IPv6 Tutorial - RIPE 64

More documents

Recommendations

Info

IPv6 Security -Authentication• Sequence number• Unsigned 32-bit that is a monotonically increasing counter• Used to prevent replay attacks• Initialized to zero when the security association is established• Must never be allowed to cycle• Authentication data• Variable length field• Contains the Integrity Check Value (ICV) for the packet• What authentication algorithm used for the ICV is determined by the SA (DES, MD5, SHA-1, etc)• ICV is calculated over• IP header fields that does not change in transit or the value at the end point can be predicted• The AH• Upper layer data• What packets get an AH is determined by the SA (IPsec part of the stack)44
IPv6 security -Encryption• Yet another extension header…• …the last one to be added, and that can be read inclear textIPv6Extension hdrsSecurityEncrypted payload• How encryption is done is dependent on the cryptoalgorithm in use• For more information see RFC2406© 2006 - Netnod ABhttp://www.netnod.se/452006-01-10
Page 1 and 2: IPv6 Tutorialkurtis@netnod.se1
Page 3 and 4: Background3
Page 5 and 6: The background of IPv6• Original
Page 7 and 8: Allocated addresses - IANA
Page 9 and 10: Assigned adresser - RIRs9
Page 11 and 12: What do people do with theaddresses
Page 13 and 14: Prediction based on RIRs13
Page 15 and 16: The background of IPV6• A first s
Page 17 and 18: The background of IPv6A number of p
Page 19 and 20: IPv6 design and addressing19
Page 21 and 22: IPv6 header10 11 12 13 14 15 16 17
Page 23 and 24: The IPv6 packet format - maindiffer
Page 25 and 26: IPv6 extension headers• Extension
Page 27 and 28: IPv6 extension header -Routing0 8 1
Page 29 and 30: IPv6 extension headers -Fragmentati
Page 31 and 32: IPv6 extension headers -Destination
Page 33 and 34: IPv6 extension headers -Hop-by-Hop
Page 35 and 36: IPv6 and Flows• A flow is a seque
Page 37 and 38: • IPv6 instead uses• (src, dst,
Page 39 and 40: IPv6 security• In IPv4 secure (en
Page 41 and 42: IPv6 Security - Authentication• A
Page 43: IPv6 Security -Authentication• Ne
Page 47 and 48: IPv6 security - Encryption• Secur
Page 49 and 50: IPv6 Quality of Service• In IPv4
Page 51 and 52: IPv6 Design and addressing-Due to t
Page 53 and 54: IPv6 Address types• The IPv6 addr
Page 55 and 56: Scoped addresses• When developing
Page 57 and 58: Site-local• Originally there was
Page 59 and 60: Site-local• The debate that follo
Page 61 and 62: ULAs• Prefix• The globally uniq
Page 63 and 64: IPv6 Addressing - 6bone• In order
Page 65 and 66: IPv6 Unicast addresses65
Page 67 and 68: EUI64 encoding00 14 51 01 FC 3600 1
Page 69 and 70: RFC4941• More solutions to the in
Page 71 and 72: IPv6 ‘special’ addresses• The
Page 73 and 74: Point to point link addressing• M
Page 75 and 76: Point to point link• Possible sol
Page 77 and 78: Address allocation policies77
Page 79 and 80: Address allocation policy• Propos
Page 81 and 82: Today's Address AllocationPolicy•
Page 83 and 84: Transition technologies• When int
Page 85 and 86: End-user 185
Page 87 and 88: The “lucky” end-user87
Page 89 and 90: Dual-stack - IOSinterface FastEther
Page 91 and 92: Tunnels• Tunnels can be static•
Page 93 and 94: Tunnel encapsulationIPv4 HeaderIPv6
Page 95 and 96:
Tunnels example - Routerto-host•
Page 97 and 98:
6to4• In 6to4 an IPv4 gateway add
Page 99 and 100:
6to4192.168.1.1 10.0.0.12002:10:0:0
Page 101 and 102:
6to4 - FreeBSD exampleIn /etc/rc.co
Page 103 and 104:
Teredo• Many transition technolog
Page 105 and 106:
Teredo• Terdo client• The clien
Page 107 and 108:
• Start sequenceTeredo• Decide
Page 109 and 110:
Teredo109
Page 111 and 112:
Cone NATTeredoAs mapping exists in
Page 113 and 114:
Teredo• Client A sends a bubble p
Page 115 and 116:
Teredo• Teredo client starts with
Page 117 and 118:
Translation mechanisms• In additi
Page 119 and 120:
Scenarios• Many operators already
Page 121 and 122:
IPv6 over Circuit MPLSPEPPCircuitPE
Page 123 and 124:
6PEIPv4/IPv6 dual-stackMP-iBGP6PEPP
Page 125 and 126:
What do I need to doto get started?
Page 127 and 128:
Apply for IPv6 addressspace - LIR
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
ISP > /48
Page 137 and 138:
ISP > /48
Page 139 and 140:
Make an addressing plan• In the b
Page 141 and 142:
To keep in mind...• Start with co
Page 143 and 144:
Configuration - Cisco IOS• IPv6 i
Page 145 and 146:
FreeBSD• FreeBSD6.3-REL and FreeB
Page 147 and 148:
OS X
Page 149 and 150:
OS X
Page 151 and 152:
Windows Vista
Page 153 and 154:
Windows Vista
Page 155 and 156:
Configuration examples-Applications
Page 157 and 158:
Postfix• In main.cf# IPv6 configu
Page 159 and 160:
Apache2• In httpd.conf• orListe
Page 161 and 162:
IPv6 Neighbour Discovery• Describ
Page 163 and 164:
IPv6 Neighbour Discovery• Router
Page 165 and 166:
Stateless addressautoconfiguration
Page 167 and 168:
IPv6 Anycast addresses• An anycas
Page 169 and 170:
IPv6 Anycast• Required anycast ad
Page 171 and 172:
IPv6 multicast• Flags are defined
Page 173 and 174:
IPv6 multicast• Pre-defined multi
Page 175 and 176:
• Defined in RFC2740• Called OS
Page 177 and 178:
OSPFinterface GigabitEthernet2/1des
Page 179 and 180:
IS-IS179
Page 181 and 182:
!ISIS IOS configurationexampleinter
Page 183 and 184:
BGP and IPv6• BGP will behave exa
Page 185 and 186:
BGP and IPv6address-family ipv6neig
Page 187 and 188:
outer bgp 1!Peer Groupsneighbor ibg
Page 189 and 190:
Prefix-listrouter bgp 1neighbour 20
show all

IPv6 Tutorial - RIPE 64

Create successful ePaper yourself

Delete template?

Save as template?