IPv6 Tunneling

Leave a comment

Lanjutin yang kemaren (nyobain seberapa powerful Packet Tracer v6 Beta…hasilnya Error pas tunneling…balik lagi dah ke GNS3 hahaha)

Ada 3 cara Integrasi IPv6 ke IPv4

  1. Dual Stack (Preferred)
  2. Tunneling (Optional, if Dual Stacking not available)
  3. NAT-PT (klo uda ga bisa semua)

Untuk dual stack itu paling gampang, konsepnya adalah…1 interface jalanin 2 IP Protocol sekaligus (IPv4 dan IPv6 jalanin bersamaan)

Untuk Tunneling…klo Network IPv6 kita mau ngalirin packet yang ngelewatin Network yang hanya bisa IPv4, Konsepnya “dual stack where you can, tunneling if you must

Untuk NAT-PT, sama kek NAT biasa, Cuma klo NAT biasa ngerubah IP Private-Public, klo NAT-PT ngerubah IPv4-IPv6

The good news is…NAT-PT IS DEAD !!!!…yes…dead (haha…pusing gw)…according to RFC 4966

So, tinggal Tunneling yang masi optional

=================================

IPv6 Tunneling Types

Tunneling IPv6 ada beberapa macam:

  • GRE
  • IPv6IP
  • IPv6IP Auto
  • 6to4
  • 6rd
  • Teredo
  • ISATAP

Oke…kita pake topologi kek gini

Klo tunnelnya berhasil..nanti hasilnya kek gini (R1 dapet rute ke 4::4/128-nya R4, vice versa)

================================

GRE Configuration

GRE itu kan tunneling “generik”, tentuin aja source and destination…selese

Salah satu keuntungan dari GRE ini adalah dia bisa tunneling protocol selain IP (bisa IPX, AppleTalk, dll)

Klo mo lebih spesifik…pake tunneling IPv6IP

Contoh konfigurasi R2 & R3

Penjelasan:

  • Create interface tunnel, pasang IPv6 address, ketik IPv6 enable (buat OSPFv3)
  • Ip address tunnel-nya sih bebas aja pake IP yang mana, TAPI HARUS 1 NETWORK dengan interface tunneling yang diujung satunya lagi (klo ga sama, ga bisa keluar dari tunnel)
  • Dan JANGAN LUPA, IP address tunneling-nya DIMASUKIN ke proses routing yah (masukin ke proses OSPF juga klo disini)…efek nya juga sama = ga bisa keluar dari tunnel
  • Pasang tunnel source dan destination
  • Source-nya R2 adalah interface Fa1/0 (interface yang ke arah IPv4 network, bukan Fa0/0 yang ke arah IPv6 network), bisa juga pake IP dari interface-nya
  • Destination-nya si R2 adalah IPv4 interface-nya router perbatasan/boundary router IPv4 ke IPv6 satunya lagi (ya si R3 itu)
  • Untuk R3…source and destination-nya ya kebalikan dari R2

Cek interface tunnel…pake show interface tunnel

============================================

IPv6IP Configuration

Tambahin aja command tunnel mode ipv6ip (di R3 juga)

Klo mode tunneling-nya beda gimana
?? ya ga jalan…

Hasilnya…di line paling bawah

===========================================

IPv6IP Auto Configuration

Nah…IPv6IP yang Auto, ISATAP, dan 6to4…ga perlu pake tunnel destination

Why ?? because these type of tunneling is developed for point-to-multipoint networks

Penjelasan:

  • Tidak ada tunnel destination disini, langsung pake ipv6ip auto-tunnel
  • Ketika kita memutuskan untuk auto-tunnel…maka router akan mengambil 32 bit dari 128 bit-nya IPv6 untuk jadi IP interface tunnel (sisanya jadi /96)
  • Just take a look -> ::23.23.23.2 , tanda “::” itu /96/32 sisa nya diambil dari ip address Fa1/0-nya si R2 (IPv4 yang ke arah router yang punya tunneling alias R3)
  • Kita juga harus nambahin static route (ato default route kek diatas) untuk ke Network lain yang ada disisi boundary router diujung satunya lagi

Sebelum ada ipv6 route

R2 uda bisa ke alamat IPv6IP auto-tunnel nya si R3, tapi kita coba ke 4::4 (IPv6-nya si R4)

Nah…tambahin static route (ato default route kek dibawah)

pake dynamic route ga bisa…klo ada yang bisa, kasi tau yaks…

Show interface tunnel

Kenapa ga bisa pake dynamic…karena topologi tunneling yang memakai konsep point-to-multipoint memakai IP Link-Local address untuk neighbor discovery nya (masalahnya Link Local address-nya ga bisa “dipasangin” ipv6 router ospf..hahah)

======================================================

6to4 Configuration

Ini metode untuk meng-encapsulasi IPv6 Header kedalam IPv4 Header, supaya bisa dibaca dan di terima oleh Network yang hanya menggunakan IPv4

Sebenernya ada lagi metode mirip2 kek 6to4…ada 6in4, 6over4, 4in6, 6rd

Yang menarik disini adalah…6to4 HARUS pake IP 2002::/16 demi alasan security (RFC 3964, walaupun di LAB mah bisa2 aja

Penjelasan:

  • Karena ini 6to4, kita harus pasang IPv6 address
  • *IPv6 address-nya adalah IPv6 hasil konversi dari IP interface source, Dan harus IP itu yang dipasang
  • /64 adalah prefix standar untuk IPv6 hasil “konversi” dari IPv4
  • Ini juga sama…ga bisa pake dynamic (soalnya point-to-multipoint alias ga ada tunnel destination-nya…UNKNOWN)
  • Ga percaya? Silakan coba pake IPv6 asal2an trus pake routing dynamic…ga akan jalan

Karena ga bisa pake dynamic routing protocol, kita harus pake static lagi untuk ke “ujung” network

Notice..disini kita pake static route dengan next-hop IPv6 punya interface tunnel router sebrang sana

*IP 23.23.23.2 klo di konversi ke IPv6 jadi 1717:1702

(konversi dari Desimal ke Binary kita uda banyak yang tau, tapi klo dari Desimal ke Hex?!? Nanti kapan2 gw coba jelasin deh)

===============================================

6rd Configuration

Ini belum gw coba, fitur ini Cuma ada di IOS 15 keatas (masi nyari IOS 15 nya gw *hiks*)

6rd alias IPv6 Rapid Development adalah fitur tunneling baru di IOS 15, ini contoh config-nya dari Cisco

Ato mo contoh yang punya Indra (gw ngubek2 6rd…ketemunya blog elu, lagi bahas 6rd juga)

Senangkepnya gw…6rd adalah turunannya 6to4 tunneling, Cuma kita bisa naro IP dan Prefix kita sendiri buat dijadiin prefix (soalnya 6to4 HARUS PAKE 2002::/16), jadi ISP bisa lebih flexsibel dalam ngatur IPv6 addressingnya,bener ga Ndra?!

===============================================

ISATAP Configuration

ISATAP stand for Intra-Site Automatic Tunnel Addressing Protocol

Gunanya apa nih?? Klo 6to4 untuk menghubungkan 2 IPv6 network yang berbeda (ISP berbeda mungkin)…ISATAP untuk network yang sama (Cuma kepisah sama IPv4)

Itu doang?? Ga dong..6to4 harus pake IP 2002::/16, klo ISATAP bisa pake IPv6 apa aja !! (plus bisa pake EUI-64)

Nyok…kita coba ping IP tunnel R3 dari R2 (show ipv6 interface brief dulu)

Tadi kita Cuma nge-set 23::/64…nah tambahannya dari FE80 tuh…

Berhasil tanpa perlu ipv6 route

Tapi untuk ke 1::1 ato ke 4::4 nya ya butuh Static Route lagi -_-;

(bikin aja…sama kok pola-nya dengan 6to4 untuk static route end-to-end)

===============================================

TEREDO Configuration

TEREDO digunakan untuk device2 yang bisa make IPv6 secara keseluruhan (fitur lengkap) tapi koneknya Cuma ke IPv4 Network

Microsoft pake ini kok untuk O/S nya (yang actual ya Vista dan Win7)

Trus konfig-nya mana bos ?? kaga ada…ga ketemu konfig nya, hahaha

IPv6

3 Comments

Beberapa waktu yang lalu kita membahas yang namanya IPv4, sekarang gw akan coba membahas IPv6

Okeh..pertanyaannya adalah…kenapa IPv6 ??? ada apa dengan IPv6 ?? atau kenapa dengan IPv4 ???

Jawabannya adalah: IPv6 dibentuk karena persediaan IPv4 sudah mulai menipis

Bahkan stok IPv4 di Amerika dan Asia sudah habis kalo ga sala, yang masih BANYAK (sekitar 70% masi bisa kepake)… Itu di Afrika, silakan bikin ISP disana :P

Yang dimaksud habis disini adalah Public IP…liat2 lagi deh apa itu public IP dan private IP

Perbedaan IPv4 dan IPv6 in picture (gambar ini gw bikin sendiri yah…)

  • 1039 itu sangat-sangat banyak….enough for people all around the world, jadi setiap devices yang BISA terhubung ke internet ada IP tersendiri
  • Bit size 128 bit untuk IPv6, banyak yah ?? ya…aga makan bandwidth…tapi worth it, dari pada 32 bit yang notabene “hanya” menghasilkan 4 milyar address
  • Karena IPv6 ini sangat banyak…keharusan memakai NAT seperti IPv4 tidak terlalu dipusingkan lagi….langsung bisa terhubung ke jaringan deh pokoknya..langsung internetan…
  • Karena address yang banyak ini….tiap devices BIASA nya sudah dikasi IP….jadi nanti mirip2 sama MAC address yang sudah “embedded” alias uda “ketanem” di dalam alatnya
  • IPv4 mengenal adanya broadcast, hal ini hilang di IPv6 karena ketika host mengirimkan broadcast, network akan banyak terbebani (broadcast = kirim paket semua devices yang ada di satu network), di IPv6 dikenal namanya anycast,
    sebuah host ketika mencari tujuan di lingkungan nya biasanya memakai broadcast…devices2 bukan yang dituju tidak akan merespon, tetapi device yang dituju akan merespon balik….dalam istilah anycast…ketika sebuah host mencari tujuan, dia akan melemparkan pencarian ke node/host/devices terdekat, yang mana adalah GATEWAY….dari gateway inilah dikirimkan ke host tempat tujuan
    • Anycast Features:
      • Multiple Devices Share the same address
      • Semua anycast node harus menyediakan servis yang serupa
      • Ketika source send packet ke anycast address –> router decided the packet path…obviously to the closest device to source
      • Cocok untuk load balancing dan content delivery service
      • Anycast use LLDP (Link Layer Discovery Protocol), kek CDP juga…so…the closest..or the nearest..or the lowest MAC address is likely to be anycast direction destination

IPv6 Enhancement

IPv6 Enhancement:

  • Enhanced IP addressing
    • Improved global reachability and flexibility
    • Better aggregation of IP prefixes announced in routing tables (route summarization is better than IPv4)
    • Multihoming, a technique to increase the reliability of the Internet connection of an IP network. With IPv6, a host can have multiple IP addresses over one physical upstream link. For example, a host can connect to several ISPs.
    • Autoconfiguration that can include data link layer addresses in the address space (ada MAC address didalam IPv6 nya)
    • Plug-n-Play option for more devices…gw ga tau ni cara kerjanya…
    • Public-to-private, end-to-end readdressing without address translation. This makes peer-to-peer (P2P) networking more functional and easier to deploy
    • Simplified mechanisms for address renumbering and modification
  • Simplified header

    • Diatas adalah header dari IPv4 dan 6, IPv4 header ada 20 octet (1 oktet 8 bit) dan 12 basic header fields (liat digambar atas..selain option dan padding…ada 12 kolom = fields), yang diikuti oleh field option dan data portion (biasanya segment dari transport layer). Sedangkan IPv6 ada 40 oktet dan 3 IPv4 basic header fields (version, source addr, dan dest addr), dan 5 additional header fields.
    • Simplified header dari IPv6 ini mempunyai beberapa advantages like:
      • Better routing efficiency for performance and forwarding-rate scalability
      • No broadcasts and thus no potential threat of broadcast storms
      • No requirement for processing checksums (don’t ask me…I don’t know either)
      • Simplified and more efficient extension header mechanisms
      • Terdapat flow labels per flow processing untuk menghilangkan kebutuhan membuka transport inner packet (segment) to identify various traffic flows.
  • Mobility and security
    • Mobility…all devices network-connected wannabe can connect without additional IP configuration
    • IPsec is available for both IPv4 and IPv6. Although the functionalities are essentially identical in both environments, IPsec is mandatory in IPv6, making the IPv6 Internet more secure.
  • Transition richness
    • Currently, there are three main approaches:
      • Dual stack (IPv6 and IPv4 network…run at the same time..so if packet goes through IPv4 only network, it still can be accepted)
      • 6to4 tunneling (IPv6 data encapsulated with IPv4 packet…so the IPv4 network will “see” the packet is IPv4 data)
      • NAT-PT, ISATAP tunneling, and Teredo tunneling (last resort methods)…later we’ll talk about it (later nya kapan2…gw jg blum terlalu ngerti…”wah….rada-rada yang nulis artikel nih…wkwkwkwk“)

IPv6 Addressing Scheme

Now let’s talk about IPv6 addressing format

Eheheh..again…this is the header…

Tapi klo lo Tanya ke gw…chart header kek ginian buat apa…

Gw Cuma bisa bilang..ini semacam visualisasi…biar bisa dibaca oleh kita…intinya si 0101011010101 (binary digit…bahasa yg dimengerti mesin), Cuma representasi dari binary digit ini yang dibikin chart

Example of IPv6 address: FF01:0:0:0:0:0:0:1

Angka 0 bisa kita sorted out (or sorted in…whatever…NO GRAMMAR NAZI please)

So…it will become FF01::1

Another example

E3D7:0000:0000:0000:51F4:00C8:C0A8:6420 becomes E3D7::51F4:C8:C0A8:6420

3FFE:0501:0008:0000:0260:97FF:FE40:EFAB becomes 3FFE:501:8:0:260:97FF:FE40:EFAB becomes 3FFE:501:8::260:97FF:FE40:EFAB

So now You understand ?? the Zero (0) in front can be excluded to save space (and save the energy of writing :P )

Jujur aja…ngapalin IPv4 aja males…walaopun inget….kek 192.168.1.1 ,IPv6 ??? no way…there is (in my opinion)…should be RFC or Request for Comment for translating IPv6 to Human readable and remember-able to human…just like DNS….converting IP such as 202.134.123.123 to www.whatever.com

Dan satu lagi…. “::” hanya boleh satu kali dalam suatu IPv6 address

Contoh:

2031:0000:130F:0000:0000:09C0:876A:130B

Salah = 2031::130F::09C0:876A:130B

Benar = 2031::130F:0000:0000:09C0:876A:130B

Benar = 2031:0:130F::09C0:876A:130B

Global Unicast Address (GUA)

Global Unicast Address: IPv6 itu adalah “globally unique”, it can be routed globally without modification…that’s mean no NAT. it shares the same address format like IPv6 anycast address. GUA (global unicast address) ini di assign oleh IANA (organisasi yang ngatur IPv4 juga)

IPv6 mempunyai format alamat yang memungkinkan untuk address aggregation upward eventually to ISP. Global Unicast Addresses dari IPv6 biasanya terdiri dari 48-bit prefix dari global routing dan 16-bit subnet ID. Perusahaan/organisasi individual bisa menggunakan 16-bit subnet field untuk menciptakan hirarki pengalamatan IPv6 mereka sendiri. Field ini memungkinkan organisasi untuk menggunakan sampai 65,535 individual SUBNETS..bukan host.

So..the first /23 bit..is for registry, so..different registry such as ARIN, APNIC, RIPE, LACNIC, dan AfriNIC get the first /23 bit (so in the future we now where is the origin of the unknown IP)

The next 9 bit (or /32 bit..plus the registry) is for ISP…ISP in region of Official Registry of course (APNIC, ARIN, etc.)

16 bit next (/48) is for site prefix…for site (situs) yang dikelola oleh ISP

And then 16 bit next (/64) is for subnet prefix…each subnet has its own unique prefix IPv6 address

The rest 64 bit is for interface ID…which is MAC address

Local Unicast Address (LUA)

Adalah address yang diciptakan memang ruang lingkupnya dikonfigurasi unique on that link only,
dan tidak dapat di route keluar dari link tersebut…just like private IP in IPv4

But there’s two type of LUA (site local and link local):

  • Site-local Address: it’s more likely same compared to IPv4 private IP addresses…but I think this is obsolete…WHY CREATE PRIVATE IP WHEN WE HAVE IPv6 ??? *
  • Link-local Address: to make it easier…Router communicate network to another with IP Addresses…when in the same network…just use MAC Address by switch…it’s logically same like link-local addresses…this address only used in intra network only…not to inter network
    • Kegunaannya untuk komunikasi antar link seperti automatic address configuration, neighbor discovery, and router discovery (not using MAC address again I guess)
    • Site-local address tipically use IPv6 address begin with “FE” then followed by “C” to “F”…for example…”FEC”, “FED”, “FEF”, and “FEF”
    • Link-local address tipically use IPv6 address begin with “FE” then followed by “8” to “B”…for example…”FE8″, “FE9″, “FEA”, and “FEB” (what happen with the rest of them, like…0 to 7…don’t ask me…I don’t know either)
  • Loopback Address, tipically…this Loopback address IS NOT local unicast address…but Reserved Address…but anyway…IPv4 use 127.0.0.1 for IP loopback testing, in IPv6…they use 0:0:0:0:0:0:0:1…or can be shorten as ::1
  • Unspecified Address, in IPv4, an IP address of all zeroes (0.0.0.0) has a special meaning; it refers to the host itself, and is used when a device does not know its own address. In IPv6, this concept has been formalized, and the all-zeroes address (0:0:0:0:0:0:0:0) is named the “unspecified” address. It is typically used in the source field of a datagram that is sent by a device that seeks to have its IP address configured. You can apply address compression to this address; because the address is all zeroes, the address becomes just “::“.

Special IPv6 Address

  • :: /128 = unspecified address…hanya untuk software
  • ::1 /128 = loopback..IPv4 kan 127.0.0.1
  • 2001:db8:: /32 = example for testing…di dokumentasi tentunya
  • FE80:: /10 = link local
  • FF00:: /18 = multicast

IPv6 Address Management

You can assign an IPv6 address ID statically or dynamically:

  • Static
    • Static assignment using a manual interface ID: One way to statically assign an IPv6 address to a device is to manually assign both the prefix (network) and interface ID (host) portion of the IPv6 address….yah…manual..ketik sendiri
    • Static assignment using an EUI-64 interface ID: Another way to assign an IPv6 address is to configure the prefix (network) portion of the IPv6 address and derive the interface ID (host) portion from the Layer 2 MAC address of the device, which is known as the EUI-64 interface ID. Jadi kita ketik the first 64 bit address only…sisanya bit nya diambil dari MAC Address nya. The EUI-64 standard explains how to stretch IEEE 802 MAC addresses from 48 to 64 bits by inserting the 16-bit 0xFFFE in the middle at the 24th bit of the MAC address to create a 64-bit, unique interface identifier.

Figure 1. interface identifier

  • Dynamic
    • Stateless autoconfiguration: ini ibarat plug-n-play, autoconfiguration dimaksudkan untuk alat2 yang bukan PC untuk terhubung ke jaringan untuk bisa terhubung ke jaringan (laptop, handphone, PDA, dll)…ngaturnya gimana ? klo itu device uda IPv6 ready ato support IPv6…dia bisa ngatur sendiri…Autoconfig, dinamakan “stateless” karena si device “not aware” of its present state, tau2 uda dikasi IP aja, ga pake minta (taken from http://ipv6.com/articles/general/Stateless-Auto-Configuration.htm)
      • Langkah pertama: ketika si device konek pertama kali ke jaringan (contoh handphone ke wireless router trus ke common router) si device dikasi Link-local Address Generation, dikasi/di generate link-local address yang the first 10 bit is 1111111010 dan followed by 54 zeroes and 64 bit interface identifier
      • Langkah kedua: alamat IP yang uda dikasi di test to ensure itu alamat blum dipake ama device lain, this process was called Link-local Address Uniqueness Test, remember…alamat MAC address bisa di copy ^_^V (alamat yg di generate itu pasti 54 zeroes, dan kebetulan ada device lain yang “nyontek” MAC address device asli)
      • Langkah ketiga: klo uda ditest dan ternyata ga ada yang make, trus itu alamat bener2 di assign deh ke device nya, TAPI HANYA BISA KONEK KE LOCAL LAN AJA, BLUM BISA KE INTERNET (link-local address assignment)
      • Langkah keempat: kontak ke router de…untuk menentukan langkah2 selanjutnya dalam autoconfiguration process
      • Langkah kelima: route direction…path selanjutnya ketika sudah konek ke router..biasanya di direct ke router yang konek ke ISP / internet
      • Langkah keenam: akhirnya diassign de Globally Unique Internet address (diperoleh dari network prefix yang di provide oleh router dan dijoin dengan device identifier)

    Singkatnya sih…si host yang IPv6 enabled mempunyai IPv6 Neighbor Discovery Protocol (NDP) that has many functions. One function allows IPv6 hosts to multicast a message that asks all routers on the link to announce two key pieces of information: the IPv6 addresses of routers willing to act as a default gateway and all known IPv6 prefixes on the link. This process uses ICMPv6 messages called a Router Solicitation (RS) and a Router Advertisement (RA).

    Keuntungan dari stateless autoconfig ini adalah:

  1. Ga perlu DHCP server…minta2 IP ama server…ngapain!??!? Cuih…hahah
  2. Langsung COLOK !!…hahha..langsung konek maksudnya
  3. Secure..salah satunya adalah klo kita liat langkah kedua
  4. Cost effective…ga pake server DHCP…pastinya
  5. Paling cocok diterapin di Wireless Network
  • DHCP for IPv6 (DHCPv6): bisa juga disebut stateful configuration, DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 nodes. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to IPv6 stateless address autoconfiguration (RFC 2462), and can be used separately or concurrently with IPv6 stateless address autoconfiguration to obtain configuration parameters. klo ada yg stateless autoconfig buat apa yang stateful ?? ya ga ??…klo gw si mikir DHCPv6 ini buat device2 yang masi IPv4 aja..blum IPv6 enable..so mereka nanti diassign untuk bisa konek ke IPv6 network (CMIIW = correct me if I’m wrong)

IPv6 Transition Strategies

Ada 3 metode untuk mentransisikan IPv6 kelingkungan IPv4 yang sekarang masih kita pakai

  1. Dual Stack

    A method that make IPv6 dan IPv4 run at the same network and at the same time, with IPv6 is preferred. So..jika IPv6 ga jalan…tarohlah paket nya masuk ke IPv4 only network…masi ada IPv4 yang bisa jalan untuk ngirim paket

  2. Tunneling

    Yaitu metode yang membuat packet2 IPv6 dibungkus dengan IPv4 packet, so the paket is “readable” in IPv4 network. Metode ini berguna kalau packet dari IPv6 network mo dikirim ke another IPv6 network tapi harus melalui traditional IPv4 network untuk sampai ke another IPv6 network…this is what we call Tunneling

    Ada 4 tipe tipe tunneling (2 yang paling atas adalah yang paling umum)

  • Manual 6to4 Tunneling: IPv6 packet di encapsulasi kedalam IPv4 packet, require dual-stack router (jadi routernya disuru encapsulasi IPv6 nya instead of dual stacking it), configurasi IPv4 dan IPv6 nya di input manual

  • Dynamic 6to4 Tunneling: Automatically establishes the connection of IPv6 islands/network through an IPv4 network, typically the Internet. It dynamically applies a valid, unique IPv6 prefix to each IPv6 island, which enables the fast deployment of IPv6 in a corporate network without address retrieval from the ISPs or registries.


  • Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunneling: Automatic overlay tunneling mechanism that uses the underlying IPv4 network as a link layer for IPv6. ISATAP tunnels allow individual IPv4 or IPv6 dual-stack hosts within a site to communicate with other such hosts on a virtual link, creating an IPv6 network using the IPv4 infrastructure
  • Teredo tunneling: An IPv6 transition technology that provides host-to-host automatic tunneling instead of gateway tunneling. This approach passes unicast IPv6 traffic when dual-stacked hosts (hosts that are running both IPv6 and IPv4) are located behind one or multiple IPv4 NATs. technology that gives full IPv6 connectivity for IPv6-capable hosts which are on the IPv4 Internet but which have no direct native connection to an IPv6 network. Compared to other similar protocols its distinguishing feature is that it is able to perform its function even from behind network address translation (NAT) devices such as home routers. Singkat kata…Teredo digunakan ketika client mo konek ke internet (yang mana IPv4) lewat ISP..nah…ISP ngasi kan IPv4 Public address kan ?? klo mo masuk IPv6 ya ga bisa…Teredo ini meng-encapsulasi IPv6 packets within UDP/IPv4 datagrams, which most NATs can forward properly. Thus, IPv6-aware hosts behind NATs can be used as Teredo tunnel endpoints even when they don’t have a dedicated public IPv4 address. In effect, a host implementing Teredo can gain IPv6 connectivity with no cooperation from the local network environment. Teredo is intended to be a temporary measure: in the long term, all IPv6 hosts should use native IPv6 connectivity. (panjang juga ya…ga singkat…hahaha)

3. NAT-PT

Cisco IOS Release 12.3(2)T and later (with the appropriate feature set) also include NAT-PT between IPv6 and IPv4. This translation allows direct communication between hosts that use different versions of the IP protocol. These translations are more complex than IPv4 NAT. At this time, this translation technique is the least favorable option and should be used as a last resort.

IPv6 Integration Philosophy…”Dual stack where you can, tunnel where you must

IPv6 Challenge

Like IPv4 classless interdomain routing (CIDR), IPv6 uses longest prefix match routing. IPv6 uses modified versions of most of the common routing protocols to handle longer IPv6 addresses and different header structures.

Larger address spaces make room for large address allocations to ISPs and organizations. An ISP aggregates all of the prefixes of its customers into a single prefix and announces the single prefix to the IPv6 Internet. The increased address space is sufficient to allow organizations to define a single prefix for their entire network.

But how does this affect router performance? A brief review of how a router functions in a network helps illustrate how IPv6 affects routing. Conceptually, a router has three functional areas:

  • The control plane handles the interaction of the router with the other network elements, providing the information needed to make decisions and control the overall router operation. This plane runs processes such as routing protocols and network management. These functions are generally complex.
  • The data plane handles packet forwarding from one physical or logical interface to another. It involves different switching mechanisms such as process switching and Cisco Express Forwarding (CEF) on Cisco IOS software routers.
  • Enhanced services include advanced features applied when forwarding data, such as packet filtering, quality of service (QoS), encryption, translation, and accounting.

IPv6 Control Plane

Enabling IPv6 on a router starts its control plane operating processes specifically for IPv6. Protocol characteristics shape the performance of these processes and the amount of resources necessary to operate them:

  • IPv6 address size – Address size affects the information-processing functions of a router. Systems using a 64-bit CPU, bus, or memory structure can pass both the IPv4 source and destination address in a single processing cycle. For IPv6, the source and destination addresses require two cycles each-four cycles to process source and destination address information. As a result, routers relying exclusively on software processing are likely to perform slower than when in an IPv4 environment.
  • Multiple IPv6 node addresses – Because IPv6 nodes can use several IPv6 unicast addresses, memory consumption of the Neighbor Discovery cache may be affected.
  • IPv6 routing protocols – IPv6 routing protocols are similar to their IPv4 counterparts, but since an IPv6 prefix is four times larger than an IPv4 prefix, routing updates have to carry more information.
  • Routing table Size – Increased IPv6 address space leads to larger networks and a much larger Internet. This implies larger routing tables and higher memory requirements to support them.

IPv6 Data Plane

The data plane forwards IP packets based on the decisions made by the control plane. The forwarding engine parses the relevant IP packet information and does a lookup to match the parsed information against the forwarding policies defined by the control plane. IPv6 affects the performance of parsing and lookup functions:

  • Parsing IPv6 extension headers – Applications, including mobile IPv6, often use IPv6 address information in extension headers, thus increasing their size. These additional fields require additional processing. For example, a router using ACLs to filter Layer 4 information needs to apply the ACLs to packets with extension headers as well as those without. If the length of the extension header exceeds the fixed length of the hardware register of the router, hardware switching fails, and packets may be punted to software switching or dropped. This severely affects the forwarding performance of the router.
  • IPv6 address lookup – IPv6 performs a lookup on packets entering the router to find the correct output interface. In IPv4, the forwarding decision process parses a 32-bit destination address. In IPv6, the forwarding decision could conceivably require parsing a 128-bit address. Most routers today perform lookups using an application-specific integrated circuit (ASIC) with a fixed configuration that performs the functions for which it was originally designed – IPv4. Again, this could result in punting packets into slower software processing, or dropping them all together.

IPv6 Challenge Solution ??

Just make a better router/switch will you ?!?

IPv6-Enabled Routing Protocol

  1. RIPng

    Stand for RIP new generation, not powerfull or less powerful than earlier RIP

    RIPng includes the following features:

  • Based on IPv4 RIP version 2 (RIPv2) and is similar to RIPv2
  • Uses IPv6 for transport
  • Includes the IPv6 prefix and next-hop IPv6 address
  • Uses the multicast group FF02::9 as the destination address for RIP updates (this is similar to the broadcast function performed by RIP in IPv4)
  • Sends updates on UDP port 521
  • Is supported by Cisco IOS Release 12.2(2)T and later

In dual-stacked deployments, both RIP and RIPng are required.

  1. EIGRPv6

    Multicast address yg digunakan oleh EIGRPv6 adalah FF02::A, EIGRP didesain oleh Cisco untuk bisa menghandle banyak protocol selain IP, bisa IPX atau AppleTalk atau yang lain…tidak terkecuali IPv6, jadi ga terlalu banyak perbedaan.

    Perbedaan mendasarnya adalah EIGRPv4 mendukung auto summarization sedang IPv6 tidak DAAAAAAAN authentikasi yang dipakai oleh EIGRPv6 adalah IPv6 AH/ESP standard (bukan EIGRP specific authentication)

  2. OSPFv3

    OSPFv2 adalah yang kita pakai sekarang..v1 nya uda obsolete

    Multicast address yg digunakan oleh OSPFv3 adalah FF02::5 (untuk all OSPF Router) tapi untuk ALL DESIGNATED ROUTER pakai FF02::6

  3. IS-IS IPv6 (Intermediate System to Intermediate System)

    Alamat IPv6 Multicast address untuk IS-IS adalah FF02::8

Untuk lebih lengkapnya tentang multicast address

Figure 2. taken from IANA.org

IANA.org (address list for IPv6)

WOKEH….SAMPAI DISINI DULU PEMIRSAH…LATER I’LL POST IPv6 – HOW TO CONFIGURE IT ON CISCO ROUTER