Monday, January 4, 2010

More IPv6 Updates

Hey Guys

Just to continue my IPv6 Love, a few other things I have found out:

1. Checksum field in Ipv6 headers is GONE, and is now mandatory field for UDP headers in IPv6

2. The "Base" IPv6 Header is quite small, there is now a new concept called "Extension headers" which include all the sort of "optional" info when required, for example, there is a "mobility' extension header, an ipsec extension header (well two seperate ones, AH and ESP to be exact) and a few others

3. Routers will now NOT fragment packets, packets must be fragmented at the source and will discover MTU size using path-mtu discovery

4. While i don't understand the details yet IPv6 will have a mechanism capable of sending packets up to 4.3!!! gigabits in size! Pretty funky


Now to bust some rumours:

autoconfig cannot send DNS information, so sorry guys not a replacement for DNS

One very cool thing it CAN do though is send multiple prefixes (or advertise multiple prefixes) and have a lifetime for those prefixes, so you can set
a prefix to expire over a certain period of time! (Pretty cool!)

You can assign two public prefix's to an interface, and using the "preference" of the prefix that you advertise you can make a particular prefix less desirable
and therefore while all traffic sent to that address will be replied to on that address, all new traffic sourced from the device will use the preferred interface address for the hosts

example:

int fa0
ipv6 nd 2001:db8:c18:1::/64 432000 0
ipv6 nd 2001:db8:c18:2::/64 432000 432000
the first paramater is lifetime and the second paramter is preference

in this example, hosts would source all new traffic from 2001:db8:c18:2::/64 (the remaining bits would be made up by there EUI-64 address)


But wow, things sure do get complicated, because an IPv6 Node can easily have more than two global addresses (infact, it has to have a few other kinds of addresses too)

First of all it must have an IPv6 Link Local Address

It may also have a unique local address (which as i discussed in a previous topic, is basically like your private network subnets like 192.168.1.0 now)

So, the question is where does it source the traffic from? it actually follows a set of rules to decide this

The first rule says use the smallest scope possible to reach the destination that is the same size as the destination. No thats not a riddle. Basically what that says is
if for example, im trying to reach another ULA network, i should use my ULA address, if i am trying to reach something locally, use my link local address, if i'm trying
to get out to something on the itnernet, use my global unicast address

(makes quite a bit of sense when you think about it!)

what if you have more than one global address?!?!?! THINK OF THE CHILDREN!

Slow down there cowboy, there are other rules to cover this:
The next method preffers a "preferred" address as i showed above

The next preference is to prefer an address assigned to the int that will actually be used, such as in the event of a local route

The final method is to find the closest source address to your destination address in terms of subnet using longest-match search.

Ipv6 has a much higher MTU, 68 Bytes vs 1280 Bytes

Something called Secure neighbor disocvery is somethign else I am looking forward to, basically.. people can't assign themselves addresses on your
network ;) no one will talk to them if they try to. Very Cool kind of like 802.1x

There is now also some huge updates to DHCPv6.

The concepts around this are actually really cool: Basically There are three parts that make up a DHCPv6 in IPv6:

A DHCPv6 Client
A DHCPv6 Server
A DHCPv6 relay


a router can be any of the above (although there are some restrictions to how much DHCP server stuff it can do.)

Now, one of the things I like in IPv6 with DHCP is the Relay function. You are probably all familiar with the IP Helper-address right? Just a super quick recap: If in an IPv4 network you have a DHCP server at your head office, and you want your clients at a remote office to use DHCP, you can use ip helper-address (or dhcp relay) so that a local DHCP server is not required, your clients will broadcast a DHCP request, the local router will see that DHCP request and forward it onto a server of your choosing, and the server will then unicast the reply back to your router which will then broadcast back a DHCP reply so your machine can pick up an address!

Example:


int fa0/1
ip address 10.1.1.1 255.255.255.0
ip helper-address 10.2.2.1
!

In this example, we have a subnet 10.1.1.0/24 which we want to provide DHCP for, so what we would do is setup a server with a scope for 10.1.1.0/24 and then point the router to this server (in our case 10.2.2.1) so it can intercept the DHCP requests

O.K.

So, what cool function does IPv6 provide? well a very funky feature is that in IPv6 the idea of "scope" is used pretty heavily, basically all addresses are "scoped" as either link-local, site-local or global unicast and this controls how far in a network they travel (it could be just on the local link (hence link local) within the organization (hence site-local) or even on the internet (hence global unicast.)

So, what some smart guy said was "hey, why don't we use the Site-local multicast prefix to make an address that all DHCPv6 servers in an organization listen on and have DHCP relays send there DHCP relay requests to that?"

This is really cool because it means you don't have to maintain a list of DHCP servers on your routers that you have setup to act as relays, you just tell them to relay and they will go ahead and send a multicast packet to this site-local dhcp server address and send back a reply!



No comments:

Post a Comment