dr dr nenadnenadkrajnovikrajnovićć ee--mail: krajkomail:...
TRANSCRIPT
IP IP versionversion 66
Dr Dr NenadNenad KrajnoviKrajnoviććee--mail: krajkomail: krajko@@etf.bg.acetf.bg.ac..rsrs
Razlozi za uvođenje IPv6Razlozi za uvođenje IPv6
��Potrošen adresni prostorPotrošen adresni prostor��Mogućnost da se integrišu nove Mogućnost da se integrišu nove
stvari kao što je automatsko stvari kao što je automatsko konfigurisanje, sigurnost i zaštita, konfigurisanje, sigurnost i zaštita,
22
konfigurisanje, sigurnost i zaštita, konfigurisanje, sigurnost i zaštita, QoSQoS
��Širenjem Interneta sve više raznih Širenjem Interneta sve više raznih ureñaja se povezuje na mrežu, kao ureñaja se povezuje na mrežu, kao što su mobilni telefoni (procene što su mobilni telefoni (procene susuda je 2014. bilo 1,75 milijardi da je 2014. bilo 1,75 milijardi smart smart mobilnih telefona)mobilnih telefona)
IPv6IPv6
��Definisan u okviru RFC Definisan u okviru RFC 24602460((specifikacija je dopunjena kroz veći specifikacija je dopunjena kroz veći broj novijih RFCbroj novijih RFC--ova)ova)
��Arhitektura adresiranja je definisana Arhitektura adresiranja je definisana u okviru RFC u okviru RFC 4291 (dopunjena u 4291 (dopunjena u
33
u okviru RFC u okviru RFC 4291 (dopunjena u 4291 (dopunjena u novijim RFCnovijim RFC--ovima)ovima)
��Uvodi 128Uvodi 128--bitni adresni bitni adresni prostorprostor��Modifikuje se format zaglavlja IP Modifikuje se format zaglavlja IP
datagrama u cilju smanjenjadatagrama u cilju smanjenja broja broja poljapolja
IPv6 IPv6 -- nastavaknastavak
��Unapreñen način tretiranja opcija u Unapreñen način tretiranja opcija u okviru zaglavljaokviru zaglavlja
��Uvodi Uvodi se labela koja identifikuje tok se labela koja identifikuje tok podatakapodataka
44
podatakapodataka��Uvedena je ekstenzija koja Uvedena je ekstenzija koja
omogućomogućaava identifikaciju pošiljaoca i va identifikaciju pošiljaoca i zaštitu podataka (AH i ESP)zaštitu podataka (AH i ESP)
AH AH –– Authentication HeaderAuthentication Header
ESP ESP –– Encapsulating Security PayloadEncapsulating Security Payload
Format paketaFormat paketa
++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++
|Version| Traffic Class | Flow Label ||Version| Traffic Class | Flow Label |
++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++
| Payload Length | Next Header | Hop Limit || Payload Length | Next Header | Hop Limit |
++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++
| || |
+ ++ +
| || |
55
| || |
+ Source Address ++ Source Address +
| || |
+ ++ +
| || |
++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++
| || |
+ ++ +
| || |
+ Destination Address ++ Destination Address +
| || |
+ ++ +
| || |
++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++--++
Format paketa Format paketa -- objašnjenjaobjašnjenja
��VersionVersion –– 4 bita 4 bita –– oznaka verzije (6oznaka verzije (6).).��Traffic ClassTraffic Class –– 8 bita 8 bita –– polje klase polje klase
servisa.servisa.��Flow LabelFlow Label –– 20 bita 20 bita –– labela koja labela koja
66
��Flow LabelFlow Label –– 20 bita 20 bita –– labela koja labela koja identifikuje tok identifikuje tok podatakapodataka; ; definisano definisano u RFC 6437.u RFC 6437.
��Payload LengthPayload Length –– 16 bita 16 bita –– ddužiužinanadela datagrama koji sleddela datagrama koji sledii posle posle osnovnog IPv6 osnovnog IPv6 zaglavlja izražena u zaglavlja izražena u broju broju okteta.okteta.
Format paketa Format paketa -- objašnjenjaobjašnjenja
��Next HeaderNext Header –– 8 bita 8 bita –– identifikuje identifikuje tip zaglavlja koje sledi odmah posle tip zaglavlja koje sledi odmah posle osnovnog zaglavljaosnovnog zaglavlja
77
Redosled obrade dodatnih Redosled obrade dodatnih
zaglavlja (RFC 2460)zaglavlja (RFC 2460)
Preporučeni redosled
Dodatno zaglavlje Oznaka za next-header
11 HopHop--byby--hop options headerhop options header 00
22 Destination options headerDestination options header 6060
33 Routing headerRouting header 434333 Routing headerRouting header 4343
44 Fragment headerFragment header 4444
55 Authentication header (AH)Authentication header (AH) AH=51AH=51
66 ESP headerESP header ESP=50ESP=50
77 UpperUpper--layer header: layer header: TCPTCPUDPUDP
TCP = 6TCP = 6UDP = 17UDP = 17
99
Format paketa Format paketa -- objašnjenjaobjašnjenja
��Hop LimitHop Limit –– 8 bita 8 bita –– brojač broja brojač broja skokova (nekada se koristilo polje skokova (nekada se koristilo polje TTL); ako vrednost dostigne nulu TTL); ako vrednost dostigne nulu datagram se odbacujedatagram se odbacujedatagram se odbacujedatagram se odbacuje
1010
Format paketa Format paketa -- objašnjenjaobjašnjenja
��SourceSource, Destination Address, Destination Address –– po 128 po 128 bita bita –– IPv6 adresaIPv6 adresa
��Moguće je adresirati 2 na 128Moguće je adresirati 2 na 128--mi mi stepen različitih adresa:stepen različitih adresa:
1111
stepen različitih adresa:stepen različitih adresa:
340,282,366,920,938,463,463,374,607,431,768,211,456340,282,366,920,938,463,463,374,607,431,768,211,456
Tipovi IPv6 adresaTipovi IPv6 adresa
�� Tri tipa adresa:Tri tipa adresa:–– unicastunicast –– označava adresu jednog interfejsa na označava adresu jednog interfejsa na
ureñajuureñaju–– multicastmulticast –– označava grupu interfejsa označava grupu interfejsa
(uglavnom na različitim računarima);(uglavnom na različitim računarima);
1212
(uglavnom na različitim računarima);(uglavnom na različitim računarima);paket poslat na ovu adresu stiže paket poslat na ovu adresu stiže do svihdo svihadresiranih interfejsaadresiranih interfejsa
–– anycastanycast –– označava grupu interfejsa; paket označava grupu interfejsa; paket poslat na poslat na anycast anycast adresu stiže adresu stiže do jednog od do jednog od interfejsainterfejsa opisanih ovom adresom (po pravilu opisanih ovom adresom (po pravilu najbližeg definisano pojmom rastojanja u najbližeg definisano pojmom rastojanja u protokolu rutiranja)protokolu rutiranja)
BroadcastBroadcast adresa?adresa?
��Broadcast Broadcast adresa se više ne koristiadresa se više ne koristi��Tu funkciju obavlja Tu funkciju obavlja multicastmulticast adresaadresa��Adrese sa svim 0Adrese sa svim 0--ma ili svim 1ma ili svim 1--ma u ma u hosthost delu sada postaju regularne delu sada postaju regularne
1313
hosthost delu sada postaju regularne delu sada postaju regularne adreseadrese
Arhitektura adresiranjaArhitektura adresiranja
��Način dodele adrese se značajno Način dodele adrese se značajno razlikuje u odnosu na IPv4razlikuje u odnosu na IPv4
��Svaki interfejs mora da ima barem Svaki interfejs mora da ima barem jednu tzv. jednu tzv. linklink--locallocal adresu a može adresu a može
1414
jednu tzv. jednu tzv. linklink--locallocal adresu a može adresu a može da ima proizvoljan broj drugih adresada ima proizvoljan broj drugih adresa
�� Jedna Jedna unicastunicast adresa može se adresa može se koristiti za više fizičkih interfejsa na koristiti za više fizičkih interfejsa na jednom ureñaju (za jednom ureñaju (za load balancingload balancing))
Način pisanja IPv6 adresaNačin pisanja IPv6 adresa
��Najčešće se koristi format:Najčešće se koristi format:x:x:x:x:x:x:x:xx:x:x:x:x:x:x:x
gde svako “x” predstavlja gde svako “x” predstavlja heksadecimalni zapis 16heksadecimalni zapis 16--bitnog poljabitnog polja
1515
heksadecimalni zapis 16heksadecimalni zapis 16--bitnog poljabitnog polja
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
Način pisanja IPv6 adresaNačin pisanja IPv6 adresa
��U cilju pojednostavljenja, nije U cilju pojednostavljenja, nije neophodno pisati vodeće nule ili veći neophodno pisati vodeće nule ili veći broj nula:broj nula:
1080:0:0:0:8:800:200C:417A ili 1080:0:0:0:8:800:200C:417A ili
1616
1080:0:0:0:8:800:200C:417A ili 1080:0:0:0:8:800:200C:417A ili 1080::8:800:200C:417A1080::8:800:200C:417A
FF01:0:0:0:0:0:0:101 ili FF01::101FF01:0:0:0:0:0:0:101 ili FF01::1010:0:0:0:0:0:0:1 ili ::10:0:0:0:0:0:0:1 ili ::1
Tipovi adresaTipovi adresa
Address type Binary prefix Address type Binary prefix IPv6IPv6
notationnotation
Unspecified 00...0 (128 bits) ::/128Unspecified 00...0 (128 bits) ::/128
Loopback 00...1 (128 bits) ::1/128Loopback 00...1 (128 bits) ::1/128
1717
Multicast 11111111 FF00::/8Multicast 11111111 FF00::/8
LinkLink--local local
unicast 1111111010 FE80::/10 unicast 1111111010 FE80::/10
SiteSite--local local
unicast 1111111011 FEC0::/10 unicast 1111111011 FEC0::/10
Global Global
unicast (unicast (everything elseeverything else))
Dodeljivanje adresaDodeljivanje adresa
��Kombinacija alokacije i automatskog Kombinacija alokacije i automatskog dodeljivanjadodeljivanja
��Adresa mreže se i dalje definiše po Adresa mreže se i dalje definiše po CIDR principuCIDR principu
1818
CIDR principuCIDR principu��Krajnji korisnik svoj adresni blok Krajnji korisnik svoj adresni blok
dobija od ISPdobija od ISP--aa��Definisanje Definisanje host host dela adrese je dela adrese je
automatizovanoautomatizovano
Dodeljivanje adresaDodeljivanje adresa
��Poslednjih 64 bita u IPv6 Poslednjih 64 bita u IPv6 unicast unicast adresi se nazivaju adresi se nazivaju Interface IdentifierInterface Identifieri moraju da budu jedinstveni unutar i moraju da budu jedinstveni unutar jedne podmreže (jedne podmreže (subnetsubnet).).Interface Identifier Interface Identifier treba treba da bude u da bude u
1919
�� Interface Identifier Interface Identifier treba treba da bude u da bude u modifikovanom EUImodifikovanom EUI--64 64 formatu.formatu.
��RFC 6177 daje preporuku kako deliti RFC 6177 daje preporuku kako deliti adresni prostor.adresni prostor.
��Moguće su i druge mrežne adrese Moguće su i druge mrežne adrese osim /64.osim /64.
Modifikovani EUIModifikovani EUI--64 format64 format
2020
“u” bit označava važnost vrednosti:“u” bit označava važnost vrednosti:
••1 1 –– global scope global scope (adresa se formira na osnovu MAC adrese)(adresa se formira na osnovu MAC adrese)
••0 0 –– local scopelocal scope (adresa se formira na slučajan način)(adresa se formira na slučajan način)
Lokalne adreseLokalne adrese
�� Link localLink local –– FFEE80::/1080::/10–– Predviñena za adresiranje na jednom Predviñena za adresiranje na jednom linku.linku.–– Koristi se za automatsko dodeljivanje adresa, Koristi se za automatsko dodeljivanje adresa,
otkrivanje suseda ili kada nema otkrivanje suseda ili kada nema rutera.rutera.–– Ruter ne sme da prosleñuje pakete sa ovom Ruter ne sme da prosleñuje pakete sa ovom
2121
–– Ruter ne sme da prosleñuje pakete sa ovom Ruter ne sme da prosleñuje pakete sa ovom adresom.adresom.
Lokalne adreseLokalne adrese
��Site localSite local –– FEC0::/10FEC0::/10––Predviñenja za adresiranje unutar Predviñenja za adresiranje unutar
jednog jednog sitesite--a.a.––Ruter Ruter ne sme da propušta pakete sa ne sme da propušta pakete sa
2222
––Ruter Ruter ne sme da propušta pakete sa ne sme da propušta pakete sa ovom ovom adresom.adresom.
––RFC 3879 preporučuje da se ovako RFC 3879 preporučuje da se ovako formirane adrese NE koriste!!!formirane adrese NE koriste!!!
Globalna Globalna unicast unicast adresaadresa
Adresni blok koji se trenutno distribuiraAdresni blok koji se trenutno distribuira
2001::/162001::/16
2323
Više adresa po jednom Više adresa po jednom
interfejsuinterfejsu�� IPv6 dozvoljava da jedan fizički IPv6 dozvoljava da jedan fizički
interfejs ima više IPv6 adresa:interfejs ima više IPv6 adresa:inet6 2001:inet6 2001:bafabafa::221:0:225:90ff:fe3c:40ca 1:0:225:90ff:fe3c:40ca prefixlenprefixlen 64 64 scopeidscopeid 0x0<global>0x0<global>inet6 fe80::225:90ff:fe3c:40ca inet6 fe80::225:90ff:fe3c:40ca prefixlenprefixlen 64 64 scopeidscopeid 0x20<link>0x20<link>inet6 2001:inet6 2001:bafabafa::221::1::44 prefixlenprefixlen 64 64 scopeidscopeid 0x0<global>0x0<global>inet6 2001:inet6 2001:bafabafa::221::1::44 prefixlenprefixlen 64 64 scopeidscopeid 0x0<global>0x0<global>
IPv6 is enabled, linkIPv6 is enabled, link--local address is FE80::3E08:F6FF:FE8C:943F local address is FE80::3E08:F6FF:FE8C:943F Global unicast address(Global unicast address(eses):):2001:2001:BAFA:2BAFA:21::11::155, subnet is 2001:, subnet is 2001:BAFABAFA::221::/64 1::/64
Joined group address(Joined group address(eses):):FF02::1FF02::1FF02::2FF02::2FF02::1:FF00:13FF02::1:FF00:13FF02::1:FF8C:943FFF02::1:FF8C:943F
2424
Rezervisane Rezervisane multicast multicast adreseadrese
Rezervisana multicastadresa
Opis namene
FF02::1 Svi nodovi na linku (link-local scope).
FF02::2 Svi ruteri na linku.
FF02::9 Svi routing information protocol (RIP) ruteri na linku.ruteri na linku.
FF02::1:FFxx:xxxx Sve solicited-node multicast adrese koje se koriste za autoconfiguration hosta ineighbor discovery (slično ARP-u kodIPv4).
xx:xxxx je 24 bita najmanje težine odgovarajuće unicast ili anycast adrese noda.
FF05::101 Svi Network Time Protocol (NTP) serveri.
2626
IPv6 Multicast adrese - Scope
• Scope je polje dužine 4 bita koje se koristi za definisanje oblasti važenja
multicast adrese
• Scope (nepotpuna lista):
• 0 Reserved
• 1 Interface-Local scope
Flag Group ID1111 1111
8 bits
Scope
4 bits 4 bits 112 bits
• 1 Interface-Local scope
• 2 Link-Local scope
• 5 Site-Local scope
• 8 Organization-Local
scope
• E Global scope
2727
IPv6 Multicast adrese - Flag
• Flag T
• 0 - Permanent, well-known multicast address assigned by IANA.
• Includes both assigned and solicited-node multicast addresses.
Flag Group ID1111 1111
8 bits
Scope
4 bits 4 bits 112 bits
00PT
• 1 - Non-permanently-assigned, “dynamically" assigned multicast
address.
• Jedan primer je adresa FF18::BAFA:2356, koja se koristi za
multicast aplikacije unutar organizacije.
• Flag P - Prefix for unicast-based assignments
2828
Assigned IPv6 Multicast Addresses
IPv6 AdreseIPv6 Adrese
MulticastMulticast
FF00::/8 FF02::1:FF00:0000/104
AssignedAssigned Solicited-NodeSolicited-Node
• RFC 2375, IPv6 Multicast Address Assignments, defines the initial assignment of IPv6 multicast addresses that have permanently assigned Global IDs.
• Reference for assigned multicast addresses:
• (IANA) IPv6 Multicast Address Space Registry -http://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml
2929
Assigned Multicast Addresses with Link-local Scope
Prefix Flag Scope Predefined Group ID Compressed
Format
Description
(IPv6 assumed)
FF 0 2 0:0:0:0:0:0:1 FF02::1 All-devices
FF 0 2 0:0:0:0:0:0:2 FF02::2 All-routers
Flag = 0, Assignedmulticast
Scope = 2, Link-local scope
FF 0 2 0:0:0:0:0:0:5 FF02::5 OSPF routers
FF 0 2 0:0:0:0:0:0:6 FF02::6 OSPF DRs
FF 0 2 0:0:0:0:0:0:9 FF02::9 RIP routers
FF 0 2 0:0:0:0:0:0:A FF02::A EIGRP routers
FF 0 2 0:0:0:0:0:1:2 FF02::1:2 DHCP
servers/relay
agents
3030
Assigned Multicast Addresses with Site-local Scope
Prefix Flag Scope Predefined Group ID Compressed
Format
Description
(IPv6 assumed)
FF 0 5 0:0:0:0:0:0:2 FF05::2 All-routers
Flag = 0, Assigned multicast
Scope = 5, Site-local scope
FF 0 5 0:0:0:0:0:0:2 FF05::2 All-routers
FF 0 5 0:0:0:0:0:1:3 FF05::1:3 All DHCP servers
• Koristi se za komunikaciju unutar sajta, uz mogućnost rutiranja unutar
sajta.
• Da bi IPv6 multicast rutiranje funkcionisalo, mora da se aktivira:
Router(config)# ipv6 multicast-routing
3131
“All IPv6 Devices” Assigned Multicast Address
• FF02::1 – All IPv6 Devices• All IPv6 devices, including the
FF02::1 FE80::225:90ff:fe3c:40ca Rest of IPv6 Packet
DestinationIPv6 Address
Source IPv6 Address(Link-local address) Router(config)# ipv6 unicast-routing
ICMPv6 ICMPv6 Router AdvertisementRouter Advertisement
• All IPv6 devices, including the router, belong to this group.
• Every IPv6 device will listen and process packets to this address.
• Isn’t this the same as a broadcast?
• No, because it maps to a Layer 2 MAC address which is more efficient…
ICMPv6 ICMPv6 Router Router
AdvertisementAdvertisement
3232
“All IPv6 Routers” Assigned Multicast Address
• FF02::2 – All IPv6
FF02::2 FE80::12:3456:7890:BAFA Rest of IPv6 Packet
DestinationIPv6 Address
SourceIPv6 Address Router(config)# ipv6 unicast-routing
ICMPv6 ICMPv6 Router SolicitationRouter Solicitation
• FF02::2 – All IPv6 Routers
• All IPv6 routers belong to this group. (Process these packets.)
• Used by devices to communicate with an IPv6 Router.
ICMPv6 Router
Solicitation
3333
Router# show ipv6 interface gigabitethernet 0/0
GibabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::fe3c:40ca
Global unicast address(es):
2001:9:BAFA::fe3c:40ca, subnet is 2001:B9:BAFA::/64
Joined group address(es): Member of these Multicast GroupsMember of these Multicast Groups
Verifying IPv6 Multicast Addresses on the Router
FF02::1
FF02::2
FF02::5
FF02::6
FF02::1:FF00:1
All-IPv6 devices on this link
All-IPv6 routers on this link: IPv6 routing enabled
Solicited-node multicast addresses
• FF02 – “2” means link-local scope• What is a solicited node multicast address?
OSPFv3 All OSPF Routers (similar to 224.0.0.5)
OSPFv3 All DR Routers (similar to 224.0.0.6)
3434
Solicited-Node IPv6 Multicast adresa
IPv6 AdreseIPv6 Adrese
MulticastMulticast
FF00::/8 FF02::1:FF00:0000/104
AssignedAssigned Solicited-NodeSolicited-Node
• Pored svake unicast adrese koja se dodeli interfejsu, uređaj će imati i
specijalnu multicast adresu koja je poznata kao solicite-node
multicast adresa.
Unicast: GUA, Link-Local,IUnicast: GUA, Link-Local,I
3535
Solicited-Node Multicast adresa
Unicast Addresses Solicited Node
Multicast
Global Unicast 2001:DB9:BAFA:1::300 FF02::1:FF00:300
Link-local unicast FE80::5555:6666:7777:8888 FF02::1:FF77:8888
PC2
Šta je solicited-node multicast adresa?• A Layer 3 multicast address with link-local scope “FF02” (within the
subnet/VLAN).• There is a solicited node multicast address for every IPv6 unicast (or
anycast) address including:• Global Unicast Address (GUA)• Link-local Address
• Used in ICMPv6 Neighbor Discovery messages during:• Address Resolution – Similar to ARP for IPv4• Duplicate Address Detection (DAD) – Similar to gratuitous ARP
for IPv43636
Unicast Addresses Solicited Node
Multicast
Global Unicast 2001:DB9:BAFA:1::300 FF02::1:FF00:300
Link-local
unicast
FE80::5555:6666:7777:8888 FF02::1:FF77:8888
Solicited-Node Multicast adresa
PC2
Kako se kreiraju?• Postoji direktna veza izmeñu unicast/anycast adrese i njima
odgovarajuće solicited-node multicast adrese.• Solicited-node multicast adresa formira se od:
• Prefiksa FF02:0:0:0:0:1:FF00::/104FF02:0:0:0:0:1:FF00::/104 (FF02::1:FFFF02::1:FFxx:xxxx).• Na taj prefiks se dodaju 24 bita najnižeg prioriteta
unicast/anycast adrese.• Kao i ostale multicast adrese i solicited-node multicast adresa se
mapira u odgovarajuću Ethernet MAC adresu.
3737
Interface ID
FF02 0000 0000 0000 0000 0001 FF
Global Routing Prefix 24 bits
PC2’s Global Unicast Address
PC2’s IPv6 Solicited-Node Multicast Address
Copy 24 bits
SubnetID
2001:0DB9:BAFA 0001 0000:0000:00 00:0300
00:0300Ability to filter at the NIC
Kako se kreiraju Solicited-Node Multicast adrese?
PC2’s IPv6 global unicast address: 2001:DB9:BAFA:1::300PC2’s IPv6 solicited-node multicast address: FF02::1:FF00:300PC2’s mapped Ethernet multicast address : 33-33-FF-00-03-00
FF-00-03-00
Copy 32 bits
33-33
Solicited-node Multicast address mapped to Ethernet destination MAC address
the NIC
IPv6 Multicast Low-order 32 bits of IPv6 multicast address mapped to low-order 32 bits of MAC address.
104 bits
3838
Unicast Addresses Solicited Node Multicast
PC A Global
Unicast
2001:DB9:BAFA:1:AAAA::300 FF02::1:FF00:300
PC B Global
Unicast
2001:DB9:BAFA:1:BBBB::300 FF02::1:FF00:300Interface IDGlobal Routing Prefix
40 bits 24 bits
Subnet ID
2001:0DB9:BAFA 0001 AAAA:0000:00 00:0300
Same for both PCs
PC A
Duplirane Solicited-Node Multicast Adrese
•• Although rare, solicited node multicast addresses may not be Although rare, solicited node multicast addresses may not be unique.unique.
•• Possible to have multiple devices with the same solicited node multicast Possible to have multiple devices with the same solicited node multicast
address (and same Ethernet multicast) if the address (and same Ethernet multicast) if the lowlow--order 24 bits order 24 bits matchmatch
•• HighHigh--order order 40 40 bits bits of of iinterfacenterface ID ID will differwill differ..
•• No problem,No problem, ICMPv6 NS ICMPv6 NS contains contains target target unicast address unicast address ..
2001:0DB9:BAFA 0001 AAAA:0000:00 00:0300
2001:0DB9:BAFA 0001 BBBB:0000:00 00:0300
PC A
PC B
3939
Unicast Addresses Solicited Node
Multicast
Ethernet MAC
Global
Unicast
2001:DB9:BAFA:1::300 FF02::1:FF00:300 33-33-FF-00-03-00
PC2
Prednosti korišćenja Solicited-Node Multicast adresa
•• Zašto suZašto su solicitedsolicited--node multicasts node multicasts bolje nego bolje nego broadcast broadcast adrese?adrese?
•• Multicasts Multicasts adrese se mapiraju u adrese se mapiraju u Ethernet MAC Ethernet MAC adrese iadrese i Ethernet NICs Ethernet NICs
(hardware or drivers) (hardware or drivers) mogu da ih filtrirajumogu da ih filtriraju. .
•• Zašto je to dobro?Zašto je to dobro?
Unicast
Link-local FE80::5555:6666:7777:8888 FF02::1:FF77:8888 33-33-FF-77-88-88
4040
Prednosti korišćenja Solicited-Node Multicast adresa
Ethernet Broadcast• Destination MAC Address: Broadcast• Data must be passed to upper layer for processing (ARP for example).
IPv4 or IPv6 Multicast• IP multicast packets can be filtered by the
Ethernet Broadcast
• IP multicast packets can be filtered by the switch, only sending packets to members of that group.• IPv4 - IGMP (Internet Group Management Protocol)
• IPv6 - MLD (Multicast Listener Discovery)
However, Solicited Node Multicasts are forwarded out all ports because of the potentially huge forwarding tables needed to to store these addresses…
IPv4/IPv6 Multicast
IGMP/MLD Snooping
4141
Unicast Addresses Solicited Node
Multicast
Ethernet MAC
Ethernet NIC N/A N/A 00-1B-24-04-A2-1E
Global Unicast 2001:DB8:CAFE:1::200 FF02::1:FF00:200 33-33-FF-00-02-00
Link-local FE80::1111:2222:3333:4444 FF02::1:FF33:4444 33-33-FF-33-44-44
Multicast
(All-IPv6-
FF02::1 N/A 33-33-00-00-00-01
PC2 Processes the following IPv6 and Ethernet MAC Addresses
Ethernet NICs and Solicited-Node Multicasts
24 bits
32 bits
•• Besides its own MAC address, the Ethernet NIC will accept Besides its own MAC address, the Ethernet NIC will accept
multicast addresses created from the:multicast addresses created from the:
•• Solicited node multicast (global unicast address)Solicited node multicast (global unicast address)
•• Solicited node multicast (linkSolicited node multicast (link--local address)local address)
•• Any assigned multicast address such as AllAny assigned multicast address such as All--IPv6IPv6--DevicesDevices..
Devices)
* Ethernet MAC addresses such as IPv4 broadcasts and those associated with other protocols are not shown.
00-1B-24-04-A2-1E
LAN Card © Copyright lamart1971 4242
Router# show ipv6 interface gigabitethernet 0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::FE99:47FF:FE75:C3E0
Global unicast address(es):
2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64
Joined group address(es):
FF02::1
FF02::2
All-IPv6 devices on this linkAll-IPv6 routers on this link: IPv6 routing enabled
Member of these Multicast Groups
Verifying the Solicited-Node Multicasts
FF02::2
FF02::1:FF00:1
FF02::1:FF75:C3E0
<output omitted for brevity>
Solicited-node multicast address Global Unicast
• FF02 – “2” means link-local scope• Router’s NIC will process destination MAC addresses for assigned and
solicited node multicasts such as 33-33-FF-00-00-01 and 33-33-FF-75-C3-E0 (solicited node)
Solicited-node multicast address link-local
4343
PC1PC2ARP RequestARP Request
Neighbor
Advertisement
Neighbor
Advertisement
11
22
Neighbor
Solicitation
Neighbor
Solicitation
11
22
Know
IPv4, what
is the
MAC?
Know
IPv4, what
is the
MAC?My IPv4!
Here is the
MAC@
My IPv4!
Here is the
MAC@
Know
IPv6, what
is the
MAC?
Know
IPv6, what
is the
MAC?
My IPv6!
Here is the
MAC@
My IPv6!
Here is the
MAC@
ARP
Cache
Neighbor
Cache
33
33
ICMPv6 ND – Address Resolution
ARP ReplyARP Reply
IP IP to data link to data link (MAC) (MAC) address mappingaddress mapping::
ICMPv6 Neighbor Discovery
Neighbor Solicitation
Neighbor Advertisement
IP IP to data link to data link (MAC) (MAC) address mappingaddress mapping::
�� IPv4 IPv4 addresses use addresses use ARPARP
�� IPv6 IPv6 addressing use addressing use ICMPv6 ICMPv6 Neighbor Neighbor
Discovery messagesDiscovery messages
–– Neighbor Neighbor Solicitation Solicitation ((via Solicitedvia Solicited--NodeNode))
–– Neighbor AdvertisementNeighbor Advertisement
�� Devices store this mapping in their Devices store this mapping in their
Neighbor CacheNeighbor Cache4444
Advantages of Solicited-Node Multicast
IPv4 ARP Requests• Destination MAC Address: Layer 2 Broadcast• Data must be passed by NIC to upper layer for
processing – examine target IPv4 address.
Ethernet Ethernet Broadcast Broadcast
passed to upper layerpassed to upper layer
DA: Broadcast ARP Message with Target IPv4 Address
Ethernet ARP Message
Ethernet Multicast Ethernet Multicast
filtered by the NICfiltered by the NIC
IPv6 Address Resolution• Destination IPv6: SolicitedSolicited--Node MulticastNode Multicast• Destination MAC Address: Layer 2 Layer 2 MulticastMulticast
DA: Solicited-
Node MulticastDA: Multicast
ICMPv6 NS with
Target IPv6 Address
Ethernet ICMPv6 NSIPv6
4545
PC1PC2
Neighbor
Advertisement
Neighbor
Advertisement
44
Neighbor
Solicitation
Neighbor
Solicitation
33
Know
IPv6, what
is the
MAC?
Know
IPv6, what
is the
MAC?
My IPv6!
Here is the
MAC?
My IPv6!
Here is the
MAC?
Solicited-Node Example
2001:DB8:CAFE:1::200/64FF02::1:FF00:200 (Solicited Node Multicast)
2001:DB8:CAFE:1::100/64
2001:DB8:CAFE:1::/64
Neighbor Cache
22 55
MAC Address00-21-9B-D9-C6-44
MAC Address00-1B-24-04-A2-1E
2001:DB8:CAFE:1::20000-1B-24-04-A2-1E
PC1> ping 2001:DB8:CAFE:1::200
11
Destination Address:
FF02::1::FF00:200
Destination MAC:
33-33-FF-00-02-00
Target IPv6 Address
2001:DB8:CAFE:1::200
Ethernet ICMPv6 Neighbor SolicitationIPv6
• ICMPv6 NS: Target IPv6 Address (GUA of PC2)• Destination IPv6: SolicitedSolicited--Node MulticastNode Multicast• Destination MAC Address: Layer 2 Layer 2 MulticastMulticast
00-1B-24-04-A2-1E
4646
MLD Querier
General query General query to FF02::1
Listener Report for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAA
Never mind, “A” got it.
R1
A B C
Listener Report for groupFF3E:40:2001:DB8:CAFE:1:BBBB:BBBB
Suppressed Listener Report for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAA
MLDv2 Joining a Group
(All-IPv6 devices with link-scope)
Source for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAAFF3E:40:2001:DB8:CAFE:1:BBBB:BBBB
FF3E:40:2001:DB8:CAFE:1:AAAA:AAAAto FF02::16 (All MLDv2 Routers)
FF3E:40:2001:DB8:CAFE:1:BBBB:BBBBto FF02::16 (All MLDv2 Routers)
FF3E:40:2001:DB8:CAFE:1:AAAA:AAAAto FF02::16 (All MLDv2 Routers)
•• Multicast Listener Discovery (MLDv2) for IPv6 similar to Internet Group Multicast Listener Discovery (MLDv2) for IPv6 similar to Internet Group Management Protocol (IGMPv2) for IPv4.Management Protocol (IGMPv2) for IPv4.
•• Hosts Hosts use use MLD to MLD to dynamically register themselves in dynamically register themselves in a multicast a multicast group on a group on a particular network. particular network.
•• Hosts send Listener Report Hosts send Listener Report messages messages to their to their local multicast router, informing the local multicast router, informing the router as to which multicast addresses it router as to which multicast addresses it wants to wants to receive traffic. receive traffic.
•• Routers configured Routers configured for for MLD (MLD (MLD MLD QueriersQueriers) ) listen to listen to Listener Report Listener Report messages from messages from hosts.hosts.
•• Routers Routers periodically send out queries to discover which multicast groups are still periodically send out queries to discover which multicast groups are still active.active.
4747
MLD QuerierAddress specific query Address specific query for FF3E:40:2001:DB8:CAFE:1:AAAA:AAAA
Listener Done Listener Done for group
R1
A B C
Listener Report Listener Report for group
MLDv2 Leaving a Group
to FF3E:40:2001:DB8:CAFE:1:AAAA:AAAA
I’m done.I’m done. I still want
it!
I still want
it!
Traffic continues forFF3E:40:2001:DB8:CAFE:1:AAAA:AAAA
Is there anyone
else?
Is there anyone
else?
Source for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAAFF3E:40:2001:DB8:CAFE:1:BBBB:BBBB
Listener Done Listener Done for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAAto FF02::16 (All MLDv2 Routers)
Listener Report Listener Report for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAAto FF02::16 (All MLDv2 Routers)
• When a host no longer wants to receive traffic for a multicast group, it can inform the router by sending a Multicast Listener Done message.
4848
MLDv2 SnoopingMLD Querier
Listener Report Listener Report for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAAto FF02::16 (All MLDv2 Routers)
A
B
C
Listener Report Listener Report for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAAto FF02::16 (All MLDv2 Routers)
R1I will send packets for this
group out this interface.
I will also send packets for
this group out this interface.
• A switch can snoop Listener Reports from the hosts and creates an entry in its Layer 2 forwarding table for the port it was received.
• If another host sends a listener report for the same group, the switch snoops their reports and adds them to the existing Layer 2 forwarding table entry.
• With MLD snooping enabled, multicast messages for this group are only sent out ports with hosts that are members of that group.
• Remember, solicited node multicasts are forwarded out all ports because of the potentially huge forwarding tables needed to to store these addresses.
4949
For more on IPv6 Multicast
MLD Querier
A C
R1I will send packets for this
group out this interface.
I will also send packets for
this group out this interface.
• For more on Multicast and MLD see IPv6 Multicast Primer (PowerPoint PDF) by Tim Martin (CCIE #2020, Cisco Solutions Architect)
Listener Report Listener Report for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAAto FF02::16 (All MLDv2 Routers)
BListener Report Listener Report for groupFF3E:40:2001:DB8:CAFE:1:AAAA:AAAAto FF02::16 (All MLDv2 Routers)
5050
Path Path MTU MTU discoverydiscovery
�� IPv6 je napustio princip IPv6 je napustio princip fragmentacije paketa.fragmentacije paketa.
��Uvedena je obaveza korišćenja Uvedena je obaveza korišćenja path path MTU MTU discovery discovery mehanizma u cilju mehanizma u cilju MTU MTU discovery discovery mehanizma u cilju mehanizma u cilju odreñivanja najmanjeg MTU duž odreñivanja najmanjeg MTU duž putanje komunikacije.putanje komunikacije.
�� Inicijalni paket koji se šalje ima Inicijalni paket koji se šalje ima dužinu koja odgovara MTU vrednosti dužinu koja odgovara MTU vrednosti interfejsa preko koga se šalje.interfejsa preko koga se šalje.
5151
Path Path MTU MTU discoverydiscovery
�� Ukoliko paket naiñe na link čije je MTU Ukoliko paket naiñe na link čije je MTU manji, taj ruter šalje ICMPv6 poruku manji, taj ruter šalje ICMPv6 poruku ““Packet Too BigPacket Too Big” u okviru koje šalje i svoj ” u okviru koje šalje i svoj MTU. MTU.
�� Izvorni host šalje novi paket čija dužina Izvorni host šalje novi paket čija dužina odgovara MTU vrednosti koja je dobijena. odgovara MTU vrednosti koja je dobijena.
�� Proces se ponavlja dok paket ne stigne do Proces se ponavlja dok paket ne stigne do odredišnog hosta. odredišnog hosta.
�� Dobijeni MTU se pamti za navedenu Dobijeni MTU se pamti za navedenu sesiju.sesiju.
5252
Literatura:Literatura:
��http://www.cabrillo.edu/~rgraziani/ihttp://www.cabrillo.edu/~rgraziani/ipv6pv6--presentations.htmlpresentations.html
��http://www.ietf.org/http://www.ietf.org/
5353