Please enable JavaScript.
Coggle requires JavaScript to display documents.
IPv6 Addressing
DHCP
NAT (IPv6 Addressing (DHCPv6 Messages
TWO-WAY…
IPv6 Addressing
DHCP
NAT
IPv6 Addressing
Stateless DHCPv6
operates in combination with SLAAC, IPv6 host doesn't ask for IPV6 but for other configuration infos(DNS, NTP), this Query done with additional configuration flag bit in RA
Router as DHCPv6 Relay Agent:
under LAN-facing interface
- ipv6 nd other-config-flag command adds the flag bit to RA Message
- ipv6 dhcp relay destination + the ip address of DHCP Router interface
Router as DHCPv6 Server
on SP Router
- ipv6 DHCP pool + pool name
- dns server + the ip of the pool
- domain name + the name
under the interface:
- ipv6 dhcp server + pool's name
Stateful DHCPv6
- ask for ipv6 with ipv6 address dhcp command under the internet-facing interface
Router as DHCPv6 Relay Agent:
under LAN-facing interface
- ipv6 nd managed-config-flag command adds the flag bit to RA Message
- ipv6 dhcp relay destination + the ip addrese of DHCP Router interface
Router as DHCPv6 Server
on SP Router
- ipv6 DHCP pool + pool name
- address prefix (the prefix 2001:DB8:CAFE:2::/64)
- dns server + the ip of the pool
- domain name + the name
under the interface:
- ipv6 dhcp server + pool's name
Stateless Address Autoconfiguration(SLAAC)
- to obtain ipv6 without any manual intervention using the Router Advertisements (RAs) from ICMPv6, which sent by Router on Link Local
- 0XFFFE is inserted between the two parts of the MAC of 24 bit each(IPv6 EUI-64 for-
ma)
- enable by ipv6 address autoconfig(default) ==>> generate default route automatically and specified only on one Interface
DHCPv6 Prefix Delegation(DHCPv6- PD)
- extension of DHCPv6 from ISP to automatically assign ipv6 prefixes to customer
- delegation occurs between PE and CPE
Manual Configuration
to manually and statically assign an 128 bit-length IPv6 , useful in case of assigned IPv6 from SP and configured on internet-facing interface on the router
- default route configuration:
ipv6 route ::/0 + IPv6 address of ISP's router
DHCPv6 Messages
TWO-WAY Message(SOLICIT & REPLY)
can be used if rapid-commit command enabled on both
Client and Server
-
-
SOLICIT Message:
sent from DHCPv6 Client to find DHCPv6 servers and request assining IPV6 and another configuration parameters
-
NAT for IPv6
NAT64 (stateful NAT64)
- Network Address and Protocol Translation from IPv6 clients to IPv4 servers
- One or multiple Ipv4 addresses are shared by ipv6-only Devices
NPTv6
- IPv6 to IPv6 Network prefix translation
- One-to-One stateless translation from an ipv6 in Inside-Network to IPv6 in Outside-Network
- Makes the enterprise independent from the ISP.
IPV6 ACL
- it depends on ND(Neighbor Discovery Protocol)
- therefore, there are three implicit rules at the end of any ACL:
1- permit icmp any any nd-na
2- permit icmp any any nd-ns
3- denyipv6 any any
- activated on Interface by ipv6 traffic-filter AC-Name + in/out
IPV6 Security
- Not using NAT make it possible to attack ipv6 Devices
- Firewalls and Software have to be deployed
- disabling unnecessary functions and optimizing the default settings