IPv6 Routing - Implementing IPv6 Routing and Routing Protocols 1
What are we going to do, well;
Getting some pings going on with IPV6
Implementing IPV6 static routes
implementing IPV6 RIPng
Pings you might be thinking...wow!!! BUT think about it, if there is no broadcast now, hows does ARP find out the other hosts MAC address?
Then we will get some static routes working and then believe it or not ... get some RIP working (yes it still hanging on!! but its been tweaked and re-tooled up and now its called RIP Next Generation lol)
So;
Lets config Router1:
R1(config)#inter fa0/0
R1(config-if)#ipv6 address 2001:11AA::1/64
R1(config)#no shut
R1#show ipv6 inte fa0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C000:15FF:FEB8:0
Global unicast address(es):
2001:11AA::1, subnet is 2001:11AA::/64 <-- shows our address then subnet
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FFB8:0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Remeber the link-local address is the MAC of the interface with FFFE squeezed in (to make it 64bits)
R1#show int fa0/0 | i address
Hardware is Gt96k FE, address is c000.15b8.0000 (bia c000.15b8.0000)
and now Router2
R2(config)#inter fa0/0
R2(config-if)#ipv6 address 2001:11AA::2/64
R2#show ipv6 inter
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C201:15FF:FEB8:0
Global unicast address(es):
2001:11AA::2, subnet is 2001:11AA::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FFB8:0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Okay, so we are looking good :0) .... lets do it, lets send that ping over to Router1
R2#ping ipv6 ?
WORD Ping destination address or hostname
<cr>
R2#ping ipv6 2001:11AA::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:11AA::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/27/52 ms
SWWEEEEEEEEEET! my first IPV6 ping ..... kkkkooooooool, no longer and IPV6 virgin lol
Iv gone off and already configured Router1's Serial interface, im now doing Router3's now;
Hey look, they have moved over IPv6 show ip int brief! lol:
R3#show ipv6 int brie
FastEthernet0/0 [administratively down/down]
FE80::C203:13FF:FEB0:0
2001:33AA::1
Serial0/0 [up/up]
FE80::C203:13FF:FEB0:0
2001:22AA::2
FastEthernet0/1 [administratively down/down]
Serial0/1 [administratively down/down]
not as pretty ...... but... lets prove connectivity across the serial interfaces:
R3#ping ipv6 2001:22AA::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:22AA::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/7/20 ms
Sweeet, so lets look at ARPs replacement (neighbour discovery via icmp)
R3#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
I have already configured Routers 4 (fast ethernet address) and Router3's, lets bring the interface up and see what happens:
R3(config-if)#no shut
*Mar 1 00:44:14.707: ICMPv6-ND: Sending NS for FE80::C203:13FF:FEB0:0 on FastEthernet0/0
*Mar 1 00:44:15.691: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
R3(config-if)#no shut
*Mar 1 00:44:15.711: ICMPv6-ND: DAD: FE80::C203:13FF:FEB0:0 is unique.
*Mar 1 00:44:15.711: ICMPv6-ND: Sending NA for FE80::C203:13FF:FEB0:0 on FastEthernet0/0
*Mar 1 00:44:15.715: ICMPv6-ND: Address FE80::C203:13FF:FEB0:0/10 is up on FastEthernet0/0
*Mar 1 00:44:15.723: ICMPv6-ND: Sending NS for 2001:33AA::1 on FastEthernet0/0
*Mar 1 00:44:16.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 00:44:16.723: ICMPv6-ND: DAD: 2001:33AA::1 is unique.
*Mar 1 00:44:16.723: ICMPv6-ND: Sending NA for 2001:33AA::1 on FastEthernet0/0
*Mar 1 00:44:16.723: ICMPv6-ND: Address 2001:33AA::1/64 is up on FastEthernet0/0
So a breakdown:
*Mar 1 00:44:14.707: ICMPv6-ND: Sending NS for FE80::C203:13FF:FEB0:0 on FastEthernet0/0
This is the Neighbor Solicitation, which is a multicast address, which reaches everybody on the local-link network (which the addresses are auto generated) and says HEY! i have this address FE80::C203:13FF:FEB0:0
The Neighbor Solicitation message is a new message to ICMP (well ICMPV6) :
NDP Messages
NDP is defined in RFC 2461. It uses ICMPv6 to
exchange the messages necessary for its functions; specifically, five
new ICMPv6 messages are specified in RFC 2461:
- Router Advertisement (RA) messages are originated by routers to advertise their presence and link-specific parameters such as link prefixes, link MTU, and hop limits. These messages are sent periodically, and also in response to Router Solicitation messages.
- Router Solicitation (RS) messages are originated by hosts to request that a router send an RA.
- Neighbor Solicitation (NS) messages are originated by nodes to request another node's link layer address and also for functions such as duplicate address detection and neighbor unreachability detection.
- Neighbor Advertisement (NA) messages are sent in response to NS messages. If a node changes its link-layer address, it can send an unsolicited NA to advertise the new address.
- Redirect messages are used the same way that redirects are used in ICMP for IPv4; they have merely been moved from being a part of the base ICMPv6 protocol to being a part of NDP.
*Mar 1 00:44:15.711: ICMPv6-ND: DAD: FE80::C203:13FF:FEB0:0 is unique.
This message is part of the neighbour discovery protocol, and is the Duplicate Address Detection
which is reporting the address is unique ....
more info:
Neighbour Discovery Protocol
The most distinct characteristics of IPv6 after its increased address space are its plug-and-play features. Neighbor Discovery Protocol (NDP) is the enabler of these plug-and-play features, using the following functions:
*Mar 1 00:44:15.711: ICMPv6-ND: Sending NA for FE80::C203:13FF:FEB0:0 on FastEthernet0/0
Is a Neighbor Advertisement (NA), which is the follow up the NS msg sent earlier, this is now confirming we now have this addresses, and lets everyone know we have it!
The process is repeated for the public address we setup on the link;
*Mar 1 00:44:15.723: ICMPv6-ND: Sending NS for 2001:33AA::1 on FastEthernet0/0
*Mar 1 00:44:16.723: ICMPv6-ND: DAD: 2001:33AA::1 is unique.
*Mar 1 00:44:16.723: ICMPv6-ND: Sending NA for 2001:33AA::1 on FastEthernet0/0
*Mar 1 00:44:16.723: ICMPv6-ND: Address 2001:33AA::1/64 is up on FastEthernet0/0
So ARP has been replaced by the Neighbor Discovery Protocol
Lets have a further look at these messages, onto Router4:
R4#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
R4#debug ipv6 packet
IPv6 unicast packet debugging is on
*Mar 1 01:19:08.631: IPV6: source :: (local)
Here we are sending from a source address of .... nothing :: = all zeros
*Mar 1 01:19:08.631: dest FF02::16 (FastEthernet0/0)
Here it is sending to the multicast address (one to many/group), when a msg is sent to this multicast address (:16) it is seeing if there are other devices out there that support multicast, notice it does this several times:
*Mar 1 01:19:08.635: traffic class 224, flow 0x0, len 76+0, prot 0, hops 1, originating
*Mar 1 01:19:08.635: IPv6: Sending on FastEthernet0/0
*Mar 1 01:19:08.639: IPV6: source :: (local)
*Mar 1 01:19:08.639: dest FF02::16 (FastEthernet0/0)
*Mar 1 01:19:08.643: traffic class 224, flow 0x0, len 76+0, prot 0, hops 1, originating
*Mar 1 01:19:08.647: IPv6: Sending on FastEthernet0/0
*Mar 1 01:19:08.647: IPV6: source :: (local)
*Mar 1 01:19:08.651: dest FF02::16 (FastEthernet0/0)
*Mar 1 01:19:08.651: traffic class 224, flow 0x0, len 76+0, prot 0, hops 1, originating
*Mar 1 01:19:08.655: IPv6: Sending on FastEthernet0/0
*Mar 1 01:19:08.659: IPV6: source :: (local)
*Mar 1 01:19:08.659: dest FF02::16 (FastEthernet0/0)
*Mar 1 01:19:08.663: traffic class 224, flow 0x0, len 76+0, prot 0, hops 1, originating
*Mar 1 01:19:08.663: IPv6: Sending on FastEthernet0/0
*Mar 1 01:19:08.667: IPV6: source :: (local)
*Mar 1 01:19:08.667: dest FF02::16 (FastEthernet0/0)
*Mar 1 01:19:08.671: traffic class 224, flow 0x0, len 76+0, prot 0, hops 1, originating
*Mar 1 01:19:08.671: IPv6: Sending on FastEthernet0/0
*Mar 1 01:19:09.171: IPV6: source :: (local)
*Mar 1 01:19:09.171: dest FF02::16 (FastEthernet0/0)
*Mar 1 01:19:09.175: traffic class 224, flow 0x0, len 76+0, prot 0, hops 1, originating
*Mar 1 01:19:09.179: IPv6: Sending on FastEthernet0/0
*Mar 1 01:19:09.423: IPV6: source :: (local)
*Mar 1 01:19:09.423: dest FF02::16 (FastEthernet0/0)
*Mar 1 01:19:09.423: traffic class 224, flow 0x0, len 76+0, prot 0, hops 1, originating
Next comes the Neighbor Solicitation (part of the NDP) as we saw before:
*Mar 1 01:19:09.423: IPv6: Sending on FastEthernet0/0
*Mar 1 01:19:09.627: ICMPv6-ND: Sending NS for FE80::C202:13FF:FEB0:0 on FastEthernet0/0
*Mar 1 01:19:09.627: IPV6: source :: (local)
*Mar 1 01:19:09.627: dest FF02::1:FFB0:0 (FastEthernet0/0)
*Mar 1 01:19:09.627: traffic class 224, flow 0x0, len 64+16, prot 58, hops 255, originating
So, we are not saying at this point we have address (notice soure is still ::) but notice the dest address (dest FF02::1:FFB0:0)
FF02 = Multicast
:1 = Solicity advertisement to the group FFB0
SO, if we have alook on Router4's connected interface to R3;
R4(config-if)#do show ipv6 int fa0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C202:13FF:FEB0:0
Global unicast address(es):
2001:33AA::2, subnet is 2001:33AA::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FFB0:0
So, it when we added on the IPV6 public address on this interface, it automatically joined these multicast groups
Joined group address(es):
FF02::1 = This is essentially EVERYONE on the local-link (equivilant to broadcast if u will)
FF02::2 = All routers on that network segment
FF02::1:FF00:2
FF02::1:FFB0:0
The last two (above) are 2 groups, we have 1 group for each address we have (public and link-local)
Notice how the fa0/0 interfaces link-local address (or part of it) is the mutlicast group
IPv6 is enabled, link-local address is FE80::C202:13FF:FEB0:0
Think back to CCNA 101 ... where the MAC addresses are unique! and how they also include the OUI of the vendor, similar thing here! it ensures it will be unique :0)
So you are joining a specific multicast group for your address, WHY? ...
Well if R3 wanted to find out R4s MAC address, instead of sending an ARP broadcast, you will send a targeted/specific multicast message to that group, R4 would know the group as he is part of that group :0)
SO now, for ARP entries we do not need to disturb everyone on the network segment! instead only the router/host that needs it, gets it! much better proficiency!
Lets getting wireshark running and do a PING from R4 to R3 and have alooksie
R4#ping ipv6 2001:33AA::1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 2001:33AA::1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 44/44/44 ms
2001:33aa::2 = Router 4
2001:33aa::2 = Router 3
And here you can see it, notice NO MORE BROADCASTS! ... wow!
All this said and done, it is Ciscos best practice that you manually assign the link local addresses
HEY, so you know we dont that ping earlier, well how do we check what was the ARP table:
R4#show arp
Nothing here, as IPV6 doesnt use arp, lol ....
Instead , its like a routing protocol, we have neighbours!
R4#show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
2001:33AA::1 0 c003.13b0.0000 REACH Fa0/0
FE80::C203:13FF:FEB0:0 0 c003.13b0.0000 REACH Fa0/0
How kool, if you want to clear the "ARP cache/table", then yup, you do a clear ipv6 neighbours
RIGHT, so lets manually configre a link-local address:
R4(config)#inter fa0/0
R4(config-if)#ipv6 address ?
WORD General prefix name
X:X:X:X::X IPv6 link-local address
X:X:X:X::X/<0-128> IPv6 prefix
autoconfig Obtain address using autoconfiguration
R4(config-if)#ipv6 address FE80::1:2:3 ?
link-local Use link-local address
How did it know, the above was a link-local address ...... the FE80, well no, there is no subnet mask!!!! (we dont need one! its LOCAL) lol so it then knows it is a local address
R4(config-if)#ipv6 address FE80::1:2:3 link-local
R4#show ipv6 interface fa0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1:2:3
Global unicast address(es):
2001:33AA::2, subnet is 2001:33AA::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FF02:3
Notice we are now part of the new multicast group for our new address
If we change it again:
R4(config-if)#ipv6 address FE80::1:2222:3333 link-local
R4#show ipv6 interface fa0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1:2222:3333
Global unicast address(es):
2001:33AA::2, subnet is 2001:33AA::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:2
FF02::1:FF22:3333
It always calving off the least significant 24bits!
Alot to take in, didnt get round to the static routes or RIPng! tomorrow we will check it out
