Esercizi IPv6 - the Netgroup at Politecnico di Torino
10.07.2015 Views
Share Embed Flag

Esercizi IPv6 - the Netgroup at Politecnico di Torino

Esercizi IPv6 - the Netgroup at Politecnico di Torino

Esercizi IPv6 - the Netgroup at Politecnico di Torino

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
  • No tags were found...
netgroup.polito.it

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

1<strong>Esercizi</strong><strong>IPv6</strong>: in<strong>di</strong>rizzamento e routing

<strong>Esercizi</strong>o 1: St<strong>at</strong>eless configur<strong>at</strong>ionSia d<strong>at</strong>a la configurazione <strong>di</strong> rete in figura.Assumendo che il Router Advertisementsia abilit<strong>at</strong>o solamente su R1, in<strong>di</strong>care gliin<strong>di</strong>rizzi <strong>IPv6</strong> presenti sull’interfacciadell’host ottenuto <strong>at</strong>traverso st<strong>at</strong>elessconfigur<strong>at</strong>ion.R1InternetR22001:1:0:1::1/64 2001:1:0:7::1/64HostRisposte:A) 2001:1:0:1:20b:5dff:fe4c:3a6b, 2001:1:0:7:20b:5dff:fe4c:3a6b, fe80::20b:5dff:fe4c:3a6bB) 2001:1:0:1:20b:5dff:fe4c:3a6b, fe80:1::20b:5dff:fe4c:3a6bC) 2001:1:0:7:20b:5dff:fe4c:3a6b, fe80::20b:5dff:fe4c:3a6bD) 2001:1:0:1:20b:5dfe:ff4c:3a6b, fe80::20b:5dff:fe4c:3a6bE) 2001:1:0:1:20b:5dff:fe4c:3a6b, fe80::20b:5dff:fe4c:3a6b2

RisposteA) È err<strong>at</strong>a, perchè R2 non invia messaggi <strong>di</strong> Router Advertisement, percui ilprefisso 2001:1:0:7::/64 non può essere configur<strong>at</strong>o sulla stazione.B) È err<strong>at</strong>a, in quanto l’in<strong>di</strong>rizzo link local ha il prefisso err<strong>at</strong>o (FE80:1::/64,mentre dovrebbe essere FE80::/64)C) È err<strong>at</strong>a, in quanto l’in<strong>di</strong>rizzo pubblico è deriv<strong>at</strong>o dal prefisso <strong>di</strong> R2, che tuttavianon ha il Router Advertisement abilit<strong>at</strong>o.D) È err<strong>at</strong>a. Nonostante l’in<strong>di</strong>rizzo <strong>IPv6</strong> pubblico sia valido, l’interface ID ècalcol<strong>at</strong>o in modo scorretto a partire dall’in<strong>di</strong>rizzo MAC (si notino i byte FF edFE invertiti). Dal momento che l’esercizio assume la st<strong>at</strong>eless configurazion,l’in<strong>di</strong>rizzo è err<strong>at</strong>o.E) È corretta.3

<strong>Esercizi</strong>o 2: St<strong>at</strong>eless configur<strong>at</strong>ionSia d<strong>at</strong>a la configurazione <strong>di</strong> rete in figura.Assumendo che il router R1 non abbia abilit<strong>at</strong>o ilprocesso <strong>di</strong> Router Advertisement, in<strong>di</strong>care:R1Internet1) gli in<strong>di</strong>rizzi configur<strong>at</strong>i su H12001:1:0:1::1/642) i pacchetti gener<strong>at</strong>i da H1 al bootstrapH1H23) i pacchetti gener<strong>at</strong>i da H1 qualora questocerchi <strong>di</strong> effettuare un PING verso H2, suppostoche ne conosta l’in<strong>di</strong>rizzo <strong>IPv6</strong>MAC 00:01:04:76:2A:5CMAC 00:01:04:78:8D:2B4) i pacchetti gener<strong>at</strong>i da H1 qualora vogliainiziare una connessione TCP verso un hostInternet4

Risposta 1: in<strong>di</strong>rizzi su H1L’unico in<strong>di</strong>rizzo presente sarà il link-local.Interface ID:MAC 00:01:04:76:2A:5C => IF_ID 0201:04FF:FE76:2A5C=> In<strong>di</strong>rizzo link local: FE80::0201:04FF:FE76:2A5C5

Risposta 2: pacchetti gener<strong>at</strong>i al bootPrima <strong>di</strong> poter assumere come valido il proprio in<strong>di</strong>rizzo link-local, H1deve completare una fase <strong>di</strong> Duplic<strong>at</strong>e Address Detection (2 pacchetti),quin<strong>di</strong> invierà un pacchetto all’in<strong>di</strong>rizzo “all routers” per verificare lapresenza <strong>di</strong> un router. Si noti come quest’ultimo pacchetto non vieneinvi<strong>at</strong>o <strong>di</strong> default da tutti i sistemi oper<strong>at</strong>ivi.Pacchetto 1:[Eth] 000104-762A5C => 3333FF-762A5C[<strong>IPv6</strong>] :: =>FF02::1:FF76:2A5C (Len 64)[ICMP6] Neighbor Solicit<strong>at</strong>ion: who has FE80::0201:04FF:FE76:2A5C?Pacchetto 2:[Eth] 000104-762A5C => 3333FF-762A5C[<strong>IPv6</strong>] FE80::0201:04FF:FE76:2A5C =>FF02::1:FF76:2A5C (Len 72)[ICMP6] Group Membership Report (FF02::1:FF76:2A5C)Pacchetto 3:[Eth] 000104-762A5C => 3333FF-000002[<strong>IPv6</strong>] FE80::0201:04FF:FE76:2A5C =>FF02::2 (Len 56)[ICMP6] Router solicit<strong>at</strong>ion6

Risposta 3: ping su H2È necessario innanzitutto ricavare l’in<strong>di</strong>rizzo <strong>IPv6</strong> link-local <strong>di</strong> H2. Quin<strong>di</strong>verranno gener<strong>at</strong>i due pacchetti rel<strong>at</strong>ivi alla fase <strong>di</strong> neighbor solicit<strong>at</strong>ion,seguiti dai pacchetti ICMP echo request/reply.In<strong>di</strong>rizzo <strong>IPv6</strong> <strong>di</strong> H2: FE80::0201:04FF:FE78:8D2B (MAC: 00:01:04:78:8D:2B)Pacchetto 1:[Eth] 000104-762A5C => 3333FF-788D2B[<strong>IPv6</strong>] :: =>FF02::1:FF78:8D2B (Len 72)[ICMP6] Neighbor Solicit<strong>at</strong>ion: who has FE80::0201:04FF:FE78:8D2B?Pacchetto 2:[Eth] 000104-788D2B => 000104-762A5C[<strong>IPv6</strong>] FE80::0201:04FF:FE78:8D2B => FE80::0201:04FF:FE76:2A5C (Len 72)[ICMP6] Neighbor Advertisement: I am FE80::0201:04FF:FE78:8D2B <strong>at</strong> 000104-788D2BPacchetto 3:[Eth] 000104-762A5C => 000104-788D2B[<strong>IPv6</strong>] FE80::0201:04FF:FE76:2A5C => FE80::0201:04FF:FE78:8D2B (Len 72)[ICMP6] Echo RequestPacchetto 4:[Eth] 000104-788D2B => 000104-762A5C[<strong>IPv6</strong>] FE80::0201:04FF:FE78:8D2B => FE80::0201:04FF:FE76:2A5C (Len 72)[ICMP6] Echo Reply7

Risposta 4: invio <strong>di</strong> traffico su InternetL’inoltro <strong>di</strong> traffico su Internet non è possibile in quanto l’hostH1 non conosce alcun default router.Pertanto, H1 è in grado <strong>di</strong> comunicare con gli host locali<strong>at</strong>traverso gli in<strong>di</strong>rizzi link-local, ma non è in grado <strong>di</strong> inoltrarepacchetti al <strong>di</strong> fuori del link locale.8

<strong>Esercizi</strong>o 3: PINGSia d<strong>at</strong>a la configurazione <strong>di</strong> rete in figura.Assumendo che il router R1 non abbia abilit<strong>at</strong>o ilprocesso <strong>di</strong> Router Advertisement, in<strong>di</strong>care ilflusso dei pacchetti quando, su H1, si <strong>di</strong>gita ilcomando “PING 2001:1:0:2::2”.Si assuma che la neighbor cache non abbiaancuna entry.R1Internet2001:1:0:1::1/642001:1:0:2::1/64MAC: 00-AA-BB-CC-DD-EEH1H2<strong>IPv6</strong>: 2001:1:0:1::2/64DG: 2001:1:0:1::1MAC 00:01:04:76:2A:5C<strong>IPv6</strong>: 2001:1:0:2::2/64DG: 2001:1:0:2::1MAC 00:01:04:78:8D:2B9

Risposta: Ping su H2 (1)Pacchetto 1 (ICMPv6 Neighbor Solicit<strong>at</strong>ion da H1 ad R1):[Eth] 000104-762A5C => 3333FF-000001[<strong>IPv6</strong>] 2001:1:0:1::2 =>FF02::1:FF00:1 (Len 72)[ICMP6] Neighbor Solicit<strong>at</strong>ion: who has 2001:1:0:1::1 ?Pacchetto 2 (ICMPv6 Neighbor Advertisement da R1 ad H1):[Eth] 00AABB-CCDDEE => 000104-762A5C[<strong>IPv6</strong>] 2001:1:0:1::1 => 2001:1:0:1::2 (Len 72)[ICMP6] Neighbor Advertisement: I am 2001:1:0:1::1 <strong>at</strong> 00AABB-CCDDEEPacchetto 3 (ICMPv6 Echo Request verso R1):[Eth] 000104-762A5C => 00AABB-CCDDEE[<strong>IPv6</strong>] 2001:1:0:1::2 => 2001:1:0:2::2 (Len 72)[ICMP6] Echo RequestPacchetto 4 (ICMPv6 Neighbor Solicit<strong>at</strong>ion da R1 ad H2):[Eth] 00AABB-CCDDEE => 3333FF-000002[<strong>IPv6</strong>] 2001:1:0:2::1 =>FF02::1:FF00:2 (Len 72)[ICMP6] Neighbor Solicit<strong>at</strong>ion: who has 2001:1:0:2::2 ?Pacchetto 5 (ICMPv6 Neighbor Advertisement da H2 ad R1):[Eth] 000104-788D2B=> 00AABB-CCDDEE[<strong>IPv6</strong>] 2001:1:0:2::2 => 2001:1:0:2::1 (Len 72)[ICMP6] Neighbor Advertisement: I am 2001:1:0:2::2 <strong>at</strong> 000104-788D2BPacchetto 6 (ICMPv6 Echo Request da R1 ad H2):[Eth] 00AABB-CCDDEE => 000104-788D2B[<strong>IPv6</strong>] 2001:1:0:1::2 => 2001:1:0:2::2 (Len 72)[ICMP6] Echo RequestPacchetto 7: (ICMPv6 Echo Reply da H2 ad R1):[Eth] 000104-788D2B => 00AABB-CCDDEE[<strong>IPv6</strong>] 2001:1:0:2::2 => 2001:1:0:1::2 (Len 72)[ICMP6] Echo Reply...10

Risposta: Ping su H2 (2)H1R1H2Neighbor Solicit<strong>at</strong>ionNeighbor AdvertisementEcho RequestNeighbor Solicit<strong>at</strong>ionNeighbor AdvertisementEcho RequestEcho ReplyEcho Reply11

<strong>Esercizi</strong>o 4Sia d<strong>at</strong>a la c<strong>at</strong>tura del PING fra due host riport<strong>at</strong>a in figura. In<strong>di</strong>viduareil motivo della manc<strong>at</strong>a risposta al pacchetto ICMP Echo Request.[Eth] 001121-3AF4D2 => 3333FF-030001 [<strong>IPv6</strong>] 2001:1A60:1:1::3:2 =>FF02::1:FF03:1 (Len 72)[ICMP6] Neighbor Solicit<strong>at</strong>ion: who has 2001:1A60:1:1::3:1?[Eth] 001121-3B0726 => 001121-3AF4D2 [<strong>IPv6</strong>] 2001:1A60:1:1::3:1 => 2001:1A60:1:1::3:1 (Len 72) [ICMP6] Neighbor Adv.: I am 2001:1A60:1:1::3:1 <strong>at</strong> 001121-3B0726[Eth] 001121-3AF4D2 => 001121-3B0726 [<strong>IPv6</strong>] 2001:1A60:1:1::3:2 => 2001:1A60:1:2::16:2 (Len 72) [ICMP6] Echo Request[Eth] 001121-3B0726 => 3333FF-160002 [<strong>IPv6</strong>] FE80::0211:21FF:FE3B:0726 =>FF02::1:FF16:2 (Len 72) [ICMP6] Neighbor Solicit<strong>at</strong>ion: who has 2001:1A60:1:2::16:2?[Eth] 001121-3B01F8 => 001121-3B0726 [<strong>IPv6</strong>] 2001:1A60:1:1::16:2 => FE80::0211:21FF:FE3B:0726 (Len 72) [ICMP6] Neighbor Adv.: I am 2001:1A60:1:2::16:2 <strong>at</strong> 001121-3B01F8[Eth] 001121-3B0726 => 001121-3B01F8 [<strong>IPv6</strong>] 2001:1A60:1:1::3:2 => 2001:1A60:1:2::16:2 (Len 72) [ICMP6] Echo Request[Eth] 001121-3B01F8 => 3333FF-300001 [<strong>IPv6</strong>] FE80::0211:21FF:FE3B:01F8 =>FF02::1:FF30:1 (Len 72) [ICMP6] Neighbor Solicit<strong>at</strong>ion: who has 2001:1A60:1:2::30:1?[Eth] 001121-3B01F8 => 3333FF-300001 [<strong>IPv6</strong>] FE80::0211:21FF:FE3B:01F8 =>FF02::1:FF30:1 (Len 72) [ICMP6] Neighbor Solicit<strong>at</strong>ion: who has 2001:1A60:1:2::30:1?[Eth] 001121-3AF4D2 => 001121-3B0726 [<strong>IPv6</strong>] 2001:1A60:1:1::3:2 => 2001:1A60:1:2::16:2 (Len 72) [ICMP6] Echo Request[Eth] 001121-3B0726 => 001121-3B01F8 [<strong>IPv6</strong>] 2001:1A60:1:1::3:2 => 2001:1A60:1:2::16:2 (Len 72) [ICMP6] Echo Request...12

RispostaIP: 2001:1A60:1:1::3:2DG: 2001:1A60:1:1::3:1IP1: 2001:1A60:1:1::3:1IP2: 2001:1A60:1:2:[????]IP3: FE80::0211:21FF:FE3B:0726IP1: 2001:1A60:1:2::16:2IP2: FE80::0211:21FF:FE3B:01F8DG: 2001:1A60:1:2::30:1IP: 2001:1A60:1:2::30:1H1R1H2R2Neighbor Solicit<strong>at</strong>ionNeighbor AdvertisementEcho RequestNeighbor Solicit<strong>at</strong>ionNeighbor AdvertisementEcho RequestNeighbor Solicit<strong>at</strong>ionEcho RequestEcho RequestNeighbor Solicit<strong>at</strong>ion13

<strong>Esercizi</strong>o 5: piano <strong>di</strong> in<strong>di</strong>rizzamentoRealizzare un piano <strong>di</strong> in<strong>di</strong>rizzamento <strong>IPv6</strong> per la rete in figura.In<strong>di</strong>care inoltre le route st<strong>at</strong>iche da configurare sui router affinchèla rete sia funzionante.350 host 120 host14

RispostaNon essendo la rete connessa ad Internet, è sufficiente gestire il tuttocon in<strong>di</strong>rizzi site-local.Per facilitare l’autoconfigurazione, si possono utilizzare <strong>di</strong> preferenzareti /64, anche se questo porta ad un notevole spreco <strong>di</strong> in<strong>di</strong>rizzi (inp<strong>at</strong>ticolare sul link punto-punto).Route st<strong>at</strong>ica:S FEC0:0:0:3::/64 FEC0:0:0:1::2Route st<strong>at</strong>ica:S FEC0:0:0:2::/64 FEC0:0:0:1::1:1:2FEC0:0:0:1::/64FEC0:0:0:2::/64FEC0:0:0:3::/6415

<strong>Esercizi</strong>o 6: piano <strong>di</strong> in<strong>di</strong>rizzamentoRealizzare un piano <strong>di</strong> in<strong>di</strong>rizzamento <strong>IPv6</strong> per la rete in figura ein<strong>di</strong>care su quali interfacce ha senso abilitare il processo <strong>di</strong> RouterAdvertisement.InternetE<strong>di</strong>ficio AE<strong>di</strong>ficio BE<strong>di</strong>ficio CPiano 1Piano 2Piano 3Piano 1Piano 2Piano 3Piano 1Piano 2Piano 316

Risposta (1)Vista la limit<strong>at</strong>a <strong>di</strong>mensione della rete, è possibile assegnare gliin<strong>di</strong>rizzi anche non gerarchicamente, lasciando al router interno ilcompito <strong>di</strong> propagare la raggiungibilità degli in<strong>di</strong>rizzi <strong>di</strong> rete.2001:760:400::/48Internet2001:760:400:0:/642001:760:400:2:/64E<strong>di</strong>ficio A2001:760:400:1:/64E<strong>di</strong>ficio BE<strong>di</strong>ficio C2001:760:400:3:/642001:760:400:5:/642001:760:400:4:/642001:760:400:6:/642001:760:400:8:/642001:760:400:7:/64Piano 1Piano 3Piano 2Piano 1Piano 2Piano 3Piano 1Piano 2Piano 317

Risposta (2)In altern<strong>at</strong>iva, è possibile assegnare gli in<strong>di</strong>rizzi gerarchicamente.Per quanto riguarda il processo <strong>di</strong> Router Advertisement, va abilit<strong>at</strong>osolamente sulle interfacce inferiori dei router <strong>di</strong> ultimo livello.2001:760:400::/48InternetArea: 2001:760:400:0:/522001:760:400:0:/642001:760:400:1000:/642001:760:400:2000:/64E<strong>di</strong>ficio AE<strong>di</strong>ficio BE<strong>di</strong>ficio C2001:760:400:0100:/642001:760:400:200:/642001:760:400:300:/642001:760:400:0101:/64Piano 12001:760:400:301:/642001:760:400:201:/64Piano 3Piano 2Area: 2001:760:400:0:/5618

Risposta (2) - AddendumLa gestione strettamente gerarchica può risultare più complessa dagestire sul lungo periodoTra gli altri, vi è il problema degli in<strong>di</strong>rizzi da assegnare ai links, che“consumano” uno spazio <strong>di</strong> in<strong>di</strong>rizzamento non in<strong>di</strong>fferenteTipicamente la soluzione gerarchica si utilizza in presenza <strong>di</strong> <strong>di</strong>verse se<strong>di</strong>della stessa organizzazione, in modo da poter in<strong>di</strong>viduare imme<strong>di</strong><strong>at</strong>amentel’host sorgente in base ad una ispezione visuale dell’in<strong>di</strong>rizzo <strong>IPv6</strong>All’inteno delle varie se<strong>di</strong>, tipicamente la soluzione è “anarchica”Spesso vi è uno specifico range <strong>di</strong> in<strong>di</strong>rizzamento riserv<strong>at</strong>o ai links tra iroutersLa gestione “anarchica” scala bene su reti anche <strong>di</strong> me<strong>di</strong>o-grande<strong>di</strong>mensione (qualche centinaio <strong>di</strong> route) La soluzione riport<strong>at</strong>a nella slide precedente è una delle tantepossibiliSi noti il partizionamento a /52 e /56: perchè?19

<strong>Esercizi</strong>o 7: domanda con risposte chiuseUn host <strong>IPv6</strong>, al reboot, acquisirà il seguente in<strong>di</strong>rizzo:A) Non è possibile sapere con precisione l’in<strong>di</strong>rizzo stesso, dalmomento che l’in<strong>di</strong>rizzo <strong>IPv6</strong> viene ogni volta rigener<strong>at</strong>o conun numero casuale per quanto riguarda la parte riserv<strong>at</strong>aall’Interface IDB) Un in<strong>di</strong>rizzo FE80::/32C) Per quanto riguarda l’in<strong>di</strong>rizzo link-local, assumerà lo stessoin<strong>di</strong>rizzo <strong>IPv6</strong> che possedeva prima del rebootD) L’in<strong>di</strong>rizzo <strong>di</strong>pende interamente dalla configurazione cheacquisirà dal suo default router20

logo

Prodotti

Risorse

Aziende

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!