First published on TechNet on Jul 07, 2013
Hey y’all Mark and Ray back again with more IPv6 for the Windows Administrator. So far we discussed why you should care about IPv6 and some basic fundamentals on IPv6 addressing . In this third installment we going to discuss setting up and IPv6 address scheme, Zone IDs, how clients can potentially get IPv6 address, a nice comparison of IPv4 and IPv6 differences and equivalents you can print out for your cube notes collection and finally some additional info. So let’s get right back at it.
We’ll start with a quick summary of some basic IPv6 terminology which should help provide some clarification as we discuss some of the topics.
Additional IPv6 Terminology
Node - An IPv6-enabled network device that can describe a host or a router.
Host - An IPv6-enabled network device that cannot forward IPv6 packets that are not explicitly addressed to itself. A host is an endpoint for IPv6 communications (either the source or destination) and drops all traffic not explicitly addressed to it.
Router - An IPv6-enabled network device that can forward IPv6 packets that are not explicitly addressed to itself. IPv6 routers also typically advertise their presence to IPv6 hosts on their attached links.
Link - One or more LANs (such as Ethernet) or WANs (such as PPP) bounded by routers. Like interfaces, links may be either physical or logical. Links can also be referred to as Subnets or Network Segments..
Neighbors - Nodes that are connected to the same physical or logical link.
Interface - A representation of a node‘s attachment to a link. This can be a physical interface (such as a network adapter) or a logical interface (such as a tunnel interface).
A key thing to note is an IPv6 address identifies an interface, not a node. A node is identified by having one or more unicast IPv6 addresses assigned to one of its interfaces.
IPv6 prefixes and Subnetting
Just like IPv4 you can divide the IPv6 address space using the high-order bits that do not already have an assigned value to create subnetted address prefixes. Since IPv6 has so many more addresses available, 18,446,744,073,709,551,616 to be a little more specific, that’s 18 quintillion, 446 quadrillion, 744 trillion, 73, billion, 709 million, 551 thousand and 616 just in case you’re counting, there are a few options. I’m sure you get the idea, but the real point of it is all those addresses create a lot more options and a lot more flexibility for creating an IPv6 addressing plan so you may want to be thinking about how you could redesign you current IPv4 addressing plan to take advantage of some of these capabilities.
Creating an IPv6 addressing plan is somewhat analogous to creating an Active Directory OU structure. You can create a subnet plan by geographic location having a different primary subnets for each location to facilitate router optimization. You may create primary subnets by use type, such as Engineering and Accounting which makes it easier to manage security and policies, you may use a combination of both or come up with something completely different. That’s one of the benefits of having all those additional addresses in IPv6. So let’s go into a little more detail and look at an example.
Just a quick refresher from our previous post. The concept of the host ID is different from IPv4 in IPv6. In IPv4 the host ID can be of varying length where as in IPv6 the address is split 50-50 with 64 bits for the subnet prefix and 64 bits for interface ID. The first 48 bits will always be fixed for both global and unique local address. If it’s a global address the first 48 are assigned by an ISP. For example 2001:db8:1234. If it’s a unique local the first 8 bits are FD00: plus the random 40-bit global ID is assigned to a site of an organization
For most organizations this will typically mean that Subnetting an IPv6 address will consist of dividing the 16 bit subnet ID portion of a global or unique local address prefix to provide for route summarizations and delegation of the remaining address space to different areas of the IPv6 intranet.
In the blog here we are just trying to provide a good overview and some background information to pique your interest and get you thinking about your IPv6 addressing plan. For some more detail information and guidance on creating an IPv6 subnet plan check out the following article entitled “Preparing an IPv6 Addressing Plan” (March, 2011) - Sander Steffann, RIPE NCC which was inspirational for some of the examples.
One of the first and more important steps in creating your IPv6 Addressing Plan is to decide how you want to allocate or assign the subnet bits.
OK, hang with us here we are going to go a bit deep. Let’s look at a theoretical example. I have an assigned Global Address with a 48 bit prefix from my ISP, let’s say 2001:db8:1234. I have a 100 locations around the world and I wish to use router optimization. I have 67 departments. What could my address plan look like?
Summary
Global Address 2001:db8:1234
100 locations around the world (Primary Subnet)
67 departments (Secondary Subnet)
How could I allocate the 16 bits of the Subnet ID for my intranet?
To allow for a minimum of a 100 locations I would need 7 bits
Nearest 2^n = 128 or 2^7 - 7 bits
To allow for a minimum of a 67 locations I would also need 7 bits since 2^6 is only 64
Nearest 2^n = 128 or 2^7 - 7 bits
So I would be using a total of 14 bit out the 16. This would make my address prefix /62 (48 + 14) 2 bits left unused at this point.
Have we lost you? Let’s try a visual representation.
|
2001:db8:1234: |
L |
L |
L |
L |
L |
L |
L |
D |
D |
D |
D |
D |
D |
D |
U |
U |
::/62 |
Fixed Global Address: 2001:db8:1234
LLLLLLL: 7 bits for Locations - 100 = 2^7(128)
DDDDDDD: 7 bits for Department -67 = 2^7(128)
UU: 2 bits currently unused
So what would an address for location 58, department 27 look like?
Global Address LLLLLLL DDDDDDD UU
2001:db8:1234 0111010 0011011 00
2001:db8:1234:746c::0/62
Hopefully that makes some sense. Like all things new it may take a little time to get comfortable but in no time at all it will become familiar like the IPv4 subnet masks are today.
Zone IDs
Link Local and Site Local address can be reused (Global addresses cannot). Link Local addresses can be used on each link. Site local addresses can be reused within a site of an organisation. This capability means that link local and site local addresses are ambiguous. To specify the link on which the destination is located or the site within the destination is location and additional identifier is required. This additional identifier is called a zone identifier (Zone ID), sometimes called a scope id, and this is how we identify the portion of a network that has a specified scope. Zone IDs are only used for link-local addresses since routable addresses are non-ambiguous.
The syntax for this ID is specified in RFC 4007.
The values of the zone id are defined relative to the sending host. So it is possible that different hosts might determine different zone ids for the same physical zone. As an example, host X might choose a value of 3 to represent a zone, and host Y might choose a value of 4 to represent the same link.
Windows Vista and above display the IPv6 zone id of local addresses in the ipconfig output. For example, you might see: “Default Gateway . . . . . . . . Fe80::20a:42ff:feb0:5400 %6 ”
In our first IPv6 address example, “12” is the Zone ID.
FE80::d9e:bed6:4917:C7DF %12
Address Autoconfiguration
Ok Windows Admin, really pay attention to this section, you’ll see why shortly. One of the really neat things about IPv6 is that is has the ability to configure itself even without the use of DHCP! By using a process of router discovery, which involves an exchange of Router Solicitation and Router Advertisement messages, the host determines which method to use to obtain an IPv6 address as well as the addresses of neighboring routers, additional stateless addresses, on-link prefixes, and other configuration parameters.
Included in the Router Advertisement message are flags that indicate whether an address configuration protocol (such as DHCPv6) should be used for additional configuration. The host decides which method to use based on the configuration of a Router Advertisement message. Link-local addresses are always generated regardless of any other options
These are the four general methods for obtaining how a host obtains an IPv6:
· Statically configured
· Stateless Address AutoConfiguration (SLAAC)
· Stateless DHCPv6
· Stateful DHCPv6
Router Advertisements
IPv6 hosts are always listening for RA’s. Additionally a host will request a RA by sending a Router Solicitation when the host’s configuration changes (Power-up, Network Configuration Change). An RA is usually sent by a Layer 3 device and has specific options available. RA’s control both addressing and routing on the host. The most common options are listed below but there are several more options not covered here.
Router Advertisement Options
· Autonomous flag (A bit) – Hosts will generate an address based on this RA and if this bit is enabled.
· Valid Lifetime – a 32-bit number representing the length of time (in seconds) that a prefix will be used in the host’s routing table
· Managed Address Configuration flag (M bit) – Hosts will contact a DHCPv6 server to obtain an IPv6 address if this bit is set
· Other Stateful Configuration flag (O bit) – Hosts will contact a DHCPv6 server to obtain non-address configuration information if this bit is set.
This can create an “interesting” dilemma which does not occur in the IPv4 world. Suppose I have the following Router Advertisement configuration. What will happen?
Autonomous flag =1, Managed Address flag =1, Other=1, Lifetime=86,400
Answer: The host will configure TWO IPv6 addresses!
One autoconfigured, and one from DHCPv6, along with options from the DHCPv6 server. This will also generate a route table entry valid for 24 hours. So you can see that when implementing IPv6, communication and collaboration between Server Administrators and the Network Administrators becomes crucial.
Specific autoconfiguration behaviors of IPv6 for computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista:
· Generate random interface IDs for non-temporary autoconfigured IPv6 addresses, including public and link-local addresses, rather than using EUI-64–based interface IDs.
· Use optimistic duplicate address detection (DAD) which means they do not wait for duplicate address detection (DAD) to complete before sending router solicitations or multicast listener discovery reports using their derived link-local addresses.
· Computers running Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7 attempt stateful address autoconfiguration with DHCPv6 if no router advertisements are received. Computers running Windows Server 2008 or Windows Vista do not attempt stateful address autoconfiguration with DHCPv6 if no router advertisements are received.
· Send the Router Solicitation message before performing duplicate address detection on the link-local address.
· Continue address autoconfiguration even if link-local address is duplicate with the receipt of a multicast Router Advertisement message containing unique local or global prefixes.
In the Field
As a Windows Admin you are probably thinking, who would configure router advertisements we have DHCP? The most common scenario seen in the field is the network team “testing” some IPv6 stuff. They think that they are only affecting routing between the network devices but not the hosts since hosts get their IP from DHCP and that is only configured for IPv4. Then we start to see routing weirdness and AAAA records in DNS. The knee jerk reaction is to fix the problem by unchecking the IPv6 check box we detailed in our first post (hint don’t do that!). This probably seems far-fetched but I have seen this happen on more than one occasion. If you do start seeing IPv6 addresses assigned and your org hasn’t rolled out IPv6 yet go to your network team and say “Hey man, I think some of the router advertisements might be leaking into production”. This generally a good place to start.
Comparison and compatibility table of some of the IPv4 and IPv6 features
IPv6 Addresses
|
IPv6 Unicast Address |
IPv4 Equivalent |
|
Global Address |
Public |
|
Local-use Address (Link-Local) |
APIPA |
|
Unique local Address |
Private |
|
Specialty (unspecified, loopback) |
Multicast, Loopback, etc |
|
Compatibility |
n/a |
IPv4 Address and IPv6 Address Feature Equivalents
|
Feature |
Ipv4 |
Ipv6 |
|
Address length |
32 bits |
128 bits |
|
IPsec header support |
Optional |
Required |
|
Prioritized delivery support |
Some |
Better |
|
Fragmentation |
Hosts and routers |
Hosts only |
|
Packet size |
576 bytes |
1280 bytes |
|
Checksum in header |
Yes |
No |
|
Options in header |
Yes |
No |
|
Link-layer address resolution |
ARP (broadcast) |
Multicast Neighbor Discovery |
|
Multicast membership |
IGMP |
Multicast Listener |
|
Router Discovery |
Optional |
Required |
|
Uses broadcasts |
Yes |
No |
|
Configuration |
Manual, DHCP |
Automatic, DHCPv6 |
|
DNS name queries |
Uses A records |
Uses AAAA records |
|
DNS reverse queries |
Uses IN-ADDR.ARPA |
Uses IP6.ARPA |
More Info
Well, hopefully we’ve covered enough substance to start getting you to feel a little more comfortable with IPv6 and like all new technologies it’s not magic, just takes a little time, and a good blog of course, to understand. If you are a Premier customer we have an IPv6 workshop with tons more info and all kinds of fun labs. Let us know or you TAM and we’ll get you going. If you are more the lone wolf self-study type we have, http://technet.microsoft.com/en-us/library/gg250710(WS.10).aspx and the IPv6 book by MS Press is quite good. Please let us know in the comments what you think and other IPv6 info you’d like to see.
Mark “128 bit” Morowczynski and Ray “128 bit” Zabilla
Part 1 can be found here
Part 2 can be found here