IPv6 Networking Basics - Complete Free Course (3+ Hours)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] welcome to the ipv6 fundamentals video course the most important goal of this course is to provide a thorough yet easy to understand introduction to ipv6 this course is also intended to provide a foundation in ipv6 that will allow you to build on it this includes explaining topics that might be a little more challenging to grasp there is a great deal to learn about ipv6 it's not difficult to learn but involves multiple protocols and processes that might be new to you and it is definitely much more than just becoming familiar with a larger address the following few slides provide an overview of all the lessons we will cover our course is divided into six modules plus the superlab as an additional module making it a total of seven modules introduction to ipv6 ipv6 operations routing ipv6 ipv6 services ipv6 and ipv4 transition techniques ipv6 security superlab each module is divided into lessons totaling 26 lessons don't be overwhelmed by all the details it isn't necessarily important that you understand it all but i did feel it necessary not to leave out or hide these details from you the objective of this course is to explain ipv6 as clearly as possible i feel it's better to revisit some of the more advanced topics after you have a more complete understanding of the entire ipv6 topic [Music] welcome to module one introduction to ipv6 in the first lesson of this module you will learn about the need for a new network layer protocol which is ipv6 we will see that the constantly growing internet requires a new network layer protocol to meet the demands of its users we will talk about the concerns and limitations of ipv4 how ipv6 was developed and how it resolves the limitations of ipv4 while offering other advantages as well a review of the internet protocol history will also be briefly discussed internet protocol version 4 ipv4 is the current layer 3 protocol used on the internet ipv4 was designed for a few hundred computers but has still survived over 30 years however due to its rapid growth in the last decade ipv4 address space is almost depleted from its early years until 1995 there were only 16 million internet users worldwide even with the advent of the world wide web in 2001 the number of internet users reached 500 million in 2005 the number of internet users reached 1 billion and finally in 2014 the number of internet users reached 3 billion this diagram shows the number of networks in the internet routing table from 1996 to 2014 we can see that the size of the internet routing table increased rapidly after initial explosive growth there was another one back in 2007 in 1996 the number of routes in the internet routing table was around twenty five thousand in 1998 the number of routes in the internet routing table was around fifty thousand in two thousand one the number of routes in the internet routing table was around one hundred thousand in 2005 the number of routes in the internet routing table was around 150 000. in 2007 the number of routes in the internet routing table was around 200 000. in 2010 the number of routes in the internet routing table was around three hundred thousand and finally in 2014 the number of routes in the internet routing table reached five hundred thousand the actual number of devices increases dramatically when taking into account that today's users usually have multiple internet-enabled devices such as smartphones tablets and laptops today's internet is much more than just web pages email and file transfers with the explosive growth of mobile devices and peer-to-peer networking along with the potential impact of internet-ready consumer goods we have gone from just an internet of computers to an internet of things cisco predicts that 37 billion new things will be connected by 2020 and the internet of things will quickly evolve into the internet of everything through the connections in the internet of everything even the smallest things thermostats cars lights or alarms will have the ability to communicate with each other and shape our planet think of all the possibilities when internet ready devices begin to communicate with each other initial design of ipv4 did not anticipate such a growth of the internet and this created many issues the ipv4 addressing system uses 32-bit address space which allows for a theoretical maximum of 4.3 billion addresses this 32-bit address space is further classified to usable a b and c classes and there was some inefficiency in the allocation of these addresses over the years which limits the number of available public ipv4 addresses many addresses that were allocated to many companies were not used and this created scarcity of ipv4 addresses even if it were possible to reassign the entire ipv4 address space more efficiently it would not only be impractical but would also only act as a very short-term solution due to the scarcity of ipv4 addresses many organizations implemented network address translation nat to map multiple private ipv4 addresses to a single public ipv4 address by using that we can map many internal private ipv4 addresses to a single public ipv4 address which helps in conserving ipv4 addresses but there are some security limitations when using nat it can't be used with ipsec in transport mode because the nat translation breaks the integrity check network security threats were not anticipated at the time ipv4 was developed internet protocol security ipsec is a protocol suite which enables network security by protecting the data being sent from being viewed or modified ipsec provides security for ipv4 packets but it is not built into ipv4 it is optional networks are expanding and many new computers and devices are using ip the configuration of ip addresses static or dynamic should be simple the eventual exhaustion of ipv4 address space was recognized in the early 1990s with the advent of the world wide web there was an explosion in the size and diversity of the internet population with the development of the hypertext transfer protocol http followed by the first web browser all of a sudden people who never owned a personal computer were accessing the internet it was becoming clear that 4.3 billion addresses were not going to last for long the size of the internet routing table was increasing rapidly and the explosion of the number of internet users generated a consensus that it was time to begin designing and testing a new network layer protocol as the successor to ipv4 various projections including a study done by the ietf in the early 1990s predicted that the internet would run out of ipv4 address space so in the early 1990s ietf began development of a new version of ip known as ip next generation or ipng which later became ipv6 this however was a long-term solution and a short-term solution was needed immediately several steps were taken including nat private ip address space and classless inter-domain routing cidr in addition to increasing the size of the address space this was also a unique opportunity to fix the limitations of ipv4 and develop a protocol to ensure reliable growth and enhanced performance for the future in 1995 ietf published rfc 1883 internet protocol version 6 ipv6 specification which later became obsolete and was replaced by rfc 2460 in 1998 regional internet registries rirs began allocating ipv6 addresses to their customers in 1999. adoption was slow at first but in 2007 rirs began receiving significantly more requests for ipv6 address space in 2000 many vendors began addressing ipv6 support to their mainstream products cisco systems added ipv6 support with cisco ios software release 12.2 2t linux vendors started supporting ipv6 in 2000 and microsoft announced ipv6 support with windows xp in 2001 why do you need to start thinking about migrating to ipv6 now if your network runs just fine with ipv4 although there isn't a single reason that forces everyone to immediately move to ipv6 there are several reasons for network administrators to at least begin preparing for the migration the most notable of these reasons is that we are simply running out of ipv4 address space it is said that the main reason for ipv6 is preserving the internet and allowing it to move forward several of the main benefits and features of ipv6 are extended address space ipv6 provides 128 bit addresses compared to 32-bit addresses with ipv4 this represents an enormous number of addresses 2 to the 128th power enough for every grain of sand on earth when you ask most people what they know about ipv6 they will probably refer to the larger address space but ipv6 is much more than just that it is a more efficient and elegant protocol with auto configuration and neighbor discovery stateless auto configuration ipv6 provides a configuration mechanism where hosts can self-generate a routable address ipv4 auto-configured addresses are usable only on the local subnet link local and are never forwarded by a router eliminates the need for nat or pat because of the large number of public ipv6 addresses there is no longer a need for nat or pat port address translation customer sites from the largest enterprises to single households can get a public ipv6 network address this avoids some of the nat induced application problems experienced by applications such as voice over ip video conferencing and other peer-to-peer applications eliminates broadcasts ipv6 does not use layer 3 broadcast addresses whereas in ipv4 address resolution protocol arp uses broadcasts ipv6 employs solicited node multicasts a more efficient and selective technique to accomplish the same purpose there is also an all node multicast address that essentially has the same effect as an ipv4 broadcast transition tools ipv6 has a variety of tools to help with the transition from ipv4 to ipv6 including tunneling and nat tunneling encapsulates the ipv6 packet into an ipv4 packet so that it can be delivered over ipv4 only networks nat provides a mechanism to translate an ipv4 address to an ipv6 address or an ipv6 address to an ipv4 address ipv4 can also be tunneled over ipv6 when we are talking about ipv4 and ipv6 you might ask yourself where are ipv1 v2 and v3 ip was created when its functions were split from an early version of tcp that combined both tcp and ip functions tcp evolved through three earlier versions and was split into tcp and ip for version 4. that version number was applied to both tcp and ip for consistency even though the name seems to imply that it's the fourth iteration of the key internet protocol version 4 of ip was the first that was widely used in modern tcp ip now you might ask yourself okay that explains versions one to three but what about ipv5 ipv5 was once in the late 1970s an experimental draft proposal in the ietf defining a real-time streaming protocol it did not result in a standard deployed on production networks it is actually called the internet streaming protocol st and later st2 internet streaming protocol version 2 was not designed as a replacement for ipv4 the idea was that a multimedia application would use both protocols ipv4 for the transfer of traditional packets and st2 for packets carrying real-time data although it was never recognized as ipv5 when encapsulated in ip st uses ip protocol number five in other words although it was never implemented the designation ipv5 was already taken by the way ipv4 uses ip protocol number four and ipv6 uses 41. after watching this lesson you should have a better understanding of the limitations of ipv4 and know why it is necessary to begin migrating to ipv6 how we use the internet today is much different than it was when ipv4 was developed and although the combination of classless interdomain routing nat and private addressing has helped slow the depletion of ipv4 address space we will eventually run out of ipv4s 4.3 billion addresses ipv4 and ipv6 can and will coexist for the foreseeable future ipv6 includes tools and migration strategies that allow both protocols to coexist ipv6 provides more than enough globally unique addresses to support the growth of the internet but in addition to a larger address space ipv6 offers additional enhancements such as stateless auto configuration and expanded address space without nat [Music] welcome to module one introduction to ipv6 in the second lesson of this module you will learn about the features of ipv6 this lesson examines the ipv4 and ipv6 fields and headers and explores both the similarities and the differences in those two protocol versions in addition to the main ipv6 header extension headers are also examined at the end of this lesson we will have a lab exercise in which we will complete a packet analysis of both ipv4 and ipv6 using wireshark you may be familiar with the structure of the ipv4 header or at least with some fields in it but to help you better understand the ipv6 header we will first review the fields in the ipv4 header the first header field is the 4-bit version field for ipv4 this has a value of 4 hence the name ipv4 internet header length 4 bits this is the length of the ip header in 32-bit words including any optional fields since an ipv4 header may contain a variable number of options this field specifies the size of the header and in effect points to where the ip header ends and the data or payload begins differentiated service code point dscp 6 bits and explicit congestion notification ecn 2 bits were originally defined as the 8 bit type of service field dscp helps provide quality of service qos features by offering different degrees of services when multiple packets are queued to be transmitted from the same interface the dscp value can be used to decide which packet is sent when ecn allows end-to-end notification of network congestion without dropping packets ecn is an optional feature that is only used when both endpoints support it and are willing to use it it is only effective when supported by the underlying network total length 16 bits defines the entire packet fragment size and bytes including header and data this is a 16 bit field so the maximum size of an ipv4 packet is 65 535 bytes while the minimum length packet is 20 bytes 20 byte header plus zero bytes data the next three fields identification flags and fragment offset are used for packet fragmentation and reassembly the design of ip allows routers to fragment ip packets when an mtu maximum transmission unit along the path is smaller than the sender's mtu if a router receives an ipv4 packet that is larger than the mtu of the outgoing interface this packet can be fragmented depending upon the options in the ipv4 header sometimes packets are fragmented into multiple packets at the source the final destination of the ip packet is responsible for reassembling the fragments into the original full size i p packet identification 16 bits most messages sent over the network consist of many packets each packet within the message has a unique value using the identification field when a packet needs to be fragmented into two or more packets this identification field is common in all the fragmented packets to help the receiver to reassemble these fragments flags three bits this three bit field is used to control or identify fragments these bits are from high order to low order bit 0 reserved must be zero bit 1 don't fragment df setting to 1 means that this packet should not be fragmented setting to 0 means that this packet can be fragmented if needed bit 2 more fragments mf is used to indicate whether this is the last fragment zero bit or whether there are more fragments to follow one bit fragment offset 13 bits measured in units of 8 byte blocks 64 bits it specifies the offset of a particular fragment relative to the beginning of the original unfragmented ip packet basically it notifies the receiver where to align this fragmented packet in relation to the other fragmented packets the first fragment has an offset of zero if the packet is not fragmented this value is also zero time to live ttl eight bits ensures that packets do not live in the network for an indefinite period of time as in the case of a routing loop the ttl is decremented by one each time a router receives the packet when the field reaches a value of 0 the packet is discarded and an icmp v4 time exceeded message is sent to the source of the packet protocol 8 bits defines the protocol used in the data portion of the ip datagram header checksum 16 bits is used for error checking of the header for protection against any corruption in transit when a packet arrives at a router the router calculates the header's checksum and compares it to the checksum field if the values do not match the router discards the packet errors in the data field must be handled by the encapsulated protocol both udp and tcp have checked some fields source address and destination address both 32 bits the source address is the packet sender's ipv4 address note that this address may be changed in transit by a network address translation device the destination address is the packet receivers ipv4 address as with the source address this may be changed in transit by a network address translation device options variable length this field is optional so it might or might not appear in the ip packet it is variable in size and not included in most packets this is the basic structure of the ipv6 header or what is sometimes referred to as the main ipv6 header the main ipv6 header can also include one or more ipv6 extension headers which are explained later in this lesson the first header field is the 4-bit version field for ipv6 this has a value of 6 hence the name ipv6 traffic class 8 bits like in ipv4 the bits of this field hold two values the six most significant bits are used for differentiated services code point which is used to classify packets the remaining two bits are used for explicit congestion notification which allows end-to-end notification of network congestion flow label 20 bits was originally created for giving real-time applications special service but when set to a non-zero value now serves as a hint to routers with multiple outbound paths that these packets should stay on the same path so that they will not be reordered payload length 16 bits is the size in bytes of the payload following the main ip header or in other words the packet's data portion including any extension headers which are considered part of the payload unlike the total length field in the ipv4 header which includes both the ipv4 header and the data the ipv6 payload length field only specifies the number of bytes of data it does not include the main ipv6 header next header 8 bits specifies the type of the next header when extension headers are present in the packet this field indicates which extension header follows when there is only the main ipv6 header and no extension headers the next header field specifies the protocol carried in the data portion of the ipv6 packet similar to the protocol field in the ipv4 header hop limit 8 bits is equivalent to the time to live field in ipv4 this value is decremented by 1 at each intermediate node when the field reaches the value of 0 the packet is discarded and an icmp v6 time exceeded message is sent to the source of the packet source address and destination address both 128 bits source address is the packet sender's ipv6 address destination address is the packet receivers ipv6 address let's summarize some of the important differences between the two protocols first we will start with header comparisons of the ipv4 fields that have the same names as those in ipv6 version the value is 4 in ipv4 and 6 in ipv6 source address and destination address the biggest differences are the 32-bit addresses in ipv4 which have been increased to 128 bits in ipv6 we will continue with ipv4 fields which names changed in ipv6 with functional differences in some cases dscp and ecn changed to traffic class both use 6-bit dscp for packet classification and 3-bit ecn for congestion control total length change to payload length ipv4's total length field includes both the ipv4 header and the data whereas the ipv6 payload length field only specifies the number of bytes of data or payload including any extension headers and does not include the main ipv6 header time to live changed to hop limit this has the same function in both ipv4 and ipv6 with the name being more reflective of its actual use in ipv6 protocol changed to next header in ipv4 this indicates the protocol being carried in the ipv4 data or payload this same function exists in the next header field in ipv6 but can also indicate the existence of an extension header following the main ipv6 header now we will examine ipv4 fields that are removed from ipv6 internet header length this field is not needed in ipv6 because the main ipv6 header has a fixed length of 40 bytes any additional headers are linked as indicated in the next header field identification flags and fragment offset these fields are used for fragmentation in ipv4 fragmentation is handled differently in ipv6 using the fragment extension header header checksum layer 2 data link layer technologies such as ethernet perform their own checksum and error control upper layer protocols such as tcp and udp also have their own checksums and therefore a checksum at layer 3 becomes redundant a udp checksum which is optional in ipv4 is mandatory in ipv6 options options in ipv4 are now handled using extension headers in ipv6 the last difference in header comparison is a new field in ipv6 flow label this is used to tag a flow of ipv6 packets as a hint that these packets should stay on the same path there are several other important differences in the two protocols mtu ipv4 requires that every node must be able to forward an ip packet of 68 bytes without any further fragmentation every ipv4 node that is the final destination of the ipv4 packet must be able to receive an ipv4 packet of a minimum size of 576 bytes ipv6 requires that every link have a minimum mtu of 1280 bytes with a recommended mtu of 1500 bytes udp udp checksum field in ipv4 is optional although the protocol remains the same in ipv6 the checksum field is mandatory this is because the ipv4 header has its own checksum field but this field has been removed in the ipv6 header fragmentation only the ipv6 packets source node can perform fragmentation if an intermediate node such as a router receives an ipv6 packet that needs to be fragmented it will discard the packet and send an icmp v6 packet too big error message back to the source extension headers are optional and follow the main ipv6 header the intention of extension headers is to provide flexibility to the main ipv6 header for future enhancements without having to redesign the entire protocol this also allows the main ipv6 header to have a fixed size for more efficient processing immediately following the mandatory main ipv6 header there can be zero one or several extension headers a field common in all extension headers is another next hop field which indicates whether another extension header or the protocol payload is to follow therefore the last extension header will always specify which protocol is encapsulated as the payload there are currently six extension headers hop by hop options with a decimal value of 0 this is used to carry optional information which must be examined by every router along the path of the packet routing with a decimal value of 43 this allows the source of the packet to specify the path to the destination fragment with a decimal value of 44 this is used to fragment ipv6 packets encapsulating security payload esp with a decimal value of 50 this is used to provide authentication integrity and encryption authentication header ah with a decimal value of 51 this is used to provide authentication and integrity destination options with a decimal value of 60 this is used to carry optional information that only needs to be examined by a packet's destination node no next header the next header value of 59 indicates that there is no data following this header this is just a placeholder indicating that there is nothing after this header if the payload length indicates that there are additional bytes beyond the header those bytes will be ignored when multiple extension headers are used in the same packet those headers appear in the following order main ipv6 header hop by hop options destination options before routing header routing fragment authentication encapsulating security payload destination options before upper layer header upper layer protocol now we will jump to the lab exercise in which we will complete a packet analysis of both ipv4 and ipv6 traffic using wireshark we will use this simple topology where we have two routers r1 and r2 connected back to back using serial 1 0 interfaces on which they run both ipv4 and ipv6 ipv6 addressing and enabling ipv6 will be covered in detail in the following lessons so for now let's just configure per diagram what needs to be configured without going into too much detail first we are going to configure r2 we need to enable ipv6 unicast routing because it is disabled by default we also need to enable ipv6 ceph processing or cisco express forwarding because it is also disabled by default and we are going to need it for capturing ipv6 traffic now we need to configure ipv4 and ipv6 addresses we will use a simple 10.0.12.0 24 network between the routers for ipv4 and a bit more complicated network 2 0 0 1 colon 7052 colon e1cc colon a012 colon slash 64 for ipv6 router r1 will use the first possible address from those networks 1 and router 2 will use 2. we need to enable the interface because by default it is shut down and that is all that we need on router r2 we will repeat the same procedure on r1 enable ipv6 unicast routing and ipv6 ceph configure ipv4 and ipv6 addressing and before enabling the interface we need to configure clocking because this side is dce embedded packet capture configuration is beyond the scope of this course these features require cisco ios release 12.4 20 t or later so for a detailed explanation of the commands you can use search for the configuration guide on cisco.com first we need to define the capture buffer which we are simply going to name buffer then we need to define the capture point for ipv4 using ceph we are going to name it capture underscore point v4 and it will monitor the traffic on serial 1 0 interface in both directions we will do the same for ipv6 traffic using capture point capture underscore point v6 now we need to associate capture points that we have created with the buffer that we configured in the first step last we need to start the capture points that we have configured for testing purposes we are going to ping r2 both ipv4 and ipv6 addresses and now we need to stop the capture point so that we can export it to the tftp server which needs to be reachable we will name this capture r1 dot pcapp it looks like my tftp server is having connectivity problems and it will probably time out okay the tftp server is now reachable so we can export the pcap file to it now we can analyze this pcap file using wireshark which is a free network protocol analyzer for both ipv4 and ipv6 first we are going to have a look at ipv4 traffic now you should be familiar with various ipv4 headers version this is version 4. header length is 20 bytes dscp is not set ecn is also not set the total length is 100 bytes identification is 25. flags are not set fragment offset is zero because this packet is not fragmented time to live is 254. protocol in payload is 1 which is icmp header checksum is correct source address is 10.0.12.2 which is r2 destination address is 10.0.12.1 which is r1 this ipv4 packet is carrying icmp traffic specifically an echo reply from router r2 to r1 now we are going to analyze the ipv6 traffic and you should be familiar with various ipv6 headers as well version this is version 6. traffic class which stores values for dscp and ecn are both not set flow label is also not set payload length is 60 bytes next header is 58 which is a value for icmp v6 messages the hop limit is 63. source address is r2's address and destination address is r1 this ipv6 packet is carrying icmp v6 traffic specifically an echo reply from router r2 to r1 this lesson examined both the ipv4 header and the ipv6 header it compared the similarities and differences between the two protocols the ipv6 header has fewer fields and in many respects it is a simpler protocol some of the fields moving from ipv4 to ipv6 remained the same some had name changes with functional differences others were removed completely and there was a new flow label field added extension headers were introduced they provide more flexibility and better efficiency for ipv6 and wireshark packet analysis has been done for both ipv4 and ipv6 [Music] welcome to module 2 ipv6 operations in the first lesson of this module you're going to learn about ipv6 addressing this lesson examines ipv6 addressing and gives a brief introduction to different types of ipv6 addresses the hexadecimal number system is first reviewed to provide a basis for representation of ipv6 addresses which is discussed later in this lesson different formats of representing ipv6 addresses and the rules for compressing the ipv6 notation are also examined subnetting ipv6 addresses is discussed as well and at the end of this lesson we will have a short lab exercise ipv6 addressing the hexadecimal number system has 16 digits 0 through 9 and a through f there are 16 unique combinations of 4 bits which is half of a byte and is also known as a nibble so any 4 bits can be represented as a single hexadecimal digit because one hexadecimal digit can represent four bits this means that two hexadecimal digits can represent a single byte ipv6 addresses are 128 bits in length and written as a string of hexadecimal digits every four bits are represented by a single hexadecimal digit for a total of thirty two hexadecimal values four times thirty two equals one twenty eight this is the preferred format each x is a 16-bit section that can be represented using up to four hexadecimal digits zero zero zero zero to ffff separated by a colon which is also known as a hextet this results in 8 16-bit sections of the address 8 x 16 equals 128. the preferred format is the longest representation of an ipv6 address a total of 32 hexadecimal values are used here are the examples of ipv6 addresses using the preferred format note that it is not easy to either read or write ipv6 addresses using the preferred format besides the preferred format there are two helpful rules in reducing the notation of ipv6 addresses the first that is leading zeroes in any hextech can be omitted this applies only to leading zeros and not to trailing zeros otherwise the address would be ambiguous using one ipv6 address from a list of preferred ipv6 addresses the following example shows how the leading zeros can be omitted zeros to be omitted are in bold spaces remain to better visualize where the zeros were removed and this is the final example with omitted zeros it is important to remember that only leading zeros can be omitted otherwise it would make the address ambiguous for example if trailing zeros were also omitted you wouldn't know what the correct address was there can only be one correct interpretation therefore only leading zeroes can be omitted the second helpful rule in reducing the notation of ipv6 addresses is the omission of hextets with all zeros which says that a double colon can represent any single continuous string of one or more hextets consisting of all zeros this will help further reduce the size of an ipv6 address the following table illustrates the use of the double colon showing the preferred address above and the reduced address below the zeros in bold and the preferred address are replaced by the double colon please note that this address can also be written in the following way but rfc suggests that the double colon should represent the longest string of zeros as we already mentioned in the previous slide only a single contiguous string of all zero segments can be represented with the double colon otherwise the address would be ambiguous here is an example of an incorrect address using two double colons there are four possible ambiguous choices as you can see if two double colons are used there would be multiple possibilities and you wouldn't know which address is the correct interpretation combining both rules can reduce the address even further the following table illustrates all three formats first the preferred format then no leading zeros format again spaces were left to better visualize where the zeros were removed and finally the compressed format implementing both rules the following slides review the basic types of ipv6 addresses they are examined in more detailed in the following lesson in ipv4 there are unicast multicast and broadcast addresses in ipv6 there are no broadcast addresses the three types of addresses in ipv6 are unicast anycast and multicast a unicast address uniquely identifies an interface on an ipv6 device a packet sent to a unicast address is delivered to the interface identified by that address an ipv6 address more accurately identifies an interface on a host rather than the host itself a single interface can have multiple ipv6 addresses and an ipv4 address as well there are several types of unicast addresses in ipv6 global unique local link local unspecified and loopback and anycast address is a unicast address assigned to several devices a packet sent to an anycast address is delivered only to one of the devices configured with that address and it will be routed to the nearest device there is an anycast address in ipv4 and like ipv6 it is a common unicast address assigned to multiple devices but in ipv6 the devices to which the anycast address is assigned are explicitly configured to recognize that it is an anycast address which is not necessarily the case in ipv4 a multicast address identifies a group of interfaces typically belonging to different devices a packet sent to a multicast address is delivered to all the devices identified by that address all members of the multicast group process the packet so the difference between an anycast address and a multicast address is that in any cast packet is only delivered to a single device whereas multiple devices can receive a multicast packet there are no broadcast addresses in ipv6 in its place is an all nodes multicast address the representation of ipv6 address prefixes is similar to the way that ipv4 address prefixes are written in classless interdomain routing notation an ipv6 address prefix network portion of the address is represented using the following format ipv6 address slash prefix length the prefix length is a decimal value indicating the number of left most contiguous bits of the address it identifies the prefix or the network portion of the address the following slides examine the basic structure of a global unicast address these are the addresses that are globally routable and reachable on the ipv6 internet they are equivalent to public ipv4 addresses this is the structure of a global unicast address for a typical site the global routing prefix is the prefix or network portion of the address assigned by the provider such as an isp to a customer or site it is common for regional internet registries to have the policy for n sites to use a 48-bit prefix slash 48 a big difference between ipv4 and ipv6 addresses is the location of the subnet portion of the address in ipv4 bits are borrowed from the host portion of the address to create subnets in ipv6 the subnet id is a separate field and not part of the host portion of the address which is known as the interface id in ipv6 rfc does not specify the size of the subnet id the 16-bit subnet id from the previous slide results from a site receiving a slash 48 global routing prefix with a 64-bit interface id this leaves 16 bits for the subnet id which allows 65 536 individual subnets the interface id uniquely identifies the interface on the subnet the 64-bit interface id allows 2 to the 64th power addresses for each subnet the term interface id is used rather than host id because a single host can have multiple interfaces each having one or more ipv6 addresses another important difference between the ipv6 and ipv4 addresses is that the all zeros and all ones addresses are legal ipv6 interface addresses in ipv4 all zeroes in the host portion of the address are reserved for the network or subnet address while all ones indicate a broadcast address basic subnetting of an ipv6 address is very straightforward in many ways it is much simpler than subnetting an ipv4 address unless we are subnetting on a natural octet boundary in ipv4 the specific subnets are not always obvious it is important to clarify a couple of terms as illustrated in this figure there is both a subnet id and a subnet prefix the term subnet id refers to the contents of the 16-bit field used to allocate individual subnets while subnet prefix refers to the global routing prefix and the subnet id addressing bits with a 16 bit subnet id the values can range from 0 0 0 0 to fff subnetting is painless because we start with zero zero zero zero and increment by one remember that this is in hexadecimal so after zero zero zero the next subnet id would be 0 0 0 a subnetting by using the 16-bit subnet id is easy to perform as illustrated in this table the next sixteen subnets begin with zero zero one zero and end with zero zero one f again the next sixteen subnets begin with 0 0 2 0 and end with 0 0 2 f and so on until we reach the final 16 subnets which begin with fff0 and end with fff subnetting is not limited to a 16-bit subnet id any number of subnet bits can be chosen for the subnet id just as with ipv4 if you want to extend the number of subnets or more likely reduce the number of hosts per subnet you must borrow bits from the interface id it is important to note that best practice dictates that this should only be done on network infrastructure links any segment that includes n systems should stay with a slash 64 prefix which is required for supporting stateless address auto configuration we will talk about this in the following lessons as shown here extending the original slash 48 prefix by 64 bits you can use a prefix of slash 112. by doing so the first four subnets of our extended network would be the following so even with extending the subnet id subnetting is very straightforward as long as you subnet on a nibble boundary if we are going to extend the subnet id which means using bits from the interface id it is best practice to subnet on a nibble boundary remember a nibble is four bits as shown in the following table in the following figure we are extending the slash 64 subnet prefix by four bits to a slash 68. this increases the subnet id from 16 bits to 20 bits which allows more subnets but reduces the size of the interface id in this case there isn't any practical reason for doing this except to illustrate the concept by extending the subnet prefix by four bits or one full nibble we are implementing the best practice of subnetting on a nibble boundary using 20 bits a factor of 4 bits makes it very easy to list the subnets as illustrated here for most customer networks subnetting within a nibble is not recommended it provides little if any benefits and only makes implementation and troubleshooting more difficult however there can be cases when subnetting on a nibble is potentially wasteful so it is beneficial to subnet within the 4-bit nibble when you subnet within a nibble life becomes a little more problematic in the following figure we are using a slash 70 subnet prefix extending the simple slash 68 to a more difficult 70. because it is extended by only two bits instead of a nibble four bits it makes the conversion a little more troublesome although it is perfectly valid the first subnet is easy enough to figure out but you can see that the second subnet requires a little more thinking ipv6 addresses use hexadecimal values to represent each four bits because a slash seventy subnet prefix was chosen the first half the two leftmost bits of the last hexadecimal digit belongs to the subnet id and the other half the two rightmost bits belongs to the interface id so only the first two bits of the last digit of the subnet id are modified as illustrated here on the first four subnets although ipv6 address space is plentiful there can be reasons for limiting the size of the interface id within a network infrastructure rfc recommends employing slash 127 prefixes on inter-router point-to-point links for what is known as a neighbor discovery protocol exhaustion attack which is beyond the scope of this course this figure illustrates our ipv6 network these first three hextets identify the global routing prefix or ipv6 addresses that have been received from the provider the slash 48 network is divided into 6 64 subnets one one one one two two two two three three three three a zero one two a a013 and a023 now we will jump to the lab exercise in which we will demonstrate basic ip address configuration between two routers you should now have a basic understanding of ipv6 global unicast addresses configuring an ipv6 address on a router's interface is very similar to that of ipv4 as shown throughout this course most of the commands are identical except the parameter ipv6 is used in place of ip the command necessary to manually configure an ipv6 address on a router's interface is described in the cisco ios ipv6 command reference this is the home page of the ipv6 command reference by clicking the links on the left we are searching for a particular command which is ipv6 address in this case here you can see the complete syntax description for this command ipv6 address configuration is discussed in lesson four the ipv6 address interface command is only included here to show the similarity between ipv6 and ipv4 commands the global configuration command ipv6 unicast routing is required to enable a router to route ipv6 packets this command is also discussed in lesson four now we will configure the serial zero zero interface on both r1 and r2 with the appropriate ipv6 address and the prefix length 64. configure terminal ipv6 unicast routing interface serial 0 0 ipv6 address 2001 7052 e1cc a012 2 64. when configuring an ipv6 address in cisco ios there is not a space between the ipv6 address and the prefix length no shutdown end same procedure on router r1 ipv6 unicast routing interface serial 0 0 ipv6 address 2001 7052 e1cc a012 double colon 1 64. this side is a dce side so we need to configure the clocking clock rate 64 000 no shutdown end ipv6 communications are verified by pinging r2 from r1 and vice versa ping 2001 7052 e1cc zero one two oops we missed the double colon so double colon two and it is successful on r2 we ping r1 2001 7052 e1cc a012 double colon one notice that the same ping command is used as with ipv4 the only difference is that the destination is an ipv6 address the ping command sends icmp v6 echo request messages to the ipv6 destination address the exclamation mark indicates that the icmp v6 echo reply messages from the destination interface have been received therefore verifying end to end communications icmpv6 is discussed in more detail in lesson five icmp v6 and neighbor discovery this lesson explained the basics of ipv6 addressing the preferred format of an ipv6 128-bit address was discussed as well as ways how the notation of the address can be reduced there was an introduction to the different ipv6 address types unicast anycast and multicast the ipv6 prefix length and the basic structure of a global unicast address were discussed the simplicity of subnetting an ipv6 address using the subnet id or extending the subnet id on a nibble boundary was also acknowledged subnetting within a nibble can be done but it is a little more difficult and not recommended ipv6 address configuration using cli was demonstrated in a short lab exercise [Music] welcome to module 2 ipv6 operations in the second lesson of this module you will learn more about ipv6 address types this lesson this lesson examines the different types of ipv6 addresses in detail global unicast configuration methods both manual and dynamic are described it explains and provides examples of enabling ipv6 on router interfaces using various methods link local addresses are described using static and dynamic ios configuration examples loopback unspecified and unique local unicast addresses are also discussed assigned and solicited node multicast addresses along with any cast addresses are described as well in the lab exercise we will learn how to configure and verify various address types this lesson further examines the three types of ipv6 addresses that were briefly introduced in the previous lesson unicast multicast and anycast these are illustrated here in more detail this lesson begins with unicast addresses the most significant are global unicast addresses which were also introduced in the previous lesson the next type of address covered is link local these unicast addresses are confined to a single link ipv6 routing protocols use link local addresses to exchange updates and other routing messages the remaining unicast addresses do not have many options and will require little explanation the following table shows the iana's allocation of ipv6 address space each of these allocations is discussed independently later in this lesson the remaining portion of ipv6 address space is reserved for ietf for future use the following figure shows the generic structure of a global unicast address the previous lesson examined a slash 48 format that is typical for most sites but this figure illustrates a more general structure without the specific size of the global routing prefix this shows how address space can be allocated to the regional internet registries and internet service providers these are minimum allocations which means that an rir will get a slash 23 or shorter and isp will get a slash 32 or shorter and a site will get a slash 48 or shorter a shorter prefix length allows for more available address space possible home site prefix is 56 and subnet prefix is 64. a device or more accurately an interface can be assigned a global unicast address manually or dynamically the following figure shows the various configuration options manually configuring a global unicast address has several options these are the ways to manually configure a global unicast address static static configuration is similar to configuring a static ipv4 address the ipv6 address and the prefix length are both configured on the interface eui 64. this type of configuration allows you to specify the prefix and the prefix length while the interface id is created automatically ip unnumbered is the same in ipv6 as in ipv4 it allows an interface to use the ip address of another interface from the same device with the extended unique identifier or modified eui 64 process the prefix network portion of the address is configured manually while the eui 64 process is used to automatically assign the interface id the modified eui 64 process uses the interface's ethernet mac address to generate a 64-bit interface id host portion of the address and therefore requires a 64 prefix global unicast addresses can also be configured dynamically without any manual configuration two ways to dynamically configure global unicast addresses are as follows stateless address auto configuration slaac using this method the interface id is created using eui 64 while the prefix and prefix length are determined from nd router advertisement messages dhcp v6 dynamic host configuration protocol for ipv6 is similar to that of dhcp for ipv4 a device can automatically receive its addressing information by using the services of a dhcp v6 server stateless address auto configuration uses the eui 64 format shown earlier by using its ethernet mac address this process allows a device to create its own interface id host portion of its address combined with another process neighbor discovery protocol a host can determine its entire global unicast address without any manual configuration or the services of a dhcp v6 server neighbor discovery and stateless address auto configuration are discussed in more detail in lesson five v6 is a much more robust protocol than the icmp for ipv4 icmpv6 contains new functionality and improvements neighbor discovery uses icmpv6 to exchange the messages necessary for its functions specifically five new icmp v6 messages router advertisement ra messages router solicitation rs messages neighbor solicitation ns messages neighbor advertisement n a messages redirect messages only the first four messages are relevant to the introductory discussion on stateless address auto configuration the following figure shows a simplified version of the stateless address auto configuration process step 1 pc is configured to obtain its ip addressing automatically since booting up the pc has not seen a router advertisement message so it sends out a router solicitation message to inform the local ipv6 router that it needs a router advertisement message step 2 router receives the router solicitation message and responds with a router advertisement included in the router advertisement message are the prefix and prefix length of the link along with its own address as the default gateway the default gateway address that the router propagates is actually its link local address not its global unicast address step 3 pc receives the router advertisement which includes the prefix and prefix length for the local network using modified eui 64 the pc assigns its interface id and prepends the prefix from the router advertisement to create its global unicast address the address is in the tentative state until its uniqueness is verified in the next step step four because stateless address auto configuration is a stateless process there isn't any device keeping track of all the global unicast addresses on the link to prevent duplication so it is up to the host itself to make sure that it didn't create an address that is already used by another device this neighbor discovery process is known as duplicate address detection it is nothing more than a device sending its address out to everyone on the link to see whether anyone else is using it pc sends a neighbor solicitation message with its own global unicast address as the target address if another device has this address it will respond with a neighbor advertisement message if pc does not hear a response to its neighbor solicitation message in the form of a neighbor advertisement it can rest assured that its global unicast address is unique dhcp can be a stateless or a stateful service a stateful service remembers client state from one request to the next a stateful dhcp server must maintain an accurate listing of available addresses so that it does not give out duplicates a stateless service does not keep any state information as the name indicates stateless address auto configuration is stateless after the host creates its own unique address without the services of a stateful dhcp v6 server it will need to verify that its address is indeed unique whether a host that is configured to obtain its addressing information automatically uses stateless address auto configuration or dhcp v6 depends upon the configuration of the router's router advertisement message the ra message can be configured to instruct devices in the link to use stateful dhcp v6 auto configuration rather than stateless auto configuration the ability for a device to dynamically determine its own global unicast address without the need of a dhcp v6 server is a significant advantage in ipv6 in an internet of things ipv6 devices such as webcams and sensors can just be powered on and can obtain all their addressing information from the router and the eui 64 process devices configured to obtain their ipv6 addressing information automatically can use one of the following methods stateless addressing using router advertisements or stateful addressing using dhcp v6 the following figure illustrates this progression in steps to determine whether stateless or stateful auto configuration will be used step 1 pc sends out a router solicitation message unless a router advertisement message has already been received step 2 router advertisements have a one bit field known as the managed address configuration flag or m flag when this flag is set to zero it informs the devices to use stateless address auto configuration if the flag is set to 1 it indicates that the device needs to use stateful auto configuration dhcp v6 now that pc recognizes that it must use stateful auto configuration it begins the process to obtain its addressing information from a dhcp v6 server step 3 pc sends out a dhcp v6 solicit message to a special multicast address specifically for dhcp v6 servers ff02 double colon 1 2 step 4 one or more dhcp v6 servers respond with a dhcp v6 advertise message indicating that they are available for dhcp v6 service if pc receives multiple advertised messages there is a process that generates a server preference value that it will use to select the appropriate dhcp v6 server step 5 pc will respond to the selected server by sending a request message asking for configuration parameters including ip addresses step 6 the dhcp v6 server responds with a reply message containing the assigned addresses and other configuration parameters even though pc obtained its address from dhcp v6 a stateful service it will still use the duplicate address detection dad process to ensure that there aren't any other devices on the link with this address step 7. pc sends out a neighbor solicitation ns message with its newly obtained global unicast address to all devices on the link the source address is an unspecified address double colon because pc's global unicast address is tentative until proven to be unique the destination address is a solicited node multicast address which is similar to that of a broadcast address if any devices on the link have the same address that device will respond with a neighbor advertisement message link local addresses are unicast addresses that are confined to a single link routers will not forward any packets with link local source or destination addresses link local addresses provide a unique benefit in ipv6 a device can create its own link local address completely on its own without the service of a dhcp v6 server or a router advertisement message the following figure shows the format of a link local unicast address link local unicast addresses are in the range of fe80 double colon slash 10. using this prefix and prefix length gives the range of addresses from fe80 double colon slash 10 to f e b f double colon slash 10. linked local addresses are used in the following ways routers use their link local address as the default gateway address in their router advertisements routers running protocols such as eigrp v6 and ospf v3 employ their link local addresses to establish adjacencies dynamic routes in ipv6 routing tables use linked local addresses as their next hop addresses link local addresses are configured in one of three ways dynamically using eui-64 by default devices automatically create their own link local unicast address without the assistance of another device such as a dhcp server or a router the 64-bit interface id is automatically assigned either randomly or using the eui 64 format random generated interface id eui 64 is a convenient technique for automatically creating a 64-bit interface id but it introduces a concern for some users the ability to trace an ipv6 address to the actual device using the mac address used to create the interface id to alleviate this privacy concern devices can use randomly generated 64-bit interface ids whether a device uses eui-64 or randomly generated interface ids is dependent upon the operating system cisco routers use eui-64 the trend seems to be for host operating systems to generate their interface id randomly by default statically entering the link local address manually dynamically assigned link local addresses are ideal for most devices such as hosts the disadvantage is the lengthy interface id which can be difficult to recognize or remember when troubleshooting or verifying network operations it is easier to use manually configured link local addresses that are more recognizable whether the link local address is created automatically or manually configured before a device uses its link local address it will perform dad to make sure that it is unique on the link an ipv6 loopback address is an all zeros address except for the last bit which is set to a one the loopback address can be used by a node to send an ipv6 packet to itself typically when testing the tcp ip stack it is equivalent to the ipv4 loopback address 127.0.0.1 an unspecified unicast address is an all xeros address double colon slash 128 it can't be assigned to an interface it is used as a source address to indicate the absence of an address the source ipv6 address of pc's neighbor solicitation message is an unspecified address because it does not yet have a valid ipv6 address to use these addresses are expected to be globally unique but should not be routable in the global internet they are to be used in a more limited area such as within a site or routed between a limited number of sites the following figure illustrates the format of a unique local unicast address unique local addresses have the prefix fc00 double colon seven which results in the range of addresses from fc 0 0 double colon 7 to fdff double colon 7. ipv4 embedded addresses are used to represent an ipv4 address inside an ipv6 address these addresses carry an ipv4 address in the last 32 bits of ipv6 addresses and are used to help the transition from ipv4 to ipv6 there are two types of ipv4 embedded addresses ipv4 compatible ipv6 addresses which are deprecated the first 96 bits are all set to zeros the embedded ipv4 address must be globally unique ipv4 mapped ipv6 addresses the first 96 bits are all set to zeros and the 16 bit segment preceding the 32-bit ipv4 address is all ones multicast is a one-to-many technique used to send a single packet to multiple destinations simultaneously in contrast to a unicast address which is a one-to-one technique that sends a single packet to a single destination an ipv6 multicast address defines a group of devices known as a multicast group it is the ipv4 equivalent of 224.0.0.0.4 a packet sent to a multicast group always has a unicast source address a multicast address can never be the source address ipv6 multicast addresses have the prefix ff00 double colon slash eight this is the structure of an ipv6 multicast address the first eight bits are one bits ff followed by a four bit flag and a four bit scope the next 112 bits represent the group id the flag field indicates the type of multicast address the two types of multicast addresses are permanent zero which are well-known multicast addresses and non-permanent one which are transient or dynamically assigned multicast addresses scope is a four bit field used to define the range of a multicast packet which allows routers to immediately determine how broadly to propagate it from interface local to global scope assigned multicast addresses are reserved multicast addresses for predefined groups of devices they have a prefix of ff00 double colon slash 8. the following table shows the format and some examples of assigned or well-known multicast addresses notice that depending upon the scope a packet sent to the all routers group id of 0 0 0 0 0z can be confined to a single link ff02 double colon 2 or used for an entire site ff05 double colon 2. in addition to every unicast address assigned to an interface a device will also have a special multicast address known as a solicited node multicast address these multicast addresses are automatically created using a special mapping of the device's unicast address with the solicited node multicast prefix ff02001 ffo double colon slash 104 solicited node multicast addresses are used for two essential ipv6 mechanisms both part of neighbor discovery protocol ndp address resolution equivalent to arp in ipv4 an ipv6 device sends a neighbor solicitation message to a solicited node multicast address to learn the link layer address of a device on the same link duplicate address detection allows a device to verify that its unicast address created using stateless address auto configuration is unique on the link a neighbor solicitation message is sent to the device's own solicited node multicast address to determine whether anyone else has this same address an ipv6 anycast address is an address that can be assigned to more than one interface typically on different devices in other words multiple devices can have the same anycast address a packet sent to an anycast address is routed to the nearest interface having that address according to the router's routing table there is no special prefix for an ipv6 anycast address an ipv6 anycast address uses the same address range as global unicast addresses this lesson introduced the three types of ipv6 addresses unicast multicast and anycast to summarize this lesson we will once again use the following table which represents various address types among which we spent the most time explaining global unicast and link local addresses [Music] so the topology we are going to use in this lab exercise was already introduced in the previous lesson similar to ipv4 it is typically best practice to manually configure ipv6 addresses on router interfaces first we will configure the global unicast addresses on the links between the routers r1 r2 and r3 r1 configure terminal ipv6 unicast routing interface serial 0 0 ipv6 address 2001 colon 7052 colon e1cc colon a012 double colon 1 64. clock rate 64 000 no shutdown interface serial 0 1. ipv6 address a013 no shutdown end r2 configure terminal ipv6 unicast routing interface serial 0 0 ipv6 address 2001 colon 7052 colon e1cc colon a013 double colon 1 64. no shutdown interface serial 0-1 ipv6 address a023 no shutdown end r3 configure terminal ipv6 unicast routing interface serial 0 0 ipv6 address 2001 colon 7052 colon e1cc colon a013 double colon 3 64. clock rate sixty four thousand no shutdown interface serial zero slash one ipv6 address a023 clock rate 64 000 no shutdown end let's verify the connectivity between the routers ping router 1 which is 2001 colon 7052 colon e1cc colon double colon one and it is working that's ping router two it is also working on r1 ping 2001 7052 e1cc a012 double colon 2. it is also working let's verify the running config for router r1 show running config pipe section interface using the pipe and section keyword we can list part of the running config relevant to interface configuration the no ip address output refers to the lack of an ipv4 address even if you do not use an abbreviated ipv6 address when configuring the interface the running config will use the compressed format you can have both an ipv6 address and an ipv4 address configured on the same interface this is known as dual stack and will be discussed in lesson 20. most of the verification commands that are implemented in ipv4 can be used with ipv6 by substituting ip with ipv6 let's analyze the output from the show ipv6 interface brief command r1 show ipv6 interface brief the output is similar but there are differences from the show ip interface brief command that is used for ipv4 addresses note that the line protocol and the state of both of the serial interfaces are up and up although only one ipv6 address was configured per interface each interface has two ipv6 addresses the address that begins with fe 80 is known as a link local unicast address it is automatically configured on the interface whenever a global unicast address is assigned link local addresses can only communicate with other devices on the same link next we will verify the output from the show ipv6 interface serial 0 0 command focus on the global unicast address that was configured along with a linked local address notice that there are a group of other addresses beginning with ff02 below the header joined group addresses these are multicast addresses that the router is automatically a member of when the global unicast address was configured on at least one interface there are also several lines that refer to nd or neighbor discovery which is part of icmpv6 icmpvc and neighbor discovery are explained in lesson five in the following example we configure r1's serial 0 0 interface using the eui 64 format r1 configure terminal interface serial 0 0 ipv6 add 2001 7052 e1cc a012 double colon 64. eui 64. end notice that the command only includes the prefix 2001 7052 e1cc a012 and the prefix length is slash 64 followed by the eui 64 option had the eui 64 option not been included the interface id would have consisted of all zeros which is a valid ipv4 interface address we will verify the output from the show ipv6 interface serial 0 0 command once again unlike ipv4 using the ipv6 address command does not overwrite an existing ipv6 address ipv6 accepts multiple ipv6 addresses on the same interface notice the addition of a second global unicast address on this interface the interface id portion was created with the eui 64 format which normally uses the interface's ethernet mac address but since this is a serial interface it took the fast ethernet 0 0 mac address for its eui 64 configuration the ethernet mac address can be verified with the show interface fast ethernet 0 0 command r1 show interface fast ethernet 0 0 include burned in address using the pipe and the include keyword we can list only the line that contains bia or burned in address looking once again at the show ipv6 serial 0 0 output notice that this interface has two global unicast addresses the statically configured address and the address that was configured using eui 64. notice that both addresses on this interface are on the same 64 subnet so which of these addresses is used as the source address on packets originating from the router when the interface has multiple addresses on the same subnet this issue is addressed in rfc 3484 default address selection for ipv6 which is beyond the scope of this course to keep things simple we will remove the eui 64 created address on r1 the no ipv6 address command with the ipv6 address slash prefix length removes the specific address r1 configure terminal interface serial zero zero no ipv6 address end the show ipv6 interface brief command is used again this time to verify that there is only one global unicast address on the serial 0 0 interface the following example demonstrates using the ipv6 unnumbered command configure terminal interface fast ethernet 0 1 ipv6 unnumbered serial 0 0 end r1's fast ethernet 0-1 interface is configured as unnumbered ipv6 packets that are sent on fast ethernet 0 1 will use the ipv6 address of serial 0 0 as their source address now that we are familiar with configuring global unicast addresses let's deal with link local unicast addresses the following example shows r1's link local address on serial 0 0 using the show ipv6 interface serial 0 0 command r1 show ipv6 interface serial 0 0. because a link local address was not manually configured on this interface one was created automatically using the eui 64 format notice in the output that the mac address of fast ethernet 0 0 was used once again this time to generate the link local interface id using eui 64. this process was already used in this lab exercise to create the interface id or a global unicast address on this same interface because the same mac address is used in both of these addresses using eui 64 both addresses will have the same interface id only the prefix the leading 64 bits will be different it is easier to use manually configured linked local addresses that are more recognizable so we will configure static link local unicast addresses on the links between the routers r1 r2 and r3 we will use the same link local addresses for each interface for each router this makes it easy to recognize the link local addresses on each router r1 has the interface id 1 on all its interfaces r2 has the interface id 2 on all its interfaces and router r3 has the interface id3 on all its interfaces remember a link local address only has to be unique for that link because it is not routable off the link r1 configure terminal interface serial 0 0 ipv6 address fe80 double colon 1. link local interface serial 0 1 ipv6 address fe 80 double colon 1 link local end r2 interface serial 0 0 ipv6 address fe 80 double colon 2 link local interface serial 0 1 ipv6 address link local end r3 interface serial 0 0 ipv6 address fe 80 double colon 3 link local interface serial 0 1 ipv6 address fe 80 double colon 3 link local end in the following example the configuration is verified using the show ipinterface brief command again notice that for each router we have configured the same linked local address on each interface a link local address is created automatically whenever ipv6 is enabled on an interface this can be the result of a global unicast or unique local unicast address configured on an interface or the use of the ipv6 enable command if all occurrences of these addresses are removed the interface's linked local address is also deleted to enable an interface so it can have a link local address without a global unicast or unique local unicast address the ipv6 enable command is used as shown here r1 configure terminal interface fast ethernet 0 1 ipv6 enable end after this command is configured on an interface the router immediately creates a link local address for the interface fast ethernet 0 1 using the eui 64 format and mac address from the same interface we can verify that using the show ipv6 interface fast ethernet 0-1 and show interface fast ethernet 0-1 include burn-in address now that we are familiar with both global and link local unicast addresses let's examine multicast addresses assigned multicast addresses are used in context with specific protocols such as neighbor discovery protocol and eigrp for ipv6 which are examined in more detail in the following lessons we can examine which multicast groups router r1 is a member of by using the show ipv6 interface serial 0 0 command this output indicates that the r1 serial 0 0 interface is a member of three multicast groups r1 will listen for and process any packets with a destination address of these assigned multicast addresses ff02 double colon 1 all nodes multicast group for this link ff02 double colon 2 all routers multicast group for this link ff02 double colon 1 colon ff00 colon 1 this is the solicited node multicast address for r1's global unicast address on this interface [Music] welcome to module 2 ipv6 operations the third lesson of this module you will learn about icmp v6 and neighbor discovery this lesson examines icmp v6 which is a much more robust protocol than icmpv4 icmp v6 error messages are discussed including destination unreachable packet too big time exceeded and parameter problem icmp v6 informational messages echo request and echo reply are covered along with multicast listener discovery messages neighbor discovery protocol router solicitation router advertisement neighbor solicitation neighbor advertisement and redirect messages are examined in detail the ipv6 neighbor cache and neighbor cache states are also discussed in the lab exercise we're going to use wireshark for a closer look at many of these messages as shown in the following figure an ipv6 header with a next header value of 58 precedes every icmp v6 message the preceding header does not have to be the main ipv6 header it could also be one of the ipv6 extension headers that were discussed before all icmp v6 messages have the same general format as shown in the following figure the three fields in the message are as follows type code and checksum type 8 bits indicates the type of icmp v6 message type values from 0 to 127 identify error messages while informational messages have type values of 128 to 255 code 8 bits provides more granularity for the type field its meaning will depend upon the message type checksum 16 bits used to detect data corruption in the icmp v6 message and parts of the ipv6 header layer 3 devices use icmp v6 error messages to notify the sender as to why a packet could not be delivered the following table provides an overview of the different types of icmp v6 error messages there are four types of error messages destination unreachable packet too big time exceeded and parameter problem there are a few others that are beyond the scope of this course an icmp v6 destination unreachable message is sent when a packet cannot be delivered to its destination for reasons other than congestion a significant change to ipv6 is related to packet fragmentation and reassembly ipv6 removed this test from the router allowing only the source of the packet to perform fragmentation when an ipv6 router receives a packet larger than the mtu of the egress interface the router drops the packet and sends an icmp v6 packet too big message back to the source the packet too big message includes the mtu size of the link in bytes so that the source can change the size of the packet for re-transmission the router can fragment an ipv6 packet only if it is the source of the packet this icmp v6 error message is also used as part of path mtu discovery which allows the device to know the smallest mtu in the path to the destination ipv6 requires that every link in the internet have a minimum mtu of 1280 bytes compared to 68 bytes for ipv4 before a router forwards an ipv6 packet it decrements the hop limit field by 1. if the hop limit results in a 0 the packet is dropped and an icmp v6 time exceeded message is sent to the source this is an insurance mechanism against routing loops used by the traceroute utility to help determine the path of routers to the destination an icmp v6 parameter problem error message is generated when a device processing a packet finds a problem with a field in the main ipv6 header or an extension header and has to discard the packet icmp informational messages are not employed to report errors but provide information required for various testing diagnostics and support functions they are used to help devices discover and share information with each other the following table provides an overview of the different types of icmp v6 informational messages there are three categories of informational messages used by the ping command used for multicast listener discovery and used by neighbor discovery there are a few other icmp v6 informational messages that are beyond the scope of this course echo request and echo reply are two icmp messages used by ping a very common tcp ip utility ping is commonly used to test network layer connectivity between two devices a device sends an echo request to prompt the destination to return an echo reply to verify network layer connectivity ipv6 uses icmp v6 multicast listener discovery for the management of multicast groups basing its functionality on ipv4's igmpv2 which included a leave mechanism for the host to inform the router that it was withdrawing from that multicast group based on igmp v3 mld v2 extends the first version of mld to support source specific multicast ssm and is backward compatible with mld v1 ssm provides the ability for a host to request multicast packets not only for a destination multicast address but also from a specific source address as well there are three types of multicast listener discovery messages multicast listener query the router periodically transmits host membership query messages to determine which multicast groups still have members on the router's directly attached networks multicast listener report this message is sent by the listener to register for a multicast group the listener can send this message in response to a query or can send it unsolicited without waiting for a query from the router multicast listener done when a listener no longer wants to receive traffic for a particular multicast group it will send a multicast listener done message to inform the router that it is leaving that multicast group as described briefly in the previous lesson neighbor discovery plays an important role in the auto configuration of ipv6 address devices use neighbor discovery for the following reasons stateless address auto configuration to automatically determine the network prefix default gateway and other configuration information duplicate address detection to determine whether a link local or global unicast address it is about to use is already used by another device address resolution to determine the layer 2 data link address of a device on its network when it recognizes the destination ipv6 address neighbor unreachability detection to keep track of which neighbors are reachable and which are not searching for alternate paths when a router or the path to a router fails a host actively searches for functioning alternatives as already mentioned in the previous lesson when discussing stateless address auto configuration there are five icmp v6 messages used by neighbor discovery router solicitation message router advertisement message neighbor solicitation message neighbor advertisement message redirect message the following slides examine each message type and the methods used for router and prefix discovery address resolution and duplicate address detection router solicitation and router advertisement messages are about communications between a host and a router routers periodically send router advertisement messages or respond to a router solicitation message from a host on the link router advertisement is used to provide hosts with addressing and other configuration information and is an important part of stateless address auto configuration hosts send a router solicitation to prompt routers to immediately send a router advertisement these messages are used by a device to request layer 2 address information from another device on the same network or to provide this information to the requesting device neighbor solicitation and neighbor advertisement messages are part of three important processes address resolution duplicate address detection and neighbor unreachability detection neighbor advertisements are transmitted in response to neighbor solicitations and are also sent when it's necessary to propagate new information quickly the host will maintain two tables for each interface neighbor cash and destination cache they both maintain a list of information to which traffic has been recently sent the neighbor cache is equivalent to an arp table in ipv4 entries consist of ipv6 unicast addresses and their corresponding layer 2 addresses devices maintain this cache from the information received in neighbor advertisement messages destination cache includes destinations on other links or networks in those cases the entry will be the layer 2 address of the next hop router an v6 redirect message is used to inform a device that there is a better first hop router it works the same as a redirect message used in ipv4 using the possible option field in the icm pv6 header called target link layer address provides the link layer address of the target address the recommended next hop router this lesson examined icmp v6 two types of icmp v6 messages were discussed error messages and informational messages the icmp v6 error messages explored were destination unreachable pack it too big time exceeded and parameter problem the icmp v6 informational messages covered were echo request and echo reply multicast listener discovery messages were also examined neighbor discovery processes and its messages were discussed in detail wireshark was used in a lab exercise to provide a closer look at messages discussed in this lesson [Music] this lab exercise is similar to the one already done in lesson two where we have done a packet analysis of both ipv4 and ipv6 traffic using wireshark now we will take a closer look at the messages learned in this lesson again using the embedded packet capture feature on the routers and a wireshark this is our topology for this lab exercise in lesson two we had only routers r1 and r2 that were running both ipv4 and ipv6 now they are running only ipv6 but there is an additional router r3 that is connected to the ethernet segment to router 1 and is acting like a host using stateless address auto configuration first we are going to enable ipv6 unicast routing and ipv6 ceph processing so that we can start the embedded packet capture on all three routers we have already explained epc configuration in lesson two so you should be familiar with it r1 configure terminal unicast routing ipv6 ceph exit monitor capture buffer buffer monitor capture point ipv6 ceph capture underscore point s 1 0 s 1 0 both monitor capture point ipv6 ceph capture point f 0 1 f 0 1 both monitor capture point associate capture underscore point s 1 0 buffer f 0 1 buffer monitor capture point start all show history r2 configure terminal ipv6 unicast routing ipv6 ceph exit monitor capture buffer buffer monitor capture point ipv6 ceph capture point s one slash zero s one slash zero both monitor capture point associate capture point s one slash zero buffer monitor capture point start all r three configure terminal ipv6 unicast routing ipv6 ceph exit monitor capture buffer buffer monitor capture point ipv6 ceph capture point f 0 1 f 0 1 both monitor capture point associate capture point f 0 1 buffer monitor capture point start all if a router is not enabled as an ipv6 router using the ipv6 unicast routing command it will not send out nd router advertisement messages but it can still be configured with ipv6 interfaces essentially this turns the router into an ipv6 host the router can send and receive ipv6 packets but it cannot route them in our example r3 is acting like a host but we had to enable ipv6 unicast routing and ipv6 ceph only because embedded packet capture requires it now we need to configure the ipv6 addressing per diagram r1 configure terminal interface serial 1 0 ipv6 address 2001 7052 e1cc a012 double colon 1 64. ipv6 address 0 double colon 1 linked local clock rate 64 000 no shutdown exit interface fast 0-1 ipv6 address 2001 7052 e1cc colon one double colon one slash six four ipv6 address fe 80 double colon one link local no shutdown end r2 configure terminal interface s slash zero ipv6 address two zero zero one seven zero five two e one c c a zero one two double colon two sixty four ipv6 address fe 80 double colon 2 link local no shutdown end r3 configure terminal interface fast 0-1 ipv6 address auto-config default r3 is configured to use stateless address auto configuration no shutdown end for testing purposes we will use a couple of ping commands to generate traffic between the routers which we will analyze a bit later along with various neighbor discovery messages in the first test scenario we will ping the global unicast address of router r1 from router r2 ping 2001 7052 e1cc a012 double colon 1. in the second test scenario another ping command is issued this time pinging the link local address from router r1 to r2 ping fe 80 double colon 2. remember that a link local address only has to be unique on that link and is never routed off the link with that in mind notice that you cannot ping a link local address of r2 without first specifying the exit interface or output interface of the router as you can see in the failure of the first ping command to a link local address cisco ios requires the use of the full interface name without any spaces now we can stop capturing and export captured files to the tftp server for further analysis r1 monitor capture point stop all monitor capture buffer buffer export tftp 192.168.6.100 slash r1.pcapp r2 r2.pcapp r3 r3.pcap let's examine the icmp v6 echo request sent from r2 to r1 notice all the fields that were discussed previously beginning with the ipv6 header including the version and source and destination addresses because the destination address in the ping command was a global unicast address the source address will also be the global unicast address now let's examine similar information for the corresponding icmp v6 echo reply in both ipv6 packets the value in the next header field decimal 58 indicates that an icmp v6 header follows the ipv6 header looking at the icmp v6 header in both examples gives you a better understanding of these messages type in the echo request the type is set to 128. and in the echo reply the type is set to 129 code ignored by the receiver the code is always 0 for both an echo request and an echo reply checksum the checksum validates the icmp v6 header identifier this field is used to help match echo requests with their corresponding echo replies notice that the echo request and the echo reply have the same value this value remains constant for the entire sequence of echo requests and echo replies that were generated by this instance of the ping command in this example the identifier is set to 0x10ca for this series of icmp v6 messages sequence this field also helps match echo requests and echo replies providing a little more granularity the echo request is generated with a sequence number and its corresponding echo reply includes that same sequence number the next echo request increments the sequence number by one and the receiver uses that same value in its returning echo reply in this example the sequence number is 0 for both the echo request and the echo reply the next echo request and echo reply from the same ping command will increment the sequence number to one data the echo request adds zero or more bytes of arbitrary data the receiving device echo reply copies this data into the returned echo request following two examples show the echo request from r1 to r2 and echo reply from r2 to r1 using the link local addresses notice that both devices use their link local addresses as the ipv6 source address of the packet the remainder of the message is identical to that of the previous icmp v6 messages again link local addresses are confined to that link therefore r2 is not able to ping the link local address of r3 which is on a different link in the following example we will analyze the actual router solicitation message from r3 looking first at the ipv6 header notice that the source address is r3's link local address the destination address is the all routers multicast address ff02 double solicitor configuration information from any router on the link the next header field indicates that an icmp v6 header immediately follows looking at the icmp v6 header the type field is set to 133 indicating that this icmp v6 message is a router solicitation message next focus on the router advertisement message router r1 has been enabled as an ipv6 router with the ipv6 unicast routing command verify this by using the show ipv6 interface fast ethernet 0 1 command on r1 r1 is a member of the ff02 double colon 2 the all routers multicast group as one of its joined group addresses this occurs only if r1 was enabled as an ipv6 router with the ipv6 unicast routing command as an ipv6 router r1 will send router advertisement messages notice that r1 is sending out ra messages using the default of every 200 seconds the router lifetime determined that this router should be used as the default gateway for 1800 seconds if the host does not receive a router advertisement from this router in the next 1800 seconds it should remove this router from its list of default gateways in the following example we will analyze r1's router advertisement look at the ipv6 header and see that the next header indicates an icmp v6 header that immediately follows the source is the link local address of the interface it is important to note that this is the address that a host will use as its default gateway the destination address is an all nodes multicast ff02 double colon 1. although this router advertisement can be sent in response to a specific router solicitation message it is always sent to the all nodes multicast address the icmp v6 header provides the addressing and configuration information that r3 and other potential hosts need the type field is 134 indicating that this is a router advertisement the current hop limit field recommends that a host use a value of 64 for their ipv6 hop limit field when sending packets through this router the flags m and o are both set to zero which means that stateless address auto configuration is being used and that there is no additional information available from a dhcp v6 server the router lifetime of 1800 tells auto configured hosts that this router is a valid default gateway for the next 1800 seconds or 30 minutes unless updated by another router advertisement the reachable time is set to zero and unfortunately we cannot see any other details because further output has been truncated which is probably a limitation of embedded packet capture in the following example we will analyze router r1's neighbor cache using the show ipv6 neighbors command router r1's neighbor cache has an entry for r3 because the reachable time limit has elapsed the entry is currently in the stale state the age column shows the time in minutes that the entry has been in its current state r3 ping r1 after communication is re-established with r3 using the ping command the neighbor cache state transitions to reachable in the following example the neighbor solicitation message from r3 is examined in more detail looking at the ipv6 header notice that the next header value is 58 decimal this means that an icmp v6 header will immediately follow this ipv6 header the source ipv6 address is the global unicast address of r3 the destination address might be a little harder to recognize it is the solicited node multicast address of r1 within the icmp v6 message the type field indicates that this is a neighbor solicitation message at this point output is truncated again so unfortunately we cannot see any other details in the last example we will analyze router r1's neighbor advertisement the ipv6 header shows the next header value of 58 decimal indicating that an icmp v6 header will immediately follow this ipv6 header the source ipv6 address is the global unicast address of r1 the destination address is the global unicast address of r3 looking next at the icmp v6 portion we see that the type field indicates that this is a neighbor advertisement message the flags show that this message is coming from a router and this router advertisement is being sent in response to a neighbor solicitation at this point output is truncated again so unfortunately we cannot see any other [Music] details [Music] welcome to module 2 ipv6 operations in the last lesson of this module you will learn about enabling ipv6 this lesson will illustrate how to configure the ipv6 addresses using a common topology that we will be using for the following lessons as well some of these commands have already been discussed but some new ones will also be introduced global unicast and link local addresses will be configured using different options this lesson includes examples of the neighbor cache and modification of router advertisement messages for tuning the neighbor discovery parameters this is the how to network live rack physical topology you can ignore three switches dls1 dls2 and als2 because we are not going to need them in our topology for this course and if we remove them this is what we get this is our gns3 common physical topology for this course please note the routers r5 and r6 and we will explain their role in the next slide live rack uses 1841 routers while we are running 3725 routers in gns3 so bear in mind the difference in serial interface numbering this is our gns3 common logical topology for this course we will use routers r5 and r6 to simulate hosts on the lan segment behind router r1 assume that you are the network administrator of company 123 and have obtained the ipv6 prefix 2001 7052 e1cc double colon slash 48 from the provider the network consists of three routers r1 r2 and r3 each router has a loopback interface attached that is simulating the lan network behind the router r1 has one one one one in the fourth hextet r2 has 2 2 2 2 and r3 has 3333 in the fourth hextet internally each of the routers is connected with a point-to-point serial link to help better identify the serial connections the subnet id begins with an a0 and ends with two numbers representing the routers connected by the particular point-to-point serial link the three internal serial networks are between r1 and r2 a012 between r1 and r3 a013 and between r2 and r3 a023 the lan segment behind router r1 has subnet id 0156 because it is connecting routers r1 r5 and r6 company 123 is connected to its isp r4 through the two zero zero one seven zero five two c c one e a o three four slash sixty four network as an example of a remote server the r4 server has the loopback 0 interface configured with 4444 in the fourth hextech interface id of each ipv6 address corresponds with the router number so based on the subnet id you should figure out if the particular ipv6 address belongs to point to point loopback or lan interface while interface id reveals which router it belongs to all the addresses shown in topology are global unicast addresses this is the interface command for configuring a global unicast or unique local unicast address this is the interface command for manually configuring a link local address the following command is used to enable an ipv6 interface without specifying a global unicast or unique local unicast address this is the interface command to configure a global unicast address using the eui 64 format this is the interface command to delete all ipv6 addresses from an interface including the global unicast and link local addresses unless the ipv6 enable command has been configured use the following global configuration command to enable the forwarding of ipv6 unicast packets and the sending of neighbor discovery router advertisement messages the neighbor cache similar to an ipv4 arp cache is displayed by using the following command a static entry to the neighbor cache is configured by using the following global configuration command the neighbor cache can be cleared by using the following command router advertisement messages can be suppressed with the following interface command to change the default router advertisement interval of 200 seconds on cisco routers the following interface level command is used to change the amount of time that a host considers this router a valid default gateway the following command is used to set the m flag to 1 telling hosts to use stateful dhcp v6 instead of stateless address auto configuration for addressing information the following interface level command is used to set the o flag to 1 telling hosts that additional information is available from a dhcp v6 server such as dns related information the following interface level command is used to display ipv6 router advertisement information received from other routers on the ethernet token ring or fddi link the following command is used this lesson was the first in a series that heavily relies on live demonstration it demonstrated how to configure the addressing for the topology that we will be using in the following lessons new commands were introduced as well as some that were learned in previous [Music] lessons [Music] configuring global unicast addresses this lab exercise begins with configuring the global unicast addresses on each router similar to addressing an ipv4 network it is considered best practice to manually configure ipv6 addresses on routers servers and other network devices this helps in implementing and troubleshooting network operations the following example shows the configuration of the global unicast addresses for r1 using the ipv6 address interface command r1 configure terminal ipv6 unicast routing interface serial 0 0 ipv6 address 2001 7052 e1cc a012 double colon 1 64. clock rate 64 000 no shutdown interface serial 0-1 ipv6 address 8013 no shutdown interface loopback 0. ipv6 address one one one one interface fast ethernet zero 0 ipv6 address 0156 no shutdown end these addresses are verified with the show ipv6 interface brief command both the link local address and global unicast address of each interface are displayed the link local address is created automatically using eui 64 whenever a global unicast address has been assigned the following examples show the same configurations and verifications for routers r2 r3 and r4 respectively to speed up the process of configuring these routers we will copy and paste the config from the template r2 r3 r4 configuring link local addresses link local addresses were automatically created when you assigned global unicast addresses to the interfaces unless configured manually linked local addresses are created using an fe 80 double colon slash 10 prefix and an interface id using eui 64 process as previously mentioned eui 64 involves using the 48-bit ethernet mac address inserting e in the middle and flipping the seventh bit for serial interfaces cisco uses the mac address of a fast ethernet interface this results in the multiple interfaces having the same link local address this is acceptable because link local addresses only have to be unique on that link using the eui 64 formatted link local addresses makes it difficult to identify the source or destination of these packets or when verifying a neighbor adjacency with an ipv6 routing protocol so it is advantageous to manually configure the routers with linked local addresses that make these addresses more identifiable and easier to remember the following example shows the configuration of linked local addresses for r1s interfaces configure terminal interface serial 0 0 ipv6 address fe 80 double colon 1 link local interface serial 0 1 ipv6 address fe 80 double colon 1 link local interface fast ethernet 0 0 ipv6 address fe 80 double colon 1 link local end the same address has been configured for each interface you can verify the addresses by using the show ipv6 interface brief command the following examples show the link local address configurations and verifications for routers r2 r3 and r4 using an interface id to easily identify each router r1 all interfaces fe 80 double colon 1. to speed up the process of configuring these routers we will copy and paste the config from the template r2 all interfaces fe 80 double colon 2 r3 all interfaces fe 80 double colon 3 r4 all interfaces fe 80 double colon 4 the ipv6 enable command when a global unicast address is assigned to an interface a linked local address is automatically created linked local addresses are required on an ipv6 address while global unicast and unique local addresses are not there might be times when you want to enable ipv6 on an interface without specifying a global unicast or unique local unicast address this can be accomplished by using the ipv6 enable interface command as shown in the following example which demonstrates the use of this command on r1's fast ethernet 0-1 interface the absence of output from the first show ipv6 interface fast ethernet 0-1 command indicates that ipv6 is not yet enabled on this interface it has not been assigned any type of ipv6 address configure terminal interface fast ethernet 0-1 ipv6 enable end the ipv6 enable command automatically creates a link local address once again the show ipv6 interface fast ethernet 0-1 command is implemented but this time it verifies the presence of a link local address while indicating the absence of a global unicast address using the show ipv6 interface brief command in the following example confirms that the fast ethernet 0-1 interface only has a link local address and not a global unicast address configuring a global unicast address with the eui 64 option in most cases it is best practice to manually configure a global unicast address on an ipv6 interface there might be times when it is advantageous for the interface id to be assigned using the eui 64 technique the following example uses the router r1's fast ethernet 0-1 interface the show interface fast ethernet 0-1 pipe include burned-in address command and the following example displays its mac address which is used for the interface id of the global unicast address in the following example r1's fast ethernet 0-1 interface is configured with a global unicast address using the eui 64 format configure terminal interface fest ethernet 0-1 ipv6 address 2001 7052 e1cc 1234 double colon 64 eui 64 end the show ipv6 interface fast ethernet 0 1 command shows the global unicast address as 2001 7052 e1cc 1234 c01 fddf fe181 this address was created using the following a prefix of 2001 7052 e1cc1234 the prefix was assigned using the ipv6 prefix in the ipv6 address command an interface id of c01 fddf fe18 1 using the eui process the mac address of the interface c201 fd18001 fffe inserted in the middle and the seventh bit flipped this can easily be verified using one of many online mac converters the show running config command in the following example indicates that the global unicast address on r1's fast ethernet 0-1 interface was configured using eui 64. notice that the running config does not show the actual address like the manually configured addresses on the other interfaces also note that the only link local addresses displayed in the running config are those that were manually configured link local addresses that were automatically assigned to the interface using eui 64 are not shown in the configuration as is the case with fast ethernet 0-1 removing an ipv6 address the no ipv6 address command is used to remove an ipv6 address from an interface if this command is used without including a specific address all ipv6 addresses are removed from the interface including any global unicast addresses and the link local addresses there is one exception to the ipv6 enable command if an interface was previously configured with the ipv6 enable command the no ipv6 address command will remove all ipv6 addresses except the linked local address you must use the no ipv6 enable command to delete the link local address in the following example all ipv6 addresses from r1's fast ethernet 0-1 interface are removed first verify the configuration of this particular interface then delete the global unicast address using the no ipv6 address command configure terminal best ethernet 0-1 no ipv6 address because the ipv6 enable command was previously used you must enter no ipv6 enable to remove the linked local address the show ipv6 interface fast ethernet 0-1 and show ipv6 interface brief commands verify that all ipv6 addresses have been deleted from this interface enabling ipv6 packet forwarding and nd router advertisements ipv6 routers are used to forward ipv6 packets ipv6 routers can also announce prefix prefix length default gateway and other configuration information using nd router advertisements the global configuration command ipv6 unicast routing enables the forwarding of ipv6 unicast packets if ipv6 unicast routing has been disabled a router can still be configured with ipv6 addresses on its interfaces disabling ipv6 unicast routing causes the following prohibits the forwarding of ipv6 unicast packets prohibits the configuration of static ipv6 routing or dynamic ipv6 routing protocols and disables the sending of icmp v6 routing advertisements used by neighbor discovery protocol the output from the debug ipv6 nd command in the following example confirms that nd router advertisement messages are being sent from r1's fast ethernet 0 0 interface in the topology both r5 and r6 are acting like hosts on r1's lan and are configured to obtain their ipv6 addresses automatically r5 configure terminal interface fast ethernet 0 0 ipv6 address auto config default no shutdown and r6 configure terminal interface fast ethernet 0 0 ipv6 address auto config default no shutdown end router r1 sends its nd router advertisement messages including the prefix prefix length and default gateway information out its fast ethernet 0 0 interface both of the hosts are actually routers running ios which uses the eui 64 format for its interface id the following example shows the output from their show ipv6 interface brief and show interface fast ethernet 0 0 include burned in address commands r5 show ipv6 interface brief show interface fast ethernet 0 0 include burned in address r6 show ipv6 interface brief show interface fast ethernet 0 0 include burned in address notice that the interface ids of both their global unicast and linked local addresses were generated using their ethernet mac addresses and the eui 64 technique neighbor cash the ipv6 neighbor cash or neighbor discovery cache is similar to the arp cache in ipv4 the neighbor cache is displayed using the show ipv6 neighbors command in the following example r1 pings the global unicast address of r5 similar to arp in ipv4 r1 sends an rd neighbor solicitation message to obtain the layer 2 mac address of r5 r5 responds with an nd neighbor advertisement containing its mac address r1 uses this r5's mac address to encapsulate its icmp v6 echo requests to r5 r5 sends icmp v6 echo replies in return r1 ping r5 show ipv6 neighbors the output from r1's show ipv6 neighbors command displays the neighbor cache on r1 with r5's ipv6 address and corresponding mac address the neighbor cache is populated dynamically using neighbor solicitation and neighbor advertisement messages similar to arp requests and arp replies in ipv4 as previously discussed in lesson five static entries can also be inserted into the neighbor cache the following example demonstrates how to add a static entry to r1's neighbor cache using the global configuration command ipv6 neighbor 7052 e1cc one two three four fast ethernet zero zero one two three four five six seven eight nine abc and show ipv6 neighbors note that static entries do not age out dynamically populated neighbor cache entries can be cleared using the clear ipv6 neighbors command show ipv6 neighbors static entries need to be removed from the config configure terminal no ipv6 neighbor and show ipv6 neighbors tuning neighbor discovery parameters lesson 5 discussed the neighbor discovery protocol including neighbor advertisements in some detail a router advertisement message is sent periodically or in response to a router solicitation message it is used to provide hosts with addressing and other configuration information and is an important part of the stateless address auto configuration by default cisco routers send router advertisement messages on ethernet fast ethernet gigabit ethernet and 10 gigabit ethernet interfaces many of the router advertisement parameters are displayed in the output of the show ipv6 interface command as shown in the following example with default parameters r1 show ipv6 interface fast ethernet 0-0 the parameters for router advertisement and other neighbor discovery messages can be configured using the ipv6 nd command the following example shows some of the neighbor discovery configurations options specifically when configuring nd router advertisements interface fast ethernet 0 0 ipv6 nd router advertisements and ipv6 router does not have to participate in the sending of router advertisement messages ra messages can be suppressed with the interface command ipv6 nd ra suppress this command will suppress periodic ra messages but solicited ra messages router advertisement messages in response to router solicitation messages will still occur one of the previous examples illustrated some of the default parameters associated with router advertisement messages the ra interval is the amount of time in seconds between consecutive router advertisement messages by default the router advertisement interval is 200 seconds on cisco routers the ipv6 nd ra interval command is used to modify this parameter and in the following example the ra interval is changed to 180 seconds the ra lifetime defines how long a host should consider this router as a valid default gateway it does not apply to the other configuration parameters contained in the router advertisement the ra lifetime has a default of 1800 seconds or 30 minutes on cisco routers a lifetime of zero indicates that this router is not a default gateway and should not be added to the host's default router list the ipv6 nd ra lifetime command is used to modify the ra lifetime parameter and in the following example the ra lifetime is changed to 3 600 seconds or 60 minutes ipv6 nd ra lifetime 3600 the m flag and the o flag in the router advertisement messages are associated with stateless address auto configuration the m flag or managed address configuration flag tells a host that it is configured to obtain its configuration information automatically whether to use stateless address auto configuration or stateful configuration dhcp v6 the default zero notifies hosts on the network to use stateless address auto configuration when set to 1 this tells the host to use stateful configuration dhcp v6 to set the m flag to 1 dhcp v6 the ipv6 nd managed config flag command is used as shown in the following example the no ipv6 nd managed config flag command is used to set the flag back to its default of zero the o flag or the other configuration flag informs a host whether additional configuration information can be obtained from a dhcp v6 server such as dns related information the default of zero means that there is no additional information available from a dhcp v6 server when set to 1 this tells the host that additional information is available from a dhcp v6 server to set the o flag to 1 the ipv6 nd other config flag command is used as shown in the following example the output from r1's debug ipv6 and d command in the following example verifies that the m flag and the o flag have both been set managed address configuration other stateful configuration nd router advertisement parameters that we have changed in the previous examples can be verified using the show ipv6 interface fast ethernet 0 0 command in the following example these nd router advertisement parameters are reset using the no option for each command and verified that it is back to default values using the show ipv6 interface fast ethernet 0 0 command show run interface f 0 0 configure terminal interface fast ethernet 0 0 no managed config flag no other config flag no r a interval and no r a lifetime and show ipv6 interface fast ethernet 0-0 when there are multiple routers on the same ethernet network router advertisement messages are sent from all routers unless suppressed with the ipv6 nd ra suppress command to display ipv6 router advertisement information received from other routers on the link the show ipv6 routers command is used as shown in the following example on r5 final configurations the following example shows the final partial running configs for routers r1 r2 r3 r4 r5 and r6 r1 show run section interface r2 show run section interface r3 show run section interface r4 show run section interface r5 show run interface f0 0 r6 show run interface fast ethernet 0 0-0 in the last example we will verify the configurations by pinging the adjacent interfaces of neighboring routers r1 ping r2 r3 ping r1 r2 and r4 although we can ping the interfaces of adjacent routers we have not yet configured any routing and therefore any remote networks are unreachable ping r1's interface facing r2 we will fix this issue in the next lesson when we start dealing with routing ipv6 but before moving to the next lesson we will save the configs on all routers in our topology because we will be using it a lot in the following lessons and that will save us a great amount of time necessary to configure all the addressing r1 right r2 right are three right r4 right r5 right and r6 right

Info

Channel: Paul Browning

Views: 7,734

Rating: undefined out of 5

Keywords:

Id: NfrGNngigFU

Channel Id: undefined

Length: 210min 56sec (12656 seconds)

Published: Fri May 14 2021