Anybody who is familiar with networking knows that the sunset of IPv4 has long been delayed because of various technologies that were created for the main purpose of delaying it. The real question in the minds of many network administrators and engineers (and managers) has been, when is it time to fully transition over to IPv6? I want to address some of the issues surrounding this question, and offers the firm answer that the time is now.
IPv6: So what’s the big deal?
So what exactly is the big deal? Why are so many companies delaying their implementation of IPv6? The simple answer is that many companies have been using IPv4 for over 25 years and there are a number of things that come with this longevity, including experience and support. For example, in most companies it’s rather easy to find a number of available candidates who are familiar with IPv4 both externally and internally. Even though IPv6 has been around for a number of years, it can still be hard to find a large base of available IPv6 fluent administrators and engineers. As for support, many companies have a number of network aware applications that are used in operations; sometimes these applications don’t have an easy-to-implement IPv6 plan to make the transition smooth. Others simply don’t support IPv6 at all. These are major issues that can create a nightmare situation for companies, and the easiest short term solution is to simply avoid the problem altogether by staying with their tried and true IPv4 options.
It’s not so bad
The advantage that many network administrators and engineers have is that IPv6 has been out for a number of years. Because of this, tons of education solutions provide quick, in-depth knowledge of all potential IPv6 subject areas. A little bit of planning in IPv6 and its related technologies should provide the right amount of familiarity to overcome most of the experience issues that have existed in the past.
Support issues can be a complicating factor in the transition, and sometimes there is no real option to convert those specific applications. However, it is possible with some careful planning and configuration to perform translations between IPv6 hosts and IPv4 servers. Frankly, any software company that is still not considering IPv6 support for their products really needs to re-analyze their positions because many companies will choose to make the move, and with this move, for many, will come conversions to other IPv6 supporting software.
Why now?
So, is now really the time? Should your company really be considering such a potentially big change? The simple answer is that the decision in itself is inevitable; IPv6 is here, and IPv4 is going to need to be replaced. The better question is really why not now? The education is available for the supporting staff members, the experience exists in the marketplace if help is needed during implementation, and the technology as a whole has a number of years in operation, which proves its validity and stability. IPv6 translation and tunneling technologies can work as a bridge, but they can also be used as a crutch.
Take the time to research the options, and play with the freely available physical and virtual software that exists, so you can build up proof-of-concept implementations to convince management. If you are management, take the time to research the stability of IPv6, how it is coming, and really think about how being behind the implementation could impact your company.
Overall, IPv6 has proven to be a well thought out solution to address the exhaustion problem that has existed for the last 25 years, and on top of this, it has a number of additional design optimizations that provide better overall network performance and efficiency. Make 2013 (or 2014) the year that you take that step and implement IPv6 in the network.
IPv6 Essentials: What You Need to Know About the New Version
Under these circumstances, the answer is: “YES” we definitely need a new, evolved, IP version; one that is more flexible, scalable, and adaptable to the growth and changes of the Internet. This new version of IP is IPv6 and extensive details on this can be found in IETF RFCs 2460 through 2466.
So what can we expect from the new IP version? Here’s what IPv6 has to offer:
IPv6 Addresses: Form and Function
As CCNA candidates, a solid understanding of the IPv6 protocol and how to use it in addition to IPv4 is essential. In my previous article, we examined the history of IPv6 and answered the question of Why is IPv6 needed?
In this article, we will examine the structural differences between IPv4 and IPv6 and we’ll investigate the different types of IPv6 addresses and how they communicate.
IPv4 vs. IPv6: Structure Comparison
In my last IPv6 article, I mentioned that IPv4 addresses are 32 bits in length and IPv6 addresses are 128. The 32 bit structure of the address for IPv4 was designed to be represented as four separate octets, or sets of eight bits, separated by dots. The maximum range of values in each octet is seen to be 0-255.
IPv6 addresses contain eight different fields, instead of octets, and each field consists of 16 bits. Due to their larger size, IPv6 addresses are noted using hexadecimal characters, not decimal as seen with IPv4. I would strongly advise reviewing hexadecimal notation (0-15 = 0-F) before doing anything with IPv6 (and for your CCNA exam), just as you would have reviewed binary notation for IPv4.
Another important item to note about IPv6 addressing is the subnet mask identification. IPv4 could use the standard 255.x.x.x or the /xx CIDR of VLSM notation. IPv6 only uses the /xx notation for mask representation.
The example in Figure 1 illustrates some of the structural differences you would see between IPv4 and IPv6 address.
IPv6 addresses can also be compressed in size if certain conditions exist. If a field contains all zeroes, that field can be reduced to just one zero. In addition, if there are multiple fields adjacent to one another that have all zeroes, those fields can be displayed by on a “::” notation.
It definitely can get confusing if you have multiple fields missing from the address, but there is an important point to remember. The compression to the “::” notation can only happen once in an address. You would be allowed to have a “::” and a few single 0 fields, but anything else is invalid.
Figure 2 below shows two IPv6 addresses and the valid and invalid ways to compress them.
Continuing with our comparison on structure, let’s dig deeper and look at the full IP address headers of IPv4 and IPv6. To best understand the header configurations, you may want to look up the corresponding Request for Comments (RFCs) that are posted by the IETF for topics that they wish to become standardized.
RFC 791: Internet Protocol DARPA Internet Program Specification, defines the IPv4 header and description of the IP packet, while RFC 2460: Internet Protocol, Version 6(IPv6) Specification, describes the same for IPv6.
Some of the IETFs RFCs are lengthy, often contain high level research discussion points, and can read like very bad stereo instructions, but careful reading can unlock a lot of useful information.
The IP packet contains the IP header and a data payload. For IPv4, the IP header is a total of 20 bytes (160 bits), but this can be increased if the options field is used. The options field is variable in length and if a field does not equal an even 32 bits, padding is added to accommodate. A graphic of the IPv4 header is shown in Figure 3.
Figure 3: IPv4 Header (click on image to expand)
In contrast, IPv6 addresses utilize a fixed length of 40 octets (320 bits) and have been simplified in its format compared to the IPv4 version. The IPv4 options field has been replaced by extension headers, which were designed to provide more structure and easier processing for network devices.
IPv6 addresses can contain zero, one, or multiple extension headers depending on the services the IP packet will be supporting. As you can from the structure of the IPv6 header graphic in Figure 4, a Next Header field identifies any headers that follow and this field is present in all extension headers, thus providing a defined chain.
Figure 4: IPv6 Header (click on image to expand)
Types of IPv6 Addresses
Different types of IPv6 addresses are defined in RFC 2373: IP Version 6 Addressing Architecture. As we look at these address types, it is important to understand that unlike IPv4, IPv6 does not use Broadcasts in its communication and therefore, does not require network number and Broadcast addresses for each subnet.
Much of the functions like ARP (Address Resolution Protocol) and other subnet only protocols are accomplished with different mechanisms that utilize Multicast or Anycast instead of Broadcast.
Unlike IPv4, each host and router utilizing IPv6 will have multiple IPv6 addresses which are used for different functions. The address types seen with IPv6 are:
- Link-Local
- Global Unicast
- Loopback
- Multicast
- Anycast
Putting the IPv6 Address Together
We have talked about the representation of the IPv6 address compared to IPv6 and listed the different types of IPv6 addresses. Now let’s dig deeper into the formation of an IPv6 addresses.
To illustrate this topic, I will use the Link-Local and Global Unicast addresses as examples.
Link-Local addresses are used for communication between nodes on the same local link or subnet. Communication to the broader Internet requires the Global Unicast address. In IPv4 and IPv6, addresses can be subnetted down to very small groups, but the IETF has chosen that IPv6 addresses utilized in the broader Internet will use a 64 bit interface identifier or host id. This consumes the last half of the 128 bits of the IPv6 address.
This same interface identifier is utilized for both the Link-Local and Global Unicast addresses on a network interface. The interface identifier can be configured manually or automatically utilizing the EUI-64 address. This address is a combination of a 24 bit manufacturer id provided by the IEEE and a 40 bit value given to the product by the manufacturer.
Why consume so much of the address for host id you ask?
The IETF structured the first block of 48 bits of the IPv6 address to utilize a very hierarchical structure for routing in the Internet and this block is often referred to as an IPv6 Global Prefix. The minimum subnet that can be assigned from a Regional Internet Registry (RIR) is /48. This leaves 16 bits of the first block of 64 bits of an IPv6 addresses to be used by a site or ISP for subnetting.
Based on this format, the IETF believes that there will be enough addresses to support the world’s IP addressing needs for decades to come. An illustrated example of the structure of a Link-Local and a Global Uncast Address is shown in Figure 5.
What Did We Learn?
In this article, we investigated the differences between IPv4 and IPv6 addresses and reviewed the different ways to display an IPv6 address. In addition, we discuss some of the types of IPv6 addresses and what the format means.
As you can see, there is a bit more complexity to IPv6 than IPv4, but also a great deal more structure and flexibility.
In upcoming articles, I will explain some of the key features of IPv6 such as: stateless and stateful configuration, end-to-end encryption, and IP MTU discovery. I will also address how to implement this new protocol into your network and discuss what is needed for configuring IPv6 to use different routing protocols.
IPv6 has a lot of promise, but new protocols like this often require a great deal of change in a network to properly implement and significant change is often feared. As we look at all the necessary requirements for implementation of IPv6, we will find that some of the fears we might have can be easily alleviated.
Your Introduction to IPv6
I will try to make your life a little easier by introducing the idea of IPv6 to you. I will show you the IPv6 format, talk about compressions that you can use, and show you how to convert IP version 6 address into IPv4.
IPv6 Format
Let’s start with simple explanation of the new format. As you may know, the new-generation-IP talk started in the early 1990s when we were slowly running out of IP addresses. We had quite a few proposals for the new address format but in 1995 IPv6 was selected and the RFCs were officially entered into the RFC repository.
IPv6 was created based off of IPv4 with some of the useful IPv4 features carried over to IPv6. There were many changes to the new IP format, however, and I will list some of them here below.
- Expanded Addressing Capabilities: IPv6 address size increased from 32 bits to 128 bits. Because of the increased size the new address will support a higher number of nodes, more levels of addressing hierarchy, and a much simpler autoconfiguration of addresses for remote users. A new address type was created, called anycast.
- Header Format Simplification: To simplify the entire IP format, some of the IPv4 header fields were dropped or made optional in IPv6.
- Flow Labeling Capability: There is a new quality-of-service (QOS) capability that enables the labeling of packets belonging to particular traffic “flows” with special handling, such as real-time service.
- Authentication and Privacy Capabilities: There are new built-in extensions to support security options
Old – IPv4 address: 129.14.12.200
New – IPv6 address: 1029:9183:81E2:0000:0000:01D5:2115:019B
As you can see the new generation IP address is quite different from what we are used to. The IPv6 address is in a hexadecimal format. The only good thing in the IPv6 address format is that we can use compressions. There are rules, however, on how and when to use them.
Zero Compression
If you have consecutive fields of zeroes in the IPv6 address, you can express them with two colons.
It does not matter if you have two, three, four or eight fields of zeros, you can simply type two colons next to each other and that will represent all the consecutive zeros fields. These fields of zeros must follow each other.
A very important key to this rule is that you can only use that compression once in an IPv6 address. For example:
Original IPv6 format: 1234:1234:0000:0000:1234:0000:0000:1234
Using zero compression: 1234:1234::1234:0000:0000:1234
Notice how I used zero compression only ONCE in this example. Writing this address like this:
1234:1234::1234::1234
would make this address incorrect and every router would give you an error.
Leading Zero Compression
In a leading zero compression you can drop leading zeros in an address, in any field, as long as there is at least one number left. What that means is that if the address field is all zeros, you must leave at least one zero in that field. Here is an example:
Original IPv6 format: 1234:0000:1234:0000:1234:0000:0123:1234
Using leading zero compression: 1234:0:1234:0:1234:0:123:1234
You can also combine these compressions and use them together in an address:
Original IPv6 format: 1234:0000:0000:1234:0002:0033:0012:0123
With both compressions: 1234::1234:2:33:12:123
(zero and leading compression)
Zero Compression uses the double-colon to replace the second and third block of numbers, which were all zeroes. Leading zero compression replaces the “0s” at the beginning of each of the last four blocks. Just be careful and take time when using both zero compression and leading zero compression. They key is to remember that you can use zero compression only once in a single IPv6 address.
IPv6 to IPv4 conversion
- Lets start with an IPv6 address that can be converted to IPv4:IPv6 address: ::D190:4E71 – the double colon is zero compression
- Since the IPv6 is in a hexadecimal format we will start with the first number, which is D1 and convert that into decimal. In hexadecimal D=13 and 1=1, so we have:D1 – 13 units of 16 and 1 unit of 1 = 209
- The second number is: 90. Therefore we have:90 – 9 units of 16 and 0 units of 1 = 144
- Next number is: 4E.4E – 4 units of 16 and 14 units of 1 = 78
- And the last number: 71.71 – 7 units of 16 and 1 unit of 1 = 113
- IPv4 address after conversion is: 209.144.78.113
Migrating to IPv6 with Windows Server 2008
However, no one expects this to be a quick transition. IPv4 support will likely be necessary for years or decades to come.
Luckily, Windows Server 2008 comes equipped with standard features to help with the move to a new network protocol.
Allowing for interoperability between IPv4 and IPv6 networks is not a trivial process. Fortunately, the designers of IPv6 have already come up with most of the framework to handle the interplay.
At the top of the list is Intra-Site Automatic Tunnel Addressing Protocol or ISATAP (ah, more acronyms).
With ISATAP, when a network in your site that is running IPv6 needs to talk to a network running IPv4, a properly enabled router will encapsulate the IPv6 packets inside of IPv4 packets and in the reverse, add IPv6 headers to incoming IPv4 packets.
The best part is that there is nothing for the workstations or servers to do. For all they know, they are talking to the same kind of network.
What if your organization is all about IPv6, but they have to communicate over a non-IPv6 network like the Internet?
Another technology known as 6to4 automatically creates tunneling between the networks by temporarily packaging the IPv6 packets inside IPv4 packets and then returning them to their original state when they arrive at their destination.
What about an application that uses IPv6?
For that, Microsoft utilizes Teredo. In Windows Server 2003, Teredo wouldn’t work with domain member computers. Not any more. Now, Teredo is supported on domain member computers and domain controllers so there will be no seams in the IPv4 and IPv6 networks from an application standpoint.
What Do I Have to Do?
So far, there isn’t any work for the average systems administrator here. "Hey, what are we waiting for?"
Well, besides the network guys freaking out (this will be tougher on their end), there are a some Windows Server functions you’ll have to get right first.
One of them is DHCP. Right now, all of your DHCP servers are configured with IPv4 scopes and happily doling out those addresses to all comers. Windows Server 2008 supports DHCPv6 which is, of course, DHCP using IPv6 addresses.
Although a Server 2008 DHCP server can send out both kinds of addresses, there is still no way to “translate” how an IP address is assigned, so you’ll have to re-create your scopes to get the right IPv6 addresses out there to the right systems.
The tough part will be making sure that systems you want getting IPv6 addresses get IPv6 addresses and the others get the IPv4 addresses.
DNS is another tricky spot. IPv6 addresses will be AAAA (quad-A) records in your tables. Obviously, your IPv4 DNS servers won’t have any idea what those are.
Also, since there is no way the average non-photographic memory systems administrator will be able to memorize IPv6 addresses of more than a couple of severs (if any), name resolution is going to have to be more robust than ever.
To this end, all domain controllers will host DNS which will complicate your efforts to define who contacts which DNS process.
The good news is that configuring these services will be pretty much the same as it is now, only the input field will take IPv6 addresses instead of the four blanks separated by periods (and since IPv6 address can be abbreviated, there will be no more automatic cursor movement to the next field, so the backspace key will actually work if you fat finger part of the address instead of stubbornly refusing to move back to the previous dotted section).
For example, manually configuring an IP address takes place in the same way, on the same screen. You’ll put in the default address and default gateway in the same fields. The only difference is that you will be typing a lot more.
Benefits of IPv6
There is more in the move to IPv6 for you than just saving the Internet (a noble goal in and of itself).
The IPv6 standard allows for TCP to be offloaded down one level. So, your new network cards will handle TCP at the hardware level, and your old ones will still benefit from processing occurring in the miniport.
This means less work for your servers and more power for your users.
Another huge benefit is that you will finally be able to get rid of WINS!
A newer more robust service that works tightly with DNS called GlobalNames Zone will handle all the simple name (non-fully qualified) resolution for your network. In fact, this may be where you want to get started with your migration.
The biggest time saver will be the ability to make network configuration changes on the fly without a reboot.
IPv6′s stack allows for the ability to retain configuration settings so those late workdays where you have to stay just to make sure a reboot goes through are over (at least for IP configuration changes).
Thanks to the translation protocols provided at the router level and the fact that all Windows Server 2008 systems will have fully integrated IPv4 and IPv6 stacks means that the migration to IPv6 will be as painless as possible.
Of course, there is no way it will be pain free. Then again, if it was easy, everyone would do it, and you would get paid a lot less.
0 comments:
Post a Comment