IPv6 Allocation Policy and Procedure

Global IPv6 Summit in China 2007

April 13, 2007
Gerard Ross and Guangliang Pan

1
Future of Data Communication
3
 Internet Protocol
Transports a datagram from source host to destination,
possibly via several intermediate nodes (“routers”)

Service is:
Unreliable: Losses, duplicates, out-of-order delivery
Best effort: Packets not discarded capriciously, delivery
failure not necessarily reported
Connectionless: Each packet is treated independently

4
What is an IP address?

• Each host on a TCP/IP network is uniquely

identified at the IP layer with an address.
• An Internet Protocol (IP) address specifies
the location of a host or client on the
Internet.
• The IP address is also known as Protocol
address
• The IPv4 address is 32 bits long
• The IPv6 address is 128 bit long
 Problems of IPv4

 Addressing problem
 Routing Crisis
 End to End problem
 Security
 Mobility
 Performance
 Cost
Address Crisis
Routing Crisis
End to End problem
Mobility
Security Problem

11
IPv6 Features
1. Larger address space
2. Global reachability
3. Flexibility
4. Auto-configuration
5. Aggregation
6. Multi-homing
7. Efficient Routing
8. Scalability
9. Easy Mobility
10.Better security
IPv6

No more room in IPv4 Quite empty in IPv6

13
Larger Address Space

14
 Global Reachability
From 32 bits to 128 bits addresses enables:
– Global reachability:
• No hidden networks, hosts
• All hosts can be reachable and be "servers"

15
Flexibility
From 32 bits to 128 bits addresses enables:
– Flexibility

16
 Auto-Configuration
• "Plug and play"
– By autoconfiguration

17
06/07/21
 Aggregation
• Aggregation

18
06/07/21
 Multi-homing

19
06/07/21
 Efficient Routing

20
06/07/21
 Scalability

21
06/07/21
Easy Mobility

22
 End to End Security

23
06/07/21
Better Security

24
25
26
27
28
29
30
31
32
33
34
35
36
What Ever Happened to IPv5?
0 IP March 1977 version
(deprecated)
1 IP January 1978 version (deprecated)
2 IP February 1978 version A (deprecated)
3 IP February 1978 version B (deprecated)
4 IPv4 September 1981 version (current widespread)
5 ST Stream Transport (not a new IP, little
use)
6 IPv6 December 1998 version (formerly SIP, SIPP)
7 CATNIP IPng evaluation (formerly TP/IX; deprecated)
8 Pip IPng evaluation (deprecated)
9 TUBA IPng evaluation (deprecated)
10-15 unassigned
WONDERS WE CAN DO
WITH IPV6 !!

GIMEC - 38
IPv6 Applications in Agriculture Industry
IPv6 Applications in Transport System

40

GIMEC -
IPv6 Applications in UID

GIMEC - 41
IPv6 Applications Others!!
06/07/21
 Suggested Pilot Projects in Greenfield
Applications
 Rural Emergency Healthcare System
 Telemedicine
 Distance Education
 Power Generation and Distribution
 Logistics and Supply Chain

Different Ministries, Government Departments and Organizations

in Private Sector can come forward to Work on these and similar
Pilot Projects. 44
Rural Emergency Health Care

06/07/21
Rural Emergency Healthcare – Current Process
Caller in
distressPublic Switching
Telephone Network
Dispatch Officers
Dial
(PSTN)
(DO)
108
Doctor Doctor at
Contact
Central Co-ordination Contact Center Center and
Nurse in
Ambulances Ambulance co-
nearest to caller ordinate
located and guided over phone
to destination about
patient care
Ambulances located at strategic places in districts

Deficiencies in Today’s – Rural Emergency Healthcare scenario

(Communication only by Phone)
•Vital sign information sent on phone - Blood pressure, ECG, Temperature .. Etc.

•Doctor lacks the ability to see the patient’s visual condition

•Doctor provides Offline Healthcare on phone

•Ambulances manually called and guided over phone to destination

46
 IPv6 simplifies and enhances Rural Emergency Healthcare

Caller in
GPS helps
distress Locate
IPv6 Backbone
Ambulance,
guides
Dial Ambulance
108 Central Co-ordination Contact Center driver
To destination
Bio-sensors help
collect
Vital sign info which is
transmitted in real-
time
3
helping doctor provide G Wi-
effective healthcare
Max
Ambulances located at strategic places in districts

IPv6 Technologies – Rural Emergency Healthcare

•Bio-Sensors •Seamless Video-Conference
Confidential © Tech Mahindra

•IPv6 based Real-time Vital signs data •Automatic Vehicular Location System
transfer Benefits – IPv6 Rural Emergency Healthcare scenario

Real Time Patient Vital sign information collected by Bio Sensors– Blood pressure,
ECG, Temperature .. Etc,

Patient’s condition is seen in real time Video by Doctor - More effective diagnosis and
advice
2009

D.O. locates nearest Ambulance - using GPS Driver reaches destination faster via GPS 47
IPV6 Network of Urban
and Rural Hospitals

48
Hospital Network – Linking Urban & Rural Hospitals

PHC Rural
Health
Centre

IPv6 IPv6
Network Network

URBAN
HOSPITAL

PHC PHC

49
Rural Patient

Tele Health – Patient Seeking Medical Advice Remotely

50
Tele-Health Schematic using Mobile
Network
Sensors used to 2
Data
collect Patient Transmitted to
Condition and the Medical
Transmitted Server
using mobile
Immediate 4 IPv6
Feedback
phone

1 Analyzed Data
Transmitted to Nurse /
3 Doctor for advice

Patient Monitoring Team Health Care Provider

51
Distance Education

52
Distance Education

 Universalization
of Education

 Extending
Quality
Education to
Remote and
Rural Areas
IPV
6
 Partially mitigate
non availability
of good teachers
in sufficient
numbers

53
Power Generation and Distribution
 Indian Electricity Scenario
Power Supply Position (MW)
Demand Supplied Shortage %
2005-06 93255 81792 12.3%
2006-07 100715 86818 13.8%
2007-08 108866 90793 16.6%
2008-09 109809 96685 12%

AT&C (Aggregate Technical & Commercial Losses) ~ 33%

Objectives - APDRP (Accelerated Power Development and Reform

Programme of the GoI – Funded through PFC)

 Sustained Loss Reduction

 Reliable and Automated systems for collection of accurate Base
Line Data
 Today’s Scenario
 Electricity grid is “DUMB"
 Workers have to walk from house to house to read the electricity meter
 Utilities have no clue of power outage until customers call to complain.

Tomorrow’s Scenario ?
The electricity grid is “SMART” enough for –
 Remote collection of data – fully sensor based network
 Automatic load balancing, DSM and transfer of power from one region
to another
Automatic detection of outages
Flexible metering

What will make it possible ? IPv6

Smartgrid Schematic
Bidirectional, Intelligent Network
Using IPv6 for Smart grid Services

Advanced Metering Automatic meter Reading using sensors

Infrastructure

Business Analysis Analyze usage data to make decisions

Energy Management Grid monitoring and management
Services
Demand Side management Remote management of energy
demand, Load balancing

Distribution automation Optimize performance of Transmission

and Distribution assets

Remote equipment Ease of fault detection, maintenance

Monitoring
Telecommunications Can be provided as a service using the
power line infrastructure
IPv6 in Railways
IPv6 in Railways
How can Railways benefit from IPv6 deployment ?

Railways handles India’s largest supply chain consisting of

wagons, bogies, engines, processing centers, point of sale
terminals , millions of parcel objects each day

Service Automation

Connectivity

Addressability

Scalable Internet Platform

IPv6
Vision for Railways / Railtel

Highly optimized supply chain based on IP

technology (IPv6)

Very large scale telemetry and sensor network

enhancing railway safety (enabled by IPv6)

Railtel as an ISP (Broadband subscribers on IPv6)

NetCentric Warfare for
Defence
 Operational Processes and Effectiveness

06/07/21
 Impact on Missions and Functions

06/07/21
Advantages of NCW

• Power is increasingly derived from information sharing, information

access and speed

• Networked forces can be smaller in size

• When one unit gets into trouble
other units can quickly come to
its aid

• Difficult for enemy to attack a

spread out formation

• Fewer troops, lesser equipment

– cheaper warfare

• Sensor based networks – on-
site analysis of intelligence data
obtained through sensors –
quicker decision making in the
battlefield
When the forces are well connected
they can spread out over a larger
area thus reducing the chances of
fatal incidents wiping out the entire
troop at the same time
Intelligent Information Network

Communication
Platform
Weapons
IPv6 based
Intelligent
information
Network
Net
Ready
Nodes
Communication
Platform

Net Forces
Net
Ready Read
Nodes y
Node
s
 Thank You

70
06/07/21
 Overview

• Introduction to APNIC
• Policy development process
• IPv6 policy and procedures
• Obtaining IPv6 addresses
• IPv6 statistics

71
 Introduction to APNIC

72
 Internet Registry Structure

ICANN
(IANA)

APNIC ARIN LACNIC RIPE NCC AfriNIC

NIR LIR LIR

LIR ISP ISP

73
 Internet address management structure

• A common management system based on

consistent policies and procedures
– Defined by consensus of the community of
Internet network operators and users
– Implemented through an infrastructure
comprising the RIRs, NRO, ASO, IANA
(ICANN)
– RIRs are the only regional component of the
Internet infrastructure with a neutral,
permanent operational presence

74
 The RIR structure
• Five RIRs today
– Open
– Transparent
– Neutral and impartial

• Addresses distributed fairly

– Based on need
– No discrimination
• Not for profit membership organisation
– Membership open to all interested parties
– Bottom up, industry self-regulatory structure
• Policies developed by industry at large
– Through open policy processes
75
 What is APNIC?
• Regional Internet Registry (RIR)
for the Asia Pacific Region
– Regional authority for Internet Resource distribution
– IP addresses (IPv4 and IPv6), AS numbers, in-addr.arpa
delegation

• Membership-based organisation
– Established 1993
– Non-profit, neutral, and impartial

Not operations forum

Not standards development
76
 Policy development process

77
 Why a policy?
• Long term interests of the Internet require
prudent management of address space
• While address management is not a purely
‘technical issue’, mismanaged resources
can severely impact Internet operation
– routing tables
– filtering and accessibility
– imbalance of distribution

78
 Policy development
• Industry self-regulatory process
– Policy is developed by the AP Internet
community to suit needs of region
– Facilitated by RIR staff

• Policy implementation
– APNIC shares with its members and their
customers a collective responsibility
• RIR process
• ISPs and other affected parties

79
 IPv6 Policy Principles (Similar to IPv4)
• Address space not freehold property
– Understanding that globally unique address
space is licensed for use – not owned

• Routability not guaranteed

• Minimum allocation is defined

• Current state of IPv4 structure

(infrastructure and customers) can be used
to justify larger initial allocation
80
 Participation in policy development
• Why should I bother?
– Responsibility as an Internet community
member
• To be aware of the current policies for managing
address space allocated to you
– Business reasons
• Policies affect your business operating environment
and do change over time
• Ensure your ‘needs’ are met
– Educational
• Learn and share experiences
• Stay abreast with ‘best practices’ in the Internet

81
 Policy Development Process

Need
Anyone can participate
OPEN

Evaluate Discuss

‘BOTTOM UP’ TRANSPARENT

Implement Consensus

Internet community proposes All decisions & policies documented

and approves policy & freely available to anyone
82
 The policy development process

Need Discuss Consensus Implement

g)

) i od
us
t in

AM ort

s) on
si g

t
n

us
m al

us

en
on
us tin

M
io

ks er
ee

cu L

ns
re s

th ati
to ep

ns
ns

em
is M
ss
f o po

sc e

ee p
se

on t
di e

se
se

m en
w nt
be ro

rs
on

(8 me

on
on
P

(3 em
do
C
d

C
C

om

en

pl
w

Im
C

EC
(4

You can participate!

More information about policy development can be found at:
http://www.apnic.net/docs/policy/dev

83
 IPv6 policy and procedures

84
 IPv6 Address Policy
• IPv6 Address Allocation and Assignment
Policy
– http://www.apnic.net/docs/policy/ipv6-address-
policy.html
• APNIC guidelines for IPv6 allocation and
assignment requests
– http://www.apnic.net/docs/policy/ipv6-guideline
s.html

85
 Some definitions
• RIR – Regional Internet Registry
• NIR – National Internet Registry
• LIR – Local Internet Registry (Top level ISP)
• End Site defined as an end user of an ISP where
the ISP:
– Assigns address space to the end user
– Provides Internet transit service to the end
user
– Advertises an aggregate prefix route that
contains the end user's assignment
• POP – Point of Presence
86
 Allocation and assignment
Allocation
“A block of address space held by an IR (or downstream
ISP) for subsequent allocation or assignment”
• Not yet used to address any networks

Assignment
“A block of address space used to address an operational
network”
• May be provided to LIR customers, or used for an LIR’s
infrastructure (‘self-assignment’)

87
 IPv6 initial allocation
• Initial allocation criteria
– Plan to connect 200 end sites within 2 years
• Default allocation (“slow start”)
• Initial allocation size is /32
– Provides 16 bits of site address space
32
32 48 bits 128 bits
bits
bits

– Larger initial allocations can be made if justified

according to:
• IPv6 network infrastructure plan
• Existing IPv4 infrastructure and customer base
• License model of allocation
– Allocations are not considered permanent, but always
88
subject to review and reclamation
 IPv6 customer assignments
• Assignment /48 - /64 for all end sites (POP also
defined as end site)
– Defined in revised policy – effective19 March 2007
– Provides for up to 16 bits of space for subnets
48 bits 64 bits 128 bits

• Other assignment sizes

– /64 only one subnet
– /128 only one device connecting
• Larger assignments (to ISP)- Multiple /48s
– Should be reviewed by RIR/NIR
• Follow second opinion procedure

89
 IPv6 IXP assignment
• Criteria
– Demonstrate ‘open peering policy’
– 3 or more peers

• Assignment size: /48

– All other needs should be met through normal
processes
– /64 holders can “upgrade” to /48
• Through CNNIC / APNIC
• Need to return /64

90
 IPv6 Critical Infrastructure Assignment
• Organisations seeking assignment for
critical infrastructure must be an actual
operator of the network infrastructure
performing the following functions:
– root domain name system (DNS) server
– global top level domain (gTLD) DNS server
– country code TLD (ccTLDs) DNS server
– Regional Internet Registry (RIRs)
– National Internet Registry (NIRs)
* Minimum assignment size is /48
91
 IPv6 Multihoming Assignment (New)
• An organisation is eligible to receive a
portable assignment from APNIC if it:
- is currently multihomed with provider-based
addresses, or demonstrates a plan to
multihome within three months and,
- agrees to renumber out of previously
assigned address space.

* Minimum assignment size is /48

92
 Obtaining IPv6 addresses

93
 Where to request IPv6 addresses?
• 1. From your upstream ISP
– Receive an assignment or sub-allocation
– Address space is non-portable
• 2. From CNNIC
– CNNIC member
– Address space is portable
• 3. From APNIC
– APNIC member
– Address space is portable
Note: 6bone address is no longer available
94
 Request IPv6 addresses from APNIC
• Become APNIC member
– http://www.apnic.net/member/index.html
• IPv6 Allocation Request Form
– http://ftp.apnic.net/apnic/docs/ipv6-alloc-reque
st
• IPv6 Portable Assignment Request Form
– http://www.apnic.net/services/portable-assign/i
ndex.html

95
 How do I apply for IPv6 addresses?
Check your eligibility for IPv6 addresses

Read IPv6 policies

http://www.apnic.net/docs/policy/ipv6-address-policy.html
Read IPv6 guideline
http://www.apnic.net/docs/policy/ipv6-guidelines.html

Do you have an APNIC account?

If not, become an APNIC member or open a non-member
account

Complete an IPv6 address request form

Submit the form [email protected]

Questions:
email: [email protected]
Helpdesk chat: http://www.apnic.net/helpdesk
96
 IPv6 address request form

http://ftp.apnic.net/apnic/docs/ipv6-alloc-request.txt

97
 IPv6 address request form
• Requester template
– Name, email, acct-name, org-relationship:
• Network template
– Netname, descr, country, admin-c, tech-c,
remarks, changed, mnt-lower
• IPv6 usage template
– Services, cust-types, cust-network,
infrastructure, network-plan
• Additional information

98
 IPv6 statistics

99
 IANA IPv6 Allocations to RIRs
issued as /23s prior to Oct 2006

250

198
200

150

100
73

50

13
1 2
0
AfriNIC APNIC ARIN LACNIC RIPE NCC

100
 IANA IPv6 Allocations to RIRs
issued in Oct 2006

RIR IPv6 Address

AfriNIC 2C00:0000::/12
APNIC 2400:0000::/12
ARIN 2600:0000::/12
LACNIC 2800:0000::/12
RIPE NCC 2A00:0000::/12

Some /23s from the previous slide are incorporated in these /12s
101
 IPv6 Allocations RIRs to LIRs/ISPs
Yearly Comparison

160

140

120

100 AfriNIC
APNIC
80 ARIN
LACNIC
60 RIPE NCC

40

20

0
1999 2000 2001 2002 2003 2004 2005 2006 2007

102
 IPv6 Allocations RIRs to LIRs/ISPs
Cumulative Total (Jan 1999 – Mar 2007)

AfriNIC, 28, 2%

APNIC, 285, 23%

RIPE NCC, 629,

50%

ARIN, 233, 18%

LACNIC, 90, 7%

103
 APNIC allocations by economies

NZ VN MO PK
ID
PH 13 10 2 2 4
AP
7 1 BD
IN LK
2
11 1
TH
10 JP
95
PG
1
MY
12

HK
9
SG
6
AU KR
14 39
CN
19 TW
27

104
 APNIC annual allocations

60
53

50 48
45
41
40 37

30
26

20
15 13

10 7

0
1999 2000 2001 2002 2003 2004 2005 2006 2007

105
 APNIC allocations by sizes

300
261
250

200

150

100

50
6 3 1 4 1 3 1 2 3
0
/35 /32 /30 /29 /28 /27 /26 /22 /21 /20

106
 APNIC IXP assignments

All /48s except 4 are /64s

JP, 3

AU, 7 HK, 1

KR, 2

TW, 1

VN, 1
ID, 2
CN, 2 NZ, 2

107
 APNIC critical infrastructure
assignments (/32s)

NZ, 1
VN, 1
JP, 4
HK, 1

CN, 1

ID, 1
AU, 2
KR, 2 TW, 1

108
 Global IPv6 root routing table

Data as 1 April 2007 from

http://bgp.potaroo.net/v6/as1221/index.html

700
612
600
500
400
300
200
100 52
1 3 2 1 3 1 3 2 1 2 2 1 15
0
/19 /20 /21 /22 /24 /26 /27 /28 /29 /30 /32 /33 /34 /35 /48

109
 Questions?

»Thanks!

110
 Expanding the Internet:
The IPv4 to IPv6 transition
Global Mobile Internet &
IPv6 Next Generation Internet Summit 2009

Paul Wilson
Director General, APNIC

111
 Overview
• What is currently happening with the Internet?
– IPv4 address free pool exhaustion
– IPv6 transition
– Readiness of resource management policies
• The Internet without IPv6
• How is the APNIC community responding?
– IPv6 readiness survey
• Are you ready for these changes?
– What do you need to do?

112
Where do IP addresses come from?

Standards

Allocation
*
Regional Internet Registries (RIR) Allocation
distribute IPv4, IPv6, and AS numbers to
the Internet community

RIRs maintain accurate registration of Assignment

Internet resource usage for the community
End
user
* In some cases via an NIR, such as CNNIC, JPNIC etc.
Regional Internet Registries

The Internet community established the RIRs to provide

fair and consistent resource distribution and accurate
resource registration throughout the world.
 The policy development process
Need
Anyone can participate
OPEN

Evaluate Discuss

‘BOTTOM UP’ TRANSPARENT

Implement Consensus

Internet community proposes All decisions & policies are documented &
and approves policy available
The policy development process

Any concerns or questions?

Feel free to contact CNNIC or APNIC.

APNIC’s China Liaison Officer

　　　　 Guangliang Pan

　　　　 [email protected]
 Current policy discussions
• We are experiencing an important turning
point in the history of the Internet
• IPv4 allocation policies are changing
– Prop-50 IPv4 address transfers
• Deregulated transfers of IPv4 blocks
– Prop-69 Global policy proposal for the
allocation of IPv4 blocks to RIRs
• Redistribution of returned IPv4 address space
– Both reached consensus at APNIC27
• Now in final 8-week call for comments
• IPv6 allocation policies are stable
117
 IPv4 Address Space
Remaining Total: 256 x /8
at IANA
32 x /8
RIR
Allocations

Pre-RIR
Allocations

118 http://www.iana.org/assignments/ipv4-address-space/ as of 27/03/2009

 IPv4 consumption – Projection

Projected IANA Unallocated Address Pool Exhaustion: 20-May-2011

Projected RIR Unallocated Address Pool Exhaustion: 20-Sep-2012

119 http://www.potaroo.net/tools/ipv4/index.html as of 23 March 2009

 APNIC IPv4 allocations by economy

Unit: /8

120 http://www.apnic.net/stats/o3/ as of 26/03/2009

 APNIC IPv6 delegation by economy

Unit: individual delegation

121 http://www.apnic.net/stats/o3/ as of 26/03/2009

 How much IPv6 is deployed?
IPv6 routes IPv4 routes
1750 300,000

IPv6 ASNs IPv4 ASNs

1350 30,000

122 http://bgp.potaroo.net/ as of 26/03/2009

 What will happen to my company if my
ISP is not ready for IPv6?
• Researchers predict IPv4 legacy assets (client
PCs, servers, routers, switches, OSes, various
applications, etc) will remain for the next 10
years
– Dual-stack environment will persist for many years
to come
• IPv4 addresses will be assigned strategically
– Not everyone can receive global IPv4 addresses
– A large number of end users may be given only
IPv6 addresses at some point

123
 While a client is running
with IPv4 and IPv6…

Both IPv4 and

IPv6 are on

124
 …it receives both IPv4 and IPv6
addresses: dual-stack

Both IPv4 and IPv6 address are assigned

125
 So even if a service is only
available via IPv4…

✓
Your customers
can still use
your service

126
 But one day…
• In the future, many end users (that is, your
customers) will only receive an IPv6
address
– Many “clients” access the Internet via an IPv6
address
– So, if your web service is not ready via dual-
stack networks, what will happen?

127
 Simulating an IPv6-only client…

Turned off IPv4

128
 If your site is not ready for IPv6…

✗
End users
(your customers)
will move elsewhere

129
 So why aren’t we ready yet?
• It’s a simple business reality:
– Highly competitive environment
• A company will always spend its available resources on
profit-making activities
– Fundamental nature of IPv6
• No customers are currently demanding IPv6
• So, there is currently no pressing business case for
deploying IPv6
• However, IPv6 is the only path that enables
the Internet to continue to expand
– Large address space
– Simpler and cheaper with more efficient networks

130
 The challenge…
• IPv6 is not simply a substitute for IPv4
– The process may take more than 10 years
– “Dual-stack networks” will be in use for many
years
– IPv4 addresses will still be needed
• Need to consider long-term costs to
maintain IPv4-only networks
– Customer NAT and Carrier-Grade Nat
– Complex architecture and renumbering
– Complexity of applications
– Rising cost of IPv4 addresses
131
 National responses (AP region)
• China
– Telecommunication and Information Technology
Ten of 5 years development Plan (2007)
– China Next Generation Internet (CNGI) project
• The future development of the Internet through the early
adoption of IPv6
• Japan
– The IPv4 Address Exhaustion Task Force,
including industry and government
• Korea
– IPv6 Strategy Committee (2003)
– NIDA “IPv6 Promotion Plan II” (2007)
– Deployment of IPv6 in the public sector

132
RIR response
• IPv4 address management policies
– Numerous policy measures about the reclamation
of IPv4 space under discussion
• Transfer/trading (market) for address management
• Rationing, reserves, limiting demand
– Numerous new policies were implemented
• Use of final /8
• Ensuring efficient use of historical IPv4 resources
• IPv6 network deployment activities
– Address policies are established and stable
– Increasing promotion and awareness
– Putting preparations in place
– The time is right!
 APNIC IPv6 Readiness Survey 2009
• Have you deployed or
are you ready for
immediate IPv6
deployment?

• Does your
organization have a
formal plan to deal
with the deployment of
IPv6?

134
 APNIC IPv6 Readiness Survey 2009
• Has your organization
budgeted for future
resource allocation for
IPv6 deployment?

• Has your organization

allocated resources
(human or financial)
for IPv6 deployment?

135
The future…
• The Internet has already shown its ability to
evolve
– Those who are building the Internet need to be
aware of IPv4 consumption and IPv6 transition
• ISPs, content providers, vendors, applications
– Planning should start now, in detail, for the day
when there is not enough IPv4 address space
• Implementation plan, budget, and allocation of
resources
– A smooth transition is still possible
 Transition planning for content
providers: Multihoming via IPv6
• Obtain IPv6 address assignment
• Find an ISP that can provide you IPv6
connectivity
– Contract to secure IPv6 connectivity
– Use tunnels if necessary
• Find Internet exchange points that support
IPv6
• Peer with other IPv6 networks as much as
you can

137
 Transition planning for network
operators: Deploy IPv6 by 2010
• Your customers - for example, content
providers, enterprises etc - will eventually
demand IPv6 connectivity
– Be ready for them!
• Plan for deployment
– APNIC suggests that network operators and
service providers be prepared to support
customers and services using IPv6 by 2010
– Build IPv6 into regular product upgrade cycles
– Contact your vendors now!

138
 Transition planning for policy makers:
Support the industry
• Industry, regulators, and public policy makers
– Develop a coherent strategy to sustain the
transitional framework between IPv4 and IPv6
– Deploy IPv6 in government infrastructures, and
require it of your suppliers
– Encourage the continuing contribution of various
stakeholders in mutually supportive roles
• Keep up-to-date with topics of IPv4 address
exhaustion and IPv6 transition

139
 Need IPv6 addresses?

http://www.cnnic.cn

140
 Need IPv6 addresses?

Contact APNIC Helpdesk

[email protected]
Helpdesk chat

141
APNIC IPv6 Readiness Survey 2009
• APNIC should have a bigger role in
promoting IPv6 deployment within the AP
region
– Mean: 8.44, Standard deviation: 1.72
• Governments should require IPv6
compliance within entities under their
control
– Mean: 7.32 Standard Deviation: 2.38
 APNIC supports IPv6 deployment
• APNIC IPv6 Program – since 2008
– Miwa Fujii <[email protected]>
– Rolling out various IPv6-related activities
– ICONS IPv6 Wiki and IPv6 ICONS Forum
• http://icons.apnic.net/display/icons/Home
• Your participation will help the Internet community
• APNIC meetings are open to everyone!
– Next meeting is in Beijing
http://www.apnic.net/meetings/28/
– Many thanks for CNNIC’s sponsorship
143
 APNIC 28: Beijing, China

http://www.apnic.net/meetings

24 – 28 August 2009

144
Thank You!

[email protected]
 Challenges in
IPv6 Address Management

Paul Wilson
Director General
APNIC

146
 What is an IP Address?

147
 “On the Internet,
nobody knows you’re a dog…”

148
by Peter Steiner, from The New Yorker, (Vol.69 (LXIX) no. 20)
 “On the Internet…”
you are nothing but an IP Address!

www.redhat.com
66.187.232.50

www.google.com
216.239.39.99 www.apnic.net
202.12.29.20

www.ietf.org
4.17.168.6 www.ebay.com
66.135.208.101
202.12.29.142

www.ebay.com
66.135.208.88 www.dogs.biz
209.217.36.32

www.doggie.com
198.41.3.45
www.gnso.org
199.166.24.5

149
 What is an IP Address?

IPv4: 32 bits

232 = 4,294,967,296 addresses

= 4 billion addresses

e.g. 202.12.29/24 (network address)

202.12.29.142 (host address)

IPv6: 128 bits

2128 = 340,282,366,920,938,463,463,374,607,431,770,000,000
= 340 billion billion billion billion addresses ?

e.g. 2001:0400::/32 (network address)

2001:0400:3c00:af92:: (host address)

150
 What is an IP Address?
• Internet infrastructure addresses
– Uniquely assigned to infrastructure elements
– Globally visible to the entire Internet
• A finite “Common Resource”
– Never “owned” by address users
• Managed globally under common policies
– To ensure globally cohesive Internet
– Policies developed by the Internet community
– Implemented by cooperative RIR system

• Not dependent upon the DNS

151
 IP addresses are not domain names…

The Internet

DNS

202.112.0.46
www.cernet.cn ?
2001:0400::

2001:0C00:8888::
My Computer www.cernet.cn
2001:0400::
152
 Why IPv6?

153
 Rationale for IPv6
• IPv4 address space consumption
– Now up to 10 years unallocated remaining
– More if unused addresses can be reclaimed
– These are today’s projections – reality will
definitely be different
• Loss of “end to end” connectivity
– Widespread use of NAT due to ISP policies
and marketing
– Additional complexity and performance
degradation
– “Fog on the Internet”
154
 The NAT problem

The Internet

ISP 61.100.0.0/16

61.100.32.0/26 61.100.32.128
(64 addresses) (1 address)

R NAT*

61.100.32.1 ..2 ..3 ..4 10.0.0.1 ..2 ..3 ..4

155
*AKA home router, ICS, firewall
 The NAT problem

Phone
Internet Network

NAT PABX
61.100.32.128 10 4567 9876

?
10.0.0.1 Extn 10
156
 How are IP Addresses managed?

157
 The early years: 1981 – 1992

1981:
“The assignment of numbers is also handled by Jon. If you are
developing a protocol or application that will require the use of a
link, socket, port, protocol, or network number please contact Jon
to receive a number assignment.” (RFC 790)
158
 IANA address consumption

16

14

12

10

0
1983 1984 1985 1986 1987 1988 1989 1990 1991
159
 Global routing table: ’88 – ’92

9000

8000

7000

6000

5000

4000

3000

2000

1000

0
Jul-88 Jan-89 Jul-89 Jan-90 Jul-90 Jan-91 Jul-91 Jan-92 Jul-92

160
 Global routing table: Projection

100000

90000

80000

70000

60000

50000

40000

30000

20000

10000

0
Jan-89 Jan-90 Jan-91 Jan-92 Jan-93 Jan-94 Jan-95 Jan-96

161
 The boom years: 1992 – 2001

1992:
“It has become clear that … these problems are likely to become critical
within the next one to three years.” (RFC1338)

“…it is [now] desirable to consider delegating the registration function to an

organization in each of those geographic areas.” (RFC 1366)
162
 IANA address consumption

16
16

14
14

12
12

10
10
various
assigned
88
ripencc
lacnic
66 arin
apnic
44

22

00
1983
1984
1985
1986
1987
1988
1989
1990
1991

1983
1992
1993
1994

1984
1995
1996

1985
1997
1998

1986
1999
2000

1987
2001
2002
2003
1988

2004

2005
1989 1990 1991
163
 Global routing table

Sustainable
growth?

“Dot-Com”
boom

Projected routing
table growth
without CIDR

CIDR
deployment

164 http://bgp.potaroo.net/as1221/bgp-active.html
 Recent years: 2002 – 2005

2004:
Establishment of the
Number Resource Organisation

165
 IPv4 distribution – Global

Reserved APNIC
36 16 ARIN
Historical
14% 6% 22
89 LACNIC
35% 9% 2
1%

RIPENCC
16
6%

Unused
75
29%

166
 IPv4 distribution – Regional

3.00

2.50

2.00
apnic
1.50 arin
lacnic
ripencc
1.00
afrinic

0.50

0.00
1999 2000 2001 2002 2003
2004
2005
167
 IPv4 Allocations – Global top 10

5
4.5
4 ES
3.5 NL
CA
3
FR
2.5 DE
2 KR
1.5 UK
CN
1
JP
0.5 US
0
199319941995
19961997 1998
1999 2000
2001 2002
2003 2004
2005
168
 IPv4 allocations – CN

1.2

1.0

0.8

0.6

0.4

0.2

0.0
199319941995
19961997 1998
1999 2000 2001
2002 2003
2004 2005

169
 IPv4 lifetime

n s
a tio
lloc s
a on
IAN
A
cati t e d
all
o rou
RIR s es
d res
Ad

Reclamation?

Historical Data Projection

170 http://bgp.potaroo.net/ipv4
 Regional Internet Registries

171
 What are RIRs?
• Regional Internet Registries
– Industry self-regulatory bodies
– Non-profit, neutral and independent
– Open membership-based structures
• Internet resource allocation and registration
– Primarily, IP addresses – IPv4 and IPv6
• Policy development and coordination
– Open Policy Meetings and processes
• Training and outreach
– Training courses, seminars, conferences…
• Publications
– Newsletters, reports, web site
172
 What is APNIC?
• RIR for Asia Pacific region
– Established 1993, Tokyo
– 1010 members in 45 of 62 AP economies
– 45 staff, 18 nationality/language groups
• National Internet Registry structure
– All NIR follow same policies
– Very close cooperation with CNNIC and others
• Other activities
– Liaison: IETF, APT, PITA, APEC, ISP-A’s
– ITU Sector Member
– UN ECOSOC consultative status
– Deployment of rootservers…

173
 Internet infrastructure support

• ‘Anycast’ root server

deployments
– Substantial funding by
APNIC
– Working with root
operators (F, I, K, M)
– 10+ deployed to 2004
– Work in progress KL

• AU (K), JP (K), IN, SG, I

KH, PK, CN
• Beijing
– 90% of queries now
handled locally
174
http://www.apnic.net/services/rootserver
 What is APNIC?

175
 IP Address Policies

176
 IP address management policies
• Fundamental technical principles
– Provider-based addressing
– Objective demonstrated need
– Conservation, aggregation and registration
• Administrative policies
– “Common resources” – not owned
– Management in common interest
– First-come-first-served allocation
• Constantly evolving through policy process
– By consensus of Internet operator community
– Process is open to all interested parties
177
 RIR policy coordination

Need
Anyone can participate
OPEN

Evaluate Discuss

‘BOTTOM UP’ TRANSPARENT

Implement Consensus

Internet community proposes All decisions & policies documented

and approves policy & freely available to anyone
178
 Global policy coordination
• Local actions have global impact
– Consumption or wastage of common resource
– Global routing table growth
• Bad behaviour can isolate entire networks and
countries
– E.g. Spam and hacking
• Inconsistent policies also cause global effects
– E.g. Fragmentation of IP address space
– If widespread, Internet routing is fragmented
– End of global end-end routability
• Address policies must be globally consistent
– RIRs work hard to ensure this
179
 Recent proposals
• IPv6 reservations for all countries
– Based on fair measure (population)
– Could help to ensure fairness in future
– Technical impacts need to be studied
• IPv6 allocations to all countries
– Strong risk of diverging policies
– 250 different policy systems?
– Likely to seriously impact global Internet
• Parallel allocation systems
– Competing systems may exhaust limited IP address
resource
– Implications should be studied

180
 Summary

181
 IP address policy
• A global internet needs global policy
– RIRs and NRO achieve this
– 10+ years of successful experience
• Policy fragmentation
– Internet fragmentation, loss of global routing
• IPv4 has a long history
– Result of early allocations is unfair distribution
– RIRs have ensured that current allocation policies are
fair to all
• IPv6 is being managed better from the start
– RIR system is responsible and fair
– Policy will continue to evolve with the Internet

182
 IPv6 – Internet for everything!

183
 IPv6 – Summary
• The good news…
– IPv6 is available now!
– IPv6 addresses are very easy to obtain
• The not so good news…
– Complexity: cost and learning curve
– Demand? Do users want it? “Chicken and Egg”
• The reality: A long transition
– “Changing engines mid-flight”
– Long process – 10 years to complete?

• The critical message: Start now!

184
 Thank You

185
IPv6 Addressing
What is an IP address?

• Each host on a TCP/IP network is uniquely

identified at the IP layer with an address.

• An Internet Protocol (IP) address specifies the

location of a host or client on the Internet.

• The IP address is also known as Protocol address

• The IPv4 address is 32 bits long
• The IPv6 address is 128 bit long
IPv4 Address Scheme

• This is how the IPv4 address is seen by a

machine on internet
11001010000011100100000000000001
• For human understanding the 32 bits of IP
address are separated into 4 bytes of 8 binary
digits
• Each binary byte is converted into decimal
and is separated by a dot hence also known
as Dotted Decimal Notation
• How we see an IP address?
202.14.64.1
IPv4 Address Scheme

32 Bits
Network Host

8 Bits 8 Bits 8 Bits 8 Bits

172 . 16 . 122 . 204

• In decimal the address range is 0.0.0.0

to 255.255.255.255
• The IP address is of the form
<networkID,hostID>
Variable Length Subnet Mask
• To know the identity of a node

• Subnet mask

• Network id

• Broadcast address

190
Private Address Space

• IANA has reserved the following three blocks of

the IP address space for private internets (RFC
1918):
– 10.0.0.0 - 10.255.255.255
• 24-bit block
• Complete class-A network number
– 172.16.0.0 - 172.31.255.255
• 172.0001/0000.0.0-172.0001/1111.255.255
Set of 16 contiguous class-B network numbers
– 192.168.0.0 - 192.168.255.255
• 16-bit block
IPv6 Addressing
• IPv6 addresses
• Format
• Unicast
• Multicast
• Anycast
• Required Node Addresses

192
Addresses
• IPv4 = 32 bits
• IPv6 = 128 bits
– This is not 4 times the number of addresses
– This is 4 times the number of bits
– ~3.4 * 1038 possible addressable nodes
– 1030 addresses per person on the planet
– we will be using only a portion of the full address space

193
Address Format
• x:x:x:x:x:x:x:x
– Where x is a 16 bits hexadecimal field
• 2001:0000:1234:0000:0000:C1C0:ABCD:0876
• Case insensitive
• 2001:0000:1234:0000:0000:c1c0:abcd:0876
• Leading zeros in a field are optional:
• 2001:0:1234:0:0:C1C0:ABCD:876

194
Address format
 Successive fields of 0 are represented as ::, but only once
in an address:
Example
– 2031:0000:130F:0000:0000:09C0:876A:130B
• Can be represented as 2031:0:130f::9c0:876a:130b
• Cannot be represented as 2031::130f::9c0:876a:130b
 Other examples:
 – FF02:0:0:0:0:0:0:1 => FF02::1
 – 0:0:0:0:0:0:0:1 => ::1
 – 0:0:0:0:0:0:0:0 => ::

195
Representing IPv6 Address
• No more Netmask
• Represented by
Address / Prefix length (Similar to CIDR Representation in IPv4)
Where prefix length indicates the no of bits in the address that
have fixed values.
Prefix bits define the route or Subnet
2001:DB8:2A0:2F3B::/64 Subnet
2001:DB8:3F::/48 Summarized Route

196
Representing IPv6 Address
• IPv6 addresses consist of two parts: a 64-
bit network
• IPv6 prefix
addresses and a of
consist 64-bit host suffix.
two parts: a 64-
bit n
Network Interface ID
prefix
Identifies the network to
which host is connected

e.g. 3ffb:a:b:1::1/64
Network Part 3ffb:a:b:1
Interface identifier ::1

197
Representing IPv6 Address
 Lowest-order 64-bit field of unicast address may be
assigned in several different ways:
 auto-configured from a 64-bit EUI-64, or expanded from a 48-bit
MAC address (e.g., Ethernet address)
 auto-generated pseudo-random number RFC3041
(specifically designed to address privacy concerns)
 assigned via DHCP
 manually configured

198
IPv6 Interface Identifier

ALTTC/ BB Faculty 199

IPv6 Interface Identifier
Host A has the MAC address of 00-0D-5D-03-F9-CC
 Convert MAC address to EUI-64 (Extended Unique
Identifier) format:
– 00-0D-5D-FF-FE-03-F9-CC
 Complement the seventh bit of first byte:
– The first byte in binary form is 00000000. When the
seventh bit is complemented, it becomes 00000010
(0x02).
– 02-0D-5D-FF-FE-03-F9-CC
 Convert to colon hexadecimal notation
– ::020D:5DFF:FE03:F9CC
 The link-local address for the host is:
– FE80::020D:5DFF:FE03:F9CC
 The solicited-node address is:
– FE02::1:FF03:F9CC
ALTTC/ BB Faculty 200
IPv6 – LAN addressing

• Every LAN segment receives a /64

– Providing 264 interface addresses per LAN

/64

201
Types of IPv6 Addresses

• IPv6 addresses of all types are assigned to

interfaces, not nodes.
– A node is identified by any unicast address assigned
to any of its interfaces.
– A single interface may be assigned multiple IPv6
addresses of any type: unicast, anycast, or multicast.
Addresses in URL
• In a URL, it is enclosed in brackets
– http://[2001:1:4F3A::206:AE14]:8080/index.html

203
Address Types
• Unicast
– Unspecified
– Loopback
– Scoped addresses:
• Link-local
• Unique-Local
– Aggregatable Global:
• Multicast
– Broadcast: none in IPv6
• Anycast
• Addresses have lifetime
Valid and Preferred lifetime

204
 Types of IPv6 Addresses

• Like IPv4…
– Unicast
• Uniquely identifies a interface of an IPv6 nodee. A packet
sent to a unicast address is delivered to the interface
identified by that address.
– Multicast ( one to many communication)
• Identifies a group of IPv6 interfaces(belonging to different
nodes) .A packet sent to a multicast address is delivered to all
interfaces identified by that address.
• Enables more efficient use of the network.
– Anycast: (one to one of many communication)
• Identifies multiple interfaces. (typically belonging to different
nodes). A packet sent to an anycast address is delivered to
single interface- the nearest interface that is identifiedby the
address the "nearest" one, according to the routing protocols'
measure of distance).
 Anycast
Anycast
Node N
Anycast
Node M

Anycast
NET
Node O
C
NET
A

NET B NET D
Node X

Anycast
Node P
 What is not in IPv6

• Broadcasts in IPv4
Interrupts all devices on the LAN even if the
intent of the request was for a subset
• Broadcasts in IPv6
– There is no broadcast in IPv6.
– This functionality is taken over by multicast.
• A consequence of this is that the all 0’s and all 1’s
addresses are legal.
• There are others also we will see later.
Unspecified
• Used as a placeholder when no address available
– Initial DHCP request
– Duplicate Address Detection (DAD)
• Like 0.0.0.0 in IPv4
0:0:0:0:0:0:0:0 or ::

208
Duplicate Address Detection

A B

ICMP type = 135

Src = 0 (::)
Dst = Solicited-node
multicast of A Data = link-layer
address of A
Query = what is your link
address?

Duplicate Address Detection (DAD) uses neighbor solicitation

to verify the existence of an address to be configured.
Loopback
• Identifies self
• Localhost
• Like 127.0.0.1 in IPv4
• 0:0:0:0:0:0:0:1 or ::1
• To find if your IPv6 stack works:
– Ping6 ::1

210
Link-Local Addresses

 Link-local addresses have a scope limited to the link and are dynamically
created on all IPv6 interfaces by using a specific link-local prefix FE80::/10
and a 64-bit interface identifier.
 Link-local addresses are used for automatic address configuration, neighbor
discovery, and router discovery. Link-local addresses are also used by many
routing protocols.
 Link-local addresses can serve as a way to connect devices on the same local
network without needing global addresses.
 When communicating with a link-local address, you must specify the outgoing
interface because every interface is connected to FE80::/10.

211
 Link-Local

• Scoped address (new in IPv6)

• Scope = local link (i.e. VLAN, subnet)
– Can only be used between nodes of the same link
– IPv6 router never forward lonk local traffic beyond the link (i. e. can
not be routed).
• Automatically configured on each interface even in the
absence of all other unicast address
– Uses the interface identifier (based on MAC address)
• Format:
– FE80:0:0:0:<interface identifier>
• Gives every node an IPv6 address to start communications

212
Unique local address

• ULA is an IPv6 address in the block

fc00::/7 defined in RFC 4193.
• To be used for systems that are not
connected to the Internet.
• Divided into two /8 address groups
– assigned and random
– valid /48 prefixes are derived

213
 Unique local address
• ULA Features
• •Globally unique prefix.
• •Well known prefix to allow for easy filtering at site boundaries.
• •Allows sites to be combined or privately interconnected without
creating any address conflicts or require renumbering of interfaces
using these prefixes.
• •Internet Service Provider independent and can be used for
communications inside of a site without having any permanent or
intermittent Internet connectivity.
• •If accidentally leaked outside of a site via routing or DNS, there is
no conflict with any other addresses.
• •In practice, applications may treat these address like global scoped
addresses.
• •These addresses are also candidates for end-to-end use in some
classes of multihomingsolutions.
214
Types of Unicast Addresses
• Mapped IPv4 addresses
– Of form ::FFFF:a.b.c.d
– Used by dual-stack machines to communicate
over IPv4 using IPv6 addressing
• Compatible IPv4 addresses
– Of form ::a.b.c.d
– Used by IPv6 hosts to communicate over
automatic tunnels
Aggregatable Global Unicast Address

 Address scope is the whole IPv6 Internet

– Equivalent to public IPv4 addresses
 2001:DB8::/32 – documentation-only prefix

 Currently the following format under the

2000::/3 prefix is delegated by the IANA and
recommended in RFC 3177:

216
Aggregatable Global Unicast Addresses

Provider Site Host

3 45 bits 16 bits 64 bits

Global Routing Prefix SLA Interface ID

001

• Aggregatable Global Unicast addresses are:

– Addresses for generic use of IPv6
– Structured as a hierarchy to keep the aggregation
• See RFC 3513
6to4 and ISATAP Addresses

• 6to4 (RFC 3056) – WAN tunneling

/16 /48 /64

Public IPv4 address
2002 SLA Interface ID

•ISATAP (Draft) – Campus tunneling

/23 /32 /48 /64

2001 0410 00 00 5E FE IPv4 Host address

Registry
32 bits
ISP prefix
32 bits
Site prefix
Multicast
• Multicast = one-to-many communication ,with delivery to
multiple interface
• No broadcast in IPv6. Multicast is used instead, mostly on
local links
• Multicast is inherent to the IPv6 protocol
• Scoped addresses:
– Node, link, site, organisation, global
– No TTL as in IPv4
• Format:
– FF<flags><scope>::<multicast group>

219
Expanded Address Space Multicast Addresses
(RFC 3513)

128 bits
0 Group ID

1111 1111
T=0 a permanent IPv6 Multicast address.
Flags = T=1 a transient IPv6 multicast address
Flags
F F 0 0 0 T scope

8 bits 8 bits 1 = node

2=link
Scope =
5 = site
8=
organization
• Multicast is used in the context of one-to-
E= global

many.
 IPv6 Multicast Address
IP multicast address has a prefix FF00::/8 (1111 1111); the second
octet defines the lifetime and scope of the multicast address

ALTTC/ BB Faculty 221

Multicast assigned Addresses
• Some reserved multicast addresses:

Address Scope Use

FF01::1 Interface-local All Nodes
FF01::2 Interface-local All Routers
FF02::1 Link-local All Nodes
FF02::2 Link-local All Routers
FF05::2 Site-local All Routers
FF02::1:FFxx:xxxx Link-local Solicited-Node

222
 Solicited-Node Address
64 bits 64 bits

Unicast prefix Interface ID

24 bits

FF02:
0:0:0:0 :1:FF

 A multicast address to which Neighbor Solicitation messages are sent

 Formed by taking the low-order 24 bits of an address (unicast or
anycast) and appending those bits to the prefix
FF02:0:0:0:0:1:FF00::/104
– FF02:0:0:0:0:1:FFXX:XXXX

 Multicast address with a link-local scope

Solicited-Node Multicast Address

• For each unicast and anycast address configured there

is a corresponding solicited-node multicast
• Node MUST join the solicited node multicast address
group for each unicast address confiured
• This address is link local significance only

224
Solicited-Node Address

• Nodes that know the IPv6address of a host but not its

MAC address can use the solicited node multicast
address
• This is specially used for two purpose, for the
replacement of ARP(NDP), and DAD
• Avoids sending MAC broadcasts (FF-FF-FF-FF-FF-FF)
 Example:
– For IPv6 unicast address FD00::abcd:1234:5678 ,
the corresponding Solicited-node address is
FF02::1:FF34:5678
IPv6 Addressing Examples

LAN: 3ffe:b00:c18:1::/64

Ethernet0

interface Ethernet0
ipv6 address 2001:410:213:1::/64 eui-64
MAC address:
0060.3e47.1530
router# show ipv6 interface Ethernet0
Ethernet0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::260:3EFF:FE47:1530
Global unicast address(es):
2001:410:213:1:260:3EFF:FE47:1530, subnet is 2001:410:213:1::/64
Joined group address(es):
FF02::1:FF47:1530
FF02::1
FF02::2
MTU is 1500 bytes
 Router Interface

RouterA#show ipv6 interface fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::250:3EFF:FEE4:4C00
Global unicast address(es):
2001:410:0:1:250:3EFF:FEE4:4C00, subnet is 2001:410:0:1::/64
FEC0::1:0:0:1:1, subnet is FEC0:0:0:1::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF01:1 FF02::1:FFE4:4C00
MTU is 1500 bytes
<output omitted>

ALTTC/ BB Faculty 227

 Router Interface
 As shown in Example the interface automatically joins
several multicast assigned addresses.
 Meaning of each multicast assigned address:
 FF02::1—Represents all nodes and routers on the link-local.
 FF02::2—Represents all routers on the link-local.
 FF02::1:FF01:1—Solicited-node multicast address used for the
mechanisms that replace ARP. This address is also used by DAD.
One solicited-node multicast address is enabled for each unicast
address configured on the interface. Therefore, this address is the
solicited-node multicast address related to the unicast address
FEC0::1:0:0:1:1.
 FF02::1:FFE4:4C00—Solicited-node multicast address related to
the unicast address 2001:410:0:1:250:3EFF:FEE4:4C00.

228
Router Interface
Router Interface
Router Interface
Router Interface

ALTTC/ BB Faculty 232

Anycast
• One-to-one of many communication, with delivery to a
single (nearest ) interface: great for discovery functions
• Anycast addresses are indistinguishable from unicast
addresses
 Allocated from the unicast addresses space
 Some anycast addresses are reserved for specific uses
• Few uses:
 Router-subnet
 MobileIPv6 home-agent discovery
 discussions for DNS discovery

233
Required Node Addresses
• Any IPv6 node should recognize the following addresses
as identifying itself:
 Link-local address for each interface
 Assigned (manually or automatically) unicast/anycast addresses
 Loopback address
 All-nodes multicast address
 Solicited-node multicast address for each of its assigned unicast
and anycast address
 Multicast address of all other groups to which the host belongs

234
Required Router Addresses

Any IPv6 router should recognize the following addresses

as identifying itself:
– All the required node addresses
– All-routers multicast addresses
– Specific multicast addresses for routing protocols
– Subnet-router anycast addresses for the interfaces configured to
act as forwarding interfaces
– Other anycast configured addresses

235
IPv6 and Path MTU Discovery
• Definitions:
– link MTU a link’s maximum transmission unit,
path MTU the minimum MTU of all the links in a
path between a source and a destination
• Minimum link MTU for IPv6 is 1280 octets (68 octets for IPv4)
– On links with MTU < 1280, link-specific fragmentation and
reassembly must be used
• Implementations are expected to perform path MTU discovery
to send packets bigger than 1280 octets:
– for each dest., start by assuming MTU of first-hop link
– if a packet reaches a link in which it cannot fit, will invoke ICMP “packet
too big” message to source, reporting the link’s MTU; MTU is cached by
source for specific destination
• Minimal implementation can omit path MTU discovery as long
as all packets kept ≤ 1280 octets – e.g., in a boot ROM
 How to become IPv6 ready?
• Buy only new equipment that is IPv6 compliant
• New software must be IPv6 capable
• Make an inventory of all current hard-and
software
• Educate yourself via books, courses, and setup a
lab environment
• Replace hard-and software wherever required
• Setup IPv6 DNS servers for public servers

237
06/07/21
Thank You

238
Basic IPv6 Course

Training Course

August 2018
Schedul
e
09:00 - 09:30 Coffee,
11:00 - 11:15 Tea Break
13:00 - 14:00 Lunch
15:30 - 15:45 Break
17:30 End

2
4
Introductions
• Name
• Number in the list
• Experience with IPv6
• Goals

2
4
Overvie
w • IPv4?
• IPv6 Address Basics
• Getting it
• Exercise: Making Assignments
• IPv6 Protocol Basics
• Exercise: Addressing Plan
• IPv6 Packets
• Deploying
• Exercise: Configuring IPv6
• Real Life IPv6 Deployment
• Tips
2
4
IPv4?
Section 1
Reaching thenext
billion
• Around 4,157 billion Internet users now
- around 54,4 % of all people in the world

• Mobile phones are Internet devices

• The Internet of Things

- How will the Internet look like in 5 - 10 years?

24
4
The Internet of Things

Libelium Smart
World

http://www.libelium.com/top_50_iot_sensor_applications_ranking
© Libelium Comunicaciones Distribuidas S.L.

24
5
IANA IPv4
Pool
40%

30%

20%

10%

0%
2000 2001 2002 2003 2004 2005 2006
2007 2008 2009 2010 2011

24
6
IPv4 Exhaustion

“On 14 September 2012, the RIPE NCC

ran out of theirregular pool of IPv4”

24
7
Network Address
• Extends the capacity of the IPv4 address space
Translation
by sharing an IPv4 address between clients

• Fairly common technology, used everywhere

• Breaks the end to end connectivity model

• It doesn’t allow communication with IPv6!

• You are probably going to need it in some form

24
8
Large Scale
NAT
NAT44
Box
Home
User
private
IPv4
NAT44 NAT44
Home Box Box
private
User Privat
IPv4 IPv4 Internet
e
IPv4
NAT44
Home Box
private
User
IPv4

CUSTOMER PROVIDE INTERNE

R T
24
9
IPv6 Address Basics
Section 2
IP AddressDistribution

Source: https://www.nro.net/statistics
Number Resource Organisation

25
IP AddressDistribution
/3 IANA

/12 RIR

/32 LIR

/48 /56 /48 End User

Allocation PA PI Assignment
Assignment
25
IPv6 Address
Basics• IPv6 address: 128 bits
- 32 bits in IPv4

• Every subnet should be a /64

• Customer assignments (sites) between:

- /64 (1 subnet)
- /48 (65,536 subnets)

• Minimum allocation size /32

- 65,536 /48s
- 16,777,216 /56s

25
Address
2001:0db8:003e:ef11:0000:0000:c100:004
Notation
d
2001:0db8:003e:ef11:0000:0000:c100:004
d
1 1 1
2001:db8:3e:ef11:0:0:c100:4d
0 1 1 1 1 0 0 0 1 0 0 0 1

25
IPv6
Subnetting
2001:0db8:0000:0000:0000:0000:0000:0000
64 bits interface
ID

/64
/60 = 16 /64

/56 = 256 /64

/52 = 4096 /64

/48 = 65536 /64

/32 = 65536 /48

25
Multiple address
types
Addresses Range Scope
Unspecified ::/128 n/a
Loopback ::1 host
IPv4-Embedded 64:ff9b::/96 n/a
Discard-Only 100::/64 n/a
Link Local fe80::/10 link
Global Unicast 2000::/3 global
Unique Local fc00::/7 global
Multicast ff00::/8 variable

25
IPv6 Address
Scope
GLOBA SIT
L E

LINK

INTERFAC
E

fe80::A:b:10 ff01:: 2001:67c:2e:1::c

0 2 1

FD00:A:B::10 FF05::1: ff02::

0 3 1

25
IPv6 Address Notation
Exercis
e
IPv6Notation - RFC
5952
• For more information, please read RFC 5952
“A Recommendation for IPv6 Address Text
Representation”

http://tools.ietf.org/html/rfc5952

21
Questions
Getting It
Section 3
Getting an IPv6
allocation
• To qualify, an organisation must:
- Be an LIR
- Have a plan for making assignments within two years

• Minimum allocation size /32

- Up to a /29 without additional justification
- More if justified by customer numbers and network extension
- Additional bits based on hierarchical and geographical
structure, planned longevity and security levels

262
Customer
Assignments
• Give your customers enough addresses
- Minimum /64
- Up to /48

• More than /48, send in request form

- alternatively, make a sub-allocation

• Every assignment must be registered in the

RIPE Database

263
Comparison IPv4 and
IPv6 status
IPv4 IPv6

ALLOCATED PA Allocation ALLOCATED-BY-RIR

Assignment ASSIGNED
ASSIGNED PA
Group of Assignments AGGREGATED-BY-LIR

SUB-ALLOCATED PA Sub-Allocation ALLOCATED-BY-LIR

ASSIGNED PI PI Assignment ASSIGNED PI

264
Examples
ASSIGNED
• One single network
• An individual customer
• Your own infrastructure

One assignment
=
ASSIGNED

265
Using
ASSIGNED
ALLOCATED-BY-RIR

ASSIGNED /56 ASSIGNED /48 ASSIGNED /64

• Represents one assignment

• Minimum assignment size is a /64
• For more than a /48, send a request form

266
Using ASSIGNED - Example
Object
inet6num: 2001:db8:1000::/48
netname: CUSTOMER-NET
country: NL
admin-c: ADM321-RIPE NOC123-
tech-c: RIPE ASSIGNED LIR-
status: MNT
mnt-by: 2015-05-31T08:23:35Z
created: 2015-05-31T08:23:35Z
last-modified: RIPE
source:

267
Examples AGGREGATED-BY-
LIR
• Group of customers
• Same assignment size

268
Using AGGREGATED-BY-
LIR
ALLOCATED-BY-RIR

AGGREGATED-BY-LIR
assignment-size: 56 /36
/56 /56 /56
/56 /56

• Can be used to group customers

- example: residential broadband customers

• “assignment size:” = assignment of each customer

269
Using AGGREGATED-BY-LIR - Example

inet6num: 2001:db8:1000::/36
netname: DSL-Broadband-Pool
country: admin- NL
c: tech-c: ADM321-RIPE NOC123-
status: RIPE AGGREGATED-BY-
assignment-size: LIR
mnt-by: notify: 56
created: LIR-MNT
last-modified: [email protected]
source: 2015-05-31T08:23:35Z
2015-05-31T08:23:35Z
RIPE

270
Examples ALLOCATED-BY-
LIR
• Reservation for a large customer
• Branch office or department

Large Branch Office

Customer

/48 /46 /48 /48 /36

Reservatio Delegatio
n n

271
Using ALLOCATED-BY-
LIR
ALLOCATED-BY-RIR

ALLOCATED-BY-LIR /36

ASSIGNED /52 ASSIGNED /48

• Can be used for customers with potential for growth

- or for your own infrastructure
- or to delegate address space to a downstream ISP

272
Using ALLOCATED-BY-LIR - Example
• inet6num: netname:
country: admin-c: tech-
2001:db8:50::/44
Branch-Office-Network
c: status:
NL
• mnt-by: NOC123-
ADM321-RIPE
• mnt-lower:
RIPE ALLOCATED-BY- notify:
created:
LIR LIR-MNT
• last-modified: source:
BRANCH-OFFICE-MNT
[email protected]
2015-05-31T08:23:35Z
2015-05-31T08:23:35Z
RIPE

273
Overvie
w
ALLOCATED-BY-RIR

AGGREGATED-BY-LIR
ASSIGNED /56 ALLOCATED-BY-LIR /44 assignment-size: 56 /36

ASSIGNE /48
D

274
Getting IPv6 PI
address space
• To qualify, an organisation must:
- Meet the contractual requirements for provider independent
resources
- LIRs must demonstrate special routing requirements

• Minimum assignment size: /48

• PI space can not be used for sub-assignments

- not even 1 IP address!

275
Unique Local
Addresses • Prefixes from fc00::/7
- Only from the fd00::/8 block

• Should not be routed on the Internet

• Generate a random 40-bit Global ID and insert it into

fdxx:xxxx:xxxx

Global ID: da24154e1d

Prefix: fdda:2415:4e1d::/48

276
Making Assignments
Exercis
e
Making Assignments
Exercise

Smart Home 6!
•20 minutes preparation time
•10 minutes discussion

27
Smart Home 6
IPv6 Internet
Network Diagram

LIR / ISP /64 /64

/64
2001:db8::/32
???
4G
wir /64 /64
po
int eles
-to s
-po
int
/64
/64 /64
/64

How much do you assign to

the whole smart home
network?
27
Solution RIPE
inet6num: 2001:db8:1000::/36
Database object
netname: descr: SMART-HOME-6
country: admin- Smart Home 6 network
c: tech-c: NL
status: RM1204-RIPE
assignment-size: RM1204-RIPE
mnt-by: AGGREGATED-BY-LIR
notify: created: 56
last-modified: LIR-MNT
source: [email protected]
2015-05-31T12:34:01Z
2015-05-31T12:34:01Z
RIPE

28
Solution RIPE
inet6num: 2001:db8:1000::/36
Database
netname:
object SMART-HOME-6
descr: Smart Home 6 network
country: NL
admin-c: RM1204-RIPE
tech-c: RM1204-RIPE
status: mnt- ALLOCATED-BY-LIR
by: mnt- LIR-MNT
lower: notify: SMART-CASA-MNT
created: [email protected]
last-modified: 2015-05-31T12:34:01Z
source: 2015-05-31T12:34:01Z
RIPE

28
IPv6 Protocol Basics
Section 4
IPv6Protocol
Functions
• Address Autoconfiguration
- Supported by Neighbor Discovery
- Stateless - with SLAAC
- Stateful - with DHCPv6

• Neighbor Discovery Protocol

- Replaces ARP from IPv4
- Uses ICMPv6 and Multicast
- Finds the other IPv6 devices on the link
- Keeps track of reachability

283
The Autoconfiguration
Process
1. Make a Link-Local address
2. Check for duplicates on the link
3. Search for a router
4. Make a Global Unicast address

284
Making aLink-Local
Address 48 bits - MAC Address

• Interface ID is made
from the MAC address
FF FE

fe80:: Interface ID

• fe80:: + Interface ID = Link-Local address for the host

285
Checking for
Neighbor Solicitation
Duplicates A
Hello! Is this IPv6 address in use?
Can you tell me your MAC address?

Neighbor Advertisement

B Hello! Yes, I’m using that IPv6 address.

My MAC address is 72:D6:0C:2F:FC:01

If nobody replies to the Neighbor

Solicitation, the host uses the generated
link-local address
286
Solicited Node Multicast Address

• Used in Neighbor Discovery Protocol for obtaining

the layer 2 link-layer (MAC) addresses

IPv6 unicast address

Prefix Interface ID Lower 24 bits

same bits
Solicited-node multicast address

ff02 0 1 ff Lower 24 bits

128 bits

287
Solicited Node Multicast Address
Hey! This message is for
ff02::1:ffd9:aa6f

Yes! That is for me!

288
Searching for
Router Solicitation
Routers
A
Hello! Is there a router out there?

Router Advertisement

Hello! I’m a router

and I have some
information for you…

The Router Advertisement gives the host more

information to get an IPv6 address and set up a
connection

289
Stateless Address Auto-Configuration

• The Router Advertisement message tells the host:

- Router’s address
- Zero or more link prefixes
- SLAAC allowed (yes/no)
- DHCPv6 options
- MTU size (optional)

Link Prefix Interface ID

Global Unicast IPv6

Address

290
Interfaces will have multiple addresses

• Unicast
- Link Local fe80::5a55:caff:fef6:bdbf/64
- Global Unicast 2001::5a55:caff:fef6:bdbf/64 (multiple)

• Multicast
- All Nodes ff02::1 (scope: link)
- Solicited Node ff02::1:fff6:bdbf (scope: link)

• Routers
- All Routers ff02::2 (scope: link)

291
Verifying
Reachability
Neighbor Solicitation

Hello! Are you still out there? Is A

your MAC address still valid?

Neighbor Advertisement

B Hello! Yes, I’m still online.

My MAC address is 72:D6:0C:2F:FC:01

If the target does not reply to the Neighbor

Solicitation, the sender removes the MAC address
from the cache

292
Redirect
s IPv6 Packet
A
This packet is for an IPv6
host.

Redirect

Hello! That destination you wanted?

I know a better way to reach it.

• Hosts can be redirected to a better first-hop router

• They can also be informed that the destination is a neighbor on the
link

293
Questions
Addressing Plans
Section 5
Why Create an IPv6 Addressing
Plan?
• Mental health during implementation(!)
• Easier implementation of security policies

• Efficient addressing plans are scalable

• More efficient route aggregation

29
6
IPv6 Address
• Your spreadsheet might not scale
Management
- There are 65.536 /64s in a /48
- There are 65.536 /48s in a /32

- There are 524.288 /48s in a /29

- There are 16.777.216 /56s in a /32
- There are 134.217.728 /56s in a /29

• Find a suitable IPAM solution

29
7
Addressing Plan
Exercis
e
Addressing Plan
Exercise• Things to consider
- administrative ease!
- use assignments on 4 bit boundary
- 2 possible scenarios for network
- 5 possible scenarios for customer assignments

• 20 minutes preparation time

• 10 minutes discussion

299
Network Diagram-
POPs
POP1 POP2

mail

sw 1 colo 1
www

cr1.pop1 cr1.pop2
proxy

colocated
customer
usene vlans
t

cr2.pop1 cr2.pop2
voip

sw 2 colo 2
DN
S
AR2

Point-to-Point Point-to-Point
switch layer 3 switch router customer 1 customer 2

300
Network Diagram-
POP1
POP1 POP2

mail

sw 1 colo 1
www

cr1.pop1 cr1.pop2
proxy

colocated
customer
vlans
usene
t

cr2.pop1 cr2.pop2
voip

sw 2 colo 2
DN
S
AR2

Point-to-Point Point-to-Point
switch layer 3 switch router customer 1 customer 2

301
Network Diagram-
POP2
POP1 POP2

mail

sw 1 colo 1
www

cr1.pop1 cr1.pop2
proxy

colocated
customer
vlans
usene
t

cr2.pop1 cr2.pop2
voip

sw 2 colo 2
DN
S
AR2

Point-to-Point Point-to-Point
switch layer 3 switch router customer 1 customer 2

302
Addressing
plans • /64 for each subnet
• Number of hosts in a /64 is irrelevant
• Multiple /48s per pop can be used
- separate blocks for infrastructure and customers
- document address needs for allocation criteria

• Use one /64 block per site for loopbacks

303
More on Addressing
Plans
• For private networks, consider ULA
• For servers you want a manual configuration

• Use port numbers for addresses

- pop server 2001:db8:1::110
- dns server 2001:db8:1::53
- etc…

304
Questions
IPv6 Packets
Section 6
IPv6 Header Format
• Fixed length
- Optional headers are daisy-chained

• IPv6 header is twice as long(40

bytes) as IPv4 header without
options (20 bytes)

307
IPv6 Header
IPv4 Header IPv6 Header
Type of
Version IHL Total Version Traffic Class Flow Label
Service
Length
Identification Flags Fragment Payload Length Next Header Hop Limit
Offset
Time to Protocol Hea der Checksum
Live
Source Address
Source
Destination Address
Address

Option Padding
s

LEGEND Destination
Address
Field’s name kept from IPv4 to IPv6

Field not kept in IPv6

Name and position changed in IPv6

New field in IPv6

308
IPv6 Header
• Optional fields go into extension headers
• Daisy-chained after the main header

IPv6 Header
TCP Header Data
Next Header: TCP

IPv6 Header Routing Header

TCP Header Data
NextHeader:
Next Header: Routing Next Header:TCP
TCP

IPv6 Header Routing Header Fragment Header

TCP Header Data
Next Header: Routing Next
NextHeader:
Header:TCP
Fragment Next Header: TCP

309
Common Headers
• Common values of Next Header
- 0 Fields:
Hop-by-hop option (extension)
- 6 TCP (payload) UDP (payload) Routing
- 17 (extension)
- 43 Fragmentation (extension)
- 44 Encrypted Security Payload (extension)
- 50 ICMPv6
- 58

310
Fragmentation
• Routers don’t fragment packets withIPv6
- More efficient handling of packets in the core
- Fragmentation is being done by host

• If a
packet is too big
for
next hop:
- “Packet too big” error message
- This is an ICMPv6 message
311
Path MTU Discovery
• A sender who gets this “message-too-big”
ICMPv6 error tries again with a smaller
packet
- A hint of size is in the error message
- This is called Path MTU Discovery

MTU MTU MTU MTU Web

Server
1500 1492 1280 1500

312
Ordering of Headers
• Order is important:
- Only hop-by-hop header has to be processed by every
node
- Routing header needs to be processed by every router

- Fragmentation has to be processed before others at the

destination

313
Broadcast
• IPv6 has no broadcast
• There is an “all nodes” multicast
group
- ff02::1

• Disadvantages of broadcast:
- It wakes up all nodes
- Only a few devices are involved
- Can create broadcast storms

314
Neighbor Discovery
• IPv6 has no ARP
• Replacement is called Neighbor
Discovery
- Uses ICMPv6
- Uses Multicast

• Every ARP request wakes up every node

• Each ND request only wakes up a
few nodes
315
Neighbor Discovery
• ND is used by nodes:
- For address resolution
- To find neighboring routers
- To track address changes
- To check neighbor reachability
- To do Duplicate Address Detection

• ND uses 5 different ICMPv6 packet

types
316
Neighbor Discovery Protocol

• Router Sollicitation - ICMPv6 Type 133

- Hosts sends an ICMPv6 message to inquire if there is a
router on the link

Is there a
router?

317
Neighbor Discovery Protocol
• Router Advertisement - ICMPv6 Type 134
- Routers advertise their presence periodically or in response
to a Router Solicitation message
- Has a lot of important information for the host

Yes, I am
here!

318
Neighbor Discovery Protocol
• Neighbor Solicitation - ICMPv6 Type 135
- Sent by a node to find the MAC-address of the neighbor, or
to check if the neighbor is still reachable

Are you still

there?

319
Neighbor Discovery Protocol
• Neighbor Advertisement - ICMPv6 Type
136
- A response to a neighbor solicitation message

Yes, I am still
here!

320
Neighbor Discovery Protocol
• Redirect - ICMPv6 Type137
- A router points the host to a better first hop router for a
destination

You can better go

see that guy over
there!

321
Questions
Deploying IPv6
Section 7
Assigning
Addresses
• Routers influence how hosts connect to network
• Several options:
- Manual configuration
- Router Advertisement only (SLAAC)
- RA + DHCPv6 (‘M’ flag on)
- RA + DHCPv6 (‘O’ flag on)
- RA (‘A’ flag off) + DHCPv6 (‘M’ flag on)

• Gateway is always provided by the RA

324
Router Advertisement
Options
• RA message is used to provide configuration info
- Default gateway address
- Which prefix(es) to use on the link? Prefix length?
- Is SLAAC allowed?
- Is DHCPv6 available? For address/options? Only options?
- What is the preference of a router on the link?
- DNS servers / Domain (optional)
- MTU size (optional)

RA: Network Configuration

325
Privacy Extensions for SLAAC&
CGA • Provides privacy for users
• Privacy Extensions changes the interface ID randomly over
time

• Cryptographically Generated Addresses (CGA) replaces the

interface ID with a cryptographic hash of the public key of the
address owner with other parameters

• Duplicate Address Detection ensures uniqueness

• In case of collision, a new address should be generated

64 bits stay the 64 bits

same
Random
Link Prefix Interface ID
Global Unicast IPv6
Address
326
DHCPv
6Host Route DHCPv
r 6
Server

Hello Router! Please provide IPv6 configuration.

Here you go! There is also DHCPv6 for you.

Hello DHCPv6 Server! Please provide IPv6

information.

Here is an IPv6 address, DNS servers, NTP server and

Domain!
Now I have enough info to
configure the IPv6
connection!

327
DHCPv
6• Used to give additional information like DNS servers
or to manage the address pool

• Router Advertisement message contains hints

- If “managed” flag = ‘1’ ‹ can use DHCPv6 to get an address

- Optionally provide the address of a DNS server (RFC 8106)

• Using additional flags, the network admin can disable

SLAAC and force DHCPv6

328
ML
D• Multicast Listener Discovery (MLD) is an important
component of IPv6

• IPv6 routers use MLD to discover multicast listeners

on a directly attached link, similar to IGMP in IPv4

• MLD is embedded in ICMPv6. Two versions exist:

- MLDv1 similar to IGMPv2
- MLDv2 similar to IGMPv3

329
 MLD
•3 types of messages: Query, Report, Done

MLD IGMP Message Type ICMPv6 Type Function

Listener Query 130 Discover multicast listeners

MLDv1 IGMPv2 Listener Report 131 Response to a Query, joins a group

(RFC2710)
Listener Done 132 Node reports that it has stopped listening

Listener Query 130 Discover multicast listeners

MLDv2 IGMPv3
(RFC3810) Listener Report 143 Current multicast listening state, or changes

330
DNSin IPv6is difficult?
• DNS is not IP layer dependent
• A record for IPv4
• AAAA record for IPv6

• Don't answer based on incoming protocol

• Only challenges are for translations
- NAT64, proxies

331
Reverse DNS

2001:db8:3e:ef11::c100:4
d

332
Reverse
DNS
2001:0dbb88:003e:ef11:0000:0000:c100:
004d

. . . . . . .

.ip6.arpa.

d.4.0.0.0.0.1.c.0.0.0.0.0.0.0.0.1.1.f.e.e.
d.4.0.0.0.0.1.c.0.0.0.0.0.0.0.0.1.1.f.e.e.3.0.0.8.b.d.0.1.0.0.2.ip6.arpa. PTR
yourname.domain.tld.
3.0.0.8.b.d.0.1.0.0.2.ip6.arpa. PTR
333
IPv6and Domain
Objects
IPv6 prefix: 2001:db8::/32
•
Domain object:
•
domain: 8.b.d.0.1.0.0.2.ip6.arpa
descr: admin- rDNS for my whole IPv6 network
c: tech-c: NOC12-RIPE
NOC12-RIPE
zone-c: NOC12-RIPE
nserver: pri.example.net sns.company.org
nserver: ds- 45062 8 2 275d9acbf3d3fec11b6d6…
rdata: mnt- EXAMPLE-LIR—MNT
by:
created: 2015-01-21T13:52:29Z
last-modified: 2016-02-07T15:09:46Z RIPE
source:
334
Security
Considerations
• Everybody can claim to be a router
- Use RA Guard to filter unauthorised RAs
- RFC 6105

- Secure Neighbour Discovery (SEND)

- RFC 3971
- Neighbour Solicitation/Advertisement spoofing
- DoS Attack
- Router Solicitation and Advertisement Attacks

335
Security
Considerations
• Leaking router advertisements
- Cisco enables RA by default
- Windows, OS X and others will default accept
- A machine can easily get IPv6 unnoticed

• Big threat today in IPv6 is human error

- lack of knowledge / training
- typos
- Maintaining two IP protocols

336
Configuring IPv6
Exercis
e
Assigning
Addresses
• R1 will send the RAs and act as DHCPv6 Relay Agent
• R2 will get IPv6 configuration info in three ways:
- RA + SLAAC only
- RA + SLAAC + ‘O’ flag (DHCPv6 Other Configuration)
- RA + no SLAAC + ‘M’ flag (DHCPv6 Managed)

• The DHCPv6 server is already configured

338
Network
Diagram
DHCPv e0/0 e0/1 e0/0
6
Server
R1 R2

Router roles:

R1: Default gateway

router DHCPv6 relay agent

R2: Client device

SLAAC
DHCPv6 client

339
Exercise: Configuring
IPv6• Make sure you have connectivity
• Go to: workbench.ripe.net
• Choose the lab (ask the trainers)
• Your login is your number on participants list
• The trainers will provide the password

• Choose “RA and DHCPv6” from the menu

340
Check
R2
• Verify that the interface e0/0 has no address yet

show ipv6 interface brief

341
Basic IPv6
Settings
• Before configuring IPv6 on your router interfaces,
the basic IPv6 settings must be enabled

• On both R1 and R2

configure terminal

ipv6 unicast-routing
ipv6 cef

342
1st Case: SLAAC only
(Router)
• On R1 we will configure an IPv6 address from a /64
prefix on interface e0/1

interface e0/1
ipv6 address 2001:ffxx:1::a/64

Where xx is your number on the attendee list!

1 = 01
2 = 02
10 = 10
11 = 11

343
1st Case: SLAAC only
(Client)
• On R2 we will configure SLAAC on the interface e0/0

interface e0/0
ipv6 address autoconfig default

344
Check
R2
• Verify that the interface e0/0 has an IPv6 address
end (exits config mode)

show ipv6 interface e0/0

• And a default route

show ipv6 route

345
Check
R2
• Unfortunately, R2 has no DNS name servers
show ip dns view

• This information was not provided in the RA from R1

346
2nd Case: SLAAC + O flag
(Router)
• On R1 we will configure the ‘O’ flag for the RAs on
interface e0/1

interface e0/1
ipv6 nd other-config-flag

347
2nd Case: SLAAC + O flag
(Client)
• On R2 we will first bring down the interface e0/0
configure terminal
interface e0/0 shutdown

• And then bring it back up…

no shutdown

348
2nd Case: SLAAC + O flag
(Client)
• Verify that the interface e0/0 has an IPv6 address and
other configuration

end (exits config mode)

show ipv6 interface e0/0

show ip dns view

show ipv6 dhcp interface e0/0

349
3rd Case: RA + M flag
(Router)
• On R1 we will configure the ‘M’ flag for the RAs on
interface e0/1

interface e0/1
no ipv6 nd other-config-flag ipv6
nd managed-config-flag

350
3rd Case: RA + M flag
(Client)
• On R2 we will first bring down the interface e0/0
configure terminal
interface e0/0 shutdown

• Remove the SLAAC configuration

no ipv6 address autoconfig default

351
3rd Case: RA + M flag
(Client)
• On R2, configure the DHCP client
ipv6 address dhcp ipv6 enable
ipv6 nd autoconfig default-route

• And then bring the interface back up…

no shutdown

352
3rd Case: RA + M flag
(Client)
• Verify that the interface e0/0 has an IPv6 address and
other configuration

end (exits config mode)

show ipv6 interface e0/0

show ipv6 dhcp interface e0/0

353
Questions
Real Life IPv6
Deployment
Section 8
Colocation
Provider • 30 staff
• Routing
- Dual Stack!
- Possible IGP combinations were:
- OSPFv2 for IPv4, IS-IS for IPv6 (only)
- OSPFv2 for IPv4, OSPFv3 for IPv6
- IS-IS for IPv4, OSPFv3 for IPv6
- IS-IS for both IPv4 and IPv6 (their solution)

- Check internal routing before going external!

356
Colocation
Provider • Checklist
- set access lists on network equipment
- set up monitoring (SNMP)
- have working DNS

• Subnetting tools
- sipcalc, IPv6calc, apps

• Every customer gets a /48 assignment

- and a /64 for the connection

357
Colocation
Provider • Points of attention:
- stateless auto configuration can assign a subnet “unexpectedly”
- not all firewalls support IPv6

- be careful with statement “IPv6 ready”

358
ISP
xDSL • 200 staff
• 2 /32 prefixes (due to merger)
- not enough
- make a plan before requesting allocation

• /48 per POP

• /56 per router
• /64 per customer vlan

359
ISP
xDSL • Servers
- no EUI-64
- no autoconfig
- port number for services (i.e. POP3 at ::110)
- default gateway manually set to, for example:

- 2001:db8::1/64 (usually)

360
ISP
xDSL• Network links (point-to-point)
- core
- /64 per link
- ::1 - ::2
- no auto configuration
- easy to remember

• You don’t want your router link at:

- 2001:db8:cf9d:7631:cd01:fe55:4532:ae60/64

• You want your router link at:

- 2001:db8:1:1::/64

361
Large
Enterprise • Approx. 550 IT staff
• Several locations worldwide
• Most of their business processes rely heavily
on the Internet

• Driven to IPv6 by need to continue doing

business as usual

362
Large
• Make an inventory of IT needs
Enterprise
- Hardware / Software / Services
- Talk to your ISPs early during preparation

• Evaluate the current IPv6 offerings

- Don’t trust your vendor on “full IPv6 support”
- Basic network functions are not the issue
- Check cloud solutions

• Train your IT staff

- Make them understand the WHY of IPv6
- Focus on the people responsible for
applications
363
Large
• Build a testlab (and start testing!)
Enterprise
• Make an IPv6 Roadmap
- Dedicated IT group approves roadmap and tracks
status
- “IPv6 Readiness” required for all new purchases
- Plan replacement of solutions that don’t do IPv6
- Point out the risks of apps not doing IPv6

• Phased Approach to Deployment

- Phase 1: dual stack all external facing services
- Phase 2: datacenter and internal network

364
Tips
Section 9
How to get
started
• Change purchasing procedure (feature parity)
• Check your current hardware and software

• Plan every step and test

• One service at a time

- face first
- core
- customers

366
RIPE-554
• “Requirements for IPv6 in ICT Equipment”
Document
- Best Current Practice describing what to ask for when
requesting IPv6 Support
- Useful for tenders and RFPs
- Originated by the Slovenian Government
- Adopted by various others (Germany, Sweden)

https://www.ripe.net/ripe/docs/ripe-554

367
Troubleshooting for ISP
Helpdesks
• Most ISP connectivity problems are not IPv6 related
• Helpdesks can get confused!
- IPv6 is new for them
- They don’t have experience with IPv6 issues

• A generic troubleshooting guide can help!

• Based on the open source testipv6.com tool
• Customisable
https://www.ripe.net/ripe/docs/ripe-631

368
IPv6
• Rating system:
Ripeness
- One star if the LIR has an IPv6 allocation

- Additional stars if:

- IPv6 Prefix is announced on router

- A route6 object is in the RIPE Database

- Reverse DNS is set up

- A list of 4 star LIRs:

- http://ripeness.ripe.net

369
IPv6RIPEness: 19665
LIRs 1 star 2 stars
27% 10%

3 stars
15%

4 stars
No IPv6 18%
30%

370
IPv6RIPEness: the 5th
star• You already earned 4 stars…
• Actual IPv6 deployment is the 5th star!
• Two ways to get it:
- Provide content over IPv6
- Provide IPv6 access to users

• Ask for your t-shirt!!!

371
Customers And Their
• Customers have no idea how to handle
/48 65536
subnets!

• Provide them with information

- https://www.ripe.net/support/training/material/basicipv6-
addressing-plan-howto.pdf

372
Also
useful • Websites
- http://www.getipv6.info
- http://www.ipv6actnow.org
- http://datatracker.ietf.org/wg/v6ops/
- http://www.ripe.net/ripe/docs/ripe-554.html

• Mailing lists
- http://lists.cluenet.de/mailman/listinfo/ipv6-ops
- http://www.ripe.net/mailman/listinfo/ipv6-wg

373
Don't
s• Don't separate IPv6 features from IPv4
• Don't do everything in one go
• Don't appoint an IPv6 specialist
- do you have an IPv4 specialist?

• Don't see IPv6 as a product

- the Internet is the product!

374
Questions
Feedback
!

https://www.ripe.net/training/basic-ipv6/survey

376
RIPENCC
Academy

Graduate to the next level!

http://academy.ripe.net

377
Follow
us!

@TrainingRIPEN
CC

378
 The End! Kрай Y Diwedd
Fí
Соңы Finis
Liðugt
Ende Finvez Kiнец
Konec Kraj Ënnh Fund ь

Lõpp Beigas Vége Son Kpaj

An
‫ףו‬ Endir Críoch
Fine
‫סה‬
Einde Sfârşit Fin
Τέλος
Конeц Slut Slutt
Pabaig
a
Fim Amaia Loppu Tmiem Koniec
379
 English Bulgarian Wels
Kрай
Arabic The End! (Kraj) Catalan Yh
Kazakh
Armenian Fí DiweddLatin
Соңы Faroese
Finis
(An- German
Breton (Verj Liðugt Ukrainian
Nahaya)
Czech
End Finvez ) Persian Kiнець
eLetzeburgisch(LUX)
h
Albanian (Kinec))
Konec Croatian
Kraj Ënn Fund
Serbian
Estonian Latvia Hunga Turkis
n
rian Son
h
(Payan) Kpaj
Lõpp Bei Irish (Kraj)
Vég Romanian An
Italian gas e Sfârşit Greek
Fine Hebre Críoch
French Τέλος
(Ha-sof))
w Belorussia
Icelan
Dutch
Канeц
Einde ‫ףו‬
Russian dic n (Telos)
Конeц End (Kanec)) Swedish,
Danish
FinNorwegia )
n
Georgian
‫סה‬ (Konec)) Lithuanian
ir Pabai Slut
Slutt
Maltese
(Dasasruli) Basque ga Tmie
Polish, Slovak
Portuguese ) Amaia Finnish Koniec
Fim m
Loppu 380
ANNEX
Transition Mechanisms

Annex
1
Transitioning: Solving Two
Problems
• Maintaining connectivity to IPv4 hosts by sharing IPv4
addresses between clients
- Extending the address space with NAT/CGN/LSN
- Translating between IPv6 and IPv4

• Provide a mechanism to connect to the emerging

IPv6-only networks
- Tunnelling IPv6 packets over IPv4-only networks

383
6in
4• Manually configured tunnels towards a fixed tunnel
broker like Hurricane Electric or your own system

• Stable and predictable but not easily deployed to the

huge residential markets

• MTU might cause issues

384
6in
4

Home User
IPv4 Infrastructure Tunne
IPv4 l
Serve
r

Tunnel IPv6 Internet

Broker

CUSTOME PROVIDE INTERNE

R R T

385
6R
D• Encodes the IPv4 address in the IPv6 prefix

• Uses address space assigned to the operator

• The operator has full control over the relay
• Traffic is symmetric across a relay
- Or at least stays in your domain

• Can work with both public and private IPv4 space

• Needs additional software for signalling

386
6R
D

IPv4 Internet

6RD
Home User Tunnel
Server
IPv4 Infrastructure
IPv4
IPv6 Internet

CUSTOME PROVIDE INTERNE

R R T

387
NAT64 /
DNS64
• Single-stack clients will only have IPv6
• Translator box will strip all headers and replace them
with IPv4
• Requires some DNS “magic”
- Capture responses and replace A with AAAA
- Response is crafted based on target IPv4 address

• Usually implies address sharing on IPv4

388
NAT64 /
DNS64

IPv6 Internet
DNS6
4

NAT64
Home Box
public
User IPv6 Infrastructure
public IPv6 IPv4 Internet

CUSTOME PROVIDE INTERNE

R R T

389
464XLA
T
• Extension to NAT64 to access IPv4-only applications
(like Skype or Whatsapp)

• Handset pretends there is an IPv4 address (CLAT)

and sends IPv4 packets in UDP over IPv6

390
464XLA
TIPv6 IPv4
UDP UDP
464XLA
T
Client

PLAT
Box
Mobile User
IPv6 GGS 3G/4G Network
only IPv6 only IPv4 Internet
N

IPv6 Internet

CUSTOMER PROVIDER INTERNET

391
DS-
lite • Tunnelling IPv4 over IPv6

• Allows clients to use RFC1918 addresses

without doing NAT themselves

• NAT is centrally located at the provider

• Client’s IPv6 address is used to maintain state

and to keep clients apart
- Allows for duplicate IPv4 ranges

392
DS-
lite

Home Infrastructure
IPv6
User
public IPv6
private IPv6 Internet
IPv4
NAT44
Box

Infrastructure
IPv4
IPv4 Internet

CUSTOME PROVIDE INTERNE

R R T

393
MAP-E /
MAP-T
• IPv4 over IPv6 - Encapsulated or Translated
• Clients get private IPv4 and public IPv6

• IPv4 address/port mapped into IPv6 address

• Stateless NAT44 allows traffic to flow asymmetrically

in and out of MAP domain

394
MAP-E /
MAP-T
C
E

public IPv6
private
IPv4 Border Router

C IPv6 Internet
E

public IPv6
private IPv4

CE

IPv4 Internet
public IPv6 Infrastructure
private IPv6
IPv4
CUSTOME PROVIDE INTERNE
R R T

395
Best Transition
Mechanism? • Dual Stack

• IPv6 IPv4

396
 IPv6 Migration Issues:
Transition Techniques, Security and
Cost Estimation

ALTTC BSNL
 Agenda
1. Introduction
2. Transition Techniques
3. Security issues
4. Cost Estimation
5. Transition cost and penetration curve
6. Theoretical consideration
7. Summary
 Introduction

• IPv4
– in use for almost 30 years
– has supported the Internet’s growth over the last decade .
• IPv6 based network would be technically superior to
IPv4 based network.

• Increase IPv6 address space and its header structure :

– will enable to develop new application,
– Will be more secure,
– have ease of mobility and renumbering,
– end to end connectivity
– Efficient and will provide other benefits
 IPv6
Transition Mechanism
 No fixed day to convert; no need to convert all at
once.

APPLICATION

 Transition Options: TCP/UDP

IPv4 IPv6
 Dual Stack DRIVER

IPv4 IPv6

 IPv6-IPv4 Tunnel IPv4

IPv6 IPv6
Tunnel
Networ Networ
k k

 IPv6-IPv4 Translation
IPv6 Translator
IPv4
Networ Networ
k k
 IPv6
Transition Mechanism
 IPv6
6/4 Dual Stack Hosts and Network

This allows all the end hosts and intermediate

network devices (like routers, switches, modems
etc.) to have both IPv4 and IPv6 addresses and
protocol stack.

If both the end stations support IPv6, they can

communicate using IPv6; otherwise they will
communicate using IPv4.

This will allow both IPv4 and IPv6 to coexist and

slow transition from IPv4 to IPv6 can happen.
 IPv6
6/4 Dual Stack Hosts and Network
 Tunneling IP6 via IP4
This allows encapsulating IPv6 packets in IPv4
packets for transport over IPv4 only network.
This will allow IPv6 only end stations to
communicate over IPv4 only networks.
 IPv6
IP6-IP4 Translation
This allows communication between IPv4 only
and IPv6 only end stations.

The job of the translator is to translate IPv6 packets

into IPv4 packets by doing address and port
translation and vice versa.
 IPv6
IPv6 Security
IPv4 was not designed with security in mind.
Packet Sniffing: Due to network topology, IP packets
sent from a source to a specific destination can also
be read by other nodes, which can then get hold of
the payload (for example, passwords or other private
information).
IP Spoofing: IP addresses can be very easily
spoofed both to attack those services whose
authentication is based on the sender’s address (as
the rlogin service or several WWW servers).
Connection Hijacking: Whole IP packets can be
forged to appear as legal packets coming from one of
the two communicating partners, to insert wrong data
in an existing channel.
 IPv6
IPv6 Security

In IPv4, Security is implemented in:

Applications – HTTPS, IMAPS, SSH etc.

IPsec tunnels
 IPv6
Security in IPv6

IPv4 - NAT breaks end-to-end network security

IPv6 - Huge address range – No need of NAT

 IPv6

Security in IPv6

Reconnaissance In IPv6:

Default subnets in IPv6 have 264 addresses

Scan with 10 Mpps will take more than 50 000

years

Ping sweeps on IPv6 networks are not possible

 IPv6
Security in IPv6
Viruses and Worms In IPv6:

Viruses and Email, IM worms: IPv6 brings no

change.

Other worms:
IPv4: reliance on network scanning
IPv6: not so easy
Worm developers will adapt to IPv6
IPv4 best practices around worm detection and
mitigation remain valid.
IPS systems and Anti-viruses will not change.
 IPv6
IPv6 IPsec
Applies to both IPv4 and IPv6:
– Mandatory for IPv6
– Optional for IPv4
Applicable to use over LANs, across public &
private WANs, & for the Internet
IPSec is a security framework
– Provides suit of security protocols
– Secures a pair of communicating entities
–Two different modes
• Transport mode (host-to- host)
• Tunnel Mode (Gateway-to-Gateway or Gateway-to-host)
 IPv6
IPv6 IPsec Protocol
Services Provided by IPsec

Authentication – ensure the identity of an entity

(integrity) and replay protection

Confidentiality – protection of data from

unauthorized disclosure

Key Management – generation, exchange,

storage, safeguarding, etc. of keys in a public key
cryptosystem
 IPv6
IPv6 IPsec Protocol
IPSec Services
Authentication: AH (Authentication Header - RFC
4302)
Confidentiality: ESP (Encapsulating Security
Payload - RFC 4303)
Key management: IKEv2 (Internet Key Exchange -
RFC4306)

When two computers (peers) want to communicate using IPSec,

they mutually authenticate with each other first and then
negotiate how to encrypt and digitally sign traffic they exchange.
These IPSec communication sessions are called security
associations (SAs).
 IPv6
IPv6 IPsec Protocol

IPSec Services

S-HTTP S/MIME HTTP FTP SMTP

TCP TCP
IP AH ESP
Application approach IP
Network approach
 IPv6
IPv6 IPsec Protocol
IPSec AH
IPv6 AH Packet Format

Hop-by-Hop Authentication Higher Level

IPv6 Header Other Headers
Routing Header Protocol Data

IPv6 AH Header Format

Next Header Length Reserved

Security Parameters Index

Authentication Data (variable number of 32-bit words)

 IPv6
IPv6 IPsec Protocol
IPsec ESP

ESP Format

Security Parameters Index (SPI)

Initialization Vector (optional)

Replay Prevention Field (incrementing count)

Payload Data (with padding)

Authentication checksum
 IPv6 IPsec Protocol
Implementations
Linux-kernel 2.6.x onwards
Cisco IOS-12.4(4)T onwards
Windows Vista onwards
 IPv6
Security Issues in IPv6

IPsec Key Exchange Protocol not yet fully

Standardized

Scanning possible – If IP address assignment is

poorly designed

No protection against all denial of service attack

(DoS attacks difficult to prevent in most cases)

No many firewalls in market with V6 capability

 Cost Estimation

• Cost estimates are primarily based on likely development and

deployment Scenarios.

• H/w, software, services and other miscellaneous expanses.

• Each organization/or user throughout the internet will incur some cost
in transition

• Primarily in the form of labor and capital expenditures.

• Expenditure will vary greatly across and within stake holder groups
depending on their existing infrastructure and IPv6 related needs.

• ISPs has to incur largest transition cost.

• Individual users will incur the minimum cost

 Methodology
• Description of stakeholder groups
- Infrastructure vendors,
- Application vendors,
- ISPs and
- Internet users.
– Infrastructure vendors :
• manufacturers of computer networking hardware (e.g.,
routers, firewalls, and servers) and systems software (e.g.,
operating system) that supply the components of computer
networks. Major companies in this category include Microsoft,
IBM, Juniper, Cisco, and Hewlett Packard.
 Stakeholders
– Application vendors: include suppliers of e-mail,
file transfer protocol (FTP) and Web server software,
and database software, such as enterprise resource
planning (ERP) and product data management (PDM)
software. SAP, Oracle, and Peoplesoft are some of
the largest companies in this group.

– ISPs are companies that provide Internet connectivity

to customers, larger companies, some institutional
users, and national and regional. e.g., BSNL, Tata
telecommunication , AirTel, Vodafone, Idea etc.

– Internet users Corporate, institutional, and

government organizations, independent users including
small businesses and residential households.
Description Of Cost Categories And
Estimation Approach
• Cost Categories
– Labor resources will account for the bulk of the transition costs

– Memory and hardware : Some additional physical resources, such

as increased memory capacity for routers and other message-
forwarding hardware.

– These expenses are treated as negligible in the cost analysis

because it is quite small compared to the labor resources
required.

– Labor resources needed for the transition are linked to three

general business activities within the Internet supply chain—
product development, Internet provisioning services, and internal
network operations.

– other cost: Additionally, several other cost categories, such as

network testing and standards and protocol development, span
multiple business activities and thus several take holder groups.
Quantitative Estimation Approach
• The penetration curves represent the estimated
share of infrastructure products and applications
that are IPv6 capable and the share of networks
that are IPv6 enabled at a given time.

• This implies that costs will be distributed over time

as stakeholders gradually engage in transition
activities.

• As networking staff are trained and the system is

reconfigured.

• Lower costs associated with testing and monitoring

are then experienced after the enabling date.
 The penetration curves

likely deployment/adoption rates for the four major stakeholder groups. The infrastructure (Inf)
and applications (App) vendors’ curves represent the path over which vendor groups will offer
IPv6-capable products to customers.
Penetration
• The penetration of IPv6 is likely to be a
gradual process and will probably never reach
100 percent of applications or users.

• These four curves are the key penetration

metrics for the cost analysis because they
capture the timing of expenditures.

• For vendors, R&D expenditures to integrate

IPv6 into their products are the primary
expenditure category associated with the
transition from IPv4 to IPv6.
Users’ Transition Costs Over Time
 Transition cost break down
Stockholder Relative Hardware software Labor
cost
HW vendor Low 10% 10% 80%

Software Low /medium 10% 10% 80%

vendor

Internet user Medium 10% 20% 70%

(Large)

Internet user Low 30% 40% 30%

(small)

ISPs High 15% 15% 70%

Internet users incur approximately 90 percent of IPv6 transition costs. Vendors and
ISPs account for the remaining costs.
Overview of relative IPv6 cost
item H/W, S/W & ISPs Enterprise users
service
providers
labors
R&D M L
Train Networking /IT H H H
employees
Designing IPv6 M H M/H
transition
strategy
Implementation M M/H M/H
transition
Others
Ipv6 address block L L L
Lost employee M M
productivity
Security intrusions H H
Inter operability M M/H M/H
issues
 Factors influencing the Cost

• The type of internet use or type of service being

offered by each organization
• The transition mechanism that the organization
intends to implement( e.g tunneling. Dual-stack,
translation, or a combination).
• The organization-specific infrastructure comprised of
servers, routers, firewalls, billing stems and standard
and customize network etc.
• The level of security required during the transition.
• Timing of transition.
Dual stack structure

Application layer

TCP/UDP TCP/UDP

IPv6 IPv4

Network interface layer

Thanks