SlideShare una empresa de Scribd logo

Neighbor Discovery Deep Dive – IPv6-Networking-Referat

Digicomp Academy AG
Digicomp Academy AG

Die monatlichen Anlässe in Zusammenarbeit mit dem Swiss IPv6 Council behandeln verschiedene technische Themenbereiche von IPv6. Das Referat von Jen Linkova vom 30. November 2015 widmete sich dem Neighbor Discovery Protokoll, einem Schlüsselmechanismus um Verbindungen zwischen IPv6 Knotenpunkten und LANs aufzubauen. Die Referentin fokussierte sich in der Präsentation auf die technischen Details des Designs, der Implementierung sowie Sicherheitsaspekten. Gerne stellen wir Ihnen die Präsentation zum Anschauen und Herunterladen zur Verfügung. Haben Sie Feedback zum Event? Wir sind gespannt auf Ihre Meinung.

Tecnología
1 de 41
Descargar para leer sin conexión
IPv6 Neighbor Discovery DeepDive Jen Linkova aka Furry furry13@gmail.com Nov 2015
Most Important Slide of This Talk IPv6 is NOT “like IPv4 but longer addresses”
What Can Be Improved in IPv6? ● Just one control protocol? ○ IPv4: ARP for L2, ICMP for Internet ● Less chatty protocol? ○ ARP using broadcast ● do more than just map IP <> L2 addresses? ○ ARP does not confirm reachability
Protocol Choice ● ICMPv6 is already here as a control protocol ● No reason to use non-IP protocol ● Flexible ○ new message types can be created ● Like in ARP, 2 messages are needed: ○ Neighbor Solicitation, “Who has this IPv6 address”? ○ Neighbor Advertisement, “I have this IPv6 address”
ARP Is Too Chatty ● Broadcast ○ creates noise ○ consumes network resources ○ Kills the battery on mobile devices ● NS message should be received by? ○ all hosts? => broadcast ○ or hosts which might have that address? MULTICAST
Multicast Group Address ● What about: one IPv6 address - one mcast group (ff02::$interface_id)? ○ Too many mcast groups ○ Local resolution to L2 address - only 32 bits of L3 addresses going to L2 mcast address ○ EUI-64: highest 24 bits are OUI, then fffe ○ Manually assigned interface_id: no highest bits set 2001:db8::1:6aa8:6dff:fe12:f7b2 network prefix 64 bits EUI-64 based interface ID 64 bits OUI NIC-specific
Solicited Node MCast Address ● Lower 24 bits of IPv6 address ● Solicited-node multicast address format: ○ Globally-assigned prefix FF02::1:FF00:0:/104 ○ low-order 24 bits of a node address 2001:db8::1:6aa8:6dff:fe12:f7b2 FF02::1:FF00:0:12:f7b2 network prefix interface ID 64 bits 24 bits 24 bitsmcast prefix 104 bits solicited node multicast address
IPv4/ARP: WiFi Internet IP: 192.0.2.42/24 switch with MLD snooping ARP query: ‘Who has 192.0.2.42’ 2 traffic to 192.0.2.421
Multicast, ND and MLD: WiFi Internet ether 68:a8:6d:12:f7:b2 ip: 2001:db8:1::6aa8:6dff:fe12:f7b2 ip: 2001:db8:3::6aa8:6dff:fe12:f7b2 mcast group: FF02::1:FF00:0:12:f7:b2 switch with MLD snooping host joining mcast group 1 3 traffic to 2001:db8:1::6aa8:6dff: fe12:f7b2 2 NS query to FF02::1:FF00:0:12:f7:b2 Who has 2001:db8:1::6aa8:6dff:fe12:f7b2’
Non-Existent Address & WiFi: V4 Internet No host has address 192.0.2.42 switch with MLD snooping ARP query: ‘Who has 192.0.2.42’ 2 traffic to 192.0.2.42 (scan) 1
Non-existent Address and WiFi: V6 Internet switch with MLD snooping NS query to FF02::1:FF00:0:12:f7:b2 Who has 2001:db8:1::6aa8:6dff:fe12:f7b2’ 2 traffic to 2001:db8:1::6aa8:6dff: fe12:f7b2 (scan) 1 no host has an IPv6 address 2001:db8:1::6aa8:6dff:fe12:f7b2 no host joined mcast group FF02::1:FF00: 0:12:f7:b2
Improve ND Robustness (1) Who has 2001:db8:1:2:3:4:5:6?” I have 2001:db8:1:2:3:4:5:6” ? Who has 2001:db8:1:2:3:4:5:6?” Someone asked, so I’m replying: I have 2001:db8:1:2:3:4:5:6” one-way communication possible most likely communication is bi-directional
Improve ND Robustness (2) from: fe80::3 to 2001:db8::3 Who has 2001:db8::3?” I have 2001:db8::3, my L2 address is MAC_1” I have traffic for 2001:db8:: 3. The cache entry for 2001: db8::3 is very old and needs updating. But maybe L2 address has not changed and it is still MAC_1? cool, 2001:db8::3 still has MAC_1, refreshing my cache entry for 2001:db8::3 data packets to 2001:db8::3/MAC_1 2001:db8::3
Upper-Layer Integration The cache entry for 2001:db8::3 is about to expire and and needs updating. Oh, but TCP layer has just confirmed bi-directional communication and it is using the existing MAC_1 - so it seems to be correct one! tcp segment received from 2001:db8::3 2001:db8::32001:db8::2
Neighbor Caches Entry Lifecycle REACHABLE STALE DELAY PROBE NON-EXISTENT ReachableTime, random value normally 15-45 secs Used to be: unlimited time until new packet needs to be sent; Now: just long timer DELAY_FIRST_PROBE timer, default = 5 sec MAX_UNICAST_SOLICIT times RETRANS_TIMES, default = 3x1 sec “good to use” IPv6 <> MAC entry last known to be “good to use” entry “let’s try to use it...it might work..” let’s send unicast NS to that address old entry does not work, delete it!
IPv6 Autoconfiguration
How to Configure a Host ● Manual configuration ● Controlled by external system (DHCP) ○ stateful or stateless ● StateLess Address Auto-Configuration (SLAAC) ○ network prefix ■ routers know prefixes configured ■ well-known link-local fe80::/10 ○ host can generate interface id: ■ EUI-64 ■ random ■ other options
Interface ID: Avoiding Duplicates interface id generated by a host might not be unique before using an address - check for duplicates host needs to know if there is another owner for that IP Neighbor Discovery locates owners of IP addresses ???HOW???
Duplicate Address Detection
Duplicate Address Detection (DAD) Host A generates an IP ‘A’ for interface ‘I’ Host A joins mcast groups: ‘all nodes on the link’ (ff02::1) solicited-node multicast group for address A (FF02::1:FF00:0:A) NS queries for A received? dst FF02::1:FF00:0:A', src :: Address A is NOT unique Address A is unique Host A sends multicast NS for address A NA received for A? YES YES NO NO
Duplicate Address Detection (contd) ● DAD MUST be performed for all addresses (ex. anycast) ● Heavily relies on multicast so false negatives might happen: ○ on busy wifi networks ○ if multicast is broken After DAD failure manual actions are required.
Prefix and Router Discovery
Critical Info to Discover ● Network prefix (to complete the address configuration) ● Default router(s) ● Routes to some destinations ● DNS servers and search list Routers have most of this info Router are neighbors => ND can be used!
Router Solicitation and Advertisement RouterA RouterB Router Solicitation to ff02::2 (all routers) Router Advertisement to ff02::1 (all hosts) or unicast Router Advertisement to ff02::1 (all hosts) or unicast
Router Advertisement Message Src IP = link-local, Dst IP = the source IP of the RS query or FF02::1 ● M,O flags: indicate that addresses (M) or other configuration info (O) is available via DHCPv6 ● Router lifetime (in seconds) – the lifetime associated with the default router (0 - the router isn't default router, shouldn't appear on the default router list) ● Reachable time (millisecs) – how long the neighbor is reachable after receiving a reachability confirmation (NC record goes from Reachable -> Stale then) ● Retransmit timer (millisecs) – the interval between retransmitted NS messages
RAs: What Can Possibly Go Wrong #1 ● Solicited RAs: in response to RS but rate-limited to 1/ MIN_DELAY_BETWEEN_RAS sec (default: 3 secs) ● Large-scale wifi network: ○ every 3 secs ○ kills the battery on mobile devices ● Solution: to send solicited RAs unicast see draft-ietf-v6ops-reducing-ra-energy-consumption
Prefix Information Option (PIO) ● L - prefix is on-link ● A - prefix can be used for SLAAC TYPE = 3 LENGTH = 4 PREFIX LENGTH RESERVED VALID LIFETIME PREFERRED LIFETIME RESERVED PREFIX (128 bit) L A 0 7 15 23 26 31
It’s All About Timers ● Deprecated address ○ SHOULD be used for existing communications ○ SHOULD NOT be used for new ones ● Preferred lifetime <= Valid lifetime ● Can not set valid lifetime < 2hrs Default values: ● preferred lifetime - 7d ● valid lifetime - 30d address configured preferred lifetime expired valid lifetime expired address is valid preferred deprecated invalid time
Multiple PIOs ● Removing a prefix from router configuration DOES NOT mean hosts stop using it ● To renumber a new RA with PIO with preferred lifetime = 0 needs to be sent PIO for 2001:db8:1::/64 received preferred lifetime expired for 2001:db8:2::/64 time PIO for 2001:db8:2::/64 received preferred lifetime expired for 2001:db8:1::/64 2001:db8:2::X is preferred 2001:db8:1::X is preferred BOTH addresses are preferred
How NOT TO Renumber Router RS1 2 RA with PIO 2001:db8:1::/64 3 2001:db8:1::6aa8:6dff:fe12:f7b2 preferred Server 4 traffic between 2001:db8:1::6aa8:6dff:fe12:f7b2 and the server Router RS1 2 RA with PIO 2001:db8:2::/64 3 2001:db8:1::6aa8:6dff:fe12:f7b2 preferred 2001:db8:2::6aa8:6dff:fe12:f7b2 preferred Server 4 from 2001:db8:1::6aa8:6dff:fe12:f7b2 5 return traffic dropped # show | compare [edit protocols router-advertisement interface ae1] + prefix 2001:db8:2::/64; - prefix 2001:db8:1::/64;
Second Most Important Slide Never Ever Use Prefixlength between 64 and 127 bytes
RAs, PIOs and Prefix Length SLAAC DOES NOT work with PIOs if prefix length !=64 What the prefix length field is for then? Network Prefix Interface ID IPv6 Address 128 bits 64 bits64 bits
The Host, the Link, and the Subnet
What Does “Subnet Mask” Mean ● IPv4: IP address + netmask => on-link prefix ● IPv6: On-link prefix & address assignment are separated! ○ Link-local – always on-link ○ Any other addresses - if explicitly told so See "IPv6 Subnet Model: The Relationship between Links and Subnet Prefixes", RFC5942
On-link Prefix List Prefix is on-link if - PIO with L flag received - ICMPv6 Redirect received from a router - a Neighbor Advertisement message is received for the (target) address - any Neighbor Discovery message is received from the address - it is link-local fe80::/10 Everything else is OFF-LINK
On-link Prefixes: Examples LAN Router 2001:db8:1::22001:db8:1::1 ND and data traffic between 2001:db8:1::1 and 2001:db8:2::2 Router Advertisement with PIO for: 2001:db8:1::/64 flag L=1, A=1 1 packet to 2001:db8:1::2 sent to default router 2 3 ICMPv6 Redirect: target address and destination address: 2001:db8:1:2 4 hosts are not in the same /64 subnet!
On-link Prefix: Examples LAN Router 2001:db8:2::22001:db8:1::1 Router Advertisement with PIOs for: 2001:db8:1::/64 flag L=1 2001:db8:2::/64 flag L=1 ND and data traffic between 2001:db8:1::1 and 2001:db8:2::2 hosts are not in the same /64 subnet!
On-link Prefix: Examples LAN 2001:db8:2::22001:db8:1::1 ND and data traffic between 2001:db8:1::1 and 2001:db8:2::2 NA to all hosts: “I have address 2001:db8:2::2” 1 2 hosts are not in the same /64 subnet!
Other RA Options ● Route Information Option ○ more specific routes ● MTU ● DNS ○ Recursive DNS Server ○ Search List
Questions?

Recomendados

IPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryIPv6 - Neighbour Discovery
IPv6 - Neighbour Discovery
Heba_a
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
Wahyu Nasution
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
Chaing Ravuth
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Thomas Graf
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOME
networkershome
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Bruno Teixeira
 

Recomendados

IPv6 - Neighbour Discovery
IPv6 - Neighbour DiscoveryIPv6 - Neighbour Discovery
IPv6 - Neighbour Discovery
Heba_a
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
Wahyu Nasution
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 
CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7CCNP ROUTE V7 CH7
CCNP ROUTE V7 CH7
Chaing Ravuth
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Thomas Graf
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOME
networkershome
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Bruno Teixeira
 
CCNP Route EIGRP Overview
CCNP Route EIGRP OverviewCCNP Route EIGRP Overview
CCNP Route EIGRP Overview
Visalini Kumaraswamy
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Milan Jan/2014
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Milan Jan/2014Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Milan Jan/2014
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Milan Jan/2014
Bruno Teixeira
 
BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol)BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol)
NetProtocol Xpert
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
 
ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIP
Saúl Ibarra Corretgé
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
APNIC
 
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
Bruno Teixeira
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
Kernel TLV
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
Faisal Reza
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
APNIC
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
NetProtocol Xpert
 
Snabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporterSnabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporter
Igalia
 
1 asr9 k platform architecture
1 asr9 k platform architecture1 asr9 k platform architecture
1 asr9 k platform architecture
Thanh Hung Quach
 
Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD)
KHNOG
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Bruno Teixeira
 
Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)
Nutan Singh
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
APNIC
 
Designing Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPNDesigning Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPN
Anas
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring Protocol
Bertrand Duvivier
 
Mpls
MplsMpls
Mpls
Fasih Rehman
 
I Pv6 Nd
I Pv6 NdI Pv6 Nd
I Pv6 Nd
Ram Dutt Shukla
 
2. IPv6 Neighbor Discovery und Autokonfiguration - Marc Eggenberger
2. IPv6 Neighbor Discovery und Autokonfiguration - Marc Eggenberger2. IPv6 Neighbor Discovery und Autokonfiguration - Marc Eggenberger
2. IPv6 Neighbor Discovery und Autokonfiguration - Marc Eggenberger
Digicomp Academy AG
 

Más contenido relacionado

La actualidad más candente

Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
 

La actualidad más candente (20)

CCNP Route EIGRP Overview
CCNP Route EIGRP OverviewCCNP Route EIGRP Overview
CCNP Route EIGRP Overview
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Milan Jan/2014
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Milan Jan/2014Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Milan Jan/2014
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Milan Jan/2014
 
BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol)BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol)
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIP
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
 
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
Software Defined Network (SDN) using ASR9000 :: BRKSPG-2722 | San Diego 2015
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
 
Layer 2 switching
Layer 2 switchingLayer 2 switching
Layer 2 switching
 
Snabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporterSnabbflow: A Scalable IPFIX exporter
Snabbflow: A Scalable IPFIX exporter
 
1 asr9 k platform architecture
1 asr9 k platform architecture1 asr9 k platform architecture
1 asr9 k platform architecture
 
Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD)
Bidirectional Forwarding Detection (BFD)
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
 
Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
 
Designing Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPNDesigning Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPN
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring Protocol
 
Mpls
MplsMpls
Mpls
 

Destacado

Neighbor discoverydhcp
Neighbor discoverydhcpNeighbor discoverydhcp
Neighbor discoverydhcp
Fred Bovy
 
types of computer networks, protocols and standards
types of computer networks, protocols and standardstypes of computer networks, protocols and standards
types of computer networks, protocols and standards
Midhun Menon
 
Networking Standards And Protocols
Networking Standards And ProtocolsNetworking Standards And Protocols
Networking Standards And Protocols
Steven Cahill
 

Destacado (18)

I Pv6 Nd
I Pv6 NdI Pv6 Nd
I Pv6 Nd
 
2. IPv6 Neighbor Discovery und Autokonfiguration - Marc Eggenberger
2. IPv6 Neighbor Discovery und Autokonfiguration - Marc Eggenberger2. IPv6 Neighbor Discovery und Autokonfiguration - Marc Eggenberger
2. IPv6 Neighbor Discovery und Autokonfiguration - Marc Eggenberger
 
Neighbor discoverydhcp
Neighbor discoverydhcpNeighbor discoverydhcp
Neighbor discoverydhcp
 
Presentation For NDP Process
Presentation For NDP ProcessPresentation For NDP Process
Presentation For NDP Process
 
IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)IPv6 Neighbor Discovery Problems (and mitigations)
IPv6 Neighbor Discovery Problems (and mitigations)
 
Linx88 IPv6 Neighbor Discovery Russell Heilling
Linx88 IPv6 Neighbor Discovery Russell HeillingLinx88 IPv6 Neighbor Discovery Russell Heilling
Linx88 IPv6 Neighbor Discovery Russell Heilling
 
10 ipv6
10 ipv610 ipv6
10 ipv6
 
Layer3protocols
Layer3protocolsLayer3protocols
Layer3protocols
 
cours DHCP IPv4 et IPv6
cours DHCP IPv4 et IPv6cours DHCP IPv4 et IPv6
cours DHCP IPv4 et IPv6
 
Networking standards
Networking standardsNetworking standards
Networking standards
 
IPv6
IPv6IPv6
IPv6
 
NETWORK STANDARD
NETWORK STANDARDNETWORK STANDARD
NETWORK STANDARD
 
types of computer networks, protocols and standards
types of computer networks, protocols and standardstypes of computer networks, protocols and standards
types of computer networks, protocols and standards
 
Networking Standards And Protocols
Networking Standards And ProtocolsNetworking Standards And Protocols
Networking Standards And Protocols
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShare
 
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksHow to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & Tricks
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShare
 

Similar a Neighbor Discovery Deep Dive – IPv6-Networking-Referat

IPv6 - Jozi Linux User Group Presentation
IPv6 - Jozi Linux User Group PresentationIPv6 - Jozi Linux User Group Presentation
IPv6 - Jozi Linux User Group Presentation
Jumping Bean
 
ipv6 introduction & environment buildup
ipv6 introduction & environment buildupipv6 introduction & environment buildup
ipv6 introduction & environment buildup
psychesnet Hsieh
 
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
Louis Göhl
 
To setup the simplest IPv6 network you just have to boot up a host o.pdf
To setup the simplest IPv6 network you just have to boot up a host o.pdfTo setup the simplest IPv6 network you just have to boot up a host o.pdf
To setup the simplest IPv6 network you just have to boot up a host o.pdf
aptexx
 
Cisco presentation2
Cisco presentation2Cisco presentation2
Cisco presentation2
ehsan nazer
 

Similar a Neighbor Discovery Deep Dive – IPv6-Networking-Referat (20)

IPv6 - Jozi Linux User Group Presentation
IPv6 - Jozi Linux User Group PresentationIPv6 - Jozi Linux User Group Presentation
IPv6 - Jozi Linux User Group Presentation
 
ipv6 introduction & environment buildup
ipv6 introduction & environment buildupipv6 introduction & environment buildup
ipv6 introduction & environment buildup
 
Lesson 3: IPv6 Fundamentals
Lesson 3: IPv6 FundamentalsLesson 3: IPv6 Fundamentals
Lesson 3: IPv6 Fundamentals
 
IPV6 IPv6 Routing Lab By Rob Hamm
IPV6 IPv6 Routing Lab By Rob HammIPV6 IPv6 Routing Lab By Rob Hamm
IPV6 IPv6 Routing Lab By Rob Hamm
 
IPv6_Quick_Start_Guide
IPv6_Quick_Start_GuideIPv6_Quick_Start_Guide
IPv6_Quick_Start_Guide
 
IPv6 Overview
IPv6 OverviewIPv6 Overview
IPv6 Overview
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
SVR401: DirectAccess Technical Drilldown, Part 1 of 2: IPv6 and transition te...
 
10 routing-bgp
10 routing-bgp10 routing-bgp
10 routing-bgp
 
Ipv6 Alp
Ipv6 AlpIpv6 Alp
Ipv6 Alp
 
IPv6
IPv6IPv6
IPv6
 
Ipv6 questions
Ipv6 questionsIpv6 questions
Ipv6 questions
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheet
 
ipv6_cheat_sheet.pdf
ipv6_cheat_sheet.pdfipv6_cheat_sheet.pdf
ipv6_cheat_sheet.pdf
 
To setup the simplest IPv6 network you just have to boot up a host o.pdf
To setup the simplest IPv6 network you just have to boot up a host o.pdfTo setup the simplest IPv6 network you just have to boot up a host o.pdf
To setup the simplest IPv6 network you just have to boot up a host o.pdf
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
 
Tech f42
Tech f42Tech f42
Tech f42
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheet
 
Cisco presentation2
Cisco presentation2Cisco presentation2
Cisco presentation2
 
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introductionCodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction
 

Más de Digicomp Academy AG

Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Digicomp Academy AG
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingSwiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Digicomp Academy AG
 
UX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessUX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital Business
Digicomp Academy AG
 
Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich
Digicomp Academy AG
 

Más de Digicomp Academy AG (20)

Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
Becoming Agile von Christian Botta – Personal Swiss Vortrag 2019
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
 
Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018Innovation durch kollaboration gennex 2018
Innovation durch kollaboration gennex 2018
 
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handoutRoger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
Roger basler meetup_digitale-geschaeftsmodelle-entwickeln_handout
 
Roger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handoutRoger basler meetup_21082018_work-smarter-not-harder_handout
Roger basler meetup_21082018_work-smarter-not-harder_handout
 
Xing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit xXing expertendialog zu nudge unit x
Xing expertendialog zu nudge unit x
 
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
Responsive Organisation auf Basis der Holacracy – nur ein Hype oder die Zukunft?
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe Klein
 
Agiles Management - Wie geht das?
Agiles Management - Wie geht das?Agiles Management - Wie geht das?
Agiles Management - Wie geht das?
 
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi OdermattGewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
Gewinnen Sie Menschen und Ziele - Referat von Andi Odermatt
 
Querdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING ExpertendialogQuerdenken mit Kreativitätsmethoden – XING Expertendialog
Querdenken mit Kreativitätsmethoden – XING Expertendialog
 
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickelnXing LearningZ: Digitale Geschäftsmodelle entwickeln
Xing LearningZ: Digitale Geschäftsmodelle entwickeln
 
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only BuildingSwiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
Swiss IPv6 Council: The Cisco-Journey to an IPv6-only Building
 
UX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital BusinessUX – Schlüssel zum Erfolg im Digital Business
UX – Schlüssel zum Erfolg im Digital Business
 
Minenfeld IPv6
Minenfeld IPv6Minenfeld IPv6
Minenfeld IPv6
 
Was ist design thinking
Was ist design thinkingWas ist design thinking
Was ist design thinking
 
Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich Die IPv6 Journey der ETH Zürich
Die IPv6 Journey der ETH Zürich
 
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)CommerceXing LearningZ: Die 10 + 1 Trends im (E-)Commerce
Xing LearningZ: Die 10 + 1 Trends im (E-)Commerce
 
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloudZahlen Battle: klassische werbung vs.online-werbung-somexcloud
Zahlen Battle: klassische werbung vs.online-werbung-somexcloud
 
General data protection regulation-slides
General data protection regulation-slidesGeneral data protection regulation-slides
General data protection regulation-slides
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Neighbor Discovery Deep Dive – IPv6-Networking-Referat

  • 1. IPv6 Neighbor Discovery DeepDive Jen Linkova aka Furry furry13@gmail.com Nov 2015
  • 2. Most Important Slide of This Talk IPv6 is NOT “like IPv4 but longer addresses”
  • 3. What Can Be Improved in IPv6? ● Just one control protocol? ○ IPv4: ARP for L2, ICMP for Internet ● Less chatty protocol? ○ ARP using broadcast ● do more than just map IP <> L2 addresses? ○ ARP does not confirm reachability
  • 4. Protocol Choice ● ICMPv6 is already here as a control protocol ● No reason to use non-IP protocol ● Flexible ○ new message types can be created ● Like in ARP, 2 messages are needed: ○ Neighbor Solicitation, “Who has this IPv6 address”? ○ Neighbor Advertisement, “I have this IPv6 address”
  • 5. ARP Is Too Chatty ● Broadcast ○ creates noise ○ consumes network resources ○ Kills the battery on mobile devices ● NS message should be received by? ○ all hosts? => broadcast ○ or hosts which might have that address? MULTICAST
  • 6. Multicast Group Address ● What about: one IPv6 address - one mcast group (ff02::$interface_id)? ○ Too many mcast groups ○ Local resolution to L2 address - only 32 bits of L3 addresses going to L2 mcast address ○ EUI-64: highest 24 bits are OUI, then fffe ○ Manually assigned interface_id: no highest bits set 2001:db8::1:6aa8:6dff:fe12:f7b2 network prefix 64 bits EUI-64 based interface ID 64 bits OUI NIC-specific
  • 7. Solicited Node MCast Address ● Lower 24 bits of IPv6 address ● Solicited-node multicast address format: ○ Globally-assigned prefix FF02::1:FF00:0:/104 ○ low-order 24 bits of a node address 2001:db8::1:6aa8:6dff:fe12:f7b2 FF02::1:FF00:0:12:f7b2 network prefix interface ID 64 bits 24 bits 24 bitsmcast prefix 104 bits solicited node multicast address
  • 8. IPv4/ARP: WiFi Internet IP: 192.0.2.42/24 switch with MLD snooping ARP query: ‘Who has 192.0.2.42’ 2 traffic to 192.0.2.421
  • 9. Multicast, ND and MLD: WiFi Internet ether 68:a8:6d:12:f7:b2 ip: 2001:db8:1::6aa8:6dff:fe12:f7b2 ip: 2001:db8:3::6aa8:6dff:fe12:f7b2 mcast group: FF02::1:FF00:0:12:f7:b2 switch with MLD snooping host joining mcast group 1 3 traffic to 2001:db8:1::6aa8:6dff: fe12:f7b2 2 NS query to FF02::1:FF00:0:12:f7:b2 Who has 2001:db8:1::6aa8:6dff:fe12:f7b2’
  • 10. Non-Existent Address & WiFi: V4 Internet No host has address 192.0.2.42 switch with MLD snooping ARP query: ‘Who has 192.0.2.42’ 2 traffic to 192.0.2.42 (scan) 1
  • 11. Non-existent Address and WiFi: V6 Internet switch with MLD snooping NS query to FF02::1:FF00:0:12:f7:b2 Who has 2001:db8:1::6aa8:6dff:fe12:f7b2’ 2 traffic to 2001:db8:1::6aa8:6dff: fe12:f7b2 (scan) 1 no host has an IPv6 address 2001:db8:1::6aa8:6dff:fe12:f7b2 no host joined mcast group FF02::1:FF00: 0:12:f7:b2
  • 12. Improve ND Robustness (1) Who has 2001:db8:1:2:3:4:5:6?” I have 2001:db8:1:2:3:4:5:6” ? Who has 2001:db8:1:2:3:4:5:6?” Someone asked, so I’m replying: I have 2001:db8:1:2:3:4:5:6” one-way communication possible most likely communication is bi-directional
  • 13. Improve ND Robustness (2) from: fe80::3 to 2001:db8::3 Who has 2001:db8::3?” I have 2001:db8::3, my L2 address is MAC_1” I have traffic for 2001:db8:: 3. The cache entry for 2001: db8::3 is very old and needs updating. But maybe L2 address has not changed and it is still MAC_1? cool, 2001:db8::3 still has MAC_1, refreshing my cache entry for 2001:db8::3 data packets to 2001:db8::3/MAC_1 2001:db8::3
  • 14. Upper-Layer Integration The cache entry for 2001:db8::3 is about to expire and and needs updating. Oh, but TCP layer has just confirmed bi-directional communication and it is using the existing MAC_1 - so it seems to be correct one! tcp segment received from 2001:db8::3 2001:db8::32001:db8::2
  • 15. Neighbor Caches Entry Lifecycle REACHABLE STALE DELAY PROBE NON-EXISTENT ReachableTime, random value normally 15-45 secs Used to be: unlimited time until new packet needs to be sent; Now: just long timer DELAY_FIRST_PROBE timer, default = 5 sec MAX_UNICAST_SOLICIT times RETRANS_TIMES, default = 3x1 sec “good to use” IPv6 <> MAC entry last known to be “good to use” entry “let’s try to use it...it might work..” let’s send unicast NS to that address old entry does not work, delete it!
  • 16.
  • 18. How to Configure a Host ● Manual configuration ● Controlled by external system (DHCP) ○ stateful or stateless ● StateLess Address Auto-Configuration (SLAAC) ○ network prefix ■ routers know prefixes configured ■ well-known link-local fe80::/10 ○ host can generate interface id: ■ EUI-64 ■ random ■ other options
  • 19. Interface ID: Avoiding Duplicates interface id generated by a host might not be unique before using an address - check for duplicates host needs to know if there is another owner for that IP Neighbor Discovery locates owners of IP addresses ???HOW???
  • 21. Duplicate Address Detection (DAD) Host A generates an IP ‘A’ for interface ‘I’ Host A joins mcast groups: ‘all nodes on the link’ (ff02::1) solicited-node multicast group for address A (FF02::1:FF00:0:A) NS queries for A received? dst FF02::1:FF00:0:A', src :: Address A is NOT unique Address A is unique Host A sends multicast NS for address A NA received for A? YES YES NO NO
  • 22. Duplicate Address Detection (contd) ● DAD MUST be performed for all addresses (ex. anycast) ● Heavily relies on multicast so false negatives might happen: ○ on busy wifi networks ○ if multicast is broken After DAD failure manual actions are required.
  • 24. Critical Info to Discover ● Network prefix (to complete the address configuration) ● Default router(s) ● Routes to some destinations ● DNS servers and search list Routers have most of this info Router are neighbors => ND can be used!
  • 25. Router Solicitation and Advertisement RouterA RouterB Router Solicitation to ff02::2 (all routers) Router Advertisement to ff02::1 (all hosts) or unicast Router Advertisement to ff02::1 (all hosts) or unicast
  • 26. Router Advertisement Message Src IP = link-local, Dst IP = the source IP of the RS query or FF02::1 ● M,O flags: indicate that addresses (M) or other configuration info (O) is available via DHCPv6 ● Router lifetime (in seconds) – the lifetime associated with the default router (0 - the router isn't default router, shouldn't appear on the default router list) ● Reachable time (millisecs) – how long the neighbor is reachable after receiving a reachability confirmation (NC record goes from Reachable -> Stale then) ● Retransmit timer (millisecs) – the interval between retransmitted NS messages
  • 27. RAs: What Can Possibly Go Wrong #1 ● Solicited RAs: in response to RS but rate-limited to 1/ MIN_DELAY_BETWEEN_RAS sec (default: 3 secs) ● Large-scale wifi network: ○ every 3 secs ○ kills the battery on mobile devices ● Solution: to send solicited RAs unicast see draft-ietf-v6ops-reducing-ra-energy-consumption
  • 28. Prefix Information Option (PIO) ● L - prefix is on-link ● A - prefix can be used for SLAAC TYPE = 3 LENGTH = 4 PREFIX LENGTH RESERVED VALID LIFETIME PREFERRED LIFETIME RESERVED PREFIX (128 bit) L A 0 7 15 23 26 31
  • 29. It’s All About Timers ● Deprecated address ○ SHOULD be used for existing communications ○ SHOULD NOT be used for new ones ● Preferred lifetime <= Valid lifetime ● Can not set valid lifetime < 2hrs Default values: ● preferred lifetime - 7d ● valid lifetime - 30d address configured preferred lifetime expired valid lifetime expired address is valid preferred deprecated invalid time
  • 30. Multiple PIOs ● Removing a prefix from router configuration DOES NOT mean hosts stop using it ● To renumber a new RA with PIO with preferred lifetime = 0 needs to be sent PIO for 2001:db8:1::/64 received preferred lifetime expired for 2001:db8:2::/64 time PIO for 2001:db8:2::/64 received preferred lifetime expired for 2001:db8:1::/64 2001:db8:2::X is preferred 2001:db8:1::X is preferred BOTH addresses are preferred
  • 31. How NOT TO Renumber Router RS1 2 RA with PIO 2001:db8:1::/64 3 2001:db8:1::6aa8:6dff:fe12:f7b2 preferred Server 4 traffic between 2001:db8:1::6aa8:6dff:fe12:f7b2 and the server Router RS1 2 RA with PIO 2001:db8:2::/64 3 2001:db8:1::6aa8:6dff:fe12:f7b2 preferred 2001:db8:2::6aa8:6dff:fe12:f7b2 preferred Server 4 from 2001:db8:1::6aa8:6dff:fe12:f7b2 5 return traffic dropped # show | compare [edit protocols router-advertisement interface ae1] + prefix 2001:db8:2::/64; - prefix 2001:db8:1::/64;
  • 32. Second Most Important Slide Never Ever Use Prefixlength between 64 and 127 bytes
  • 33. RAs, PIOs and Prefix Length SLAAC DOES NOT work with PIOs if prefix length !=64 What the prefix length field is for then? Network Prefix Interface ID IPv6 Address 128 bits 64 bits64 bits
  • 34. The Host, the Link, and the Subnet
  • 35. What Does “Subnet Mask” Mean ● IPv4: IP address + netmask => on-link prefix ● IPv6: On-link prefix & address assignment are separated! ○ Link-local – always on-link ○ Any other addresses - if explicitly told so See "IPv6 Subnet Model: The Relationship between Links and Subnet Prefixes", RFC5942
  • 36. On-link Prefix List Prefix is on-link if - PIO with L flag received - ICMPv6 Redirect received from a router - a Neighbor Advertisement message is received for the (target) address - any Neighbor Discovery message is received from the address - it is link-local fe80::/10 Everything else is OFF-LINK
  • 37. On-link Prefixes: Examples LAN Router 2001:db8:1::22001:db8:1::1 ND and data traffic between 2001:db8:1::1 and 2001:db8:2::2 Router Advertisement with PIO for: 2001:db8:1::/64 flag L=1, A=1 1 packet to 2001:db8:1::2 sent to default router 2 3 ICMPv6 Redirect: target address and destination address: 2001:db8:1:2 4 hosts are not in the same /64 subnet!
  • 38. On-link Prefix: Examples LAN Router 2001:db8:2::22001:db8:1::1 Router Advertisement with PIOs for: 2001:db8:1::/64 flag L=1 2001:db8:2::/64 flag L=1 ND and data traffic between 2001:db8:1::1 and 2001:db8:2::2 hosts are not in the same /64 subnet!
  • 39. On-link Prefix: Examples LAN 2001:db8:2::22001:db8:1::1 ND and data traffic between 2001:db8:1::1 and 2001:db8:2::2 NA to all hosts: “I have address 2001:db8:2::2” 1 2 hosts are not in the same /64 subnet!
  • 40. Other RA Options ● Route Information Option ○ more specific routes ● MTU ● DNS ○ Recursive DNS Server ○ Search List