Thursday, April 28, 2011

We are going to build our first IPv6 network. We will configure first two routers and then we will connect a host to C00 and test network connectivity. Although we do not need so many hosts we will use a 112 netmask for simplicity. This way we will have to care only on the last block of the IPv6 address.



|| Router || Interface || IP ||
| C00 | Fa0/0 | 2001:DB8::1/112 |
| C00 | Fa0/1 | 2001:DB8::1:1/112 |
| C01 | Fa0/0 | 2001:DB8::2/112 |
| Host | Fa0/0 | 2001:DB8::1:2/112 |

Although the host is represented by a router we will use it only to test connectivity. First, we will configure the devices, do not forget to enable the interfaces!. On C00:


C00(config)#int Fa0/0
C00(config-if)#ipv6 address 2001:DB8::1/112
C00(config-if)#int Fa0/1
C00(config-if)#ipv6 address 2001:DB8::1:1/112


On C01:

C01(config-if)#int Fa0/0
C01(config-if)#ipv6 address 2001:DB8::2/112


Finally, on the Host:


Host(config)#int Fa0/0
Host(config-if)#ipv6 address 2001:DB8::1:2/112


Let's try to ping from C00 both C01 and the Host:


C00#ping 2001:DB8::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/11/24 ms

C00#ping 2001:DB8::1:2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::1:2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms


Let's see, however, what happens if we ping C00 and C01 from Host. We will add first a static network on Host to reach the network 2001:DB8::0/112 through the IP 2001:DB8::1:1 and a route back to the host on C01 using C00 as a next-hop:


C01#conf t
Enter configuration commands, one per line. End with CNTL/Z.
C01(config)#ipv6 route 2001:DB8::1:0/112 2001:DB8::1
C01(config)#end

Host#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Host(config)#ipv6 route 2001:DB8::0/112 2001:DB8::1:1
Host(config)#end
Host#ping 2001:DB8::1:1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::1:1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/5/12 ms
Host#ping 2001:DB8::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Host#


It seems we can not ping C01 using C00 as a router, let's debug ipv6 packets on C00:


C00# debug ipv6 packets
*Mar 1 00:36:35.407: IPV6: source FE80::C604:57FF:FE97:1 (local)
*Mar 1 00:36:35.407: dest FE80::C60A:57FF:FE97:0 (FastEthernet0/1)
*Mar 1 00:36:35.407: traffic class 224, flow 0x0, len 72+8, prot 58, hops 255, originating
*Mar 1 00:36:35.407: IPv6: Sending on FastEthernet0/1
*Mar 1 00:36:35.411: IPV6: source FE80::C60A:57FF:FE97:0 (FastEthernet0/1)
*Mar 1 00:36:35.411: dest FE80::C604:57FF:FE97:1
*Mar 1 00:36:35.411: traffic class 224, flow 0x0, len 64+14, prot 58, hops 255, forward to ulp
*Mar 1 00:36:36.919: IPV6: source 2001:DB8::1:2 (FastEthernet0/1)
*Mar 1 00:36:36.919: dest 2001:DB8::2 (FastEthernet0/0)
*Mar 1 00:36:36.919: traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, not a router?
*Mar 1 00:36:38.923: IPV6: source 2001:DB8::1:2 (FastEthernet0/1)
*Mar 1 00:36:38.923: dest 2001:DB8::2 (FastEthernet0/0)
*Mar 1 00:36:38.923: traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, not a router?
*Mar 1 00:36:40.919: IPV6: source 2001:DB8::1:2 (FastEthernet0/1)
*Mar 1 00:36:40.919: dest 2001:DB8::2 (FastEthernet0/0)
*Mar 1 00:36:40.919: traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, not a router?
*Mar 1 00:36:42.923: IPV6: source 2001:DB8::1:2 (FastEthernet0/1)
*Mar 1 00:36:42.923: dest 2001:DB8::2 (FastEthernet0/0)
*Mar 1 00:36:42.923: traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, not a router?
*Mar 1 00:36:44.919: IPV6: source 2001:DB8::1:2 (FastEthernet0/1)
*Mar 1 00:36:44.919: dest 2001:DB8::2 (FastEthernet0/0)
*Mar 1 00:36:44.919: traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, not a router?


Not a router? We have to enavle 'ipv6 unicast-routing' just like in the old days. Let's do it and try again:


C00(config)#ipv6 unicast-routing

C01(config)#ipv6 unicast-routing

Host#ping 2001:DB8::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/13/24 ms


If you were still debugging ipv6 packets when you enabled the ipv6 routing you could see that the router started advertising itself as a router on the local-link network:


*Mar 1 00:39:04.103: IPv6: Sending on FastEthernet0/0
*Mar 1 00:39:04.103: IPV6: source FE80::C604:57FF:FE97:1 (local)
*Mar 1 00:39:04.103: dest FF02::1 (FastEthernet0/1)
*Mar 1 00:39:04.103: traffic class 224, flow 0x0, len 104+1396, prot 58, hops 255, originating
*Mar 1 00:39:04.103: IPv6: Sending on FastEthernet0/1
*Mar 1 00:39:08.271: IPV6: source FE80::C604:57FF:FE97:0 (local)
*Mar 1 00:39:08.271: dest FF02::1 (FastEthernet0/0)
*Mar 1 00:39:08.271: traffic class 224, flow 0x0, len 104+1396, prot 58, hops 255, originating


We will talk about this later on another post.

So, we already built our first IPv6 network. On future posts we will continue growing this network adding a more of functionalities and testing capabilities.
Posted by at No comments:

Tuesday, April 26, 2011

Introduction to IPv6

With the announcement of the last IPv4 block being handled we all should start working with IPv6 as we are used to work with IPv4. For this reason I am going to do all my posts with IPv6 unless IPv4 is explicitly required. This way I will train myself with IPv6 and I will give you some hints that you will be able to use in the future.

Reserved block for documentation



The IETF reserved and IPv6 block for documentation purposes which is 2001:DB8::0/32. This block should not be advertised by any provider and defined as non-routable. You can find more details on the RFC3849.

How to use IPv6



IPv6 uses 8 blocks of 16 bits each for the address space which means that we have to deal with a larger IP address. However, there is a technique to make easier our task.

If we return to our reserved block for documentation 2001:DB8::0/32 you will note that all 8 blocks are not specified. This is because IPv6 address can be compressed without loosing information:


  • Leading 0's can be ignored. Our block representing DB8 is an example, the full block is 0DB8 but we do not need to represent it.

  • One or more groups of four 0's can be omitted *ONCE*. This is very delicate, in our example we are compressing 5 blocks of four 0's with a single '::'. We can do this because we are defining two blocks and with this information we know without any doubt that the remaining blocks have to be 0000 if we want to complete the 8 blocks. If we had an IP like 2001:DB8:0:0:1:0:0:0 we could compress only one of the two groups if we want to complete the 8 blocks without any doubt, you have use either 2001:DB8::1:0:0:0 or 2001:0DB8:0:0:1::0, or even 2001:DB8:0:0:1::


This has been a very quick introduction for IPv6. Internet is full of information if you want to complete your IPv6 training. The purpose of this post to inform that I will try to use IPv6 for the labs and do a quick introduction to IPv6 addressing and nomenclature.
Posted by at No comments:
Labels:

Wednesday, April 20, 2011

Hello Network!

I have been playing with the idea of starting this blog for a long time.
I have finally decided to start posting some of the labs I have been
doing to share my experience with everyone interested and to have some
kind of self-documentation stored somewhere.

I will be dealing with networking labs, primarily with Cisco routers and
switches but you will probably see also labs with Foundry and Juniper
devices. I hope I can write at least a post per week but I am not
promising you anything ; )

See you around!

Posted by at No comments:
Subscribe to: Posts (Atom)