Managing Address Space with NAT and IPv6

Inside local address – Private internal non routable addresses.

Inside Global Address – Public Address of the router/site.

Outside Local Address – Public address of a host as it appears to the internal network (may be natted).

Outside Global Address – The public P address of a host on the internet (outside your organisation).

Static NAT – Maps Private IP to public IP (1 to 1)

Dynamic NAT – Maps private IP to public IP from a pool of public addresses (address block)

NAT Overloading – Maps private IP’s to single public IP (single to many) on different ports.  Also know as PAT (form of dynamic NAT).

PAT attempts to use the original port, if this is in use it moves to the next available port.  If there are no ports available it will move to the next available public IPand try the ports again.

Resolving Issues

  • Check inbound ACL’s
  • Check ACL is allowing NAT correctly
  • Enough addresses in the pool?
  • NAT inside/outside is applied to the correct interfaces
  • The hits counter in sh ip nat statistics shows that translation is occurring

Transitioning to IPv6

IPv6 Addresses:

  • Leading )’s are optional
  • Successive 0’s can be shortened to :: only once per address
  • Unspecified address is written as :: as it contains only zeros

Broadcasting does not exist in IPv6, this is replaced with multicast and anycast.

Anycast is a cross between unicast and multicast.  Anycast sends a packet to any one member of the group of devices with an anycast address.

At this time anycast address must only be assigned to a IPv6 router.

Global Addresses – Public IP address

Reserved Addresses – Represent 1/256th of the total IPv6 address space.

Private Addresses – Have the first octet value of “FE” with the next hex digit between 8 and F.

Site Local Addresses – Similar to private v4 addresses.  Have a scope of entire site or organisation.  Begins with either:  FEC, FED, FEE or FEF

Link Local Addresses – Used on a particular physical network segment and are NOT routable.  Used for auto address configuration, neighbour discovery and router discovery.

Loopback Address – Single address not a whole block.   Represented as ::1

All zero IPv6 address refers to the host itself when seeking auto config.

Globacl unicast addresses are defined by the Global routing prefix, a subnet ID and an Interface ID.

IANA is currently allocating IPv6 address space in the range of 2001::/16 to the registries.

IPv6 Datalink layer Support

  • Ethernet
  • PPP
  • HDLC
  • FDDI
  • Frame Relay
  • Token Ring
  • ARCNet
  • NBMA
  • ATM
  • IEEE 1394

Datalink layer defines how IPv6 interface identifiers are created and neighbour discovery deals with datalink layer address resolution.

IPv6 Addressing: 2001:0050:0000:0000:0000:0AB4:1E2B:98AA

Rule 1: Eliminate groups of consecutive zeros, this can be done once per address eg: 2001:050::0AB4:1E2B:98AA

Rule 2: Drop leading zeros eg: 2001:50::AB4:1E2B:98AA

Interface identifiers can be though of as the host portion of an IPv6 address, they are used to identify interfaces on a link.

IPv6 Addresses can be assigned by:

  • Statically using a manual interface ID – statically assign both the prefix (network) and interface ID (host)
  • Statically using an EUI-64 interface ID – configure the prefix (network) and derive the interface ID (host) from the layer 2 MAC address of the device.
  • Statless auto configuration – For non pc devices as well as PC’s and to help reduce administration overhead.
  • DHCP for IPv6 – Used in conjunction to statless auto configuration

IPv6 Routing

You must enable IPv6 before unicast routing protocol or static IPv6 route will work. (ipv6 unicast-routing)

RIPng (Next Generation is based off RIPv2 (IPv4)

  • Uses IPv6
  • Sends updates on port 521
  • Includes IPv6 prefix and next hop IPv6 address

Strategies for IPv6 Implementation

Dual Stack – IPv4 and IPv6 connectivity

Tunneling

  • IPv6 over IPv4, v6 encapsulation over v4 requires dual stack routers
  • Dynamic 6 to 4 – IPv6 tunnel over IPv4

Intra Site Tunnel Addressing Protocol (ISATAP) – Uses IPv4 as a link layer to tunnel IPv6 over

Terredo – Host to host automatic tunneling.

Proxying and Translation (NAT-PT) -Translation or proxy of IPv6 to IPv4 or IPv4 to IPv6.

Configuring IPv6

  • Activate IPv6 traffic forwarding
  • Config each interface that requires IPv6
  • IPv6 traffic forwarding is disabled by default
  • Link local address is auto configured when an address is assigned to an interface
  • Host names are assigned with ipv6 host <name>

Configure/Verify RIPng for IPv6

  • Syntax is similar/identical to IPv4
  • No network command instead ipv6 rip (tag) enable
  • Enable on interface using the same tag as when you started the instance

 

 

Facebooktwitterlinkedinby feather

Leave a Reply