows 8.1

37. Figure 13.13 IPv6 enabled in Ubuntu 14.10

38. NAT in IPv6 NAT is not used in IPv6
All IP are addresses exposed to the Internet
IPv6’s huge address space makes IP scanning nearly impossible
IPsec is important for security
Security options beyond IPv6
Encryption
Firewall
Exam Tip (p. 369): There was a proposed version of NAT for IPv6 called NAPT-PT (an earlier version was called NAT-PT). You might see this as an incorrect answer on the CompTIA Network+ exam.

39. Figure 13.14 Angry IP scanner at work

40. DHCP in IPv6 DHCPv6 works differently than in IPv4 Two modes of DHCPv6
The IP address and subnet are received from the gateway router
DHCPv6 provides other information
Two modes of DHCPv6
Stateful - works like DHCP in IPv4
Stateless - only passes out optional information
Stateless is the norm
Note (p. 370): IPv6 DHCP servers use DHCPv6. This is not the sixth version of DHCP, mind you, just the name of DHCP for IPv6.
Cross Check: DHCP with IPv4 (p. 370)
You read about the IPv4 version of DHCP in Chapter 7, so check your memory now. How does DHCP work? What does a DHCP lease do for you? What happens if your computer can’t get to a DHCP server but is configured for DHCP?
Exam Tip (p. 370): There’s a push to get DNS server information added to IPv6 router advertisements. If this happens, the need for DHCPv6 might fall dramatically.

41. Figure 13.15 DHCPv6 server in action

42. DNS in IPv6 Most DNS servers now support IPv6 addresses
DNS servers supporting IPv6 use AAAA records

43. Figure 13.16 IPv6 addresses on DNS server

44. Moving to IPv6

45. Moving to IPv6 IPv4 and IPv6 Parts of the Internet ready for IPv6
Can run both IPv4 and IPv6 on your computers and routers at the same time
Parts of the Internet ready for IPv6
All root DNS servers support IPv6 resolution
Almost all tier-one ISP routers properly forward IPv6 packets
Routers and servers may not yet be IPv6-ready
Tech Tip: IPv6 Security (p. 371)
IPv6 is just now gaining wide support, so there are issues in connecting to the IPv6 world. IPv6 has potential security risks as well as less-than-perfect support with operating systems. Don’t connect to the IPv6 Internet on a mission-critical computer.

46. Figure 13.17 IPv4 and IPv6 on one computer

47. Figure The IPv6 gap

48. Tunnels IPv4-to-IPv6 tunnels bridge the gap
Encapsulate IPv6 traffic into an IPv4 tunnel to get to an IPv6-capable router

49. Figure 13.19 The IPv4-to-IPv6 tunnel

50. 6to4 tunnels
A tunneling protocol that enables IPv6 traffic to use the IPv4 Internet without having to set up explicit tunnels
Usually connects two routers directly
Normally requires public IPv4 address
Uses public relay routers
Addresses always start with 2002::/16

51. 6to4 tunnels (cont’d.) 192.88.99.1 is the 6to4 anycast address
Challenging to set up

52. 6in4 Also called IPv6-in-IPv4
One of the most popular tunneling standards
One of only two tunneling protocols that can go through a NAT

53. Teredo Tunnels NAT-traversal IPv6 tunneling protocol
Built into Microsoft Windows
Addresses start with 2001:0000:/32
Many people use third-party tool that supports 6to4 or 6in4
Try This! Using Teredo (p. 373)
If you’re using Windows XP (with Service Pack 1 or later) or later, you have nothing to lose but your chains, so try this! You can use Teredo to access the IPv6 Internet as long as you have access to the Internet normally and your computer is not part of a Windows domain; it’s possible to use Teredo on a domain, but the process gets a little ugly in my opinion.
Beware! Some home routers can’t handle Teredo, and many high-end routers are specifically designed to prevent this traffic (it’s a great way to get around many network defenses), so if Teredo doesn’t work, blame the router.
Here are the steps in Windows Vista or later:
1. Make sure the Windows Firewall is enabled. If you have a third-party firewall, turn it off.
2. Go to Start and type cmd in the Start Search box, but don’t press enter yet. Instead, right-click the command prompt option above and select Run as administrator.
3. From the command prompt, type these commands, followed by enter each time: netsh interface teredo set state client exit
4. Test by typing ipconfig /all. You should see an adapter called “Tunnel adapter Teredo tunneling pseudo-interface” (or something close to that) with an IP address starting with 2001.
5. Then type ping ipv6.google.com to make sure you can reach the Internet.
6. Open a Web browser and go to an IPv6 Web site, like or ipv6.google.com.
7. Remember, Microsoft loves to change things. If these steps don’t work, search for new instructions on the Microsoft Web site.

54. Miredo Tunnels
Open-source implementation of Teredo for Linux and other UNIX-based systems

55. Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Works within an IPv4 network
Adds IPv4 address to an IPv6 prefix for endpoints
Example address: 2001:DB8::98CA:200:
Other tunneling standards have more common IPv6 addressing structure
Note (p. 374): You rarely have a choice of tunneling protocol. The tunneling protocol you use is the one your tunnel broker provides and is usually invisible to you.

56. Tunnel Brokers Someone must act as the far endpoint
Must know the tunneling standard and how to connect to the endpoint
Create the actual tunnel
Usually offer a custom-made endpoint client
May use automatic configuration protocols
Tunnel Setup Protocol (TSP)
Tunnel Information and Control protocol (TIC)

57. Setting Up a Tunnel Each tunnel broker has its own setup
Read the instructions carefully
The text installation example uses Gogo6 client
Join and download at
Install the client
Enter the Gateway6 address, user name, and password
Click Connect, and you are now on the IPv6 Internet
Status tab shows IP information

58. Figure 13.20 Gateway6 Client Utility

59. Figure 13.21 Gateway6 Client Utility Status tab

60. Overlay Tunnels
Enables two IPv6 networks to connect over an existing IPv4 infrastructure, e.g., the Internet
The routers that connect the IPv6 networks to the IPv4 infrastructure:
Run dual stack—both IPv4 and IPv6
Can encapsulate the traffic from the local network into IPv4 packets

61. Overlay Tunnels (cont’d.)
Can connect an IPv4 client to an IPv6 network:
Using protocols—like 6to4, ISATAP, and others—or
By creating manual tunnels

62. IPv6 is Here, Really! IPv6 is happening now or will happen very soon
IPv4 addresses are all but exhausted
“The Big Switchover” is coming soon
Learn IPv6—it is important!