This chapter will cover the following topics:
Learn more in our IP Subnetting – Zero to Guru video course.
IP version 4 (IPv4) is composed of five address classes, of which the first three classes (A, B, and C) are of great interest. Class D is used in multicast technologies and class E is reserved for experimental use. The most important features of each class are detailed below:
|Class||Leading Bits||Size of Network Portion||Size of Host Portion||Number of Networks||Addresses per Network||Start Address||End address|
|A||0||8 bits (/8)||24||128||16,777,216||0.0.0.0||127.255.255.255|
|B||10||16 bits (/16)||16||16,384||65,536||18.104.22.168||22.214.171.124|
|C||110||24 bits (/24)||8||2,097,152||256||192.0.0.0||126.96.36.199|
Planning for IPv4 Addressing
The first step in the IPv4 addressing design is estimating the size of the network in order to establish how many IP addresses will be needed, as illustrated in the sample topology in Figure 6.1 below:
Figure 6.1 – Sample Topology
The example above consists of a medium- to large-sized company, with the headquarters location connected to the regional offices via a backbone link. The regional offices further connect to several branch offices and home offices via cable/Frame Relay links. Also used is an ISDN provider as a backup solution for both regional offices.
First, determine how many networks (i.e., locations) will form the overall network. The topology above includes the following:
- One main location
- Two regional locations
- Four branch locations/home offices
Then, take all these sites and determine the overall size of each network, meaning how many devices need to be addressed (e.g., end systems, printers, plotters, router interfaces, switches, servers, firewalls, and other devices). All of these details can be extracted from the network design plan documentation, which is usually provided by the decision-makers within the organization.
Next, figure out the addressing needs for each individual location, including the following:
- Which devices in each location will use static IP addressing (e.g., servers)
- Which devices will use dynamic addressing (through DHCP)
- Which areas will use private addresses
- Which areas will use public addresses and how many of these you will need to get from the ISP
- Which address class will be used
- How many networks will need to be obtained from the public authority (IANA)
Beginning this analysis process with the headquarters location, calculate the number of IP addresses needed for routers, switches, workstations, servers, firewalls, and phones. After calculating the total number of necessary addresses, you should always plan for growth and reserve 20% to 30% of additional addresses for future use.
Repeat this process with each location in the topology and centralize the results in order to have a clear picture of the number of necessary IP addresses, as illustrated below:
|Switches||PCs||Servers||Firewalls||Phones||Total||Total + Growth (20%)|
The result is around 2,740 IP addresses for the entire network topology, including 20% for estimated growth.
As a network designer, once you determine the number of necessary IP addresses, the next big decision is whether private, public, or a combination of private and public addresses will be used. Private internetwork addresses are defined in RFC 1918 and are used internally within the network. From a real-world standpoint, because of the limitation of the number of public IP addresses, Network Address Translation (NAT) techniques are usually used to translate private internal numbers into external public addresses. Internally, you can use one of the following ranges of addresses:
- 0.0.0/8 (10.0.0.0 to 10.255.255.255), usually used in large organizations
- 16.0.0/12 (172.16.0.0 to 172.31.255.255), usually used in medium organizations
- 168.0.0/16 (192.168.0.0 to 192.168.255.255), usually used in small organizations
Any address that falls within the three private address ranges will not be routed on routers on the Internet. These devices have policies and access lists configured to ensure that any packet containing a private address that arrives at an inbound interface will be dropped.
All of the other addresses are public addresses that are allocated to ISPs or other point-of-presence nodes on the Internet. ISPs can then assign Class A, B, or C addresses to customers so they can use them on devices that are exposed to the Internet, such as the following:
- Web servers
- DNS servers
- FTP servers
- Other servers that run public-accessible services
Deciding on which type of addresses to use will result in one of the following types of connections:
- No Internet connectivity
- Only one public address (or a few) for user Web access
- Web access for users and public-accessible servers
- Every end system has a public IP address
Referring back to Figure 6.1, no Internet connectivity would imply that all the connections between the locations are private links, and the enterprise is not connected to the Internet in any of its nodes. In this case, you do not need any public IP addresses because the entire address scheme can be from the private address ranges.
Another situation would be the one in which you have Internet connectivity from all network locations but you do not have any servers that run public-accessible services (e.g., Web, FTP, or others). In this case, you would need a public IP address that allows users to receive Web access. NAT can be used to translate traffic from the internal network to the outside network, so the internal networks contain only private IP addresses and the external link can use just one public address.
The third scenario is one of the most common, especially when considering the growth of enterprise networking. This involves having user Internet connectivity (as in the previous scenario) but also having public-accessible servers. Public IP addresses must be used to connect to the Internet and get to the specific servers (e.g., Web, FTP, DNS, and others). The internal network should use private IP addresses and NAT to translate them into public addresses.
The most highly unlikely scenario would be the one in which every end system uses public-accessible servers from the global Internet. This is a dangerous situation because the entire network is exposed to Internet access, and this implies high security risks. In order to mitigate these risks, you must implement strong firewall protection policies in every location. In addition to the security issues, this scenario is also not very effective because many IP addresses are wasted, and this is very costly. All of these factors make this a scenario not to be used in modern networks.
The two most common solutions from the scenarios presented above are as follows:
- One or a few public addresses for user Web access
- A few public addresses that provide Web access for users and public-accessible servers
Both scenarios would employ private internal addressing and NAT to reach outside networks.
For a deeper analysis of the previously mentioned aspects, refer to Figure 6.2 below, which focuses on how they map to the Cisco enterprise architecture model, and where private and public addressing should be used.
Figure 6.2 – Cisco Enterprise Architecture Model Addressing
First, assume that you have some kind of Internet presence in your enterprise that may offer services either to internal users in the Access Layer block or to different public-accessible servers (e.g., Web, FTP, or others) in the enterprise edge module.
Regardless of what modules and components receive Internet access, you will run NAT at the edge distribution submodule. This submodule will have a multilayer switch that provides NAT services in order to translate between the internal addressing structure used on the enterprise campus module and external public IP addressing. You can also use NAT mechanisms in the enterprise edge module.
Using the 10.0.0.0/8 range internally, both in the enterprise campus module and in the network management submodule, enterprise campus module devices that use private IP addressing will include the following components:
- Access Layer block
- Distribution Layer block
- Core Layer block
- Server farm block
The edge distribution submodule will use a combination of private and public IP addressing. The enterprise edge module will also use a combination of private and public addressing, depending on each component. The remote access block can use a combination of private and public addressing and will need to support some kind of NAT techniques. The WAN block can use either private addressing (when connected to other remote sites) or public addressing (when connected to outside locations for a backup solution).
Note: Whenever you connect to the outside world through public addressing, you should consider implementing efficient security features.
Hierarchical Network Addressing
Hierarchical design involves the address summarization techniques described previously. After planning IPv4 addressing and determining the number and type of necessary addresses, you should investigate whether hierarchical design is necessary. Hierarchical design is useful when you need to build a large enterprise-scalable solution.
If you decide to implement the hierarchical network addressing scheme, the next step is ensuring you understand the math behind it and how route summarization works. Below is an example of combining a group of Class C addresses into an aggregate address. Summarization is a way in which you can represent several networks in a single summarized route. In a real-world scenario, you can use a subnet calculator to generate the most appropriate aggregate route automatically from a group of addresses.
In the example below, the campus backbone component connects several other buildings. In a single building, there are several networks in use, such as the following:
- A network for the server farm
- A network for the network management area
- A few networks for the Access Layer (that serves several departments)
Take all of these networks and aggregate them into one single address that can be stored at the edge distribution submodule or at the core of the network. The first thing to understand when implementing a hierarchical addressing structure is that you need to use continuous blocks of IP addresses. In this example, 188.8.131.52 through 184.108.40.206 is used.
In this scenario, summarization is based on a location where all of the uppermost bits are identical. Looking at the first address, the first 8 bits equal the decimal 192, the next 8 bits equal the decimal 100, and the last 8 bits represent 0. The only octet that changes is the third one; more specifically, only the last 3 bits in that octet change when going through the address range.
The summarization process involves writing the third octet in binary format and then looking for the common bits on the left side. In the example above, all the bits are identical up to the last 3 bits in the third octet, so there are 21 identical bits and all the addresses will be summarized to 220.127.116.11/21.
Once you decide to use a hierarchical addressing design and understand the math involved in this process, you should approach this with a modular and scalable design, and decide how you will break up the organization, thinking about the number of network modules, campus components, and remote locations, in terms of addressing. This includes decisions regarding applying a hierarchical address model to each module or to the entire enterprise.
Another aspect to consider is the way summarization may affect the routing protocols used. Summarization usually affects routing because it reduces the size of the routing tables, the processor, and memory utilization, but it offers a much faster convergence of the routed network. You also should decide on the number of nodes (including end-user stations) available per summarization group. The most important advantages of using route aggregation are as follows:
- Lower overhead
- Improved network stability
- Eases future growth
Figure 6.3 below is an example of an enterprise using a campus with multiple buildings:
Figure 6.3 – Enterprise Campus with Multiple Buildings Addressing
For internal private addressing, you should use the popular 10.0.0.0/8 range. Within the organization domain, aggregate two separate building infrastructures (on the same campus or for remote buildings) using the 10.128.0.0/16 and 10.129.0.0/16 ranges.
Note: You should use 10.128.0.0 and 10.129.0.0 instead of 10.1.0.0 or other lower second octet because many organizations already use those lower-range octets, and you would have problems if the company decided to buy another company that uses one of those ranges. This minimizes the chance of overlap when merging other infrastructures within the network.
Going deeper within each building, you can break down the addressing scheme within different departments using the 10.128.1.0, 10.128.2.0, or 10.129.1.0, 10.129.2.0 networks with a 24-bit mask. Because of the scalable design, you could include another tier above the departmental addresses that would be addresses within the 10.129.0.0/21 range, for example.
When moving beyond that point, you will go into the enterprise edge module that contains various blocks (e.g., E-commerce or Internet connectivity) that have point-to-point connections to different ISPs and use Variable Length Subnet Masking (VLSM) to break it down.
In summary, from a network design standpoint, it is very important to tie the addressing scheme to the modular enterprise network design.
The advantages of using route summarization and aggregation are numerous, but the most important advantages are as follows:
- Isolates changes to the topology to a particular module
- Isolates routing updates to a particular module
- Fewer updates need to be sent up the hierarchy (preventing all the updates from going through the entire network infrastructure)
- Lower overall re-calculation of entire network when links fail (i.e., a change in a routing table does not converge to the entire network); for example, route flapping in a particular department is constrained within the specific department and does not have a cascading effect on other modules (considering the example above)
- Narrow scope of route advertisement propagation
- Lowers frequency of routing updates (routing protocol metrics and timers can be modified)
- Summarized module is easier to troubleshoot
- Prevents routing loops and black holes
Address Allocation Techniques
An important question in the IP addressing design is how will the addresses be assigned? One way would be to use static assigning and the other way would be to use dynamic protocols such as Dynamic Host Configuration Protocol (DHCP). When deciding upon the address allocation method, you must answer the following questions:
- How many end systems do you have?
If you have a small number of hosts (less than 50), you can consider using statically assigned addresses, but if you have several hundred systems, you need to use DHCP to speed up the process.
- What does the security policy demand?
Some organizations demand the use of static IP addressing for every host or for every node in order to create a more secure environment. For example, an outsider cannot plug in a station to the network, automatically get an IP address, and have access to internal resources. The organization’s security policy might demand static addressing regardless of the network size.
- What is the likelihood of renumbering?
This includes the possibility of acquisitions and mergers in the near future. If the likelihood of renumbering is high, DHCP should be used.
- Do you have high availability demands?
If the organization has high availability demands, DHCP should be used in a redundant server architecture.
In addition, static addressing should always be used on certain devices in certain modules, such as the following:
- Corporate servers
- Network management workstations
- Standalone servers in the Access Layer block
- Printers and other peripheral devices in the Access Layer block
- Public-accessible servers in the enterprise edge module
- Remote devices in the Access Layer block
- WAN devices
The CCDA certification requires a high-level understanding of the IP version 6 (IPv6) specifications, addressing, and some of the design issues. The IPv6 protocol is based on RFC 2460. From a network design standpoint, the most important features offered by IPv6 are as follows:
- 128-bit address space
- Supports hierarchical addressing and auto-configuration
- Every host can have a globally unique IPv6 address (no need for NAT)
- Hosts can have multiple addresses (multihoming)
- Efficient fixed header size for IPv6 packets
- Enhanced security and privacy headers
- Improved multicasting and QoS
- Dedicated IPv6 routing protocols: RIPng, OSPFv3, Integrated IS-ISv6, and BGP4+
- Every major vendor supports IPv6
IPv6 is a mechanism that was created to overcome the limitations of the current IPv4 standard. One of the major shortcomings of IPv4 is that it uses a 32-bit address space. Because of the classful system and the growth of the Internet, the 32-bit address space has proven to be insufficient.
The key factors that led to the evolution of IPv6 were large institutions, enterprises, and service providers that demanded a larger pool of IP addresses for different applications and services.
Address Representation, Types, and Allocations
IPv4 uses a 32-bit address space, which offers around 4.2 billion possible addresses, including multicast, experimental, and private addresses. The IPv6 address space is 128 bits, so it offers around 3.4 x 1038 possible addressable nodes. The address space is so large that there are about 5 x 1028 addresses for every person in the world. IPv6 also gives every user multiple global addresses that can be used for a wide variety of devices (e.g., PDAs, cell phones, and IP-enabled devices). The number of IPv6 addresses should last well into the future.
An IPv6 packet contains the following fields, as depicted in Figure 6.4 below:
Figure 6.4 – IPv6 Packet Fields
|Version||4 bits||Identifies the IP version (it is 6 in this case)|
|Traffic Class||8 bits||Similar to the ToS byte in the IPv4 header, QoS marking functionality|
|Flow Label||20 bits||Used to identify and classify packet flows|
|Payload Length||16 bits||The size of the packet payload|
|Next Header||8 bits||Similar to the Protocol field in the IPv4 header, defines the type of traffic contained within the payload and which header to expect|
|Hop Limit||8 bits||Similar to the TTL field in the IPv4 header, prevents against endless loops|
|Source IP Address||128 bits||Source logical IPv6 address|
|Destination IP Address||128 bits||Destination logical IPv6 address|
|Data||Variable||Transport Layer data|
The IPv4 header was important from a network design standpoint because many of the fields in the header were used for things such as QoS or protocol type. The IPv6 header offers additional functionality, even though some fields from the IPv4 header have been eliminated, such as the Fragment Offset field and the Flags field.
The Version field, as in the IPv4 header, gives information about the IP version. The Traffic Class field is used to tag the packet with the class of traffic it uses in its DiffServ mechanisms. IPv6 also adds a Flow Label field, which can be used for QoS mechanisms by tagging a flow. This can be used for multilayer switching techniques and will offer faster packet switching on the network devices. The Payload Length field is the same as the Total Length field in IPv4.
The Next Header field is an important one in IPv6. The value of this field determines the type of information that follows the basic IPv6 header. It can be a Transport Layer packet such as TCP or UDP or it can be designating as an extension header. The Next Header field is the equivalent of the Protocol field in IPv4. The Hop Limit field designates the maximum number of hops an IP packet can traverse. Each hop/router decrements this field by one, so this is similar to the TTL field in IPv4. There is no Checksum field in the IPv6 header, so the router can decrement the Hop Limit field without recalculating the checksum. Finally, there are 128 bits of source address and 128 bits of destination address.
In addition to these fields is any number of extension headers. The extension headers and the data portion of the packet will follow the eight fields presented above. The total length of the extension headers chain is variable because the number of extension headers is not fixed. There are different types of extension headers, such as the following:
- Routing header
- Fragmentation header
- Authentication header
- IPSec ESP header
- Hop-by-Hop Options header
As mentioned, the IPv4 address is a string of 32 bits represented in four octets of 8 bits each using a dotted decimal format. IPv6, on the other hand, is a string of 128 bits represented in eight groups of 16 bits notated in a hexadecimal format (i.e., 16 bits separated by colons), for example:
Considering the complex format of IPv6 addresses, some rules were developed in order to shorten them, including the following:
- One or more successive 16-bit groups that consist of all zeros can be omitted and represented by two colons (::)
- If a 16-bit group begins with one or more zeros, the leading zeros can be omitted
Considering the IPv6 address example above (2001:43aa:0000:0000:11b4:0031:0000:c110), here are its shortened representations:
Note: The double colon (::) notation can appear only one time in an IPv6 address.
If you have a mixed IPv4 and IPv6 environment, the IPv4 address can be embedded in the IPv6 address, specifically in the last 32 bits.
The prefix portion in IPv6 is the number of contiguous bits that represent the network host. For example, the address 2001:0000:0000:0ABC:0000:0000:0000:0000/60 can be represented as 2001:0:0:ABC::/60.
Several types of IPv6 addresses are required for various applications, and some of these are different from IPv4 address types (i.e., unicast, multicast, and broadcast). The different types of IPv6 addresses are as follows:
- Special multicast addresses are used instead of broadcast addressing
- A new address type has been defined (anycast)
|Aggregatable Global Unicast||2000::/3||Public addresses, host-to-host communications; equivalent to IPv4 unicast|
|Multicast||FF00::/8||One-to-many and many-to-many communication; equivalent to IPv4 multicast|
|Anycast||Same as Unicast||Interfaces from a group of devices can be assigned the same anycast address; the device closest to the source will respond; application-based, including load balancing, optimization traffic for a particular service, and redundancy|
|Link-local Unicast||FE80::/10||Connected-link communications; assigned to all device interfaces and used only for local link traffic|
|Solicited-node Multicast||FF02::1:FF00:0/104||Neighbor solicitation|
Anycast addresses are generally assigned to servers located in different geographical locations. By connecting to the anycast address, users will reach the closest server. Anycast addresses are also called one-to-nearest addresses. The IPv6 multicast address is a one-to-many address that identifies a set of hosts that will receive the packet. This is similar to an IPv4 Class D multicast address. IPv6 multicast addresses also supersede the broadcast function of IPv4 broadcast. IPv6 broadcast functionality is an all-nodes multicast behavior.
The following are well-known multicast addresses that should be remembered:
- FF01::1 = all-nodes multicast address (broadcast)
- FF02::2 = all-routers multicast address (used for the link-local address mechanism)
Another special IPv6 address is 0:0:0:0:0:0:0:1, which is the IPv6 loopback address equivalent to the 127.0.0.1 IPv4 loopback address. This can also be represented as ::1/128.
The link-local addresses are significant only to individual nodes on a single link. Routers forward packets with a link-local source or destination address beyond the local link. Link-local addresses can be configured automatically or manually. Global unicast addresses are globally unique and routable. Global unicast addresses are defined in RFC 2374 and RFC 3587.
Figure 6.5 – IPv6 Global Unicast Address Format
Examining the IPv6 global unicast address above in Figure 6.5, the first 23 bits represent the registry, the next 32 bits represent the ISP prefix, the next 48 bits are the site prefix, and /64 represents the subnet prefix. The remaining bits are allocated to the interface ID.
The global unicast address and the anycast address share the same format. The unicast address space actually allocates the anycast address. To devices that are not configured for anycast, these addresses will appear as unicast addresses.
IPv6 global unicast addressing allows aggregation upward to the ISP. A single interface may be assigned multiple addresses of any type (i.e., unicast, anycast, and multicast). However, every IPv6-enabled interface must have a loopback address and a link-local address.
IPv6 global unicast addresses are structured to facilitate aggregation and reduce their number in the global routing tables, as in IPv4. Global unicast addresses are defined by a global routing prefix, a subnet ID, and an Interface ID. Typically, a global unicast address is comprised of a 48-bit global routing prefix and a 16-bit subnet identifier.
There are different mechanisms and services available for IPv6, the most important of which are as follows:
- IPv6 ND protocol
- Name resolution
- MTU path discovery
- IPv6 security
- IPv6 routing protocols
Internet Control Message Protocol (ICMP) was modified to be one of the most important mechanisms to support IPv6 functionality. ICMPv6 uses a next header number of 58. ICMP provides informational messages, such as Echo Request and Echo Reply, and error messages such as “Destination Unreachable”, “Packet too Big”, or “Time Exceeded”. IPv6 also uses ICMPv6 to determine important parameters, such as neighbor availability, Maximum Transmission Unit (MTU) path discovery, destination addresses, and port reachability.
IPv6 uses a Neighbor Discovery (ND) protocol (RFC 2461), unlike IPv4, which uses ARP. IPv6 hosts use ND to implement “plug and play” functionality and discover all other nodes on the same link. ND is also used in checking for duplicate addresses and finding the routers on a specific link.
ND goes beyond the capabilities of ARP and accomplishes the following actions:
- Address configuration (a host can find its full address without using DHCP)
- Duplicate Address Detection (DAD)
- Prefix discovery
- MTU link discovery
- Hop count discovery
- Address resolution
- Router discovery
- Determines the next hop
- Neighbor reachability
IPv4 performs name resolution by using A records in DNS. RFC 3596 offers a new DNS record type to support the transition to the IPv6 name resolution. This new record type is AAAA (Quad A). The AAAA record will return an IPv6 address based on a given domain name.
IPv6 does not allow packet fragmentation through the network (except for the source of the packet), so the MTU of every link in an IPv6 implementation must be 1,280 bytes or greater. The ICMPv6 “Packet too Big” error message determines the MTU path because nodes along the path will send this message to the sending hosts if the packet is larger than the outgoing MTU interface.
DHCPv6 is an updated version of DHCP that offers dynamic address assignment for version 6 hosts. DHCPv6 is described in RFC 3315 and provides the same functionality as DHCP; however, it offers more control by supporting renumbering without numbers.
IPv6 also features security mechanisms. Unlike IPv4, IPv6 natively supports IPSec (an open security framework) with two mechanisms: Authentication Header (AH) and Encapsulating Security Payload (ESP).
The following new routing protocols were developed for IPv6:
- Integrated IS-IS
- EIGRP for IPv6
- BGP4 multiprotocol extensions for IPv6
IPv4 to IPv6 Transition
Because IPv6 almost always comes as an upgrade to the existing IPv4 infrastructure, IPv6 design and implementation considerations must include different transition mechanisms between these two protocol suites. The IPv4 to IPv6 transition can be very challenging, and during the transition period, it is very likely that both protocols will coexist on the network.
The designers of the IPv6 protocol suite suggest that IPv4 will not disappear soon; rather, it will coexist with IPv6 in combined addressing schemes.
One of the most important IPv4 to IPv6 transition mechanisms involves tunneling, and this can be implemented in the following flavors:
- Static tunnels:
- GRE (default tunnel mode)
- IPv6IP (less overhead, no CLNS transport)
- Automatic tunnels:
- 6to4 (embeds IPv4 address into IPv6 prefix to provide automatic tunnel endpoint determination); automatically generates tunnels based on the utilized addressing scheme
- ISATAP (automatic host-to-router and host-to-host tunneling)
Figure 6.6 – IPv6 over IPv4 Tunneling
Analyzing Figure 6.6 above, an IPv4 island contains two dual-stack routers that run both the IPv4 and IPv6 protocol stacks. These two routers will be able to support the transition mechanisms by tunneling IPv6 inside IPv4. The two routers also connect to an IPv6 island. In order to carry IPv6 traffic between the two edge islands, a tunnel between the two routers encapsulates IPv6 packets inside IPv4 packets. These packets are sent through the IPv4 cloud as regular IPv4 packets, and they are de-encapsulated when they reach the other end. In this way, an IPv6 packet generated in the left side of the network reaches a destination in the right side of the network. As you can see, it is very easy to tunnel IPv6 inside IPv4 using dual-stack routers at the edge of an IPv4 infrastructure.
Static tunneling methods are generally used when dealing with point-to-point links, while dynamic tunneling methods are better for point-to-multipoint connections.
Network Address Translation Protocol Translation (NAT-PT) is another technology that can be utilized to transition to an IPv6 network. NAT-PT is often confused with NAT but it is a completely different technology. Simple NAT can also be used in IPv6 but this is very rare, because IPv6 offers a very large address space and private addresses are not necessary. NAT-PT is another translation mechanism that will convert IPv4 addresses to IPv6 addresses dynamically, and vice versa.
Another static tunneling technology is IPv6IP, which encapsulates IPv4 packets directly into IPv6. This is also called manual tunneling. Another type of static tunnel that you can create is a Generic Routing Encapsulation (GRE) tunnel that encapsulates the IPv6 packets within a GRE packet. GRE tunneling is necessary when using special applications and services, such as the IS-IS routing protocol for IPv6.
Dynamic tunnel types include the 6to4 tunnel, which is appropriate when a group of destinations needs to be connected dynamically utilizing IPv6. Intra-Site automatic Tunnel Addressing Protocol (ISATAP) is a unique type of host-to-router dynamic tunnel, unlike the previously mentioned tunneling techniques, which are router to router. ISATAP allows hosts to get to their IPv6 default gateway dynamically.
Note: ISATAP is a protocol that is obsolescent because almost all modern hosts and routers have native IPv6 support.
IPv6 Compared to IPv4
A network designer should have a very clear picture of the advantages IPv6 has over IPv4. The enhancements of IPv6 can be summarized as follows:
- IPv6 has expanded address space, from 32 bits (IPv4) to 128 bits.
- IPv6 uses hexadecimal notation instead of dotted-decimal notation (IPv4).
- IPv6 addresses are globally unique due to the extended address space, eliminating the need for network address translation.
- IPv6 has a fixed header length (40 bytes), allowing vendors to improve switching efficiency.
- IPv6 supports enhanced options (that offer new features) by placing extension headers between the IPv6 header and the Transport Layer header.
- IPv6 offers address auto-configuration, providing for dynamic assignment of IP addresses, even without a DHCP server.
- IPv6 offers support for labeling traffic flows.
- IPv6 has built-in security capabilities, including authentication and privacy via IPSec.
- IPv6 offers MTU path discovery before sending packets to a destination, eliminating the need for fragmentation.
- IPv6 supports site multihoming.
- IPv6 uses the ND protocol instead of ARP (IPv4).
- IPv6 uses AAAA DNS records instead of A records (IPv4).
- IPv6 uses site-local addressing instead of RFC 1918 (IPv4).
- IPv4 and IPv6 use different routing protocols.
- IPv6 provides for anycast addressing.
Efficiently assigning IP addresses to the network is a critical design decision, impacting the scalability of the network and the routing protocol that can be used. IPv4 addressing has the following characteristics:
- IPv4 addresses are 32 bits in length.
- IPv4 addresses are divided into various classes (for example, Class A networks accommodate more than 16 million unique IP addresses, Class B networks support more than 65 thousand IP addresses, and Class C networks permit 254 usable IP addresses). Originally, organizations applied for an entire network in one of these classes. Today, however, subnetting allows a service provider to give a customer just a portion of a network address space, in an attempt to conserve the depleting pool of IP addresses. Conversely, service providers can use supernetting (also known as Classless Inter-Domain Routing – CIDR) to aggregate the multiple network address spaces that they have. Aggregating multiple network address spaces into one reduces the amount of route entries a router must maintain.
- Devices, such as PCs, can be assigned a static IP address by hardcoding the IP address in the device’s configuration. Alternatively, devices can obtain an address dynamically from a DHCP server, for example.
- Because names are easier to remember than IP addresses, most public-accessible web resources are reachable by their name. However, routers must determine the IP address with which the name is associated to route traffic to that destination. Therefore, a Domain Name System (DNS) server can perform the translation between domain names and their corresponding IP addresses.
- Some IP addresses are routable through the public Internet, whereas other IP addresses are considered private and are intended for use within an organization. Because these private IP addresses might need to communicate outside the local network, Network Address Translation (NAT) can translate a private IP address into a public IP address. In fact, multiple private IP addresses can be represented with a single public IP address using NAT. This type of NAT is called Port Address Translation (PAT) because the various communication flows are identified by the port numbers they use to communicate with outside resources.
When beginning to design IP addressing for a network, the following aspects must be determined:
- The number of network locations that need IP addressing
- The number of devices requiring an IP address at each location
- Customer-specific IP addressing requirements (e.g., static IP addressing versus dynamic IP addressing)
- The number of IP addresses that need to be contained in each subnet (e.g., a 48-port switch in a wiring closet might belong to a subnet that supports 64 IP addresses)
A major challenge with IPv4 is the limited number of available addresses. A newer version of IP, specifically IPv6, alleviates this concern. An IPv6 address is 128 bits long, compared to the 32-bit length of an IPv4 address.
To make such a large address more readable, an IPv6 address uses hexadecimal numbers, and the 128-bit address is divided into eight fields. Each field is separated by a colon, as opposed to the four fields in an IPv4 address, which are separated by a period. To reduce the complexity of the IPv6 address further, leading 0s in a field are optional, and if one or more consecutive fields contain all 0s, those fields can be represented by a double colon (::). A double colon can be used only once in an address; otherwise, it would not be possible to know how many 0s are present between each pair of colons.
Some of the benefits offered by IPv6 include the following:
- IPv6 dramatically increases the number of available addresses
- Hosts can have multiple IPv6 addresses, allowing those hosts to multihome to multiple ISPs
- Enhancements to QoS, security, mobility, and multicast technologies
Unlike IPv4, IPv6 does not use broadcasts. Instead, IPv6 uses the following methods to send traffic from a source to one or more destinations:
- Unicast (one-to-one): Unicast support in IPv6 allows a single source to send traffic to a single destination, just as unicast functions in IPv4.
- Anycast (one-to-nearest): A group of interfaces belonging to nodes with similar characteristics (e.g., interfaces in replicated FTP servers) can be assigned an anycast address. When a host wants to reach one of those nodes, the host can send traffic to the anycast address and the node belonging to the anycast group that is closest to the sender will respond.
- Multicast (one-to-many): As with IPv4, IPv6 supports multicast addressing, where multiple nodes can join a multicast group. The sender sends traffic to the multicast IP address and all members of the multicast group receive the traffic.
The migration of an IPv4 network to an IPv6 network can take years because of the expenditures of upgrading equipment. Therefore, during the transition, IPv4-speaking devices and IPv6-speaking devices need to coexist in the same network. Consider the following solutions for maintaining both IPv4 and IPv6 devices in the network:
- Dual-stack: Some systems (including Cisco routers) can simultaneously run both IPv4 and IPv6, allowing communication to both IPv4 and IPv6 devices.
- Tunneling: To send an IPv6 packet across a network that uses only IPv4, the IPv6 packet can be encapsulated and tunneled through the IPv4 network.
- Translation: A device, such as a Cisco router, can be placed between an IPv4 network and an IPv6 network and translate between the two addressing formats.