IPv6 Crash Course

Astro <astro@spaceboyz.net>

Warum IPv6?

Mehr Adressen
Multicast
IPSec
Autokonfiguration

IPv6 Packet Header

Adressen

IPv4

4 × 8 bits = 32 bits
192.0.2.11
10.0.0.1
(Meist) Dezimalschreibweise

IPv6

8 × 16 bits = 128 bits
2001:8d8:81:5c8:219:dbff:fe64:81a7
2001:db8::c3d2:0:1
:(0:)* kann 1× durch :: abgekürzt werden.
Führende Nullen können weggelassen werden

Subnets & Subnet Masks

IPv4

  172.22.16.21
& 255.255.255.0
= 172.22.16.0

  172.22.16.70
& 255.255.255.192
= 172.22.16.64

IPv6

  2001:08d8:0081:05c8:0219:dbff:fe64:81a7
& ffff:ffff:ffff:ffff:0000:0000:0000:0000
= 2001:08d8:0081:05c8:0000:0000:0000:0000

  2001:8d8:81:5c8:219:dbff:fe64:81a7
& ffff:ffff:ffff:ff00::
= 2001:8d8:81:500::

CIDR Notation

IPv4 (Netmask bits)

a.b.c.d/0: 0.0.0.0
a.b.c.d/8: 255.0.0.0
a.b.c.d/16: 255.255.0.0
a.b.c.d/24: 255.255.255.0
a.b.c.d/25: 255.255.255.128
a.b.c.d/26: 255.255.255.192
a.b.c.d/27: 255.255.255.224
a.b.c.d/28: 255.255.255.240
a.b.c.d/29: 255.255.255.248
a.b.c.d/30: 255.255.255.252
a.b.c.d/31: 255.255.255.254
a.b.c.d/32: 255.255.255.255

IPv6 (Prefix length)

::/0: ::
a:b:c:d:e:f:g:h/60: ffff:ffff:ffff:fff0::
a:b:c:d:e:f:g:h/61: ffff:ffff:ffff:fff8::
a:b:c:d:e:f:g:h/62: ffff:ffff:ffff:fffc::
a:b:c:d:e:f:g:h/63: ffff:ffff:ffff:fffe::
a:b:c:d:e:f:g:h/64: ffff:ffff:ffff:ffff::
a:b:c:d:e:f:g:h/128: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Routing-Tabelle

default via 172.22.16.4 dev eth0        default = 0.0.0.0/0
172.22.16.0/24 dev eth0

default via 172.22.16.2 dev eth0
unreachable 172.16.0.0/12
172.22.0.0/15 via 172.22.16.1
172.22.16.0/24 via 172.22.16.4
172.22.16.0/26 dev eth0

2001:8d8:81:5c8::/64 dev eth0 
fe80::/64 dev eth0  
ff00::/8 dev eth0  
default via fe80::2de:caff:fefb:ad03 dev eth0
2001:67c:21ec:bbbb::/64 via fe80::f00d:f00d dev dc99 
2001:67c:21ec:cccc::/64 via fe80::f00d:f00d dev dc99 
2001:67c:21ec:eeee::/64 via fe80::f00d:f00d dev dc99 
2001:67c:21ec::/48 via fe80::cafe:cafe dev dc24

sipcalc

IPv4

$ sipcalc 217.115.11.132/27
-[ipv4 : 217.115.11.132/27] - 0

[CIDR]
Host address		- 217.115.11.132
Host address (decimal)	- 3648195460
Host address (hex)	- D9730B84
Network address		- 217.115.11.128
Network mask		- 255.255.255.224
Network mask (bits)	- 27
Network mask (hex)	- FFFFFFE0
Broadcast address	- 217.115.11.159
Cisco wildcard		- 0.0.0.31
Addresses in network	- 32
Network range		- 217.115.11.128 - 217.115.11.159
Usable range		- 217.115.11.129 - 217.115.11.158

IPv6

$ sipcalc 2001:db8::c3d2:0:1/64
-[ipv6 : 2001:db8::c3d2:0:1/64] - 0

[IPV6 INFO]
Expanded Address	- 2001:0db8:0000:0000:0000:c3d2:0000:0001
Compressed address	- 2001:db8::c3d2:0:1
Subnet prefix (masked)	- 2001:db8:0:0:0:0:0:0/64
Address ID (masked)	- 0:0:0:0:0:c3d2:0:1/64
Prefix address		- ffff:ffff:ffff:ffff:0:0:0:0
Prefix length		- 64
Address type		- Aggregatable Global Unicast Addresses
Network range		- 2001:0db8:0000:0000:0000:0000:0000:0000 -
			  2001:0db8:0000:0000:ffff:ffff:ffff:ffff

Scopes (1/2)

IPv4 (RFC5735)

0.0.0.0/8: "This" network
10.0.0.0/8: Private use (RFC1918)
127.0.0.1/8: Loopback
169.254.0.0/16: Link-local (Zeroconf)
172.16.0.0/12: Private use (RFC1918)
192.0.0.0/24: Reserved
192.0.2.0/24: TEST-NET-1
192.88.99.0/24: 6to4 relay anycast
192.168.0.0/16: Private use (RFC1918)
198.18.0.0/15: SPECIAL-IPV4-BENCHMARK-TESTING-IANA-RESERVED
198.51.100.0/24: TEST-NET-2
203.0.113.0/24: TEST-NET-3
224.0.0.0/4: Multicast

IPv6 (RFC4291)

::1: Loopback
ff00::/8: Multicast
fe80::/8: Link-local
Alles andere: Global Unicast; Aktuelles Unicast Prefix: 2000::/3 (2000:: - 3fff:ffff:…)
fec0::/10, 0200::/7, ::/96, 5f00::/8, 3ffe::/16: Deprecated

Scopes (2/2)

General multicast address format
Bits	8	4	4	112
Field	prefix	flags	scope	group ID

Multicast address flags^[5]
Bit	Flag	0	1
0 (MSB)	(Reserved)	(Reserved)	(Reserved)
1	R (Rendezvous)^[6]	Rendezvous point not embedded	Rendezvous point embedded
2	P (Prefix)^[7]	Without prefix information	Address based on network prefix
3 (LSB)	T (Transient)^[8]	Well-known multicast address	Dynamically assigned multicast address

Multicast address scope
IPv6 address^{[note 1]}	IPv4 equivalent^[9]	Scope	Purpose
`ff00::/16-ff0f::/16`		Reserved
`ffx1::/16`	`127.0.0.0/8`	Interface-local	Packets with this destination address may not be sent over any network link, but must remain within the current node; this is the multicast equivalent of the unicast loopback address.
`ffx2::/16`	`224.0.0.0/24`	Link-local	Packets with this destination address may not be routed anywhere.
`ffx3::/16`	`239.255.0.0/16`	IPv4 local scope
`ffx4::/16`		Admin-local	The smallest scope that must be administratively configured.
`ffx5::/16`		Site-local	Restricted to the local physical network.
`ffx8::/16`	`239.192.0.0/14`	Organization-local	Restricted to networks used by the organization administering the local network. (For example, these addresses might be used over VPNs; when packets for this group are routed over the public internet (where these addresses are not valid), they would have to be encapsulated in some other protocol.)
`ffxe::/16`	`224.0.1.0-238.255.255.255`	Global scope	Eligible to be routed over the public internet.

Verkonfiguriert?

% ping6 ff02::1%eth0
PING ff02::1%eth0(ff02::1) 56 data bytes
64 bytes from fe80::219:dbff:fe64:81a7: icmp_seq=1 ttl=64 time=0.022 ms
64 bytes from fe80::2de:caff:fefb:ad07: icmp_seq=1 ttl=64 time=0.852 ms (DUP!)
64 bytes from fe80::21b:21ff:fe0e:5592: icmp_seq=1 ttl=64 time=0.978 ms (DUP!)
^C

% ssh fe80::21b:21ff:fe0e:5592%eth0
blaster:~$

iproute2 (1/3)

$ ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
       ip [ -force ] -batch filename
where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable |
                   tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm |
                   netns | l2tp }
       OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
                    -f[amily] { inet | inet6 | ipx | dnet | link } |
                    -l[oops] { maximum-addr-flush-attempts } |
                    -o[neline] | -t[imestamp] | -b[atch] [filename] |
                    -rc[vbuf] [size]}

$ ip a help
Usage: ip addr {add|change|replace} IFADDR dev STRING [ LIFETIME ]
                                                      [ CONFFLAG-LIST ]
       ip addr del IFADDR dev STRING
       ip addr {show|flush} [ dev STRING ] [ scope SCOPE-ID ]
                            [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ]
IFADDR := PREFIX | ADDR peer PREFIX
          [ broadcast ADDR ] [ anycast ADDR ]
          [ label STRING ] [ scope SCOPE-ID ]
SCOPE-ID := [ host | link | global | NUMBER ]
FLAG-LIST := [ FLAG-LIST ] FLAG
FLAG  := [ permanent | dynamic | secondary | primary |
           tentative | deprecated | dadfailed | temporary |
           CONFFLAG-LIST ]
CONFFLAG-LIST := [ CONFFLAG-LIST ] CONFFLAG
CONFFLAG  := [ home | nodad ]
LIFETIME := [ valid_lft LFT ] [ preferred_lft LFT ]
LFT := forever | SECONDS

iproute2 (2/3)

Adresse konfigurieren:

ip addr add fe80::fefe:fa7/64 dev wlan0

Adresse entfernen:

ip a d fe80::fefe:fa7/64 dev wlan0

iproute2 (3/3)

IPv4-Routingtabelle anzeigen:

ip route

IPv6-Routingtabelle anzeigen:

ip -6 route

Route setzen:

ip r a 2000::/3 dev wlan0 via fe80::2de:caff:fefb:ad03

Route löschen:

ip r d 2000::/3

IPv6 Crash Course

Warum IPv6?

IPv6 Packet Header

Adressen

IPv4

IPv6

Subnets & Subnet Masks

IPv4

IPv6

CIDR Notation

IPv4 (Netmask bits)

IPv6 (Prefix length)

Routing-Tabelle

sipcalc

IPv4

IPv6

Scopes (1/2)

IPv4 (RFC5735)

IPv6 (RFC4291)

Scopes (2/2)

Verkonfiguriert?

iproute2 (1/3)

iproute2 (2/3)

iproute2 (3/3)

Transition Mechanisms