IPv6 Virtual Labs: How to & Lessons s Learned. IPv6 Virtual Labs:
|
|
- Andra O’Neal’
- 8 years ago
- Views:
Transcription
1 IPv6 Virtual Labs: How to & Lessons s Learned ed Jeffrey L Carrell Network Conversions Network Consultant IPv6 SME/Trainer jeff.carrell@teachmeipv6.com 1 IPv6: Build Your Own Lab What are we trying to accomplish today? IPv6 Trivia Quick IPv6 History IPv6 Address basics IPv6 Address Autoconfiguration IPv6 Transition Mechanisms IPv6 Lab system configuration and demonstration 2 Copyright 2015 Jeffrey L. Carrell 1
2 What are we trying to accomplish today? Learn some IPv6 basics Use free applications, utilities, and OS s to create a virtual lab system on a single host computer Connect to an IPv6 tunnel broker to obtain routed a /56 IPv6 address block, capable of 256 /64 networks or 16 /60 subnets with 16 /64 networks each Configure an open source router application to perform true IPv4/IPv6 routing and DHCP/ services Have real IPv6 Internet presence with only IPv4 access to the Internet 3 IPv6: Trivia In modern day operating systems, is IPv6 an enabled protocol? YES! Generally, will an IPv6 enabled interface have more than one IPv6 address assigned to it? YES! 4 Copyright 2015 Jeffrey L. Carrell 2
3 IPv6: Trivia How many IPv6 GUA addresses can a network interface have that are in the same network? Up to 4! How many IPv6 GUA addresses can a network interface have that are in different networks? Almost infinite! Can the IPv6 Link-Local address be the same address for all network interfaces in a host? YES! 5 IPv6: Trivia How does an IPv6 enabled host derive its default gateway? Via the RA! Does have a configurable option to provide an IPv6 default gateway? NO! Does an IPv6 host use its LL or GUA address to communicate to its default gateway? LL! 6 Copyright 2015 Jeffrey L. Carrell 3
4 IPv6: Trivia If an IPv6 enabled host has autoconfigured privacy extention addresses and a statically assigned address, which one gets used for off-net communications? Temporary! If attempting to communicate on-net using your GUA to another IPv6 host, will the communication be successful if the v6 router is not on-net? NO! 7 IPv6 Brief History Fall 1992 IPv4 addresses will run out someday Oct 1993 DHCP RFC 1531 easier IPv4 address management Dec 1993 IPng RFC 1550 basic specification for next version IP May 1994 NAT RFC 1631 temporary solution before IPng available Dec 1995 RFC 1883 Basic specifications of IPv6 Feb 1996 RFC 1918 Private Iv4 addresses Dec 1998 RFC 2460 Full IPv6 defined May 2005 RFC 3927 APIPA (IPv4) 8 Copyright 2015 Jeffrey L. Carrell 4
5 Comparing IPv4 & IPv6 Addresses IPv4 addresses 2 32 = 4,294,967,296 IPv6 addresses = 340,282,366,920,938,463,463,374,607,431,768,211,456 which is 340 undecillion 340 trillion trillion trillion 79,228,162,514,264,337,593,543,950,336 times more v6 addresses than v4 If IP addresses weighed one gram each: IPv4 = half the Empire State Building IPv6 = 56 billion earths 9 What is an IPv6 Address? IPv6 addresses are very different than IPv4 addresses in the size, numbering system, and delimiter between the numbers 128bit -vs- 32bit hexadecimal -vs- decimal colon and double colon -vs- period (or dot for the real geeks) Valid IPv6 addresses are comprised of hexadecimal numbers (0-9 & a-f), with colons separating groups of four numbers, with a total of eight groups (each group is known as quibble or hextet ) 2001:0db8:1010:61ab:f005:ba11:00da:11a5 10 Copyright 2015 Jeffrey L. Carrell 5
6 Address types Address Type IPv4 IPv6 Unicast - One-to-one communication Broadcast - One-to-many communication local Multicast - One-to-many communication local/remote Anycast - One-to-many communication nearest Yes Yes Yes Yes Yes No Yes Yes 11 Address scopes Address Scope IPv4 IPv6 Link-Local -Not routable Yes (is temp, APIPA) Global Unicast - Routable to Internet Aka public Unique Local Aka private - Routable only within domain RFC 1918 Yes Yes RFC Copyright 2015 Jeffrey L. Carrell 6
7 IPv6 Address scopes Global Unicast Address Global Scope Unique Local Address Organization/Site Scope Link Local Address Link-Local Scope 13 IPv4/IPv6 special addresses Address Type IPv4 IPv6 Default Route 0000/ /0 ::/0 Unspecified /32 ::/128 Loopback /8 ::1/128 Multicast /4 ff00::/8 Link-Local /16 fe80::/10 Global Unicast All others 2000::/3 Unique Local Documentation / / / / / /24 fc00::/7 2001:db8::/32 14 Copyright 2015 Jeffrey L. Carrell 7
8 IPv6 shorthand notation Option ::a52:0:0:0:3d16 Consecutive Zeros Leading Zeros 2001:0000:0000:0a52:0000:0000:0000:3d16 Leading Zeros Consecutive Zeros Option :0:0:a52::3d16 15 Incorrect shorthand notation 2001:0000:0000:0a52:0000:0000:0000:3d16 Consecutive Zeros Leading Zeros Consecutive Zeros 2001::a52::3d16 NOT A VALID IPv6 Address How many bits are represented by each ::? 16 Copyright 2015 Jeffrey L. Carrell 8
9 States of an IPv6 address (timers) Valid Tentative Preferred Deprecated Invalid Preferred Lifetime Time Valid Lifetime Tentative address is in process of verification for uniqueness and is not yet available for regular communications Valid address is valid for use in communication based on Preferred and Deprecated status Preferred address is usable for all communications Deprecated address can still be used for existing sessions, but not for new sessions Invalid an address is no longer available for sending or receiving 17 Comparing IPv4 & IPv6 Neighbor Discovery Protocols IPv4 ARP Request ARP Reply Router Solicitation Router Advertisement Gratuitous ARP ARP Cache IPv6 Neighbor Solicitation Neighbor Advertisement Router Solicitation Router Advertisement Duplicate Address Detection Neighbor Cache 18 Copyright 2015 Jeffrey L. Carrell 9
10 IPv6 Neighbor Discovery Protocol Neighbor Discovery Protocol (NDP) is defined in RFC 4861 NDP provides the following basic IPv6 functions per node Discover what link they are one Learn link prefix addresses Discover the on-link router Discover on-link neighbors Keep track of active neighbors 19 Duplicate Address Detection (DAD) When a node initially assigns an IPv6 address to its interface, it must check whether the selected address is unique If unique, the address is configured on interface The node sends a multicast Neighbor Solicitation message with the: dest MAC of 33:33:<last 32bits of IPv6 mcast addr> dest IPv6 addr of ff02::1:ff<last 24bits of proposed IPv6 addr> source IPv6 of :: (IPv6 unspecified addr) 20 Copyright 2015 Jeffrey L. Carrell 10
11 IPv6 default for subnet Based on the default definition an IPv6 address is logically ll divided id d into two parts: a 64-bit network prefix and a 64-bit interface identifier (IID) Therefore, the default subnet size is / :0db8:1010:61ab:f005:ba11:00da:11a5/64 64bits for Network Identifier 64bits for Interface Identifier Prefix Length A single /64 network yields 18 billion-billion possible addresses 21 Interface ID from MAC address Company ID Manufacturer Data F 00 IEEE 48-Bit MAC Address FF FE 64 3F 00 Expand to EUI-64 (IEEE Extended Unique ID) xFFFE inserted 7 th bit inverted Local/Global bit FF FE 64 3F 00 Invert the Local/Global Bit 0219:71ff:fe64:3f00 Modified EUI-64 Interface ID 22 Copyright 2015 Jeffrey L. Carrell 11
12 Interface ID from Random Number RFC Privacy Extensions for Stateless Address Autoconfiguration in IPv6 Initial IID is derived based on mathematical computation to create a random 64bit number and appended to prefix to create a GUA An additional but different 64bit number is computed, appended to prefix, and tagged temporary for a 2 nd GUA Temporary GUA should be re-computed on a frequent basis Temporary GUA is used as primary address for communications, as it is considered more secure 23 IPv6 autoconfiguration options Address Autoconfiguration Method Link-Local (always configured) ICMPv6 RA (Type 134) Flags M Flag O Flag ICMPv6 RA (Type 134) ICMPv6 Option Prefix Info A Flag L Flag N/A N/A N/A N/A Prefix Derived from Internal (fe80::) Interface ID Derived from M-EUI-64 or Privacy Other Configuration Options Manual Off Off Off On Manual Manual Manual SLAAC Off Off On On RA M-EUI-64 or Privacy # of IPv6 Addr Manual 1 Manual 2 (LL, Manual) 3 (LL, IPv6, IPv6 temp) Stateful 2 On N/R Off On (LL, () ) Stateless Combination Stateless & Off On On On RA On N/R On On RA and M-EUI-64 or Privacy M-EUI-64 or Privacy and 3 (LL, IPv6, IPv6 temp) 4 (LL, IPv6, IPv6 temp, ) 24 Copyright 2015 Jeffrey L. Carrell 12
13 IPv6 address autoconfiguration Assigning an IPv6 address: Link-Local (automatically assigned when IPv6 is enabled) Based on prefix fe80::/10, assigned as fe80::/64 Interface ID (64 bit host portion) derived from either: Modified IEEE EUI-64 format (RFC 4291) Derived from MAC address Privacy format (RFC 4941) Derived from random number generator NOTE: Requires no routers, no servers, no additional network systems support. 25 Link-Local address basics Each interface must have one (and only one) link-local l l address (generally autoconfigured by OS) Can/may be same on any/all interfaces Zone ID or Scope ID is used to differentiate which interface is to be used for outbound communications Zone ID is appended to link-local address when used for outbound communications. Examples: ping fe80::22c:8a5c:12ab:370f%vlan1 - switch ping fe80::22c:8a5c:12ab:370f%12 - Windows ping fe80::22c:8a5c:12ab:370f%eth0 - Linux ^destination host to ping ^intf to go out 26 Copyright 2015 Jeffrey L. Carrell 13
14 IPv6 autoconfiguration options Address Autoconfiguration Method Link-Local (always configured) ICMPv6 RA (Type 134) Flags M Flag O Flag ICMPv6 RA (Type 134) ICMPv6 Option Prefix Info A Flag L Flag N/A N/A N/A N/A Prefix Derived from Internal (fe80::) Interface ID Derived from M-EUI-64 or Privacy Other Configuration Options Manual Off Off Off On Manual Manual Manual SLAAC Off Off On On RA M-EUI-64 or Privacy # of IPv6 Addr Manual 1 Manual 2 (LL, Manual) 3 (LL, IPv6, IPv6 temp) Stateful 2 On N/R Off On (LL, () ) Stateless Combination Stateless & Off On On On RA On N/R On On RA and M-EUI-64 or Privacy M-EUI-64 or Privacy and 3 (LL, IPv6, IPv6 temp) 4 (LL, IPv6, IPv6 temp, ) 27 IPv6 address autoconfiguration Assigning an IPv6 address: SLAAC (Stateless address autoconfiguration), generally a /64 Uses prefix information from Router Advertisement Interface ID (64 bit host portion) derived from either: Modified IEEE EUI-64 format (RFC 4291) Derived from MAC address Privacy format (RFC 4941) Derived from random number generator Generally creates 2 global addresses Cryptographically generated (RFC 3971 & 3972) Secure/unique interface ID 28 Copyright 2015 Jeffrey L. Carrell 14
15 IPv6 SLAAC process A node sends a multicast Router Solicitation message to the all-routers address ff02::2 Router(s) respond with Router Advertisement message containing A & L flags on and prefix(es) for stateless autoconfiguration The node configures its own IPv6 address(es) with the advertised prefix(es), plus a locally-generated Interface ID Node checks whether the selected address(es) is(are) unique (Duplicate Address Detection) If unique, the address(es) is(are) configured on interface Note no DNS automatically configured 29 ICMPv6 - Router Advertisement Router Advertisement (RA) [key components] M flag managed address configuration flag (for stateful () autoconfig) O flag other configuration flag (for stateless autoconfig) Prf flag router preference flag (ska priority) Router Lifetime lifetime associated with the default router Prefix Length number of bits in the prefix A flag autonomous address-configuration flag (for SLAAC) L flag on-link flag Valid Lifetime length of time the address is valid for use in preferred and deprecated states Preferred Lifetime length of time the address is valid for new communications Prefix IPv6 address prefix For additional info, see RFC Copyright 2015 Jeffrey L. Carrell 15
16 Router Advertisement packet (Stateless) 31 IPv6 autoconfiguration options Address Autoconfiguration Method Link-Local (always configured) ICMPv6 RA (Type 134) Flags M Flag O Flag ICMPv6 RA (Type 134) ICMPv6 Option Prefix Info A Flag L Flag N/A N/A N/A N/A Prefix Derived from Internal (fe80::) Interface ID Derived from M-EUI-64 or Privacy Other Configuration Options Manual Off Off Off On Manual Manual Manual SLAAC Off Off On On RA M-EUI-64 or Privacy # of IPv6 Addr Manual 1 Manual 2 (LL, Manual) 3 (LL, IPv6, IPv6 temp) Stateful 2 On N/R Off On (LL, () ) Stateless Combination Stateless & Off On On On RA On N/R On On RA and M-EUI-64 or Privacy M-EUI-64 or Privacy and 3 (LL, IPv6, IPv6 temp) 4 (LL, IPv6, IPv6 temp, ) 32 Copyright 2015 Jeffrey L. Carrell 16
17 IPv6 address autoconfiguration Assigning an IPv6 address: Stateful (), generally a /64 (RFC 3315) Uses prefix information defined in scope Interface ID (64 bit host portion) derived from scope pool Reply includes other information DNS, domain, time server, tftp or download server, etc 33 IPv6 Stateful () process A node sends a multicast Router Solicitation message to the all-routers address ff02::2 Router(s) respond with Router Advertisement message containing M flag for stateful autoconfiguration The node sends a multicast Solicit message to the all-dhcp relay agents and servers address ff02::1:2 server(s) responds with Advertise message(s) containing IPv6 address and lifetimes The node sends a Request message to confirm and seeking other information server responds with Reply message Node checks whether the selected address is unique (Duplicate Address Detection) If unique, the address is configured on interface 34 Copyright 2015 Jeffrey L. Carrell 17
18 ICMPv6 - Router Advertisement Router Advertisement (RA) [key components] M flag managed address configuration flag (for stateful () autoconfig) O flag other configuration flag (for stateless autoconfig) Prf flag router preference flag (ska priority) Router Lifetime lifetime associated with the default router Prefix Length number of bits in the prefix A flag autonomous address-configuration flag (for SLAAC) L flag on-link flag Valid Lifetime length of time the address is valid for use in preferred and deprecated states Preferred Lifetime length of time the address is valid for new communications Prefix IPv6 address prefix For additional info, see RFC Router Advertisement packet (Stateful/) 36 Copyright 2015 Jeffrey L. Carrell 18
19 IPv6 Stateful () process Solicit = DHCPDiscover (IPv4) Advertise = DHCPOffer (IPv4) Request = DHCPRequest (IPv4) Reply = DHCPAck (IPv4) 37 W2K8-R2 server operation 38 Copyright 2015 Jeffrey L. Carrell 19
20 Key difference in DHCP/ Default gateway DHCP configurable Router option in scope no configurable Router option in scope (possible future, but no client OS support yet) An IPv6 node derives its default gateway from the router s Link-Local Local address when the L flag is set in the Prefix information field of an RA (! not from the network prefix!) 39 Unique Identifier - DUID Each DHCP client and server has a DUID DHCP servers use DUIDs to identify clients for the selection of configuration parameters and in the association of IAs with clients DHCP clients use DUIDs to identify a server in messages where a server needs to be identified For additional info, see RFC Copyright 2015 Jeffrey L. Carrell 20
21 Cloning clients and DUID When a client machine is cloned, all the clones have the same DUID When 2 clients with the same DUID request an IPv6 address, the server provides the same address to both clients When the 2 nd client performs DAD, it detects an IPv6 address conflict, and will not go on link 41 Cloning clients and DUID For cloned MS Windows clients, the DUID is in the Windows Registry and can be removed with a manual operation (regedit) This should be done before creating a clone, so that when the clones clients are booted, new and unique DUIDs will be created reg delete HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /f /v Dhcpv6DUID 42 Copyright 2015 Jeffrey L. Carrell 21
22 Lab 1 IPv6 autoconfiguration options Address Autocoiguration Method Link-Local (always configured) ICMPv6 RA (Type 134) Flags M Flag O Flag ICMPv6 RA (Type 134) ICMPv6 Option Prefix Info A Flag L Flag N/A N/A N/A N/A Prefix Derived from Internal (fe80::) Interface ID Derived from M-EUI-64 or Privacy Other Configuration Options 2 Manual Off Off Off On Manual Manual Manual 3 7a SLAAC Off Off On On RA M-EUI-64 or Privacy # of IPv6 Addr Manual 1 Manual 2 (LL, Manual) 3 (LL, IPv6, IPv6 temp) 5 Stateful 2 On N/A Off On (LL, 7b () ) 7c 7d Stateless Combination Stateless & Off On On On RA On N/A On On RA and M-EUI-64 or Privacy M-EUI-64 or Privacy and 3 (LL, IPv6, IPv6 temp) 4 (LL, IPv6, IPv6 temp, ) 43 IPv6 address autoconfiguration Assigning an IPv6 address: Stateless Uses prefix information from Router Advertisement Interface ID (64 bit host portion) derived from either: Modified IEEE EUI-64 format (RFC 4291) Derived from MAC address Privacy format (RFC 4941) Derived from random number generator Cryptographically generated (RFC 3971 & 3972) Secure/unique interface ID Uses for other information DNS, domain, time server, tftp or download server, etc 44 Copyright 2015 Jeffrey L. Carrell 22
23 IPv6 Stateless process A node sends a multicast Router Solicitation message to the all-routers routers address ff02::2 Router(s) respond with Router Advertisement message containing A & L flags on and prefix(es), and O flag on for stateless autoconfiguration The node configures its own IPv6 address(es) with the advertised prefix(es), plus a locally-generated Interface ID The node sends a multicast Information-Request message to the all-dhcp relay agents and servers address ff02::1:2 server responds with Reply message Node checks whether the selected address is unique (Duplicate Address Detection) If unique, the address is configured on interface 45 ICMPv6 - Router Advertisement Router Advertisement (RA) [key components] M flag managed address configuration flag (for stateful () autoconfig) O flag other configuration flag (for stateless autoconfig) Prf flag router preference flag (ska priority) Router Lifetime lifetime associated with the default router Prefix Length number of bits in the prefix A flag autonomous address-configuration flag (for SLAAC) L flag on-link flag Valid Lifetime length of time the address is valid for use in preferred and deprecated states Preferred Lifetime length of time the address is valid for new communications Prefix IPv6 address prefix For additional info, see RFC Copyright 2015 Jeffrey L. Carrell 23
24 Router Advertisement packet (Stateless/) 47 IPv6 autoconfiguration options Address Autoconfiguration Method Link-Local (always configured) ICMPv6 RA (Type 134) Flags M Flag O Flag ICMPv6 RA (Type 134) ICMPv6 Option Prefix Info A Flag L Flag N/A N/A N/A N/A Prefix Derived from Internal (fe80::) Interface ID Derived from M-EUI-64 or Privacy Other Configuration Options (DNS, domain, time, tftp, etc) Derived via Manual Off Off Off On Manual Manual Manual SLAAC Off Off On On RA Stateful () Stateless Combination Stateless & M-EUI-64 or Privacy # of IPv6 Addr Manual 1 Manual On N/R Off On Off On On On RA On N/R On On RA and M-EUI-64 or Privacy M-EUI-64 or Privacy and 2 (LL, Manual) 3 (LL, IPv6, IPv6 temp) 2 (LL, ) 3 (LL, IPv6, IPv6 temp) 4 (LL, IPv6, IPv6 temp, ) 48 Copyright 2015 Jeffrey L. Carrell 24
25 Combination Stateless and This is typically an undesired configuration Generally a result of enabling RA flags for one type of address autoconfiguration requirement, and not disabling other flags not required Result is too many/unwanted IPv6 GUA s SLAAC up to two possible GUA s Stateful () one GUA Even a manual configured GUA Remember, if there is a Temporary GUA, it will be used for outbound communications 49 IPv6 Legal address 2001:db8:123:456::/64 Is this a node address or a network prefix representation? 50 Copyright 2015 Jeffrey L. Carrell 25
26 Point-to-point Links Would you use /64 on p2p links? YES, but: provision a /64 for the link then assign as /127 (if possible) not all L3 vendors support /127 DO NOT do /126 RFC Point-to-point Links So, let s see what it looks like: 2001:db8:123:456::1/ :db8:123:456::2/127 } v4 thinking Are these 2 addresses in the same subnet? 52 Copyright 2015 Jeffrey L. Carrell 26
27 /128 vs- /127 vs- /126 Last hextet: / / / Mixed URL & IPv6 notation in URL IPv6 Characters URL Characters Enclose IPv6 Address in Square Brackets Optional Port ID For additional info, see RFC Copyright 2015 Jeffrey L. Carrell 27
28 IPv6 GUA in URL 55 IPv6 Link-local in URL fe80::f254 is destination, %11 is the outbound interface but specified as %2511 where the %25 is hex converted to the % symbol Note, this does not work in all browsers 56 Copyright 2015 Jeffrey L. Carrell 28
29 IPv6 Browser add-ons 57 IPv6 Browser add-ons 58 Copyright 2015 Jeffrey L. Carrell 29
30 Telnet/SSH over IPv6 59 Telnet/SSH over IPv6 group05-netiron#show telnet Console connections: established, privilege super-user you are connecting to this session 4 seconds in idle Telnet server status: Enabled Telnet connections (inbound): 1 established, client ip6 address 2001:470:1f0f:ee7::7:100, privilege super-user using vrf default-vrf. 60 Copyright 2015 Jeffrey L. Carrell 30
31 TFTP over IPv6 group05-netiron#copy running-config tftp ipv6 2001:470:ba04:1652::102 group05.cfg 61 RDP over IPv6 62 Copyright 2015 Jeffrey L. Carrell 31
32 Cisco switch - IPv6 VLAN config interface Vlan1 ipv6 address FE80::2 link-local ipv6 address 2001:DB8:1AB:BA5E::2/64 ipv6 enable ipv6 nd prefix 2001:DB8:1AB:BA5E::/ ipv6 nd other-config-flag flag ipv6 nd ra interval HP switch - IPv6 VLAN config vlan 1 ipv6 enable ipv6 address fe80::1 link-local ipv6 address 2001:db8:1ab:ba5e::1/64 ipv6 nd ra managed-config-flag ipv6 nd ra max-interval 60 ipv6 nd ra min-interval 20 ipv6 nd ra prefix 2001:db8:1ab:ba5e::/ no-autoconfig 64 Copyright 2015 Jeffrey L. Carrell 32
33 Jeff s IPv6 Wireshark 65 Color rule processing order Color rules read like a router ACL or firewall rule First color rule that matches wins 66 Copyright 2015 Jeffrey L. Carrell 33
34 Using Wireshark to view IPv6 pkts IPv6 display filter families ipv6 icmpv6 dhcpv6 IPv6 related display filters: e / / p t 67 Display filters option 2 In the Packet Details view, right-click on a specific field to build a filter 68 Copyright 2015 Jeffrey L. Carrell 34
35 Configuration profiles What they are Why/how you use them What they contain How to share 69 Packet annotation 70 Copyright 2015 Jeffrey L. Carrell 35
36 Using Wireshark to view IPv6 pkts 71 Security concerns If EUI-64 based address, can determine manufacturer of interface, which may lead to what type of device it is, and where in the network in may be located. Since IPv6 is enabled by default in many operating systems and devices, simple scan of network will provide tons of info Many tools already available for exploitation of devices/systems Easy to spoof clients with rogue RA (use RA Guard on switches to block RAs on non-trusted interfaces) If there is a Temporary IPv6 address in addition to a regular RA configured IPv6 address, the Temporary address is used for outbound communications by the client. Temporary IPv6 addresses can change frequently. 72 Copyright 2015 Jeffrey L. Carrell 36
37 IPv6 Attack Tools Attack Toolkits THC-IPv6 30+ tools! SI6 Networks IPv6 Toolkit 24+ tools! Scanners Nmap, halfscan6 (older) Packet forgery Scapy DoS Tools (older) 6tunneldos, 4to6ddos, Imps6-tools 73 Network scanning 2001:0db8:1010:61ab:f005:ba11:00da:11a5/64 64bits for Network Identifier 64bits for Interface Identifier Prefix Length Since prefix is defined, don t scan there, need only scan lower 64 bits (18BB # s!!!!!!) Scan last section for IPv4 looking addresses (0-254) Scan middle of IID for fffe, then scan for known OID Scan for known hex words Scan for IPv4 address converted to hex notation = 0a01:0101 -or- a01:101 -or- 10:1:1:1 74 Copyright 2015 Jeffrey L. Carrell 37
38 IPv6 Math IPv6 CIDR prefixes IPv6 Nibble Boundary Breaking down /48 into subnets IPv6 Non-Nibble Boundary 75 IPv6 CIDR prefix equivalents Source ARIN: 76 Copyright 2015 Jeffrey L. Carrell 38
39 What IS a Nibble? A nibble is 4 bits Due to IPv6 addresses expressed using hex characters, subnetting on the nibble boundary allows for easy carving of an address allocation Starting at /64 (smallest subnet), prefixes on the nibble boundary are: /60, /56, /52, /48, /44, /40, /36, /32, etc. 77 IPv6 Nibble boundaries 2001:0db8:1234:5678:: Copyright 2015 Jeffrey L. Carrell 39
40 IPv6 Non-Nibble boundary In this address 2001:db8:2:50::/61 the range of addresses in this block are: 2001:0db8:0002:0050:0000:0000:0000:0000 to 2001:0db8:0002:0057:ffff:ffff:ffff:ffff Note that the above subnet uses half of the 4 th nibble range of the 4 th hextet, which only runs from 0 to 7 The adjacent block is 2001:db8:2:58::/61: 2001:0db8:0002:0058:0000:0000:0000:0000 to 2001:0db8:0002:005f:ffff:ffff:ffff:ffff Note that the above subnet uses half of the 4 th nibble range of the 4 th hextet, which only runs from 8 to f Neither of these two example address blocks use the entire nibble range, which can lead to confusion and possible network address overlap if not implemented correctly 79 IPv6 Non-Nibble boundary /61 /48 /52 /56 /60 / = = = = f 80 Copyright 2015 Jeffrey L. Carrell 40
41 IPv6 Allocation options /44 to / :db8:1740::/44 /44 16 / :db8:1740::/ :db8:1741::/ :db8:1742::/ :db8:1743::/ :db8:1744::/ :db8:1745::/ :db8:1746::/ :db8:1747::/ :db8:1748::/ :db8:1749::/ :db8:174a::/ :db8:174b::/ :db8:174c::/ :db8:174d::/ :db8:174e::/ :db8:174f::/48 81 IPv6 Allocation options /48 to /64 /48 16 /52 16 /56 16 /60 16 / /64 / /56 16 /60 16 / /64 / /60 16 /64 / /64 82 Copyright 2015 Jeffrey L. Carrell 41
42 IPv6 Nibble boundary /48 Following nibble boundary rules, a /48 address prefix assigned to company yields: /52-16 sites /56-16 buildings per site /60-16 locations per building /64-16 networks per location /48 / db Site /52 Building or Group /56 Location or Group# /60 VLAN /64 83 IPv6 Allocation options /56 to /60 to /64 /56 16 /60 16 / :db8:1150::/ :db8:1150::/ :db8:1150:10::/ :db8:1150:20::/ :db8:1150:30::/ :db8:1150:40::/ :db8:1150:50::/ :db8:1150:60::/ :db8:1150:70::/ :db8:1150:80::/ :db8:1150:90::/ :db8:1150:a0::/ :db8:1150:b0::/ :db8:1150:c0::/ :db8:1150:d0::/ :db8:1150:e0::/ :db8:1150:f0::/ :db8:1150:10::/ :db8:1150:11::/ :db8:1150:12::/ :db8:1150:13::/ :db8:1150:14::/ :db8:1150:15::/ :db8:1150:16::/ :db8:1150:17::/ :db8:1150:18::/ :db8:1150:19::/ :db8:1150:1a::/ :db8:1150:1b::/ :db8:1150:1c::/ :db8:1150:1d::/ :db8:1150:1e::/ :db8:1150:1f::/64 84 Copyright 2015 Jeffrey L. Carrell 42
43 IPv6 Prefix Calculator (online) 85 Lab platforms Hosted (standalone) hypervisors VMware Workstation/Fusion VirtualBox Bare metal hypervisors VMware ESXi Microsoft Hyper-V Citrix XenServer Physical equipment 86 Copyright 2015 Jeffrey L. Carrell 43
44 Lab platforms, con t GNS3 Virtual Routers Cisco HP Juniper Brocade VyOS Cumulus VX 87 IPv6 Transition mechanisms - tunnels 6in4 RFC over4 RFC to4 RFC 3056 ISATAP RFC 5214 Teredo RFC rd RFC Copyright 2015 Jeffrey L. Carrell 44
45 IPv6 Tunnel brokers Tunnelbroker.net 6in4 tunnel Freenet6.net IPv6-over-UDP Sixxs.net 6in4 tunnel & AYIAY 89 IPv6 Freenet6 tunnel service IPv6-in-IPv4 in NAT Traversal mode (aka - IPv6-over-UDP) Uses Tunnel Setup Protocol (TSP) See RFC 5572 for additional information Source 90 Copyright 2015 Jeffrey L. Carrell 45
46 IPv6 Freenet6 tunnel service The freenet6.net system provides a /56 IPv6 block (with Pro account) You have options when creating /64 IPv6 networks /56 16 /60 16 / /64 91 IPv6 Build Your Own Lab Demo Breakdown /56 into /60 s and then /64 s under 2001:5c0:xxxx:xxyz::/56 Y = subnets /60 0 = core a = internal network(s) of VyOS e = external USB-Enet network (link to another router) c = networks on external Cisco 3750 L3 switch Z = networks /64 0 = core f = loopback 1 = 1 st /64 network 2001:5c0:xxxx:xxc1::/64 = first /64 on Cisco Copyright 2015 Jeffrey L. Carrell 46
47 IPv6 Build Your Own Lab Demo 93 IPv6 Build Your Own Lab more 94 Copyright 2015 Jeffrey L. Carrell 47
48 Resources 95 Resources 96 Copyright 2015 Jeffrey L. Carrell 48
49 Resources 97 Resources DoD HPCMP IPv6 Knowledge Base php/ /networking- overview/ Copyright 2015 Jeffrey L. Carrell 49
50 Resources 99 IPv6 Verification / test sites t / Copyright 2015 Jeffrey L. Carrell 50
51 Thank You for Attending! 101 Copyright 2015 Jeffrey L. Carrell 51
IPv6 Infrastructure Security Jeffrey L Carrell Network Conversions Network Security Consultant, IPv6 SME/Trainer
IPv6 Infrastructure Security Jeffrey L Carrell Network Conversions Network Security Consultant, IPv6 SME/Trainer 1 IPv6 Infrastructure Security v1.1 - Copyright 2013 Jeffrey L. Carrell Agenda IPv6 address
More informationIPv6 Infrastructure Security
TXv6TF 2013 Summit IPv6 Infrastructure Security Jeffrey L Carrell Network Conversions Network Security Consultant IPv6 SME/Trainer 1 Agenda IPv6 address fundamentals Operating Systems support ICMPv6 -
More informationIPv6 Infrastructure Security
IPv6 Infrastructure Security 2013 North American IPv6 Summit Jeffrey L Carrell Network Conversions Network Security Consultant IPv6 SME/Trainer 1 Agenda IPv6 address fundamentals Operating Systems support
More informationIPv6 for SMB s: Easy or Hard?
IPv6 for SMB s: Easy or Hard? Jeffrey L Carrell Network Conversions Network Security Consultant 1 Agenda IPv6 address Network applications Network utilities Server operating systems Client operating systems
More informationJoe Davies. Principal Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group June 1, 2011
Joe Davies Principal Writer Windows Server Information Experience Presented at: Seattle Windows Networking User Group June 1, 2011 2011 Microsoft Corporation IPv6 addressing and DNS review IPv6 subnetting
More informationIPv6 Addressing. Awareness Objective. IPv6 Address Format & Basic Rules. Understanding the IPv6 Address Components
IPv6 Addressing Awareness Objective IPv6 Address Format & Basic Rules Understanding the IPv6 Address Components Understanding & Identifying Various Types of IPv6 Addresses 1 IPv4 Address SYNTAX W. X.
More informationIPv6 Fundamentals: A Straightforward Approach
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 Rick Graziani Cisco Press 800 East 96th Street Indianapolis, IN 46240 IPv6 Fundamentals Contents Introduction xvi Part I: Background
More informationIPv6 Addressing and Subnetting
APNIC elearning: IPv6 Addressing and Subnetting Contact: training@apnic.net eip602_v1.0 Overview IPv6 Address Text Representation IPv6 Addressing Structure IPv6 Address Management Hierarchy Local Addresses
More informationChapter 3 Configuring Basic IPv6 Connectivity
Chapter 3 Configuring Basic IPv6 Connectivity This chapter explains how to get a ProCurve Routing Switch that supports IPv6 up and running. To configure basic IPv6 connectivity, you must do the following:
More informationIPv6 in Axis Video Products
TECHNICAL NOTE REFERENCE DOCUMENT IPv6 in Axis Video Products Created: 2006-01-31 Last updated: 2006-05-29 TABLE OF CONTENTS DOCUMENT HISTORY... 2 1 IPV6 IN GENERAL... 3 1.1 The IPv6 address... 3 1.1.1
More informationIPv6 Network Security. its-security@lsu.edu
IPv6 Network Security its-security@lsu.edu IPv6 Raising awareness about IPv6 IPv6 Basics Windows notes Windows Firewall Demo Linux(RHEL) Firewall Demo [Mac OS 10.7 Lion Firewall Notes] [AAAA record via
More informationImplementing DHCPv6 on an IPv6 network
Implementing DHCPv6 on an IPv6 network Benjamin Long benlong@iol.unh.edu 8-11-2009 Implementing DHCPv6 on an IPv6 network 2 Table of Contents DHCPv6 Overview...3 Terms used by DHCPv6...3 DHCPv6 Message
More informationAbout Me. Work at Jumping Bean. Developer & Trainer Contact Info: Twitter @mxc4 Twitter @jumpingbeansa mark@jumpingbean.co.za
IPv6 & Linux About Me Work at Jumping Bean Developer & Trainer Contact Info: Twitter @mxc4 Twitter @jumpingbeansa mark@jumpingbean.co.za Goals & Motivation Why? Why IPv6? Why this talk? Information on
More informationGuide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP
Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe
More informationIPv6 Functionality. Jeff Doyle IPv6 Solutions Manager jeff@juniper.net
IPv6 Functionality Jeff Doyle IPv6 Solutions Manager jeff@juniper.net Copyright 2003 Juniper Networks, Inc. Agenda ICMPv6 Neighbor discovery Autoconfiguration Agenda ICMPv6 Neighbor discovery Autoconfiguration
More informationStep-by-Step Guide for Setting Up IPv6 in a Test Lab
Step-by-Step Guide for Setting Up IPv6 in a Test Lab Microsoft Corporation Published: July, 2006 Author: Microsoft Corporation Abstract This guide describes how to configure Internet Protocol version 6
More informationSECURITY IN AN IPv6 WORLD MYTH & REALITY. SANOG XXIII Thimphu, Bhutan 14 January 2014 Chris Grundemann
SECURITY IN AN IPv6 WORLD MYTH & REALITY SANOG XXIII Thimphu, Bhutan 14 January 2014 Chris Grundemann WHO AM I? DO Director @ Internet Society CO ISOC Founding Chair NANOG PC RMv6TF Board NANOG-BCOP Founder
More informationSecuring IPv6. What Students Will Learn:
Securing IPv6 When it comes to IPv6, one of the more contentious issues is IT security. Uninformed analysts, anit-v6 pundits, and security ne're-do-wells have created a mythos that IPv6 is inherently less
More informationLinux as an IPv6 dual stack Firewall
Linux as an IPv6 dual stack Firewall Presented By: Stuart Sheldon stu@actusa.net http://www.actusa.net http://www.stuartsheldon.org IPv6 2001:0DB8:0000:0000:021C:C0FF:FEE2:888A Address format: Eight 16
More informationSecurity of IPv6 and DNSSEC for penetration testers
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions
More informationAre You Ready to Teach IPv6?
Are You Ready to Teach IPv6? William Saichek Orange Coast College Karl Dietrich Lansing Community College Giving Credit Where Credit is Due The slides, data and projects in this presentation were used,
More informationGetting started with IPv6 on Linux
Getting started with IPv6 on Linux Jake Edge LWN.net jake@lwn.net LinuxCon North America 19 August 2011 History and Motivation IPng project July 1994 IPv6 - RFC 2460 December 1998 IPv5 - Internet Stream
More informationIPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc. Nalini.elkins@insidethestack.com
1 IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc. Nalini.elkins@insidethestack.com Agenda What has not changed between IPv4 and IPv6 traces What has changed between IPv4 and
More informationNeighbour Discovery in IPv6
Neighbour Discovery in IPv6 Andrew Hines Topic No: 17 Email: hines@zitmail.uni-paderborn.de Organiser: Christian Schindelhauer University of Paderborn Immatriculation No: 6225220 August 4, 2004 1 Abstract
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationCIRA s experience in deploying IPv6
CIRA s experience in deploying IPv6 Canadian Internet Registration Authority (CIRA) Jacques Latour Director, Information Technology Ottawa, April 29, 2011 1 About CIRA The Registry that operates the Country
More informationIPv6 Security. Scott Hogg. Global Technology Resources, Inc. Director of Technology Solutions CCIE #5133, CISSP #4610
IPv6 Security Scott Hogg Global Technology Resources, Inc. Director of Technology Solutions CCIE #5133, CISSP #4610 IPv6 Security Latent Threat Even if you haven t started using IPv6 yet, you probably
More informationDedication Preface 1. The Age of IPv6 1.1 INTRODUCTION 1.2 PROTOCOL STACK 1.3 CONCLUSIONS 2. Protocol Architecture 2.1 INTRODUCTION 2.
Dedication Preface 1. The Age of IPv6 1.1 INTRODUCTION 1.2 PROTOCOL STACK 1.3 CONCLUSIONS 2. Protocol Architecture 2.1 INTRODUCTION 2.2 COMPARISONS OF IP HEADER FORMATS 2.3 EXTENSION HEADERS 2.3.1 Options
More informationIPv6.marceln.org. marcel.nijenhof@proxy.nl
IPv6.marceln.org marcel.nijenhof@proxy.nl RFC 1606 RFC 1606 A Historical Perspective On The Usage Of IP Version 9 1 April 1994, J. Onions Introduction The take-up of the network protocol TCP/IPv9 has been
More informationIntroduction to IP v6
IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation
More informationIP Addressing and Subnetting. 2002, Cisco Systems, Inc. All rights reserved.
IP Addressing and Subnetting 2002, Cisco Systems, Inc. All rights reserved. 1 Objectives Upon completion, you will be able to: Discuss the Types of Network Addressing Explain the Form of an IP Address
More informationIPv6 Hardening Guide for Windows Servers
IPv6 Hardening Guide for Windows Servers How to Securely Configure Windows Servers to Prevent IPv6-related Attacks Version: 1.0 Date: 22/12/2014 Classification: Public Author(s): Antonios Atlasis TABLE
More informationSecurity Assessment of Neighbor Discovery for IPv6
Security Assessment of Neighbor Discovery for IPv6 Fernando Gont project carried out on behalf of UK Centre for the Protection of National Infrastructure LACNIC XV 15 al 20 de Mayo de 2011. Cancún, México
More informationCloudEngine Series Switches. IPv6 Technical White Paper. Issue 01 Date 2014-02-19 HUAWEI TECHNOLOGIES CO., LTD.
Issue 01 Date 2014-02-19 HUAWEI TECHNOLOGIES CO., LTD. 2014. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of
More informationRecent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna. 2010 Marc Heuse <mh@mh-sec.de>
Recent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna 2010 Marc Heuse Hello, my name is The future is here already Let s start with the basics IPv4 4 octets 4.294.967.296
More informationDiscovering IPv6 with Wireshark. presented by Rolf Leutert
Discovering IPv6 with Wireshark presented by Rolf Leutert Instructor: Rolf Leutert, Network Expert & Trainer Leutert NetServices Troubleshooting & Trainings Zürich-Airport, Switzerland Sniffer certified
More informationIP(v6) security. Matěj Grégr. Brno University of Technology, Faculty of Information Technology. Slides adapted from Ing.
IP(v6) security Matěj Grégr Brno University of Technology, Faculty of Information Technology Slides adapted from Ing. Tomáš Podermański What is IP security? Encryption? Authentication? Authorization? Surveillance?
More informationBasic IPv6 WAN and LAN Configuration
Basic IPv6 WAN and LAN Configuration This quick start guide provides basic IPv6 WAN and LAN configuration information for the ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N. For complete IPv6 configuration
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationAbout the Technical Reviewers
About the Author p. xiii About the Technical Reviewers p. xv Acknowledgments p. xvii Introduction p. xix IPv6 p. 1 IPv6-Why? p. 1 IPv6 Benefits p. 2 More Address Space p. 2 Innovation p. 3 Stateless Autoconfiguration
More informationMoonv6 Test Suite DRAFT
Moonv6 Test Suite DHCP Interoperability Test Suite DRAFT Technical Document Revision 0.1 IPv6 Consortium 121 Technology Drive, Suite 2 InterOperability Laboratory Durham, NH 03824-3525 Research Computing
More informationOS IPv6 Behavior in Conflicting Environments
OS IPv6 Behavior in Conflicting Environments Enno Rey, erey@ernw.de @Enno_Insinuator #2 Who I Am Founder and managing director of vendor independent network consulting & security assessment company ERNW.
More informationIPv6 Security Analysis
CENTER FOR CONVERGENCE AND EMERGING NETWORK TECHNOLOGIES CCENT School of Information Studies Syracuse University IPv6 Security Analysis TECHNICAL REPORT: T.R. 2014-002 Authored by: Jose Gonzalo Bejar (revised
More informationIPv6 for Cisco IOS Software, File 2 of 3: Configuring
IPv6 for Cisco IOS Software, File 2 of 3: Configuring This document provides configuration tasks for the Cisco implementation of IP version 6 (IPv6) in the Cisco IOS software and includes the following
More informationFirewalls und IPv6 worauf Sie achten müssen!
Firewalls und IPv6 worauf Sie achten müssen! Pascal Raemy CTO Asecus AG pascal.raemy@asecus.ch Asecus AG Asecus AG Security (Firewall, Web-Gateway, Mail-Gateway) Application Delivery (F5 Neworks with BIGIP)
More informationIPv6 Associated Protocols
IPv6 Associated Protocols 1 New Protocols (1) New features are specified in IPv6 Protocol -RFC 2460 DS Neighbor Discovery (NDP) -RFC 4861 DS Auto-configuration : Stateless Address Auto-configuration -RFC
More informationChapter 3 LAN Configuration
Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. This chapter contains the following sections
More informationIPv6 End Station Addressing: Choosing SLAAC or DHCP Jeff Harrington - NYSERNet
IPv6 End Station Addressing: Choosing SLAAC or DHCP Jeff Harrington - NYSERNet 1 Important Planning Decisions Planning for IPv6 on Campus Three major areas need to be addressed during planning. There are
More informationIPv6 INFRASTRUCTURE SECURITY WORKSHOP SESSION 10 BUILDING IPv6 INFRASTRUCTURE NETWORK SECURITY
IPv6 INFRASTRUCTURE SECURITY WORKSHOP SESSION 10 BUILDING IPv6 INFRASTRUCTURE NETWORK SECURITY Alastair JOHNSON July 2013 INTRODUCTION This module will cover network infrastructure security relating to:
More informationComputer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University
Computer Networks Introduc)on to Naming, Addressing, and Rou)ng Week 09 College of Information Science and Engineering Ritsumeikan University MAC Addresses l MAC address is intended to be a unique identifier
More information- IPv6 Addressing - (References: http://cc.uoregon.edu/cnews/spring2001/whatsipv6.html; http://en.wikipedia.org/wiki/ipv6)
1 IPv6 Basics - IPv6 Addressing - The most widespread implementation of IP currently is IPv4, which utilizes a 32-bit address. Mathematically, a 32-bit address can provide roughly 4 billion unique IP addresses
More informationVulnerabili3es and A7acks
IPv6 Security Vulnerabili3es and A7acks Inherent vulnerabili3es Less experience working with IPv6 New protocol stack implementa3ons Security devices such as Firewalls and IDSs have less support for IPv6
More informationInternet Addresses (You should read Chapter 4 in Forouzan)
Internet Addresses (You should read Chapter 4 in Forouzan) IP Address is 32 Bits Long Conceptually the address is the pair (NETID, HOSTID) Addresses are assigned by the internet company for assignment
More informationIPv6 Addressing. How is an IPv6 address represented. Classifications of IPv6 addresses Reserved Multicast addresses. represented in Hexadecimal
How is an IPv6 address represented represented in Hexadecimal Classifications of IPv6 addresses Reserved Multicast addresses How do we count? Base 10 numbering system (10 symbols) 0 9 Known as the decimal
More informationIndustry Automation White Paper Januar 2013 IPv6 in automation technology
Table of contents: 1 Why another White Paper IPv6?... 3 2 IPv6 for automation technology... 3 3 Basics of IPv6... 3 3.1 Turning point/initial situation... 3 3.2 Standardization... 4 3.2.1 IPv6 address
More information19531 - Telematics. 9th Tutorial - IP Model, IPv6, Routing
19531 - Telematics 9th Tutorial - IP Model, IPv6, Routing Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 06. January, 2011 Institute of Computer Science Telematics
More informationgianluca.verin verin@libero. @libero.itit Vicenza.linux.it\LinuxCafe 1
gianluca.verin verin@libero. @libero.itit Vicenza.linux.it\LinuxCafe 1 Agenda IPv6 Basics Connecting to 6Bone Why do we need IPv6? IPv6 Introduction-Transition IPv6 and open source community Future applications
More informationWindows 7 Resource Kit
Windows 7 Resource Kit Mitch Tulloch, Tony Northrup, and Jerry Honeycutt To learn more about this book, visit Microsoft Learning at http://www.microsoft.com/mspress/books/ 9780735627000 2009 Microsoft
More informationINLICHTINGEN DIENSTEN INLICHTINGEN DIENSTEN
Indien u hergebruik wenst te maken van de inhoud van deze presentatie, vragen wij u in het kader van auteursrechtelijke bescherming de juiste bronvermelding toe te passen. 17 juni 2014 De Reehorst in Ede
More informationHP 5120 SI Switch Series
HP 5120 SI Switch Series Layer 3 - IP Services Command Reference Part number: 5998-1810 Software version: Release 1505 Document version: 6W102-20121111 Legal and notice information Copyright 2012 Hewlett-Packard
More informationScaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1
Scaling the Network: Subnetting and Other Protocols Networking CS 3470, Section 1 Today CIDR Subnetting Private IP addresses ICMP, IMAP, and DHCP Protocols 2 Packet Encapsulation ** Creative Commons: http://en.wikipedia.org/wiki/file:udp_encapsulation.svg
More information100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
More informationIPv6 Security Best Practices. Eric Vyncke evyncke@cisco.com Distinguished System Engineer
IPv6 Best Practices Eric Vyncke evyncke@cisco.com Distinguished System Engineer security 2007 Cisco Systems, Inc. All rights reserved. Cisco CPub 1 Agenda Shared Issues by IPv4 and IPv6 Specific Issues
More informationInterconnecting Cisco Network Devices 1 Course, Class Outline
www.etidaho.com (208) 327-0768 Interconnecting Cisco Network Devices 1 Course, Class Outline 5 Days Interconnecting Cisco Networking Devices, Part 1 (ICND1) v2.0 is a five-day, instructorled training course
More informationSubnetting IPv4 and IPv6
Subnetting IPv4 and IPv6 Advanced Networking: Routing & Switching 1 Chapter 9 Copyleft 2013 Hacklab Cosenza (http://hlcs.it) Released under Creative Commons License 3.0 By-Sa Cisco name, logo and materials
More informationTransitioning a DoD Enterprise to IPv6
Case Study: Transitioning a DoD Enterprise to IPv6 Jeremy Duncan IPv6 Network Architect 6 July 2012 Agenda IPv6 Migration Justifications & Technical Goals Secure Implementation Approach Architecture, Design,
More informationIPv6 Protocols & Standards. ISP/IXP Workshops
IPv6 Protocols & Standards ISP/IXP Workshops 1 So what has really changed? Expanded address space Address length quadrupled to 16 bytes Header Format Simplification Fixed length, optional headers are daisy-chained
More informationIPv6 Network Reconnaissance:
IPv6 Network Reconnaissance: Theory & Practice Fernando Gont Overview IPv6 changes the Network Reconnaissance game Brute force address scanning attacks undesirable (if at all possible) Security guys will
More informationPersonal Firewall Default Rules and Components
Personal Firewall Default Rules and Components The Barracuda Personal Firewall comes with a default access ruleset. The following tables aim to give you a compact overview of the default rules and their
More informationTCP/IP Basis. OSI Model
TCP/IP Basis 高 雄 大 學 資 訊 工 程 學 系 嚴 力 行 Source OSI Model Destination Application Presentation Session Transport Network Data-Link Physical ENCAPSULATION DATA SEGMENT PACKET FRAME BITS 0101010101010101010
More informationHOST AUTO CONFIGURATION (BOOTP, DHCP)
Announcements HOST AUTO CONFIGURATION (BOOTP, DHCP) I. HW5 online today, due in week! Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 I. Auto configuration
More informationLearn About Differences in Addressing Between IPv4 and IPv6
> Learn About Differences in Addressing Between IPv4 and IPv6 IPv6 is the most recent generation of the Internet Protocol (IP) defined by the Internet Engineering Task Force (IETF). Initially defined in
More informationIPv6 First Hop Security Protecting Your IPv6 Access Network
IPv6 First Hop Security Protecting Your IPv6 Access Network What You Will Learn This paper provides a brief introduction to common security threats on IPv6 campus access networks and will explain the value
More informationIPv6 Diagnostic and Troubleshooting
8 IPv6 Diagnostic and Troubleshooting Contents Introduction.................................................. 8-2 ICMP Rate-Limiting........................................... 8-2 Ping for IPv6 (Ping6)..........................................
More informationTypes of IPv4 addresses in Internet
Types of IPv4 addresses in Internet PA (Provider Aggregatable): Blocks of addresses that may be sub-assigned to other ISPs or to other companies that also may leased the addresses to their customers May
More informationConfigure DHCP features benefits Differences BOOTP DHCP operation configuring verifying troubleshooting Configure N AT NAT features operation
Accessing the WAN Chapter 7 Objectives 2 Configure DHCP in an Enterprise branch network. DHCP features and benefits Differences between BOOTP and DHCP DHCP operation: and configuring, verifying, and troubleshooting
More informationINTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1)
INTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1) COURSE OVERVIEW: Interconnecting Cisco Networking Devices, Part 1 (ICND1) v2.0 is a five-day, instructor-led training course that teaches learners
More informationLab 10.4.1 IP Addressing Overview
Lab 10.4.1 IP ing Overview Estimated time: 30 min. Objectives: Background: This lab will focus on your ability to accomplish the following tasks: Name the five different classes of IP addresses Describe
More informationIPv6 en Windows. Juan Jackson Pablo García
IPv6 en Windows Ignacio Cattivelli Juan Jackson Pablo García Dual lstack Architecture t Application Layer TCP/UDP TCP/UDP Tcpip6.sys Tcpip.sys IPv6 IPv4 Network Interface Layer In Windows XP and Windows
More informationImplementation IPV6 in Mikrotik RouterOS. by Teddy Yuliswar
Implementation IPV6 in Mikrotik RouterOS by Teddy Yuliswar YOGYAKARTA, OCTOBER 09 10, 2015 TEDDY YULISWAR Introduction q MTCNA, MTCRE, MTCTCE, MTCINE q Place of Hanging out : - Politeknik Negeri Padang
More informationIPv6 Autoconfiguration Best Practice Document
IPv6 Autoconfiguration Best Practice Document Produced by the CESNET-led working group on IPv6 (CBPD117) Authors: Tomáš Podermański, Matěj Grégr August 2011 Original version 2011 English translation TERENA
More informationIPv6 Addressing. John Rullan Cisco Certified Instructor Trainer Thomas A. Edison CTE HS
IPv6 Addressing John Rullan Cisco Certified Instructor Trainer Thomas A. Edison CTE HS Stephen Lynch Network Architect, CCIE #36243 ABS Technology Architects 128-bit hexadecimal format (0-9, A-F) Uses
More informationConfiguring DHCP. DHCP Server Overview
Configuring DHCP This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP). For a complete description of the DHCP commands listed in this chapter, refer to the DHCP s chapter
More informationERserver. iseries. Networking TCP/IP setup
ERserver iseries Networking TCP/IP setup ERserver iseries Networking TCP/IP setup Copyright International Business Machines Corporation 1998, 2002. All rights reserved. US Government Users Restricted
More informationInterconnecting Cisco Networking Devices Part 2
Interconnecting Cisco Networking Devices Part 2 Course Number: ICND2 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: 640 816: ICND2 Course Overview This course
More informationNICS IPv6 Best Practices Guide
NICS IPv6 Best Practices Guide Recommendations for Deploying IPv6 Version: 1.3 Date: April 22, 2014 scott.hovis@nasa.gov Document Change Log Date Version Change Author Affected Section 1/15/2014 1.0 Scott
More informationICS 351: Today's plan
ICS 351: Today's plan Quiz, on overall Internet function, linux and IOS commands, network monitoring, protocols IPv4 addresses: network part and host part address masks IP interface configuration IPv6
More informationIPv6 Security Nalini Elkins, CEO Inside Products, Inc. nalini.elkins@insidethestack.com
1 IPv6 Security Nalini Elkins, CEO Inside Products, Inc. nalini.elkins@insidethestack.com Agenda Hackers are already aware of the security vulnerabilities in IPv6, and there are implications across all
More informationGB-OS Version 6.2. Configuring IPv6. Tel: +1.407.380.0220 Fax. +1.407.380.6080 Email: info@gta.com Web: www.gta.com
GB-OS Version 6.2 Configuring IPv6 IPv6201411-01 Global Technology Associates 3505 Lake Lynda Drive Suite 115 Orlando, FL 32817 Tel: +1.407.380.0220 Fax. +1.407.380.6080 Email: info@gta.com Web: www.gta.com
More informationCorresponding Auto Names for IPv6 Addresses <draft-kitamura-ipv6-auto-name-02.txt> Hiroshi KITAMURA NEC Corporation kitamura@da.jp.nec.
Corresponding Auto Names for IPv6 Addresses Hiroshi KITAMURA NEC Corporation kitamura@da.jp.nec.com 1 Introduction IPv6 address is too long and complicated to remember
More informationIPv6 Hands-on Lab. Faraz Shamim, Technical Leader Harold Ritter, Technical Leader. Toronto, Canada May 30, 2013
Toronto, Canada May 30, 2013 IPv6 Hands-on Lab Faraz Shamim, Technical Leader Harold Ritter, Technical Leader 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Prerequisites:
More informationIPv6 Security - Opportunities and Challenges
IPv6 Security - Opportunities and Challenges Thomas Scheffler Beuth Hochschule Berlin, Germany {scheffler@beuth-hochschule.de} The Basics Agenda 1 The Basics IPv6 Network Security ICMPv6 / Autoconfiguration
More informationIP Addressing A Simplified Tutorial
Application Note IP Addressing A Simplified Tutorial July 2002 COMPAS ID 92962 Avaya Labs 1 All information in this document is subject to change without notice. Although the information is believed to
More informationEric Vyncke, Distinguished Engineer, evyncke@cisco.com. 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
Eric Vyncke, Distinguished Engineer, evyncke@cisco.com 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Sometimes,
More informationNetworking 4 Voice and Video over IP (VVoIP)
Networking 4 Voice and Video over IP (VVoIP) Course Objectives This course will give delegates a good understanding of LANs, WANs and VVoIP (Voice and Video over IP). It is aimed at those who want to move
More informationIPv6 Network Reconnaissance:
IPv6 Network Reconnaissance: Theory & Practice Fernando Gont About... I have worked in security assessment of communication protocols for: UK NISCC (National Infrastructure Security Co-ordination Centre)
More information"Charting the Course...
Description "Charting the Course... Course Summary Interconnecting Cisco Networking Devices: Accelerated (CCNAX), is a course consisting of ICND1 and ICND2 content in its entirety, but with the content
More information640-816: Interconnecting Cisco Networking Devices Part 2 v1.1
640-816: Interconnecting Cisco Networking Devices Part 2 v1.1 Course Introduction Course Introduction Chapter 01 - Small Network Implementation Introducing the Review Lab Cisco IOS User Interface Functions
More informationSSVVP SIP School VVoIP Professional Certification
SSVVP SIP School VVoIP Professional Certification Exam Objectives The SSVVP exam is designed to test your skills and knowledge on the basics of Networking, Voice over IP and Video over IP. Everything that
More informationIPv6 Technology Overview Tutorial- Part I. Speaker: Byju Pularikkal Customer Solutions Architect, Cisco Systems Inc.
IPv6 Technology Overview Tutorial- Part I Speaker: Byju Pularikkal Customer Solutions Architect, Cisco Systems Inc. 1 Acronyms/Abbreviations DOCSIS = Data-Over-Cable Service Interface Specification CMTS
More information