Host IPv6 Address Provisioning

Download Report

Transcript Host IPv6 Address Provisioning

IPv6 Address Provisioning

In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: •IPv6 address provisioning •IPv6 DNS provisioning •IPv6 Time provisioning using NTP.

IPv6 Address provisioning:

*Host IPv6 Address provisioning *Router IPv6 Address Provisioning( Prefix Delegation)

Host IPv6 Address Provisioning

1.

Stateless Autoconfiguration(RFC2462) follow three steps: : IPv6-capable hosts rely on Router Advertisement (RA) messages to obtain the information needed for autoconfiguration. To acquire an IPv6 address, a host will a. Discover a prefix used on the link: The host can listen to periodic RAs sent by routers on the link or it can poll for routers with the help of Router Solicitation messages. The prefixes information is extracted from the RA messages.

Host IPv6 Address Provisioning Cont….

b. Generate an interface ID. To have a full IPv6 address, the host must add an interface identifier to a prefix learned from the routers on the link using various methods: • Build one from the layer 2 address in the modified EUI-64 format.

• Autogenerate a random address as defined in RFC 3041. • Acquire the interface ID via DHCPv6.

• Acquire the interface ID via IPCPv6.

• Manual configuration.

• Cryptographically generated addresses (CGAs) based on RFC 3972 through a hash that includes a public key.

Host IPv6 Address Provisioning Cont….

c. Verify the uniqueness of the generated IPv6 address using The Duplicate Address Detection (DAD) mechanism .

2.Statefull DHCP: Stateful DHCP is a client/server-based mechanism that provides managed provisioning of hosts. Its operation for IPv6 is described in RFC 3315. The disadvantage of using this provisioning mechanism is that it requires a more complex host implementation.Not implemented in cisco routers, Cisco produces a product named as Cisco Network Registrar (CNR) that does this task .

3.Stateless DHCP: the DHCP clients don’t use the DHCP server(s) to obtain IP address(es) information, they use the DHCP server(s) to obtain the other useful configuration informaiton (like the addresses of DNS servers).

Router IPv6 Address Provisioning: Prefix Delegation

Prefix delegation (PD) is a mechanism developed to provide

automated delegation of IP address blocks. The delegation is done from an ISP to its customer. The ISP does not require any knowledge of the customer's internal network topology.

The DHCP-PD protocol runs between a Customer Edge (CE) and a

Provider Edge (PE) router, the CE is called a Requesting Router (RR) and the PE router a Delegating Router (DR). The RR acts as the DHCP client, and requests prefixes from the DR (DHCP server). The DR injects a route into the provider's routing system for the delegated prefix on behalf of the RR. That way, a dynamic routing protocol between the RR and the DR is not needed; however, the RR and the DR must be directly connected.

Router IPv6 Address Provisioning: Prefix Delegation cont..

IPv6 Broadband Network Access

Two IPv6 Native access architictures are prevalent: 1.

A closed model, based on L2TP and adapted to wholesale oriented service providers 2.

An open model without L2TP

1.The closed model:(Virtualized Access Layer)

A wholesale network access provider (NAP) is not interested in handling subscribers at layer 3. After providing broadband access, the NAP tunnels the subscribers to an ISP for address assignment and IP traffic forwarding. In other words, the NAP provides the ISP with a virtual access layer.the CPE could be IPv6 aware or couldn't.and this modeldepend on ppp.

2.Open model without L2TP:

1.PPP based model:CPE could be IPv6 aware or not.

2.Open model without PPP:the CPE could be IPv6 Aware or not.

Customer Link Encapsulation

• To determine whether CPE should be IPv6 aware or not we must take a look at customer link encapsulation : (for DSL-based access) only: 1. PPPoA 2. PPPoE 3. RBE

1.PPPoA: CPE must be IPv6 Aware

2.PPPoE: the top CPE not IPv6 aware,and the bottom one is IPv6 aware.

3.RBE Access:the CPE not IPv6 aware

Deployment scenarios • The customer address allocation could be static or dynamic: • Static: when the customer network is always numbered with the same address prefix • Dynamic: when the assigned address prefix changes with each connection • Most commonly, a /48 prefix will be delivered to every remote site with more than one subnet. A /64 prefix will be assigned to a customer with only one subnet or a host. As a last resort, a /128 prefix might be assigned to individual remote PCs. 1. Single Host, there are three options: • permanent /64 prefix is assigned to the pc using the RA from the PE router and here there are two possibilities: a. Upon reception of the router advertisement, the PC completes the 64 least significant bits of the IPv6 address on its own. b. Before reception of the router advertisement, at the IPv6CP level, an interface identifier is given to the PC. The “Interface-Id” attribute in the user profile is used to provide a fixed interface identifier to the PC.

• Short-lived /64 prefix.

•Short-lived /128 prefix .

2. Connecting a Home or a Small Business: To connect a home or small business networks to ISP the CPE should be aware of IPv6,otherwise the solution will be as of connecting single host with /64 prefix. When connecting Home or a Small Business deferent issues arise: • 1. Numbering of the PE-CPE link with global addresses (link-local addresses can be used, but do not help network management) • 2. Authentication of the connecting CPE • 3. CPE prefixes database • 4. Injection of the downstream link network and delegated customer prefixes in the ISP routing • 5. Delegation of a shorter than /64 prefix to the CPE router • 6. Autoconfiguration of hosts on links attached to the CPE router: IPv6 addresses, Internet parameters

• DHCPv6 PD is the solution to aforementioned deployment issues 3, 4, and 5. DHCPv6 PD delegates prefixes from the provider edge router to the CPE and operates on the PE-CPE link. • Either the provider edge router or the RADIUS database can store the DHCPv6 PD delegated prefixes. If a local database is maintained on the provider edge router for all the connecting CPEs, the stored DHCP unique identifier (DUID) of the CPE indexes the binding between a given prefix and the corresponding CPE. In the other case, the /48 prefixes are stored as prefix attributes in the RADIUS server along with the other user’s attributes. • The ISP-maintained RADIUS database performs CPE (user) authentication. This RADIUS database contains username/password pairs, corresponding /64 prefixes numbering the PE-CPE link, and delegated prefixes. This provides a solution to deployment issues 1, 2, and 3. • Standard autoconfiguration mechanisms as well as stateless DHCPv6 solve deployment issue 6.