IPv6: Difference between revisions

From Braindump
Jump to navigation Jump to search
VisualWikitext
No edit summary
 
(No difference)

Latest revision as of 12:11, 3 June 2025

OSI

Open Systems Interconnection was a joint workgroup with ISO and the ITU-T (former CCITT). OSI consists of a model and protocols.

ITU-T publishes the OSI model and protocols in Series X, Data networks and open system communications. The OSI model is defined in x.200

ISO publishes the same as ISO/IEC:7498

  • Part 1: The Basic Model
  • Part 2: Security Architecture
  • Part 3: Naming and addressing
  • Part 4: Management framework

The OSI protocols were designed as telecom grade data networks, by the national standardization organizations participating in ISO and national telecommunications bodies. The many standardization meetings created cumbersome and complicated, created over many years by committee. As a movement to create simpler network stacks, in the protocol wars, IETF created request for comments IPv4 rfc791 in 1981. Which got standardized as IETF STD-7. Though much greater emphasis is put on RFC's written by a small team of experts with input from the IETF members.

Ethernet

Gigabit Ethernet 1Gbps IEEE 802.1 consists of a MII and a PHY

1000BASE-TX PHY uses 4 cable pairs running on 125Mhz with PAM-5 modulation, which uses 5 differential voltage levels between the pairs

Hardware addresses for Ethernet, Wifi and Bluetooth are 6 byte MAC addresses (EUI-48)

The first 3 bytes (OUI) are the Vendor identifier

https://www.rfc-editor.org/rfc/rfc4291.html#appendix-A

EUI-48 can be translated to EUI-64 by inserting FF:FE and adding a bit in the 6th bit of the first byte (setting the first byte to 2) 

  |00            15|16            31|32            47|
  +----------------+----------------+----------------+
  |cccccc0gcccccccc|ccccccccmmmmmmmm|mmmmmmmmmmmmmmmm|
  +----------------+----------------+----------------+

  |00            15|16            31|32            47|48            63|
  +----------------+----------------+----------------+----------------+
  |cccccc1gcccccccc|cccccccc11111111|11111110mmmmmmmm|mmmmmmmmmmmmmmmm|
  +----------------+----------------+----------------+----------------+

A network interface should respond only to packets sent to it's unique MAC address and to broadcast messages. 

|Preamble | Start frame delimiter (SFD) | MAC destination | MAC source | 802.1Q tag (optional) | Ethertype or length | Payload  | Frame check sequence | Interpacket gap (IPG) |
|  7 byte |                      1 byte |          6 byte |     6 byte |                4 byte |              2 byte | 1500 byte|           4 byte CRC |               12 byte |


Most interfaces can also sniff the network traffic that reaches the interface in promiscuous mode.

IPv4

IPv4 uses ARP tables to map between IP addresses and Hardware Addresses

IPv4 is a network protocol on layer 3. It runs on layer 2 link (e.g. Ethernet) and it provides it's services to a layer 4 transport protocol (e.g. TCP, UDP or ICMP).

An IPv4 address is 4 byte long (32 bits) and it is split into a network and a host part. The netmask defines how many bits are used for the network and how many for the hosts.

An IPv4 address can be written in hexadecimal like 0A.00.00.01 or in decimal dot notation like 10.0.0.1

An IPv6 address is 16 byte long (128 bits)

IPv6 addresses use the hexadecimal colon notation: FE80::1, where :: represents a long string of zero's

IPv4 can have only one address per interface, but you can define an alias

IPv6 has by default a link-local address (FE80::) and it can have a temporary IPv6 address which can be changed frequently and an assigned address.

IP nodes can reach other nodes in the same network and reach other networks when it can route to a gateway. Where the gateway is connected to two networks and has an IP address in the two networks.

The network part has to be identical for the hosts to be in the network and the host part must be unique inside the same network.

IP routing is hop by hop, an IP packet is forwarded from one host to another

The host has a route table, which maps which network interface can connect to other hosts.

The host may have a default route which can route to the next hop

route tables are (always/mostly?) chosen based on the longest matching prefix

IPv4 has to use NAT tables to track each connection and translate between two networks, where the NAT Gateway tracks each network connection in a table and changes the IP addresses and TCP or UDP ports for every packet that matches the filter.

A NAT is a workaround to use one IP address for a group of computers. The tradeoff is that each incoming and outgoing TCP/IP and UDP/IP packet needs to be rewritten.

NAT works as a firewall where no connections can be initiated from the outside network

In IPv6 this is easily done with a single firewall rule.

Binary and Hex

Decimal counting goes to 10. Hexadecimal counts to 16. It uses the numbers 0-10 and then A,B,C,D,E,F. Computers use binary counting with bit 0 or 1 and 4-bit groups can be expressed in hexadecimal.

BIN DEC HEX size
0000 0 0 bit
0001 1 1 bit
0010 2 2
0011 3 4
0100 4 4
0101 5 5
0110 6 6
0111 7 7
1000 8 8
1001 9 9
1010 10 A
1011 11 B
1100 12 C
1101 13 D
1110 14 E
1111 15 F nible
0001_0000 16 10
0001_0001 17 11
0111_1111 127 7F
1000_0000 128 80
1111_1111 255 FF byte
1_0000_0000 256 100
1_1111_1111 512 1FF
1_1111_1111 1023
10_0000_0000 1024 1000 kilo byte
11_1111_1111

Two characters together is a byte 1000 0000 is 0x80 and 1111 1111 is 0xFF is 255

IPv6 Addresses

IPv6 Addresses are 128 bits long, written down in 8 times 2 bytes long separated by a colon, 2 colons to shorten a long row of zero's ::1 means loopback address, so "own interface"

Mask

How many bits belong to the network. It is used for routing

FE80::/10 is used for local communication.

FF01::/16 is used for Multicast addresses, where the network gets to decide which service is closest.

2001::/16 is used for Global Unicast Addresses.

The mask /16 defines how many bits are used for the network part. The rest is the host part, routing works on the network part

Each interface has one or more addresses. The link will have a default fe80 address which is not routable outside the link scope 

fe80::7c0e:e6ff:fe7b:40f0/64
fe80 is link-local address
ff:fe (plus the first 'bit') makes eui-48 mac an eui-64
rfc8064 replace the address with a hash

The gateway gets an IP address from the provider. Global address starts with 2001, the provider is abcd, the subnet is efg0, the 

2001:db8:efg0:1234::1/128
/16 2001 is for unicast addresses
/48 0db8 is for the providers, db8 specifically is for documentation
/56 efg0 is for the subnet-id
/64 bits for end users to subdivide

Scope

%5

clients

Google Android does not support DHCPv6. It must use SLAAC for assigning IPv6 addresses. SLAAC must use /64 prefixes with EUI-64 host addresses.

OPNSense - WAN IPv6 DHCP Client: Request Prefix-only - LAN IPv6 track WAN, Prefix-ID 0x0

IPv6 Prefix ID

Manual configuration V

DUID

https://askubuntu.com/questions/1198955/how-can-i-change-my-ubuntus-ipv6-duid

https://man7.org/linux/man-pages/man5/machine-id.5.html


DHCPv6 Configured

a000 - ::f000

/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog

/var/etc/rarvd.conf 

       foreach ($stanzas as $stanza) {
           $radvdconf .= "#\tprefix {$stanza} {\n";
           $stanza = strtok($stanza, '/');
           $stanza = $stanza."/64";
           $radvdconf .= "\tprefix {$stanza} {\n";

Stanza should have included Prefix-ID to make it /64


https://github.com/opnsense/docs/blob/master/source/manual/ipv6.rst

https://github.com/opnsense/docs/blob/master/source/manual/radvd.rst

src/etc/inc/plugins.inc.d/dhcpd.inc

list (, $networkv6) = interfaces_primary_address6($dhcpv6if, $ifconfig_details); if (is_subnetv6($networkv6)) { 

   $stanzas[] = $networkv6;

} $stanzas[] = "{$subnetv6}/{$vip['subnet_bits']}";

https://github.com/opnsense/core/blob/master/src/etc/inc/plugins.inc.d/dhcpd.inc#L353

Add If statement to replace prefix to /64


IPv6

assign IP address

Setup routes

DNS servers

DHCPv6

SLAAC

M Managed Flag, advertise dhcpv6 exists

O Other Flag, use DHCP to assign other parameters

A Autonomous, use SLAAC Prefix to use EUI-64 and Privacy address

Prefix must be /64

Retrieved from "https://www.janmg.com/wiki/index.php?title=IPv6&oldid=1799"