1. Upgrade in quantity:

　　IPv6 can be understood as an upgrade of IPv4, with the increase in address quantity being the main reason for the upgrade. However, its essence is still a 3-layer encapsulation protocol.

　　128 bits, 228 ≈ 3.4028 × 10^38 (level of hundred billion billion billion billion)

　　2, Other upgrade points:

　　Number The upgrade points of IPv6: 1 IPv6 global unicast only exists public IP, no NAT (does not mean there are no private IP 2 Highly aggregable (IANA organization will make reasonable allocation of global addresses) 3 Multi-homing: A physical interface can simultaneously have multiple different or the same subnet IPv6 addresses, (at this point, different IPs can be configured, and these IPs can work with different protocols, and these protocols can be quickly distinguished through IP). But different interfaces cannot be in the same subnet. 4 Auto-configuration:

　　① DHCP v6

　　② Auto-config: Manually configure the IPv6 address of the router interface, and then the router will assign its prefix (network number) to the PC, and the PC will automatically use EUI-64 bits to supplement the host bits.

　　For host gateway and DNS resolution, they will point to the interface of the router. At this time, it is necessary to tell the gateway device the location of the DNS server in order to perform domain resolution. 5 Readdressing: Manually modify the gateway’s IP address, and through auto-config, the PC below will automatically modify. 6 Hot-plugging: Plug and play. 7 End-to-end connection – does not need NAT 8 Simple header

　　① No broadcast mechanism, only multicast and unicast

　　② No checksum (because both layer 2 and layer 4 have checksums)

　　③ Flow label, reserved for QOS. 9 IPv4 and IPv6 coexistence, 10 security and mobility have no significant improvement.

　　3, IPv6 header:

　　The yellow part indicates the parts that have not changed: Version, Source Address, Destination

　　The red part removed from the annotation IHL has a fixed length of 20 bytes, and there is also the Total Length which marks the total length of the packet, which is redundantlottery method and Where is it. Header

　　Checksum Each layer checks the packet, which is the same. Initially, each layer developer added a checksum for themselves, and when combined, some of them were redundant. Identification

　　FLags

　　Fragment Offset

　　Options

　　Padding has the meaning of IPv4 cross-layer encapsulation. Once cross-layer encapsulation is performed, this part is needed for marking, and once it is canceled, it means that cross-layer encapsulation cannot be performed. However, IPv6 has extended headers:

　　It is just a change in name. The blue part of the annotation Type of Service => Traffic Class is used for QOS, traffic forwarding priority, and in IPv6 it is called the corresponding table. Total Length => Payload Length

　　Total length => Payload length also means the whole packet size. Time to Live => Hop Limit

　　Generation time => Maximum jump limit is 255, the same Protocol => Next Header

　　Protocol number => The next header number are all the same

　　New section notes Flow Label

　　Flow label allows more places for future Traffic Class to make more rules, but it is only reserved now

　　1, IPv6 Address:

　　This diagram is the recommendation of IANA organization for the allocation of IPv6:

　　Bit name notes 1-23 Registration bits IANA is allocated to various countries or organizations 24-32 ISP bits are allocated by the state to various ISPs 33-48 Site bits are allocated by ISPs to various enterprises 49-64 Subnet bits are subnetted by enterprise network administrators 65-128 Host bits are used for allocation to hosts

　　Note: However, enterprises generally will not allocate 2^64 IP addresses to users, but will allocate according to actual needs.

　　IPv6 has a total of 128 bits, using colons to separate hexadecimal identifiers, with each 16 bits representing a section, a total of 8 sections.

　　For example: 2031:0000:130F:0000:0000:09C0:006A:130B

　　Since the IPv6 address is too long, it has abbreviated writing methods.

　　Number abbreviation writing method: Abbreviated part: 1 Each part of the address before the 0 can be omitted 2031:0000:130F:0000:0000:09C0:006A:130B 2 If a section is all 0, it can be omitted to a 0 2031:0000:130F:0000:0000:09C0:006A:130B 3 If two or more consecutive sections are all 0, they can be omitted as ::

　　However: if there are two parts that are all 0, only one part can be omitted as ::2031:0000:130F:0000:0000:09C0:006A:130B

　　For example: 2031:0:0:9C0 ::130B

　　When using the IPv6 protocol to carry port numbers, brackets need to be used to distinguish them:

　　2, IPv6 Address Classification:

　　IPv6 is divided into 3 categories, and here we only talk about unicast and multicast.

　　IPv6 address classification notes that unicast addresses are one-to-one, only unicast addresses can be used as source addresses, and can also be used as destination addresses. Multicast addresses are one-to-many as destination addresses, and anycast addresses are one-to-the-nearest.

　　(1) Unicast Address:

　　①AGUA Global Aggregate Unicast Address:

　　It is actually the public network address of IPv6 after reasonable allocation (which needs to be applied for), and it is globally used for unicast transmission.

　　Currently, the globally planned address is 2000:: /3 ==> 0010 0000 0000 0000 ::

　　Its range is also the section from 2000:: to 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, which is used for this purpose

　　Among them:

　　A、2001::/16 this section is already in use in the current IPv6 laboratory

　　B、2002::/16 is a 6 to 4 Tunnel Address, which is mainly used for IPv4 and IPv6 coexistence.

　　②Link-local Local Link Address:

　　Link-local local link address is actually an automatic private address. In IPv4, when the IP address is failed to be obtained through DHCP, the Link-local address will be generated to communicate within the same broadcast domain.

　　Version Link-local address segment IPv4 169.254.0.0/16 IPv6 FE80::/16

　　Ⅰ, Link-local generation method 1:

　　When the ipv6 enable command is configured on the router interface, the interface will automatically generate a Link-local address.

　　Ⅱ, Link-local generation method 2:

　　If an IPv6 unicast address is configured on an interface, a Link-local address will be automatically generated. A single interface can only exist one Link-local address.

　　The network bits are FE80::/64, and the last 64 bits use EUI-64 supplement.

　　Ⅲ, EUI-64 supplement host bits:

　　The network bits of the Link-local address are fixed at FE80::/64, and the host bits are generated using the MAC address of the local Ethernet interface to generate the host bits of the Link-local address. For serial links without MAC addresses, the MAC address of the Ethernet interface on this device is borrowed in a loop.

　　The steps to generate the host bits are as follows:强行插入FFFEBU位转换A in the MAC address between the first 24 bits and the last 24 bits: Reflect the 7th bit from left to right of the synthesized address, 0 becomes 1, and 1 becomes 0.

　　Ⅳ, The role of Link-local:

　　A, Often used as the next-hop address in the routing entries generated by dynamic routing protocols. Because IPv6 has the concept of multiple homing, this address is the most stable.

　　B, Communication can be used within the same broadcast domain: Since multiple interfaces may use the same MAC translation locally, it is necessary to define the interface when accessing the opposite party using the Link-local address.

　　③site-local local site address (IPv6’s private address):

　　This is a private address, but IPv6 does not call it a private address, but a site address. This address is used for configuration within the local area network where it does not appear on the public network.

　　Site address FFC0::/10

　　④Unspecified address (::):

　　An unspecified address is all zeros, and its format is ::

　　Ⅰ, All: Represents the default route.

　　Ⅱ, None: Used as an invalid address (no address) in DHCP

　　⑤Loopback address (::1):

　　The loopback address in IPv6 is ::1, both win7 and win10 support dual-stack, and the computer can detect its own loopback.

　　⑥IPv4 compatibility address:

　　We have mentioned before that 2002::/16 is a 6 to 4 Tunnel address

　　This is mainly used for IPv4 and IPv6 coexistence.

　　If you have a public IPv4 address, you will also have a compatible IPv6 address.

　　Assuming the IPv4 address is: 222.51.230.5, then:

　　Decimal 222512305 hexadecimal DE29985

　　Then the IPv4 compatibility address of 222.51.230.5 is 2002:DE29:9805::/48

　　Example: 192.168.1.1 ==> 2002:c0a8:0101::/48

　　(2) Multicast address:

　　① Multicast IP address:

　　FF00::/8 All multicast addresses

　　IPv6 multicast address IPv4 multicast address scope FF02::1224.0.0.1 All routers and PCs on the network FF02::2224.0.0.2 All routers FF02::9224.0.0.9 RIPNG

　　In IPv6, each IPv6 unicast address is default to be in a group, and the composition of multicast IP addresses is FF02::1:FF + 24 bits (the last 24 bits of the IPv6 unicast address)

　　For example, the IP address mentioned earlier: 2031:0000:130F:0000:0000:09C0:006A:130B

　　The group in which this unicast address is located is: FF02::1:FF6A:130B

　　Requested node multicast address: used for NTP protocol, to obtain the MAC address of the opposite party (I will talk about this later)

　　② Multicast MAC address:

　　We have 2^120 multicast IPs, but only 2^48 MACs.

　　The multicast MAC address = 33.33 (hexadecimal) + 32 bits (the last 32 bits of the IPv6 multicast address)

　　For example, the previous multicast IP address:

　　FF02::1:FF6A:130B

　　Its MAC address is:

　　33.33.FF.6A.13.0B

　　Let’s calculate it, in the first 24 bits, 33.33 is a fixed value, FF is variable, so there are a total of 28 OUIs, and one OUI has 2^24 MACs, so:

　　The number of multicast MACs = 28 * 2^24 = 2^32

　　Compared to half of the OUI under IPv4, the number is still quite good.

　　We know that multicast IP has a total of 2^120, and multicast MAC has 2^32, so: one MAC corresponds to 2^288 IP

　　Let’s review ICMPv4 version first:

　　Under v4, the ICMP protocol is mainly ping, in addition to ICMP redirection. Its functionality is relatively weak, and the learning difficulty is not great, it is a cross-layer encapsulation protocol. The protocol number is 1

　　In ICMPv6, its role and function will far exceed that of ICMPv4. ICMPv6 integrates a large number of subprotocols, distinguishing IPv6 packets through different type numbers, and realizing various small protocols.

　　Here, I will talk about the three most important small protocols of ICMPv6:

　　PMTU, NDP, Prefix Report

　　1. PMTU – Path MTU Discovery Protocol:

　　We know that in IPv4, if the MTU on the path is different during transmission, it will cause the router to fragment the packet, but it cannot reassemble the packet. After fragmentation, a new header needs to be added to each part that is removed. If it encounters a path with a smaller MTU value, it needs to be fragmented again, which will increase the burden on the router.

　　In IPv6, this PMTU sub-protocol in ICMPv6 will send ICMP error packets to obtain the MTU value of each segment of the entire path, and then transmit according to the minimum MTU value when transmitting.

　　This will not cause the packet to be split each time it is transmitted due to the MTU limit, resulting in more and more splits.

　　PMTU is enabled by default

　　2. NTP – Neighbor Discovery Protocol: (135, 136)

　　Let’s review ARP first. ARP is very important. In the Ethernet environment, if ARP is disabled, it is impossible to obtain the target MAC, next-hop MAC, or gateway MAC, and there is no way to transmit data.

　　NTP neighbor discovery protocol, NTP is used to replace the ARP protocol.entrance lottery entrance and What is it

　　PMTU, NTP both belong to ICMP. Their distinction depends on the packet sent: PMTU sends ICMP fragmented packets, error packets. While NTP sends ICMP packets, which carry different type numbers 135, 136, or others.

　　Since IPv6 does not have broadcast, it cannot obtain MAC addresses in the same way as IPv4.

　　The principle is as follows, assuming PC1 and PC2 communicate to simulate an AARP request:
lottery localJust need you
　　

　　The NDP request packet sent in step ② is abbreviated as NS packet, which is equivalent to ARP request.

　　The response packet of step ③B is abbreviated as NA, which is equivalent to ARP response.

　　In ICMPv6, NDP can replace AARP, and other ARP protocols can also be replaced by NDP. The principle is the same, and it will not be explained here.

　　3. Prefix Announcement: auto-config (134, 133)

　　Note: Prefix announcement only exists in the Ethernet environment

　　This automatic configuration feature is a unique way to automatically obtain addresses under IPv6. The router periodically (200s) sends the IPv6 address prefix (network number) to the device. After the device receives the prefix, it generates the host part based on the MAC EUI-64. In this way, the computer below can obtain an IP address even when the DHCP pool is not configured on the router.

　　To implement this feature, first configure an IP address on the interface connected to R1 that needs to obtain an IPv6 address. After that, when R1 enables the IPv6 unicast routing feature, all interfaces will have the ability to assign IPv6 addresses. For PCs, it is directly obtained, and for routers, the IPv6 automatic acquisition feature needs to be enabled.

　　If the IPv6 unicast routing feature is enabled on the router, then the router will periodically send its address prefix to all Ethernet interfaces with IPv6 addresses.

　　Note: When configuring dynamic and static IPv6 routing protocols, the unicast routing feature must be enabled. After enabling, it will also cause the router to send prefixes to all Ethernet interfaces. If the administrator does not want the interface to send IPv6 address prefixes, the following configuration can be made on the interface:

　　1. Configure IPv6 unicast address on the interface:

　　(1) Link-local:

　　Whether manually or automatically configured, an IPv6 AGUA will generate a Link-local address. However, regardless of how many AGUA addresses are configured, only one Link-local address can be generated.

　　(2) Configure the AGUA address of the IPv6 interface:

　　① Manually configure IPv6 unicast address:

　　Method one:

　　Method two:

　　Below is a network number given when configuring IPv6, but no host bits are given. The meaning of eui-64 is to use MAC generation (insert fffe in the middle of 48-bit MAC to form 64 bits, and then take the inverse of the 7th bit from the right).

　　Note: IPv6 protocol has the feature of multiple-homing: multiple same or different network segment addresses can be configured on a single interface, but the same IP network segment cannot be configured on different interfaces of the same router.

　　When the same network segment is configured on different interfaces of a single router, how can you reach this network segment? The router cannot reach it.

　　② Automatically obtain IPv6 address:

　　Method one: auto-config

　　Use auto-config, which has been mentioned above, so there is no need to repeat it. Just press Ctrl+C and then Ctrl+V, and it can be skipped in one stroke.

　　Method two: DHCPv6

　　No further explanation of DHCPv6 here. For details, please refer to this blog: DHCPv6 Basics. For the configuration example provided:

　　Server primary configuration:

　　Server creates DHCPv6:

　　Client configuration:

　　Result check:

　　When the DHCPv6 server configures the IPv6 prefix, it will automatically generate a static route to its assigned network segment.

　　2. IPv6 ACL:

　　IPv6 ACLs can be configured with N tables, but only one table can be called at a single point of demand on a device.

　　Matching rules: match one by one from top to bottom. If the previous one matches, execute according to the previous one and no longer check the next one. The beginning is implicit. The end implicitly denies all. However, IPv6 ACLs only have extended lists, and the syntax is only the named syntax. Therefore, when using the extended list, the position should be as close to the source as possible, but not on the source.

　　However, the beginning implicitly includes the following two ACLs:

　　Implicit at the end is:

　　To better illustrate the ACL, I use the following figure here, with their IPs configured as shown.
online casino helpThe latest plan
　　

　　Next, we begin to write the strategy ACL:

　　(1) Create an extended ACL list named A:

　　(2) Ban R1 from telnetting R2:

　　(3) Refuse all communications from one address to another address

　　(4) Refuse access from one host to another host:

　　(5) Finally, add ‘allow all’ at the end:

　　(6) Next, proceed with the call:

　　Let’s test it first:

　　If the above situation occurs, it means that it is blocked.

　　3. IPv6 unicast routing protocol:

　　IPv6 unicast routing protocol: Before using the routing protocol, it is necessary to enable the IPv6 unicast routing function, otherwise the device can only respond or request, without the ability to forward.

　　(1) IPv6 static routing protocol:

　　① Normal static route:

　　On MA networks, suggest the next hop, and for point-to-point networks, suggest the interface writing method.

　　② Floating static route:

　　③ Interface summarization:

　　Assuming R1 has two loopback interfaces, the address after summarizing the two loopbacks is 1::63

　　④ Prevent loop routing on empty interfaces:

　　⑤ Default route:

　　Note: When using source ping, only the interface can be used; or use extended tracing.

　　Note: Due to the existence of multi-homing in IPV6, when using the interface as the source, the first address is used by default to access, and it is recommended to use extended tracing.

　　(2) RIPNG configuration:

　　① Start RIPNG:

　　RIPNG uses the same algorithm as RIPv2, multicast updates. The multicast update address is FF02::9 with the port as UDP 521.

　　Note: In RIPNG, the starting point is also considered a hop. Therefore, the original 16 hops indicating unreachability has become 17 hops now.

　　Update time 30s, expiration time 180s, suppression time 120s, no refresh timer.

　　② Interface summarization:

　　Manual summarization: Configure on all interfaces where updates are sent from the update source router.

　　③ Default route:

　　Default route: Configure on all interfaces connected to the internal network on the edge router, so that it sends a default information to all internal network neighbors.

　　(3) OSPFv3 configuration:

　　OSPFv3 uses IPv6 as the IP address on the basis of the existing OSPFv2, using new LSA to carry V6 information specifically, with area rules and SPF algorithm completely consistent with IPv4.

　　① Start OSPFv3:

　　② Default route configuration:

　　Default route configuration: Configure on the edge router.

　　(4) BGPv4+:

　　BGPv4+ uses family mode specifically to transmit IPv6 routes. BGPv4 and BGPv4+ are completely the same in IPv6 and IPv4 operations. It is just an upgraded version, with the addition of a family mode, so its configuration, routing rules, and attributes remain unchanged, and BGPv4+ is compatible.

　　To establish a neighbor relationship for V6 using BGPv4+, it is first necessary to establish a V4 neighbor relationship, and then use family mode to configure IPv6 information, which is an extension configuration mode developed in the existing BGPv4 protocol.

　　View the two configurations of neighbor relationships:

　　Attention: All configurations for IPv6 after adjacent building must be performed in family mode. Most of the configurations under IPv4 and IPv6 are the same, except for the configuration in family mode, which is very important.

　　First of all, we need to know that: IPv4 and IPv6 can coexist, but they cannot be compatible (it is impossible for a PC to send a packet that combines two versions).

　　What is discussed here is very important, and basically it has explained how we will transition through this era.

　　1, Ordinary tunnel:

　　When there are small-scale IPv6 addresses, communication between two areas covering IPv6 can use tunnel, configure the tunnel as IPv6 version, and access through the public Internet via IPv4.

　　The ordinary tunnel needs to configure one tunnel for all IPv6 networks, and each one needs to configure one static route to introduce traffic to the tunnel port.

　　2, 6 to 4 tunnel:

　　Suppose the above is the communication between two laboratories, then when there are more and more IPv6 laboratories, their configuration and management will become more and more troublesome.

　　6to4 tunnel does not require any official organization to intervene, and can be configured independently. It only needs to configure one tunnel and one static route to access all IPv6 networks.

　　Specifically: Convert the public IPv4 address of the edge router to an IPv4 compatibility address, then apply this address to the internal network. Then configure a static route to the compatibility address, and pass it through the tunnel. When transmitting data, once the route reaches the tunnel port, the tunnel will calculate the corresponding IPv4 address based on the target IPv6 address.

　　To put it simply:

　　Its advantages are:

　　① No need to specify the Tunnel target.

　　② Only one static route needs to be configured.lottery help，come on baby

　　The compatibility address mentioned above is the second and third segments of the IPv4 address converted to IPv6 address, and then the converted IPv6 address starts with 2002. Note that, when in use, this address is generally divided into 64 bits.

　　Next, let’s configure according to the figure above:

　　Here we only take one end as an example for configuration, and the other end is configured in the same way, so we omit it here.

　　(1) First, configure the converted IPv6 address for the tunnel interface, there are 4 methods, choose according to the needs.

　　(2) Define the source interface and mark the mode:

　　(3) Configure static routing:

　　By now, the 6 to 4 Tunnel is configured.

　　3, Dual-stack:

　　When there are more and more areas of IPv6 addresses, at this point, the country or organization will step in to intervene, merge adjacent v6 areas, and then other v6 areas communicate through 6 to 4 Tunnel and large v6 areas.

　　So how to let users join the V6 network after that, which is very important, and this is where dual-stack comes into play.

　　Dual-stack: A device connects to both IPv4 and IPv6 networks at the same time. If the target IP is a v6 address, use the v6 source IP, and pass through the V6 routing table. The same applies to V4.

　　Configuration is normal configuration, one interface is configured with one IPv4 address, and one interface is configured with IPv6 address is OK.