Chapter 9. Internet Protocol Version 6 Design
This chapter covers the following subjects:
IPv6 Address Scope Types and Address Allocations
IPv4-to-IPv6 Transition Strategies and Deployments
This chapter reviews Internet Protocol Version 6 (IPv6) address structures, address assignments, representations, and mechanisms used to deploy IPv6. Expect plenty of questions about IPv6 on the exam. The CCDA candidate must understand how an IPv6 address is represented and the different types of IPv6 addresses. This chapter also covers the benefits of IPv6 over IPv4, compares the protocols, and examines migration to IPv6 options.
As IPv6 matures, different deployment models will be used to implement the new protocol with existing IPv4 networks. This chapter covers these models at a high level. This chapter does not discuss the configuration of IPv6 because it is not a requirement for CCDA certification.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you identify your strengths and deficiencies in this chapter’s topics.
The 13-question quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time.
Table 9-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?” quiz questions that correspond to those topics.
1. IPv6 uses how many more bits for addresses than IPv4?
a. 32
b. 64
c. 96
d. 128
2. What is the length of the IPv6 header?
a. 20 bytes
b. 30 bytes
c. 40 bytes
d. 128 bytes
3. What address type is the IPv6 address FE80::300:34BC:123F:1010?
a. Aggregatable global
b. Unique-local
c. Link-local
d. Multicast
4. What are three scope types of IPv6 addresses?
a. Unicast, multicast, broadcast
b. Unicast, anycast, broadcast
c. Unicast, multicast, endcast
d. Unicast, anycast, multicast
5. What is a compact representation of the address 3f00:0000:0000:a7fb:0000:0000:b100:0023?
a. 3f::a7fb::b100:0023
b. 3f00::a7fb:0000:0000:b100:23
c. 3f::a7fb::b1:23
d. 3f00:0000:0000:a7fb::b1:23
6. What is NAT-PT?
a. Network Address Translation–Port Translation. Translates RFC 1918 addresses to public IPv4 addresses.
b. Network Addressable Transparent–Port Translation. Translates network addresses to ports.
c. Network Address Translation–Protocol Translation. Translates between IPv4 and IPv6 addresses.
d. Next Address Translation–Port Translation.
7. What IPv6 address scope type replaces the IPv4 broadcast address?
a. Unicast
b. Multicast
c. Broadcast
d. Anycast
8. What is the IPv6 equivalent to 127.0.0.1?
a. 0:0:0:0:0:0:0:0
b. 0:0:0:0:0:0:0:1
c. 127:0:0:0:0:0:0:1
d. FF::1
9. Which of the following is an “IPv4-compatible” IPv6 address?
a. ::180.10.1.1
b. f000:0:0:0:0:0:180.10.1.1
c. 180.10.1.1::
d. 2010::180.10.1.1
10. Which protocol maps names to IPv6 addresses?
a. Address Resolution Protocol (ARP)
b. Network Discovery (ND)
c. Domain Name System (DNS)
d. DNSv2
11. Which of the following are IPv6 enhancements over IPv4?
a. Larger address space, globally private IP address, multicast
b. Larger address space, globally unique IP addresses, no broadcasts
c. Larger address space, globally private IP address, multicast
d. Larger address space, address auto-configuration, enhanced broadcasts
12. Which of the following supports routing on IPv6 networks?
a. RIPv3, OSPFv3, EIGRP for IPv6
b. RIPng, OSPFv3, EIGRPv6
c. RIPng, OSPFv3, EIGRP for IPv6
d. RIPv2, OSPFv2, EIGRP
13. What changed from IPv4 header to the IPv6?
a. Protocol Type became the Next Header field.
b. ND is used rather than ARP.
c. AAAA records are used rather than A records.
d. All of these answers are correct.
Foundation Topics
The following sections cover topics that you need to master for the CCDA exam. The section “IPv6 Header” covers each field of the IPv6 header, which helps you understand the protocol. The section “IPv6 Address Representation” covers the hexadecimal representation of IPv6 addresses and the compressed representation. The section “IPv6 Address Scope Types and Address Allocations” covers unicast, multicast, and anycast IPv6 addresses, special address types, and the current allocations of IPv6 addresses.
The section “IPv6 Mechanisms” covers Internet Control Message Protocol Version 6 (ICMPv6), ND, and address assignment and resolution, and it introduces IPv6 routing protocols. The section “IPv4-to-IPv6 Transition Mechanisms and Deployment Models” covers dual-stack backbones, IPv6 over IPv4 tunnels, dual-stack hosts, and Network Address Translation–Protocol Translation (NAT-PT).
Introduction to IPv6
You should become familiar at a high level with IPv6 specifications, addressing, and design. The driving motivation for the adoption of a new version of IP is the limitation imposed by the 32-bit address field in IPv4. In the 1990s, there was concern that the IP address space would be depleted soon. Although classless interdomain routing (CIDR) and NAT have slowed down the deployment of IPv6, its standards and deployments are becoming mature. IPv6 is playing a significant role in the deployment of IP services for wireless phones. Some countries such as Japan directed IPv6 compatibility back in 2005. Other countries, such as China, France, and Korea, have been implementing IPv6. The 2008 Summer Olympics was accessible from the IPv6 Internet. The U.S. federal government had mandated all agencies to support IPv6 by mid 2008. Operating systems such as Windows 10, Windows 7, Linux, Mac OS, and others all support IPv6. Google and Facebook are also accessible in the IPv6 Internet.
The IPv6 specification provides 128 bits for addressing, a significant increase from 32 bits. The overall specification of IPv6 is in RFC 2460. Other RFCs describing IPv6 specifications are 4921, 3513, 3587, 3879, 2373, 2374, 2461, 1886, and 1981.
IPv6 includes the following enhancements over IPv4:
Larger address space: IPv6 uses 128-bit addresses rather than the 32-bit addresses in IPv4. This supports more address hierarchy levels and uses simpler address autoconfiguration.
Globally unique IP addresses: The additional address space allows each node to have a unique address and eliminates the need for NAT.
Header format efficiency: The IPv6 header length is fixed, lowering header processing time and thus allowing vendors to improve packet switching efficiency.
Improved option mechanism: IPv6 options are placed in separate optional headers that are located between the IPv6 header and the transport layer header. The option headers are not required.
Address autoconfiguration: This capability provides for dynamic assignment of IPv6 addresses. IPv6 hosts can automatically configure themselves, with or without a Dynamic Host Configuration Protocol (DHCP) server. Stateful and stateless autoconfiguration is supported.
Flow labeling capability: Instead of the Type of Service field in IPv4, IPv6 enables the labeling of packets belonging to a particular traffic class for which the sender requests special handling, such as quality of service (QoS) and real-time service. This support aids specialized traffic, such as real-time voice or video.
Security capabilities: IPv6 includes features that support authentication and privacy. IP Security (IPsec) is a requirement.
Maximum transmission unit (MTU) path discovery: IPv6 eliminates the need to fragment packets by implementing MTU path discovery before sending packets to a destination.
Site multihoming: IPv6 allows multihoming by allowing hosts to have multiple IPv6 addresses and networks to have multiple IPv6 prefixes, which facilitates connection to multiple ISPs.
Support for mobility and multicast: Mobile IPv6 allows for IPv6 nodes to change its location on a network and maintain its existing connection. The Mobile node is always reachable via one permanent address.
Eliminate the use of broadcasts: IPv6 reduces unnecessary bandwidth by eliminating the use of broadcasts, replacing them with multicasts.
IPv6 Header
This section covers each field of the IPv6 header. The IPv6 header is simpler than the IPv4 header. Some IPv4 fields have been eliminated or changed to optional fields. The IPv6 header size is 40 bytes. The fragment offset fields and flags in IPv4 have been eliminated from the header. IPv6 adds a flow label field for QoS mechanisms to use.
The use of 128 bits for source and destination addresses provides a significant improvement over IPv4. With 128 bits, there are 3.4 * 1038 or 340 billion billion billion billion IPv6 addresses, compared to only 4.3 billion IPv4 addresses.
IPv6 improves over IPv4 by using a fixed-length header. The IPv6 header appears in Figure 9-1.
The following is a description of each field in the IP header:
Version: This field is 4 bits long. It indicates the format, based on the version number, of the IP header. These bits are set to 0110 for IPv6 packets.
Traffic Class: This field is 8 bits in length. It describes the class or priority of the IPv6 packet and provides functionality similar to the IPv4 Type of Service field.
Flow Label: This field is 20 bits in length. It indicates a specific sequence of packets between a source and destination that requires special handling, such as real-time data (voice and video).
Payload Length: This field is 16 bits in length. It indicates the payload’s size in bytes. Its length includes any extension headers.
Next Header: This field is 8 bits in length. It indicates the type of header that follows this IPv6 header. In other words, it identifies the upper-layer protocol. It uses values defined by the Internet Assigned Numbers Authority (IANA). Table 9-2 shows some key protocol numbers. You can find a full list at www.iana.org/assignments/protocol-numbers.
Hop Limit: This field is 8 bits in length. It is decremented by 1 by each router that forwards the packets. If this field is 0, the packet is discarded.
Source Address: This field is 128 bits in length. It indicates the sender’s IPv6 address.
Destination Address: This field is 128 bits in length. It indicates the destination host’s IPv6 address.
Notice that although the IPv6 address is four times the length of an IPv4 address, the IPv6 header is only twice the length (40 bytes). Optional network layer information is not included in the IPv6 header; instead, it is included in separate extended headers. Some extended headers are the routing header, fragment header, and hop-by-hop options header. The routing header is used for source routing. The fragment header is included in fragmented datagrams to provide information to allow the fragments to be reassembled. The hop-by-hop extension header is used to support jumbo-grams.
Two important extended headers are the Authentication Header (AH) and the Encapsulating Security Payload (ESP) header. These headers are covered later in the chapter.
IPv6 Address Representation
RFC 4291 (which obsoletes RFC 3513 and RFC 2373) specifies the IPv6 addressing architecture. IPv6 addresses are 128 bits in length. For display, the IPv6 addresses have eight 16-bit groups. Each 16-bit group is represented using hexadecimal numbers. (See Appendix C, “OSI Model, TCP/IP Architecture, and Numeric Conversion,” for a quick review on hexadecimal numbers.) The hexadecimal value is x:x:x:x:x:x:x:x, where each x represents four hexadecimal digits (16 bits).
An example of a full IPv6 address is 1111111000011010 0100001010111001 0000000000011011 0000000000000000 0000000000000000 0001001011010000 0000000001011011 0000011010110000.
The hexadecimal representation of the preceding IPv6 binary number is
FE1A:42B9:001B:0000:0000:12D0:005B:06B0
Groups with a value of 0 can be represented with a single 0. For example, you can also represent the preceding number as
FE1A:42B9:01B:0:0:12D0:05B:06B0
You can represent multiple groups of 16-bit 0s with ::, which is allowed to appear only once in the number. Also, you do not need to represent leading 0s in a 16-bit group. The preceding IPv6 address can be further shortened to
FE1A:42B9:1B::12D0:5B:6B0
Tip
Remember that the fully expanded address has eight blocks and that the double colon represents only 0s. You can use the double colon only once.
You expand a compressed address by reversing the process described earlier: add leading 0s in groups where they have been omitted, then add 0s represented by ::. For example, the IPv6 address 2001:4C::50:0:0:741 expands as follows:
2001:004C::0050:0000:0000:0741
Because there should be eight blocks of addresses and you have six, you can expand the double colon to two blocks as follows:
2001:004C:0000:0000:0050:0000:0000:0741
IPv4-Compatible IPv6 Addresses
IPv6 allows for IPv4-compatible IPv6 addresses. In a mixed IPv6/IPv4 environment, the IPv4 portion of the address requires the last two 16-bit blocks, or 32 bits of the address, which is represented in IPv4 dotted-decimal notation. The portion of the IPv6 address preceding the IPv4 information is all 0s. Six hexadecimal 16-bit blocks are concatenated with the dotted-decimal format. The first 96 bits are 0, and the last 32 bits are used for the IPv4 address. This form is x:x:x:x:x:x:d.d.d.d, where each x represents the hexadecimal digits and d.d.d.d is the dotted-decimal representation.
An example of a mixed full address is 0000:0000:0000:0000:0000:0000:100.1.1.1; this example can be shortened to 0:0:0:0:0:0:100.1.1.1 or ::100.1.1.1.
RFC 4921 mentions that IPv4-compatible IPv6 addresses have been deprecated since updated IPv6 transition mechanisms no longer use these addresses.
IPv6 Prefix Representation
IPv6 prefixes are represented similar to IPv4, with the following format:
IPv6-address/prefix
The IPv6-address portion is a valid IPv6 address. The prefix portion is the number of leftmost contiguous bits that represent the prefix. You use the double colon only once in the representation. An example of an IPv6 prefix is 200C:001b:1100:0:0:0:0:0/40 or 200C:1b:1100::/40.
For another example, look at the representations of the 60-bit prefix 2001000000000ab0:
2001:0000:0000:0ab0:0000:0000:0000:0000/60
2001:0000:0000:0ab0:0:0:0:0/60
2001:0000:0000:ab0::/60
2001:0:0:ab0::/60
The rules for address representation are still valid when using a prefix. The following is not a valid representation of the preceding prefix:
2001:0:0:ab0/60
The preceding representation is missing the trailing double colon:
2001::ab0/60
The preceding representation expands to 2001:0:0:0:0:0:0:0ab0, which is not the prefix 2001:0000:0000:0ab0::/60.
When representing an IPv6 host address with its subnet prefix, you combine the two. For example, the IPv6 address 2001:0000:0000:0ab0:001c:1bc0:08ba:1c9a in subnet prefix 2001:0000:0000:0ab0::/60 is represented as the following:
2001:0000:0000:0ab0:001c:1bc0:08ba:1c9a/60
IPv6 Address Scope Types and Address Allocations
This section covers the major types of IPv6 addresses. IPv4 addresses are unicast, multicast, or broadcast. IPv6 maintains each of these address functions, except that the IPv6 address types are defined a little differently. A special “all-nodes” IPv6 multicast address handles the broadcast function. IPv6 also introduces the anycast address type.
Also important to understand are the IPv6 address allocations. Sections of the IPv6 address space are reserved for particular functions, each of which is covered in this section. To provide you with a full understanding of address types, the following sections describe each one.
IPv6 Address Allocations
The leading bits of an IPv6 address can define the IPv6 address type or other reservations. These leading bits are of variable length and are called the format prefix (FP). Table 9-3 shows the allocation of address prefixes. The IPv6 address space was delegated to IANA. You can find current IPv6 allocations at www.iana.org/assignments/ipv6-address-space. Many prefixes are still unassigned.
An unspecified address is all 0s: 0:0:0:0:0:0:0:0. It signifies that an IPv6 address is not specified for the interface. Unspecified addresses are not forwarded by an IPv6 router.
The IPv6 loopback address is 0:0:0:0:0:0:0:1. This address is similar to the IPv4 loopback address of 127.0.0.1.
IPv6 Unicast Address
The IPv6 unicast (one-to-one) address is the logical identifier of a single-host interface. With a unicast address, a single source sends to a single destination. It is similar to IPv4 unicast addresses. Unicast addresses are divided into:
Global unicast address
Link-local address
Unique local address
Global Unicast Addresses
IPv6 global addresses connect to the public network. These unicast addresses are globally unique and routable. This address format is initially defined in RFC 2374. RFC 3587 provides updates to the format.
The original specification defined the address format with a three-layer hierarchy: public topology, site topology, and interface identifier. The public topology consisted of service providers that provided transit services and exchanges of routing information. It used a top-level aggregator (TLA) identifier and a next-level identifier (NLA). A site-level aggregator (SLA) was used for site topology. The site topology is local to the company or site and does not provide transit services. The TLA, NLA, and SLA identifiers are deprecated by RFC 3587. RFC 3587 simplifies these identifiers with a global routing prefix and subnet identifier for the network portion of the address.
Figure 9-2 shows the format of the standard IPv6 global unicast address. The global routing prefix is generally 48 bits in length, and the subnet ID is 16 bits. The interface ID is 64 bits in length and uniquely identifies the interface on the link.
The interface ID is obtained from the 48-bit MAC address of the host. The MAC is converted to the EUI-64 identifier format by inserting the FFFE hexadecimal value in between the 24-bit leftmost and rightmost values.
For example, with the following MAC address 01:00:0C:A4:BC:D0, the leftmost 24 bits are 01:00:0C and the rightmost bits are A4:BC:D0. By inserting FFFE, the IPv6 64-bit identifier becomes
01:00:0C:FF:FE:A4:BC:D0.
Link-Local Addresses
IPv6 link-local addresses are significant only to nodes on a single link. Routers do not forward packets with a link-local source or destination address beyond the local link. Link-local addresses are identified by leading FE8 hexadecimal numbers. Link-local addresses are configured automatically or manually.
As shown in Figure 9-3, the format of the link-local address is an FP of 1111111010, followed by 54 0s and a 64-bit interface identifier (ID). The interface ID is obtained from the device MAC address and verified automatically through communication with other nodes in the link. The interface ID is then concatenated with the link-local address prefix of FE80::/64 to obtain the interface link-local address.
Unique Local IPv6 Address
RFC 4193 defines the unique local address. Unique local addresses designed for use in local networks and are not routable in the Internet. It substitutes the deprecated site-local addresses. As shown in Figure 9-4, the format of the unique local address is an FP of 1111 110 (FC00::/7) followed by global ID, followed by the subnet ID and then the 64-bit interface identifier (ID). The bit labeled L is set to 1 if the prefix is locally assigned and setting it to 0 has not been defined.
Global Aggregatable IPv6 Address
Global aggregatable unicast addresses are a type of global unicast address that allows the aggregation of routing prefixes. This enables a reduction in the number of routes in the global routing table. These addresses are used in links to aggregate (summarize) routes upward to the core in large organizations or to ISPs. Global aggregatable addresses are identified by a fixed prefix of 2000:/3. As shown in Figure 9-5, the format of the global aggregatable IPv6 address is a global routing prefix starting with binary 001, followed by the subnet ID and then the 64-bit interface identifier (ID). The device MAC address is normally used as the interface ID.
IPv4-Compatible IPv6 Address
IPv4-compatible IPv6 addresses begin with 96 binary 0s (six 16-bit groups) followed by the 32-bit IPv4 address, as in 0:0:0:0:0:0:130.100.50.1, or just ::130.100.50.1. IPv4-compatible IPv6 addresses have been deprecated since updated transition mechanisms no longer require this format.
IPv6 Anycast Addresses
The IPv6 anycast (one-to-nearest) address identifies a set of devices. An anycast address is allocated from a set of unicast addresses. These destination devices should share common characteristics and are explicitly configured for anycast.
You can use the anycast address to identify a set of routers or servers within an area. When a packet is sent to the anycast address, it is delivered to the nearest device as determined by the routing protocol. An example of the use of anycast addresses is to assign an anycast address to a set of servers—one in North America and the other in Europe. Users in North America would be routed to the North American server, and those in Europe to the European server.
You cannot use an anycast address as a source address. Also, you must explicitly configure nodes to which the anycast address is assigned to recognize the anycast address.
IPv6 Multicast Addresses
The IPv6 multicast (one-to-many) address identifies a set of hosts. The packet is delivered to all the hosts identified by that address. This type is similar to IPv4 multicast (Class D) addresses. IPv6 multicast addresses also supersede the broadcast function of IPv4 broadcasts. You use an “all-nodes” multicast address instead. One additional function of IPv6 multicast is to provide the IPv4 broadcast equivalent with the all-nodes multicast group.
Some IPv6 multicast addresses are
FF01:0:0:0:0:0:0:1—Indicates all-nodes address for interface-local scope
FF02:0:0:0:0:0:0:2—All-routers address for link-local
RFC 4291 specifies the format of IPv6 multicast addresses. As shown in Figure 9-6, the fields of the IPv6 multicast address are the FP, a value of 0xFF, followed by a 4-bit flags field, a 4-bit scope field, and 112 bits for the group identifier (ID). Again, a quick way to recognize an IPv6 multicast address is that it begins with FF::/8.
The FLGS (flags) field consists of three leading 0s followed by a T bit: 000T. If T = 0, the address is a well-known multicast address assigned by the global IANA. If T = 1, the address is not a permanently assigned address.
The SCOP (scope) field limits the scope of the multicast group. Table 9-4 shows the assigned scope values.
The group ID identifies the multicast group within the given scope. The group ID is independent of the scope. A group ID of 0:0:0:0:0:0:1 identifies nodes, whereas a group ID of 0:0:0:0:0:0:2 identifies routers. Some well-known multicast addresses appear in Table 9-5 associated with a variety of scope values.
Table 9-6 summarizes the IPv6 address types.
The CCDA should know how to identify address types based from the prefix. Table 9-7 summarizes the prefixes and their respective address type.
IPv6 Mechanisms
The changes to the 128-bit address length and IPv6 header format modified the underlying protocols that support IP. This section covers ICMPv6, IPv6 ND, address resolution, address assignment, and IPv6 routing protocols. These protocols must now support 128-bit addresses. For example, DNS adds a new record locator for resolving fully qualified domain names (FQDNs) to IPv6 addresses. IPv6 also replaces ARP with the IPv6 ND protocol. IPv6 ND uses ICMPv6.
ICMPv6
ICMP needed some modifications to support IPv6. RFC 2463 describes the use of ICMPv6 for IPv6 networks. All IPv6 nodes must implement ICMPv6 to perform network layer functions. ICMPv6 performs diagnostics (ping), reports errors, and provides reachability information. Although IPv4 ICMP uses IP protocol 1, IPv6 uses a next header number of 58.
Informational messages are
Echo request
Echo reply
Some error messages are
Destination unreachable
Packet too big
Time exceeded
Parameter problem
The destination-unreachable messages also provide further details:
No route to destination
Destination administratively prohibited
Address unreachable
Port unreachable
Other IPv6 mechanisms use ICMPv6 to determine neighbor availability, path MTU, destination address, or port reachability.
IPv6 Neighbor Discovery Protocol
IPv6 does not implement the ARP that is used in IPv4. Instead, IPv6 implements the Neighbor Discovery (ND) protocol described in RFC 2461. Hosts use ND to implement plug-and-play functions that discover all other nodes in the same link, check for duplicate addresses, and find routers in the link. The protocol also searches for alternative routers if the primary fails.
The IPv6 ND protocol performs the following functions:
Stateless address autoconfiguration: The host can determine its full IPv6 address without the use of DHCP.
Duplicate address detection: The host can determine whether the address it will use is already in use on the network.
Prefix discovery: The host finds out the link’s IPv6 prefix.
Parameter discovery: The host finds out the link’s MTU and hop count.
Address resolution: The host can determine the MAC address of other nodes without the use of ARP.
Router discovery: The host finds local routers without the use of DHCP.
Next-hop determination: The host can determine a destination’s next hop.
Neighbor unreachability detection: The host can determine whether a neighbor is no longer reachable.
Redirect: The host can tell another host if a preferred next hop exists to reach a particular destination.
IPv6 ND uses ICMPv6 to implement some of its functions. These ICMPv6 messages are
Router Advertisement (RA): Sent by routers to advertise their presence and link-specific parameters
Router Solicitation (RS): Sent by hosts to request RA from local routers
Neighbor Solicitation (NS): Sent by hosts to request link layer addresses of other hosts (also used for duplicate address detection)
Neighbor Advertisement (NA): Sent by hosts in response to an NS
Redirect: Sent to a host to notify it of a better next hop to a destination
The link address resolution process uses NS messages to obtain a neighbor’s link layer address. Nodes respond with an NA message that contains the link layer address.
IPv6 Name Resolution
Name resolution for IPv6 addresses can be static or dynamic. Just as with IPv4, static names to IPv6 addresses can be manually configured in the host configuration file. Dynamic name resolution relies on the Domain Name System (DNS).
IPv4 uses A records to provide FQDN-name-to-IPv4-address resolution. DNS adds a resource record (RR) to support name-to-IPv6-address resolution. RFC 3596 describes the addition of a new DNS resource record type to support transition to IPv6 name resolution. The new record type is AAAA, commonly known as “quad-A.” Given a domain name, the AAAA record returns an IPv6 address to the requesting host.
RFC 2874 specifies another DNS record for IPv6; it defines the A6 resource record. The A6 record provides additional features and was intended as a replacement for the AAAA RR. But RFC 3363 has changed the status of the A6 RR to deprecated.
Current DNS implementations need to be able to support A (for IPv4) and AAAA resource records, with type A having the highest priority and AAAA the lowest.
For hosts that support dual-stack (IPv4 and IPv6), the application decides which stack to use and accordingly requests an AAAA or A record. As shown in Figure 9-7, the client device requests the AAAA record of the destination IPv6 server. The DNS server returns the IPv6 address. Note that this is the same DNS server that supports IPv4 addresses; no separate DNS servers are needed for IPv6 networks.
Path MTU Discovery
IPv6 does not allow packet fragmentation throughout the internetwork. Only sending hosts are allowed to fragment. Routers are not allowed to fragment packets. RFC 2460 specifies that the MTU of every link in an IPv6 must be 1280 bytes or greater. RFC 1981 recommends that nodes should implement IPv6 path MTU discovery to determine whether any paths are greater than 1280 bytes. ICMPv6 packet-too-big error messages determine the path MTU. Nodes along the path send the ICMPv6 packet-too-big message to the sending host if the packet is larger than the outgoing interface MTU.
Figure 9-8 shows a host sending a 2000-byte packet. Because the outgoing interface MTU is 1500 bytes, Router A sends an ICMPv6 packet-too-big error message back to Host A. The sending host then sends a 1500-byte packet. The outgoing interface MTU at Router B is 1300 bytes. Router B sends an ICMPv6 packet-too-big error message to Host A. Host A then sends the packet with 1300 bytes.
IPv6 Address-Assignment Strategies
Assignment of IPv6 addresses to a host can be statically or dynamically configured. Static IPv6 address assignment just involves manual configuration on the host’s configuration files. Dynamic IPv6 address assignment can be done via stateless or stateful methods. The stateless method may result in a link-local or globally unique address. The three methods to assign IPv6 addresses are:
Manual configuration
Stateless address autoconfiguration (SLAAC)
Stateful configuration with DHCPv6
Manual Configuration
As with IPv4, devices such as routers, switches, servers, and firewalls should be configured with their IPv6 addresses manually.
SLAAC of Link-Local Address
The dynamic configuration of link-local IPv6 addresses is a stateless autoconfiguration method, without DHCP. Hosts obtain their link-local addresses automatically as an interface is initialized. First, the host performs a duplicate address-detection process. The host joins the all-nodes multicast group to receive neighbor advertisements from other nodes. The neighbor advertisements include the subnet or prefix associated with the link. The host then sends a neighbor-solicitation message with the tentative IP address (interface identifier) as the target. If a host is already using the tentative IP address, that host replies with a neighbor advertisement. If the host receives no neighbor advertisement, the target IP address becomes the link-local address of the originating host. It uses the link-local prefix FE80::/10 (binary: 1111 1110 10). An alternate is to manually configure the link-local address.
SLAAC of Globally Unique IPv6 Address
RFC 4862 describes IPv6 stateless address autoconfiguration. With autoconfiguration of globally unique IP addresses, IPv6 hosts can use SLAAC, without DHCP, to acquire their own IP address information. This is done on a per-interface basis. As shown in Figure 9-9, after a host has autoconfigured a link-local address, it listens for router advertisement (RA) messages. These router messages contain the prefix address to be used for the network. The IPv6 address is then formed from the prefix plus the interface ID (derives from the MAC address).
The process takes the following steps to create the globally unique IPv6 address:
1. Router advertisements (RA) are sent by Router 1.
2. The client learns the prefix from the RA. In the case of Figure 9-9, the prefix is 2001:abcd:1234/64.
3. The client identifier is created by splitting the local MAC address and adding FF:FE in the middle. Hence, in our example, the MAC 0200:FE23:5A6B becomes 0200:FEFF:FE23:5A6B.
4. The seventh bit is flipped (binary 00000010 becomes binary 0000000); thus, the identifier becomes 0000:FEFF:FE23:5A6B.
5. The merging of the prefix and identifier becomes 2001:abcd:1234:0000:0000: FEFF:FE23:5A6B.
6. The address is shortened to 2001:abcd:1234:: FEFF:FE23:5A6B.
Table 9-8 summarizes IPv6 address schemes.
DHCPv6
DHCPv6 is the updated version of DHCP that provides dynamic IP address assignment for IPv6 hosts. DHCPv6 is described in RFC 3315. It provides the same functions as DHCP, with more control than stateless autoconfiguration, and it supports renumbering without routers. DHCPv6 assignment is stateful, whereas IPv6 link-local and global unique autoconfiguration is not.
DHCPv6 Lite
SLAAC is simpler than DHCPv6, although it offers less control and fewer capabilities. For example, SLAAC is not able to send DNS parameters. To overcome this limitation, there is another (special case) option for clients to receive both their IPv6 address and other information via stateless method. This is accomplished using SLAAC initially and then using stateless DHCPv6 service, also known as DHCPv6 Lite. With DHCPv6 Lite DNS server, domain name, SIP server, and other information can be sent to the client. With DHCPv6 Lite, the client performs the SLAAC to obtain its IPv6 address and then sends a DHCP information request to the router. The router then responds with a reply message in the requested information.
IPv6 Security
IPv6 has two integrated mechanisms to provide security for communications. It natively supports IP Security (IPsec). IPsec is mandated at the operating system level for all IPsec hosts. RFC 2401 describes IPsec. Extension headers carry the IPsec AH and ESP headers. The AH provides authentication and integrity. The ESP header provides confidentiality by encrypting the payload. For IPv6, the AH defaults to message digest algorithm 5 (MD5), and the ESP encryption defaults to Data Encryption Standard–cipher block chaining (DES-CBC).
A description of the IPsec mechanisms appears in Chapter 13, “Security Solutions.” More information also appears in RFC 2402: IP Authentication Header, and in RFC 2406: IP Encapsulating Security Payload (ESP).
Table 9-9 summarizes IPv6 mechanisms.
IPv6 Routing Protocols
New routing protocols have been developed to support IPv6, such as RIPng, Intermediate System-to-Intermediate System (IS-IS), Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6, and Open Shortest Path First Version 3 (OSPFv3) Protocol. Border Gateway Protocol (BGP) also includes changes that support IPv6. These routing protocols are only briefly mentioned here because they are covered in detail in Chapter 10, “Routing Protocol Characteristics, RIP, EIGRP, and IS-IS,” and Chapter 11, “OSPF, BGP, Route Manipulation, and IP Multicast.”
RIPng
RFC 2080 describes changes to RIP to support IPv6 networks, called RIP next generation (RIPng). RIP mechanisms remain the same. RIPng still has a 15-hop limit, counting to infinity, and split horizon with poison reverse. Instead of User Datagram Protocol (UDP) port 520 for RIPv2, RIPng uses UDP port 521. RIPng supports IPv6 addresses and prefixes. Cisco IOS software currently supports RIPng. RIPng uses multicast group FF02::9 for RIP updates to all RIP routers.
EIGRP for IPv6
Cisco has developed EIGRP support for IPv6 networks to route IPv6 prefixes. EIGRP for IPv6 is configured and managed separately from EIGRP for IPv4; no network statements are used. EIGRP for IPv6 retains all the characteristics (network discovery, DUAL, modules) and functions of EIGRP for IPv4. EIGRP uses multicast group FF02::A for EIGRP updates.
OSPFv3
RFC 5340 describes OSPFv3 to support IPv6 networks. OSPF algorithms and mechanisms (flooding, designated router [DR] election, areas, and shortest path first [SPF] calculations) remain the same. Changes are made for OSPF to support IPv6 addresses, address hierarchy, and IPv6 for transport. Cisco IOS software currently supports OSPFv3.
OSPFv3 uses multicast group FF02::5 for all OSPF routers and FF02::6 for all DRs.
IS-IS for IPv6
Specifications for routing IPv6 with integrated IS-IS is described in RFC 5308: Routing IPv6 with IS-IS. The draft specifies new type, length, and value (TLV) objects, reachability TLVs, and an interface address TLV to forward IPv6 information in the network. IOS supports IS-IS for IPv6 as currently described in the draft standard.
BGP4 Multiprotocol Extensions (MP-BGP) for IPv6
RFC 2545 specifies the use of BGP attributes for passing on IPv6 route information. MP-BGP is also referred as BGP4+. The MP_REACH_NLRI (multiprotocol-reachable) attribute describes reachable destinations. It includes the next-hop address and a list of Network Layer Reachability Information (NLRI) prefixes of reachable networks. The MP_UNREACH_NLRI (multiprotocol-unreachable) attribute conveys unreachable networks. IOS currently supports these BGP4 multiprotocol attributes to communicate reachability information for IPv6 networks.
IPv6 Addressing Design
This section covers IPv6 design topics that the CCDA should be aware of: planning for IPv6 addressing, IPv6 route summarization, IPv6 address allocation, and IPv6 private addressing. Some IPv6 design concepts are similar to IPv4 (such as the goal to do summarization), and some concepts are unique to IPv6. As with IPv4, each company will have a unique set of requirements that will drive the allocation and subnetting of the IPv6 address space.
Planning for Addressing with IPv6
When designing LAN subnets with IPv6, it is recommended that you use a /64 subnet. This is similar to the /24 subnet in IPv4. It provides more than enough addresses for devices contained in the subnet, allows for future growth, and avoids having to do renumbering in the future. It also allows ease of aggregation of subnets.
If you are allocated IPv6 addresses from an Internet service provider (ISP), you most likely will have to renumber your IPv6 addresses if you move to a different ISP. The best way to avoid this is to obtain an IPv6 address block from a Regional Internet Registry (RIR). This way, your IPv6 addresses are independent of which ISP you use. The five RIRs are
AFRINIC: Africa region
APNIC: Asia Pacific region
ARIN: Canada, U.S., and some Caribbean Islands region
LACNIC: Latin America and some Caribbean Islands region
RIPE NCC: Europe, Middle East, and Central Asia region
Route Summarization with IPv6
As a designer, you will want to allocate IPv6 address space to allow for route summarization. Large networks can grow quickly from 500 routes to 1000, and higher. Route summarization reduces the amount of route traffic on the network and unnecessary route computation, regardless of IPv4 or IPv6 addressing. Route summarization allows the network address space to scale as the company grows.
As an example, say a company has assigned the following IPv6 subnets to a site:
2001:db8:2a3e:8180::/64 for data networks
2001:db8:2a3e:8184::/64 for VoIP networks
2001:db8:2a3e:8188:/64 for wireless networks
2001:db8:2a3e:818F::/64 for small server farm and other systems
Instead of announcing each and every subnet of this network to the WAN, the recommendation is to summarize the site with a 2001:db8:2a3e:8180::/60 route. This summary encompasses 16 subnets from 2001:db8:2a3e:8180::/64 to 2001:db8:2a3e:818F::/64, so this address block would be assigned to this site.
IPv6 Private Addressing
IPv6 private addressing should be very limited as compared to its use in IPv4. IPv6 private IP addresses are referred to unique local addresses (ULAs) and use the prefix FC00::/7. Regardless of small or large companies, you should not expect to use ULAs in IPv6 networks. Furthermore, the Internet Engineering Task Force (IETF) does not recommend the use of NAT for IPv6. In the remote event that ULAs are needed, you will also use NAT66 for the IPv6-to-IPv6 private-to-public translation.
IPv6 for the Enterprise
IPv6 addresses are assigned in a hierarchical manner. The IANA allocates IPv6 addresses to the RIRs. The RIRs, in turn, allocate address blocks to local Internet registries (LIRs), and most LIRs are ISPs. In some regions (for example APNIC), RIRs allocate addresses to national Internet registries (NIRs), which in turn allocate addresses to ISPs. Normally, ISPs are allocated /32 blocks of addresses. Companies are allocated an address block from /40 to /64. Large companies are allocated a /40 block of IPv6 addresses. Small companies might receive a /56 block, but a normal allocation is a /48 block of IPv6 addresses. Private consumers, such as residential user, are allocated a /64 address block.
A /48 address block is equal to two to the power of sixteen (216) /64 subnets. As an example, if a company is allocated 2001:DB8:0ABC::/48, this allows it to assign subnets from 2001:DB8:0ABC:0000::/64, 2001:DB8:0ABC:0001::/64, 2001:DB8:0ABC:0002::/64, all the way to 2001:DB8:0ABC:FFFF::/64. That is 216 = 65,536 subnets!
IPv6 Address Allocation
There are several schemas to allocate IPv6 addresses within an organization. Because IPv6 addresses are usually allocated to a network that already has IPv4 addresses, you can attempt to use the IPv4 address or subnet as part of the IPv6 address. You can also allocate IPv6 address space to show a location and type.
Partly Linked IPv4 Address into IPv6
IPv6 deployments are not expected to be greenfield; there will be IPv4 subnets on the network. One method to allocate IPv6 addresses is to match the IPv6 /64 bit subnet with the IPv4 /24 bit subnet. In addition, the IP subnet can match the VLAN number used. Table 9-10 shows an example. The third octet of the IPv4 subnet is used as the subnet for the IPv6 /64 subnet; furthermore, it matches the VLAN number. Do note that this works very well with IPv4 /24 subnets, but will not work optimally with /30 and other smaller links.
Whole IPv4 Address Linked into IPv6
Another method is to link the whole IPv4 address into the lowest significant bits of the IPv6 address. Table 9-11 shows an example using the same subnets. Converting the numbers, 172 decimal is 0xAC and 16 is 0x10. The drawback with this schema is that it is not obvious that the IPv6 and IPv4 subnets are linked. At first sight, can you tell that 0xAC10 is 172.16?
IPv6 Addresses Allocated Per Location and/or Type
Another schema for allocating IPv6 addresses is to use assign bits to identify a location and/or other bits to identify a site type. Location refers to data center, core, edge, and branch. Type refers to the use of the subnet, such as server, end client, router, switch, and so on. As shown in Figure 9-10, 4 bits can be used for Location codes and 4 additional bits used for Type codes. The remaining bits of the /64 subnet can be used within the sites for specific VLANs.
IPv4-to-IPv6 Transition Mechanisms and Deployment Models
This section describes transition mechanisms and deployment models to migrate from IPv4 to IPv6. During a transition time, both protocols can coexist in the network. The three major transition mechanisms are
Dual-stack: IPv4 and IPv6 coexist in hosts and networks.
Tunneling: IPv6 packets are encapsulated into IPv4 packets.
Translation: IPv6 packets are translated to IPv4 packets.
IPv6 deployment models are also divided into three major categories:
Dual-stack model: IPv4 and IPv6 coexist on hosts and the network.
Hybrid model: Combination of Intra-Site Automatic Tunneling Addressing Protocol (ISATAP) or manually configured tunnels and dual-stack mechanisms.
Service block model: Combination of ISATAP and manually configured tunnels and dual-stack mechanisms.
Each model provides several advantages and disadvantages; familiarize yourself with those. Of all these models, the dual-stack model is recommended because it requires no tunneling and is easier to manage.
Dual-Stack Mechanism
Devices running dual-stack can communicate with both IPv4 and IPv6 devices. The IPv4 protocol stack is used between IPv4 hosts, and the IPv6 protocol stack is used between IPv6 hosts. The application decides which stack to use to communicate with destination hosts. As shown in Figure 9-11, when a frame is received, the Ethernet type code identifies whether the packet needs to be forwarded to IPv4 (0x0800) or IPv6 (ox86DD). When using dual stacks, a host also uses DNS to determine which stack to use to reach a destination. If DNS returns an IPv6 (AAAA record) address to the host, the host uses the IPv6 stack. If DNS returns an IPv4 (A record) address to the host, the host uses the IPv4 stack.
IPv6 over IPv4 Tunnels
In this deployment model, pockets of IPv6-only networks are connected using IPv4 tunnels. With tunneling, IPv6 traffic is encapsulated within IPv4 packets so that they are sent over the IPv4 WAN. The advantage of this method is that you do not need separate circuits to connect the IPv6 networks. A disadvantage of this method is the increased protocol overhead of the encapsulated IPv6 headers. Tunnels are created manually, semiautomatically, or automatically.
Manually configured (static configuration) tunnels are configured with IPv4 and IPv6 addresses for tunnel source and destination. Tunnels can be built between border routers or between routers and hosts.
In semiautomatic configured tunnels, a tunnel broker is used. The tunnel broker is a server on the IPv4 network that receives requests from dual-stack clients and builds a tunnel on the tunnel router and associates it with the client.
Automatic tunnel mechanisms are
IPv4 compatible
6to4
6over4
ISATAP
IPv4-compatible tunnels use IPv4-compatible addresses. This mechanism does not scale, and IP-compatible addresses have been deprecated, so this mechanism is appropriate only for testing.
RFC 3056 specifies the 6to4 method for transition by assigning an interim unique IPv6 prefix. 2002::/16 is the assigned range for 6to4. Each 6to4 site uses a /48 prefix that is concatenated with 2002. The border router extracts the IPv4 address that is embedded in the IPv6 destination address and encapsulates the IPv6 packet in an IPv4 packet with the extracted destination IPv4 address. The destination router extracts the IPv6 packet and forwards it to the IPv6 destination.
Figure 9-12 shows a network using IPv4 tunnels. Site A and Site B both have IPv4 and IPv6 networks. The IPv6 networks are connected using an IPv4 tunnel in the WAN.
6over4 is another tunnel method that requires an IPv4 multicast-enabled network. IPv6 multicast packets get encapsulated into IPv4 multicast packets to communicate with other 6over4 hosts. 6over4 is of limited practical use.
Another method to tunnel IPv6 over IPv4 is the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). With ISATAP, a tunnel is created between dual-stack hosts or routers to transmit IPv6 packets over an IPv4 network. Unlike the 6over4 mechanism, ISATAP does not require IPv4 to be multicast enabled.
With ISATAP, the link-local address is generated by concatenating FE80:0000:0000:0000: 0000:5EFE: with the IPv4 address expressed in hexadecimal. For example, with IPv4 192.168.10.10, the link-local address is FE80:0000:0000:0000:0000:5EFE:C0A8:0A0A. ISATAP also requires the use of a routable address (for example, a global unicast IPv6 address that uses the same 0000:5EFE IANA reserved value for the interface ID along with the 32-bit IPv4 embedded address).
Protocol Translation Mechanisms
One of the mechanisms for an IPv6-only host to communicate with an IPv4-only host without using dual stacks is protocol translation. Translation is basically an extension to IPv4 NAT techniques. Some techniques are
Application layer gateways (ALG): These use dual stacks and allow one host on the IPv4 domain to communicate with the host on the IPv6 domain.
Application programming interfaces (API): An API module intercepts IP traffic through an API and converts it for the IPv6 counterpart.
Translation techniques: Include NAT-PT and Dual-Stack Transition Mechanism (DSTM).
DSTM proposes the use of a dual stack that uses IPv4 addresses only when needed and the use of IPv4-over-IPv6 tunneling to reach a destination IPv4 address. It is used when there is an IPv6-only backbone but an application needs to reach an IPv4 address.
RFC 2766 describes NAT-PT, which provides translation between IPv6 and IPv4 hosts. NAT-PT operates similarly to the NAT mechanisms to translate IPv4 private addresses to public address space. NAT-PT binds addresses in the IPv6 network to addresses in the IPv4 network, and vice versa. Figure 9-13 shows a network using NAT-PT. RFC 4699 is a recent Informational RFC that recommends that NAT-PT be placed into historical status and recommends against its use (although the protocol is still supported in IOS).
Cisco also introduces the Cisco 6PE for Multiprotocol Label Switching (MPLS) service providers. Cisco 6PE allows IPv6 islands to communicate over an MPLS/IPv4 core network using MPLS label-switched paths (LSP). The Cisco 6PE routers are dual stack. The method relies on BGP extensions in the IPv4 6PE routers to exchange IPv6 reachability information, along with an MPLS label for each IPv6 address prefix announced.
IPv6 Deployment Models
Deployment of IPv6 can be done in one of the following models:
Dual-stack model: IPv4 and IPv6 coexist on hosts and the network.
Hybrid model: Combination of ISATAP or manually configured tunnels and dual-stack mechanisms.
Service block model: Combination of ISATAP and manually configured tunnels and dual-stack mechanisms.
Dual-Stack Model
In the dual-stack model, both devices and the network routers and switches all run both IPv4 and IPv6 protocol stacks. The applications on the devices decide which stack to use to communicate with destination hosts. Alternatively, DNS is used to decide which stack to use. A DNS AAAA RR return uses IPv6, and a DNS A RR return uses IPv4. Because most mature operating systems now support IPv6, this is the preferred technique for transition to IPv6. Figure 9-14 shows a dual-stack network where both protocols reside. Older IPv4 sites that have not migrated to the dual-stack model can communicate throughout the network with other IPv4 devices.
Hybrid Model
The hybrid model uses a combination of transition mechanisms. The transition mechanisms used are based on multiple network criteria such as number of hosts, IPv6-capable hardware, and location of IPv6 services. The hybrid model uses a combination of transition mechanisms:
Dual-stack mechanism
ISATAP
Manually configured tunnels
The hybrid model can be used to tunnel a dual-stack host on an IPv4 access layer to an IPv6 core. As shown in Figure 9-15, the dual-stack computer establishes an ISATAP tunnel to the core layer to access services from the dual-stack server on the right.
Another scenario is to tunnel dual-stack distribution layers over an IPv4-only core. As shown in Figure 9-16, the dual-stack computer on the left can access the dual-stack server on the right via the manually configured tunnels. Multiple tunnels are configured to provide redundancy and load balancing.
Service Block Model
In the service block model, a centralized layer that services dual-stack devices is created with tunnels manually configured between the distribution layer and the service block. Dual-stack hosts also connect via ISATAP tunnels. In Figure 9-17, the dual-stack client on the left connects to the service block to establish connectivity with the dual-stack server on the right.
IPv6 Deployment Model Comparison
Table 9-12 summarizes the advantages and disadvantages of the IPv6 deployment models.
Table 9-13 provides a simple description of the deployment model and matches it with its name. Study this table for the test.
IPv6 Comparison with IPv4
This section provides a summary comparison of IPv6 to IPv4. Become knowledgeable about the characteristics summarized in Table 9-14. The use of 128 bits over 32 bits is an obvious change. The upper-layer protocol is identified with the Next Header field in IPv6, which was the Protocol Type field used in IPv4. ARP is replaced by IPv6 ND.
References and Recommended Readings
RFC 3056: Connection of IPv6 Domains via IPv4 Clouds, www.ietf.org/rfc.
RFC 2740: OSPF for IPv6, www.ietf.org/rfc.
RFC 2463: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification, www.ietf.org/rfc.
RFC 2874: DNS Extensions to Support IPv6 Address Aggregation and Renumbering, www.ietf.org/rfc.
RFC 2460: Internet Protocol, Version 6 (IPv6) Specification, www.ietf.org/rfc.
Doyle, J. and J. Carroll. Routing TCP/IP, Volume I, Second Edition. Indianapolis: Cisco Press, 2005.
Doyle, J. and J. Carroll. Routing TCP/IP, Volume II. Indianapolis: Cisco Press, 2001.
RFC 3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), www.ietf.org/rfc.
RFC 2373: IP Version 6 Addressing Architecture, www.ietf.org/rfc.
RFC 3513: Internet Protocol Version 6 (IPv6) Addressing Architecture, www.ietf.org/rfc.
RFC 3587: IPv6 Global Unicast Address Format, www.ietf.org/rfc.
RFC 2374: An IPv6 Aggregatable Global Unicast Address Format, www.ietf.org/rfc.
Hopps, C. Routing IPv6 for IS-IS (draft), www.simpleweb.org/ietf/internetdrafts/complete/draft-ietf-isis-ipv6-03.txt.
RFC 3879: Deprecating Site Local Addresses, www.ietf.org/rfc.
Implementing IPv6 Networks Training, www.cisco.com/application/pdf/en/us/guest/tech/tk373/c1482/ccmigration_09186a008019d70b.pdf.
RFC 2401: Security Architecture for the Internet Protocol, www.ietf.org/rfc.
RFC 2402:, IP Authentication Header, www.ietf.org/rfc.
RFC 2406: IP Encapsulating Security Payload (ESP), www.ietf.org/rfc.
RFC 2080: RIPng for IPv6, www.ietf.org/rfc.
RFC 2545: Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing, www.ietf.org/rfc.
RFC 1981: Path MTU Discovery for IP version 6, www.ietf.org/rfc.
RFC 2461: Neighbor Discovery for IP Version 6 (IPv6), www.ietf.org/rfc.
RFC 1886: DNS Extensions to Support IP Version 6, www.ietf.org/rfc.
RFC 2766: Network Address Translation–Protocol Translation (NAT-PT), www.ietf.org/rfc.
RFC 4291: IP Version 6 Addressing Architecture, www.ietf.org/rfc.
www.cisco.com/web/strategy/docs/gov/IPv6FedGov_wp.pdf.
RFC 3587: IPv6 Global Unicast Address Format, www.ietf.org/rfc.
RFC 363: Representing Internet Protocol Version 6 (IPv6) Addresses in the Domain Name System (DNS), www.ietf.org/rfc.
Cisco IOS IPv6 Provider Edge Router (6PE) over MPLS, www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_data_sheet09186a008052edd3.html.
RFC 5214: Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), www.ietf.org/rfc.
IPv6 Extension Headers Review and Considerations, www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html.
IPv6 Documentation Prefix – FAQs, https://www.apnic.net/services/services-apnic-provides/helpdesk/faqs/ipv6-documentation-prefix---faqs.
RFC 3849: IPv6 Address Prefix Reserved for Documentation, www.ietf.org/rfc.
RFC 4291: IP Version 6 Addressing Architecture, www.ietf.org/rfc.
RFC 5952: A Recommendation for IPv6 Address Text Representation, www.ietf.org/rfc.
RFC 6052: IPv6 Addressing of IPv4/IPv6 Translators, www.ietf.org/rfc.
RFC 7136: Significance of IPv6 Interface Identifiers, www.ietf.org/rfc.
RFC 7346: IPv6 Multicast Address Scopes, www.ietf.org/rfc.
RFC 7371: Updates to the IPv6 Multicast Addressing Architecture, www.ietf.org/rfc.
RFC 5340: OSFP for IPv6, www.ietf.org/rfc.
RFC 6845: OSFP Hybrid Broadcast and Point-to-Multipoint Interface Type, www.ietf.org/rfc.
RFC 6860: Hiding Transit-Only Networks in OSPF, www.ietf.org/rfc.
RFC 7503: OSPFv3 Autoconfiguration, www.ietf.org/rfc.
RFC 5308: Routing IPv6 with IS-IS, www.ietf.org/rfc.
Understanding IPv6 Link Local Address, http://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/113328-ipv6-lla.html.
RFC 4862: IPv6 Stateless Address Autoconfiguration, www.ietf.org/rfc.
RFC 7527: Enhanced Duplicate Address Detection, www.ietf.org/rfc.
RFC 3014: Privacy Extensions for Stateless Address Autoconfiguration in IPv6, www.ietf.org/rfc.
RFC 3736: Stateless Dynamic Host Configuration Protocol (DHCP) for IPv6, www.ietf.org/rfc.
ARIN Info Center, https://www.arin.net/knowledge/ipv6_info_center.html.
RFC 6296: IPv6-to-IPv6 Network Prefix Translation, www.ietf.org/rfc.
http://www.ipv6forum.com/dl/presentations/IPv6-addressing-plan-howto.pdf
Exam Preparation Tasks
Review All Key Topics
Review the most important topics in the chapter, noted with the Key Topic icon in the outer margin of the page. Table 9-15 lists a reference of these key topics and the page numbers on which each is found.
Complete Tables and Lists from Memory
Print a copy of Appendix D, “Memory Tables,” (found on the book website), or at least the section for this chapter, and complete the tables and lists from memory. Appendix E, “Memory Tables Answer Key,” also on the website, includes completed tables and lists to check your work.
Define Key Terms
Define the following key terms from this chapter, and check your answers in the glossary:
AGI
Q&A
The answers to these questions appear in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Questions.” For more practice with exam format questions, use the exam engine on the CD.
1. True or false: OSPFv2 supports IPv6.
2. True or false: DNS AAAA records are used in IPv6 networks for name-to-IPv6-address resolution.
3. Fill in the blank: IPv6 ND is similar to what _______ does for IPv4 networks.
4. How many bits are there between the colons of IPv6 addresses?
5. The first field of the IPv6 header is 4 bits in length. What binary number is it always set to?
6. True or false: DHCP is required for dynamic allocation of IPv6 addresses.
7. IPv6 multicast addresses begin with what hexadecimal numbers?
8. IPv6 link-local addresses begin with what hexadecimal prefix?
9. True or false: ISATAP allows tunneling of IPv6 through IPv4 networks.
10. List the eight fields of the IPv6 header.
11. Which of the following is not an IPv6 address type?
a. Unicast
b. Broadcast
c. Anycast
d. Multicast
12. True or false: The IPv6 address 2001:0:0:1234:0:0:0:abcd can be represented as 2001::1234:0:0:0:abcd and 2001:0:0:1234::abcd.
13. What is the subnet prefix of 2001:1:0:ab0:34:ab1:0:1/64?
14. The IPv6 address has 128 bits. How many hexadecimal numbers does an IPv6 address have?
15. What type of IPv6 address is the following?
FF01:0:0:0:0:0:0:2
16. What is the compact format of the address 2102:0010:0000:0000:0000:fc23:0100:00ab?
a. 2102:10::fc23:01:ab
b. 2102:001::fc23:01:ab
c. 2102:10::fc23:100:ab
d. 2102:0010::fc23:01:ab
17. When using the dual-stack backbone, which of the following statements is correct?
a. The backbone routers have IPv4/IPv6 dual stacks, and end hosts do not.
b. The end hosts have IPv4/IPv6 dual stacks, and backbone routers do not.
c. Both the backbone routers and end hosts have IPv4/IPv6 dual stacks.
d. Neither the backbone routers nor end hosts have IPv4/IPv6 dual stacks.
18. How does a dual-stack host know which stack to use to reach a destination?
a. It performs an ND, which returns the destination host type.
b. It performs a DNS request that returns the IP address. If the returned address is IPv4, the host uses the IPv4 stack. If the returned address is IPv6, the host uses the IPv6 stack.
c. The IPv6 stack makes a determination. If the destination is IPv4, the packet is sent to the IPv4 stack.
d. The IPv4 stack makes a determination. If the destination is IPv6, the packet is sent to the IPv6 stack.
19. What protocol numbers are used by Ethernet to identify IPv4 versus IPv6?
a. Protocol 6 for IPv4 and protocol 17 for IPv6.
b. 0x86DD for IPv6 and 0x0800 for IPv4.
c. 0x8000 for IPv4 and 0x86DD for IPv6.
d. 0x0800 for both IPv4 and IPv6; they are identified in the packet layer.
20. Which of the following describe the IPv6 header? (Select two.)
a. It is 40 bytes in length.
b. It is of variable length.
c. The Protocol Number field describes the upper-layer protocol.
d. The Next Header field describes the upper-layer protocol.
21. Which of the following is true about fragmentation?
a. Routers between source and destination hosts can fragment IPv4 and IPv6 packets.
b. Routers between source and destination hosts cannot fragment IPv4 and IPv6 packets.
c. Routers between source and destination hosts can fragment IPv6 packets only. IPv4 packets cannot be fragmented.
d. Routers between source and destination hosts can fragment IPv4 packets only. IPv6 packets cannot be fragmented.
22. A packet sent to an anycast address reaches what?
a. The nearest destination in a set of hosts
b. All destinations in a set of hosts
c. Broadcasts to all hosts
d. Global unicast destinations
23. Which of the following is/are true about IPv6 and IPv4 headers?
a. The IPv6 header is of fixed length, and the Next Header field describes the upper-layer protocol.
b. The IPv4 header is of variable length, and the Protocol field describes the upper-layer protocol.
c. The IPv6 header is of fixed length, and the Protocol field describes the upper-layer protocol.
d. A and B
e. B and C
24. An organization uses an IPv6 address range that it received from its ISP. The IPv6 addresses will be used internally, and employees will access the Internet using Port Address Translation. What is required for DNS?
a. DNS servers need to support only IPv4 addresses.
b. DNS servers need to support only IPv6 addresses.
c. No changes are needed to the DNS servers.
d. DNS servers need to support both IPv4 and IPv6 addresses.
e. Additional DNS servers for IPv6 addresses are needed.
f. DNS servers are not needed for PAT.
25. Which statements about IPv6 addresses are true? (Select two.)
a. Leading 0s are required.
b. Two colons (::) are used to separate fields.
c. Two colons (::) are used to represent successive hexadecimal fields of 0s.
d. A single interface will have multiple IPv6 addresses of different types.
26. You have duplicate file servers at multiple locations. Which IPv6 address type allows each end station to send a request to the nearest file server using the same destination address, regardless of the location of that end station?
a. Anycast
b. Broadcast
c. Unicast
d. Global unicast
e. Multicast
27. Which strategy allows both IPv4 and IPv6 addressing/stacks to coexist on a host to facilitate a migration?
a. Deploy NAT-PT between the networks.
b. Hosts run IPv4 and routers run native IPv6.
c. Enable anycast in the routing protocol.
d. Run both IPv4 and IPv6 address stacks on devices.
e. Redistribute between the IPv4 and IPv6 networks.
28. Which strategy would be most flexible for a corporation with the following characteristics?
2,400,000 hosts
11,000 routers
Internet connectivity
High volume of traffic with customers and business partners
a. Deploy NAT-PT between business and Internet networks.
b. Hosts run IPv4 and routers run native IPv6.
c. Both hosts and routers run dual stack.
d. Enable anycast in the routing protocol.
e. Redistribute between the IPv4 and IPv6 networks.
29. What is the hierarchy for IPv6 aggregatable addresses?
a. Global, site, loop
b. Public, site, interface
c. Internet, site, interface
d. Multicast, anycast, unicast
30. NAT-PT translates between what address types?
a. Translates RFC 1918 private addresses to public IPv4 addresses
b. Translates between IPv4 and IPv6 addresses
c. Translates between network addresses and IPv6 ports
d. Translates between private IPv6 addresses to public IPv6 addresses
31. In a network where IPv6 exists within an IPv4 network, which two strategies allow both schemes to coexist? (Select two.)
a. Translate between the protocols.
b. Hosts run IPv4 and routers run native IPv6.
c. Encapsulate IPv6 packets into IPv4 packets.
d. Enable anycast in the routing protocol.
e. Redistribute between the IPv4 and IPv6 networks.
32. Which IPv6 feature enables routing to distribute connection requests to the nearest content server?
a. Anycast
b. Link-local
c. Aggregatable
d. Multicast
e. Site-local
33. Which statement best describes the efficiency of the IPv6 header?
a. It is less efficient than the IPv4 header.
b. It has the same efficiency as the IPv4 header; the larger IPv6 address makes it faster.
c. It is more efficient than the IPv4 header.
d. It is larger than the IPv4 header.
34. What does one-to-nearest communication mean for IPv6?
a. Anycast
b. Broadcast
c. Multicast
d. Unicast
35. Which tunneling protocol allows dual-stack hosts to tunnel over IPv4 network that is not multicast enabled?
a. 6to4
b. 6over4
c. IPsec
d. ISATAP
36. How would you summarize the networks listed below?
2001:0db8:2a3e:4490::/64
2001:0db8: 2a3e:4a1b::/64
2001:0db8: 2a3e:4ff2::/64
2001:0db8: 2a3e:4c5b::/64
a. 2001:0db8:2a3e:4000::/52
b. 2001:0db8: 2a3e:4000::/56
c. 2001:0db8: 2a3e:4000::/60
d. 2001:0db8: 2a3e:4000::/64
37. Select the statement that is true about IPv6 address assignment.
a. Configure devices manually using IPv6 address assignment.
b. Configure servers using SLAAC.
c. Use SLAAC to assign IPv6 addresses and then DHCPv6 to assign additional information to hosts.
d. You cannot use DHCPv6 after a host is assigned an IPv6 via SLAAC.
38. Which IPv6 feature allows a single node to send packets that are routed to the nearest receiver from a group of potential receivers?
a. Link-local
b. Site-local
c. Anycast
d. Multicast
39. Which statement is correct?
a. IPv6 does not use multicast addresses.
b. IPv6 routers do not forward packets if the packet has a link-local source address.
c. DHCPv6 is the only method for dynamic address assignment.
d. IPv6 routers forward packets if the packet has a link-destination address.
40. Which two link-state routing protocols support IPv6 routing?
a. RIPng
b. OSPF
c. EIGRP
d. IS-IS
e. BGP4+
41. Which are transition models to IPv6 for an enterprise network?
a. Dual-stack
b. Top-down
c. Tunneled
d. Service block
e. Translation
f. Fork-lift
g. Hybrid
42. Which are deployment models to IPv6 for an enterprise network?
a. Dual-stack
b. Top-down
c. Tunneled
d. Service block
e. Translation
f. Fork-lift
g. Hybrid
43. If an application uses broadcast traffic for IPv4, how will it communicate using IPv6?
a. Anycast
b. Broadcast
c. Multicast
d. Unicast
44. What type of address begins with the following prefix?
FC00::/7
a. Local-link
b. Broadcast
c. Multicast
d. Unique local unicast
45. Which regional registry allocates address blocks in the Middle East?
a. IANA
b. RIPE
c. ARIN
d. APNIC
e. LACNIC
f. AFRINIC
Questions 46 through 49 are based on the following scenario and Figure 9-18.
A company has an existing WAN that uses IPv4. Sites C and D use IPv4. As shown in Figure 9-18, the company plans to add two new locations (Sites A and B). The new sites will implement IPv6. The company does not want to lease more WAN circuits.
46. What options does the company have to connect Site A to Site B?
47. What mechanism needs to be implemented so that IPv6 hosts can communicate with IPv4 hosts, and vice versa?
48. If a dual-stack backbone is implemented, do all WAN routers and all hosts need an IPv6-IPv4 dual stack?
49. If an IPv4 tunnel is implemented between Sites A and B, do all WAN routers require an IPv6-IPv4 dual stack?