Supporting IPv4 and IPv6 Networks

# Use Appropriate Tools to Test IP Configuration ## IP interface Configuration [[Explaining IPv4 Addressing]] - Configuration Paramenters - IP address and subnet mask - default gateway - DNS servers - resolves IPs to named web address (and vice versa) - Manual configuration / static addressing vs autoconfig via DHCP - remember a 169.xxx.xxx.xxx IP means the windows machine couldnt get an IP via DHCP with APIPA - typically static configurations are only for critical systems like servers that always need to have the same IP - Windows networking - Adapter name (local area connection vs Ethernet) - `netsh` - very powerful - local or remote config of network devices such as the interface - PowerShell cmdlets ## ipconfig access to all ipv4 and ipv6 configurations can release and renew the configurations - /all - /renew - /release - /displaydns, flushdns, registerdns ## ifconfig and IP Linux's version of ipconfig - interfaces: - eth0, eth1 or en0, en1 - /etc/network/interfaces - ifup and ifdown - networkManager and systemd.networking - netplan - ifconfig - ip ## ARP cache cache IP:MAC mapping to reduce arp broadcasts arp utility manages cache - `ip neigh` `arp -s` modify the CAM table ## ICMP and ping - ping can be blocked - Report errors and transmit status messaging - Request and reply packets - round trip time (RTT) - time to live (TTL) - Destination host unreachable - there is no routing info... (the local machine does not know how to get to that IP address) - can be caused by a configuration error on the local host - No reply (request timed out) - machine cant see IP address (hardware) traceroute (`tracert`) will show hops and more information if ICMP is blocked. # Troubleshoot IP Networks [[Troubleshooting Ethernet Networks]] ## Hardware Failure and Network Interface Issues [[Comparing OSI Model Network Functions]] - isolate the issues to the OSI model layer - establish scope to indentify hardware issues with appliances (switches and routers) - Power issues.... - surge, brownout, and power failure - Hardware failure issues - check for cable faults - verify adapter driver - check module/adapter card seating - Interface status issues ## IP Config Issues - verify host configuration with `ipconfig/ifconfig/ip` - private IPs, subnets - Incorrect IP address - Check configuration is consisten with neighbors - Incorrect subnet mask - host routes traffic that should be delivered locally ## Duplicate IP and MAC Address Issues - ping - loopback - discover neighbors (check ARP cache) `arp -a` - Remote host - incorrect gateway - Check IP of the default gateway - check link to default gateway ## Incorrect DNS issues - check client DNS server address config - check server availability ## Multicast flooding issues - multicast groups and Internet group management protocol (IGMP) - non multicast aware switches flood packets - IGMP snooping # Explain IPv6 Addressing Schemes | **Number** | **HexaDecimal** | **Binary** | | ---------- | --------------- | ---------- | | 0 | 0 | 0000 | | 1 | 1 | 0001 | | 2 | 2 | 0010 | | 3 | 3 | 0011 | | 4 | 4 | 0100 | | 5 | 5 | 0101 | | 6 | 6 | 0110 | | 7 | 7 | 0111 | | 8 | 8 | 1000 | | 9 | 9 | 1001 | | 10 | a | 1010 | | 11 | b | 1011 | | 12 | c | 1100 | | 13 | d | 1101 | | 14 | e | 1110 | | 15 | f | 1111 | | __ | __ | __ | __ | __ | __ | __ | __ | | --- | --- | --- | --- | --- | --- | --- | --- | | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 | ## IPv4 vs IPv6 IPv6/IPng - 128 bit vs just 32 of IPv4 - Copes with mobile/IoT growth - Hierarchical address allocation (simpler routing) This is a very slow transition... IPv6 headers - Main header and extension headers - Key fields - Traffic class - Flow label - Payload length - Next header - Hop limit ## IPv6 Address format - 128-bit binary address = lots of typing ``` 0010 0000 0000 0001 : 0000 1101 1011 1000 : 0000 0000 0000 0000 : 0000 0000 0000 0000 : 0000 1010 1011 1100 : 0000 0000 0000 0000 : 1101 1110 1111 0000 : 0001 0010 0011 0100 ``` - uses hex notation - each hex didgit represents 4 binary digits - arrange hex digits in 8 x 16-bit (double byte) blocks separated by colons - `2001:0db8:0000:0000:0abc:0000:def0:1234` - Canonical notation - omit leading 0s and compress one sequence of all -0 double bytes - `2001:db8::abc:0:def0:1234` ## IPv6 Network prefixes - host ID is always the last 64 bits - Network prefix (like /48 or /64) determines whether hosts are on the same network - Addressing schemes are different then IPv4 - multicast **must** be supported - no broadcasts ![[IPv6Prefix.png]] ## IPv6 Unicast Addressing Unicast addressing is basically going out the internet on IPv6 - globally scoped - 001 binary prefix (2 or 3 in hex) - Next 45 bits allocated to registries and ISPs - following 16 bits for subnetting - 64 bits for interface ID ## EUI-64 Conversion This is taking the MAC address from the NIC and converting it to a 64 bit IPv6 Address... - MAC-derived/EUI-64 - Pseudo-random token - this is the MAC addressing (48bit) with some math - remember: the first 3 sets are the OUI (manufacturer), and the last 3 sets is the NIC specific serial number <u>To do the conversion</u> - split the MAC - Two 3-byte parts (24-bit) halves - Put `FFFE` in the middle - the missing 16 bits - invert the 7th bit - changes the address from globally unique/unversal - turns the burned-in address into a localled adminstered address - this is the U/L bit (universal/local) - Modifying the MAC examples... - `8c:2d:aa:4b:98:a7` <- Universal Address - `8c` = 100011**0**0 - invert 7th bit... - 100011**1**0 - which turns into... - `8e:2d:aa:4b:98:a7` <- Local Address ## Building IPv6 the first 64 bits are the IPv6 subnet prefix - then add in the 3 byte converted MAC in ipv6 format, this below uses the example from above - then fill in `FFFE` - then fill in the last 3 bytes from the mac address | **64-bit IPv6 Subnet Prefix** | **3-byte MAC** | **FFFE** | **last 3-byte MAC** | | ----------------------------- | -------------- | -------- | ------------------- | | 2600:dddd:1111:0001: | 8e2d:aa | ff:fe | 4b:98a7 | this then gives you.... `2600:dddd:1111:0001:8e2d:aaff:fe4b:98a7` **there is a shortcut to easily convert the 7th binary bit.** To do this, create a chart like the one below, counting up to F in hex. When using this, simple take the 2nd character in the mac address and convert it according to the table below. ![[MACConversions.png|]] <u>Some examples to try....</u> | **MAC Address** | **EUI-64** | | ----------------- | ------------------- | | 18:b4:30:10:7b:61 | 1ab4:30ff:fe10:7b61 | | a0:21:b7:63:40:3f | a221:b7ff:fe63:403f | | 34:62:88:dc:85:2f | 3662:88ff:fedc:852f | | 34-cf-f6-e5-3f-a8 | 36cf:f6ff:fee5:3fa8 | ![[IPv6UnicastAddressing.png]] **THE HARD PART OF IPv6 IS IDENTIFYING THE NETWORK ID** ## IPv6 Link Local Addressing - fe80/10 -- the local link addressing (same space) - this is not routable (almost like a private addressing) - something local in the network like IoT devices ![[Pasted image 20230522101957.png]] - communicate with the same subnet (neighbors) - All interfaces have link-local addressing - Zone idices ## Interface Autoconfiguration - neighbor discovery (ND) protocol and router advertisement (RA) - replaces ARP to perform address autoconfiguration, prefix discovery, local address resolution, and redirection - Stateless address autoconfig (SLAAC) - hosts generate a unique link-local address (not routable outside the local network) - listen for RAs - more flexible then DHCP (ipv4) - tests that the unique link-local address is unique by using the ND protocol - The host listens for a router advertisement (RA) or transmits a router solicitation (RS) using ND protocol messaging. The router can either provide a network prefix, direct the host to a DHCPv6 server to perform stateful autoconfiguration, or perform some combination of stateless and stateful configuration. - Multicast listener Discovery (NLD) Protocol - allow nodes to join a multicast group - discover whether group members are present on the local subnet - ICMPv6 ## IPv6 Multicast addressing Ipv6 routers must support multicast - first 8-bits multicast scope (11111111 or ff in hex) - next 4-bits.... flag types of multicast if needed; otherwise they are set to 0 - next 4-bits... scope (link-local/global) - 1 is node-local (to all interfaces on the same node) - 2 is link local - 112-bit group ID ## IPv4 and IPv6 Transition Mechanisms - Dual stack (using both ipv4 and ipv6) - this refers to hosts or routers - IPv6 or IPv4 default - Tunneling (alternative to dual stack) - means that IPv6 packets are inserted into IPv4 packets and routed over the IPv4 network to their desination - delivers IPv6 packets accross IPv4 networks. - routing decisions are based on the IPv4 address until packets reach destination at which point IPv6 packets are stripped from the ipv4 carrier packets and forwarded according to ipv6 routing rules - encapsulate IPv6 Packets in IPv4 packets - 6to4/6RD (IPv6 rapid deployment) - no host config is necessary is enable the tunnel - prefix `2002::/16` - Teredo (windows) and Miredo (linux) - Generic routing encapsulation (GRE) Tunneling carries high protocol overhead and is not nearly ass efficient as operating dual stack hosts. ## Common IPv6 Address Prefixes | **Type** | **Prefix** | **Leading Hex Characters** | | ---------------------- | ------------------ | -------------------------- | | Global unicast | 2000::/3 | 2 or 3 | | Link local unicast | fe80::/10 | fe80 | | Multicast | ff00::/8 | ff | | Multicast (link local) | ff02::/16 | ff02::1 (all nodes) | | | | ff02::2 (all routers) | | | | ff02::1:2 (DHCP) | | Solicited-node | ff02::1:ff00:0/104 | ff02::1:ff | | Unspecified | ::/128 | 0::0 | | Loopback | ::1/128 | ::1 | | Documentation/Examples | 2001:db8::/32 | 2001:db8 |