Appendix D
This appendix contains the answers to the "Testing for Understanding" sections of Chapters 1 through 12.
Some of the problems are:
128-bit address length allows for a large public address space.
Better address aggregation results in small routing tables for Internet backbone routers.
IPv6 provides automatic configuration (even without DHCP).
Security (IPSec) is an implementation requirement.
Better support for QoS delivery using the Traffic Class and Flow Label fields.
IPv6 uses a combination of the Traffic Class field (to define a specific type of service) and the Flow Label field (which identifies that the packet requires special handling, even when the payload is encrypted).
IPv6 addresses are hierarchical and summarizable, leading to smaller routing tables.
The IPv6 address space removes the need for NATs, making end-to-end communication faster because no translation is needed.
The IPv6 header is designed for minimal overhead and optimal processing at intermediate routers.
IPv6 Neighbor Discovery (ND) replaces broadcast-based ARP with unicast and multicast ND messages. Common neighbor operations such as address resolution involve very few nodes.
IPv6 hosts are self-configuring and do not require a DHCP server to discover addresses and other configuration information. Host startup times are reduced.
Because each peer behind a NAT is represented by two addresses (a public address and a private address), peers cannot connect without manually configuring the NAT or relay address information about each other without making the peer-to-peer application NAT-aware.
You will be able to take advantage of a much larger address space.
You can get IPv6 address space in areas of the world that have very few available public IPv4 addresses.
It would restore true end-to-end communication without intermediate translation. Peer-to-peer applications can now connect without compensating for one or more NATs between peers.
IPv6 forwarding is more efficient and is address-scope aware.
6to4 allows automatic tunneling and unicast IPv6 connectivity between IPv6/IPv4 hosts across the IPv4 Internet.
ISATAP allows IPv6/IPv4 nodes within an IPv4 infrastructure of a site to use unicast IPv6 to communicate with each other and with nodes on an IPv6-enabled network, either within the site or the IPv6 Internet.
6over4 allows IPv6/IPv4 nodes to communicate using IPv6 unicast or multicast over an IPv4 multicast-enabled infrastructure with each other and with nodes on an IPv6-enabled network, either within the site or the IPv6 Internet.
PortProxy functions as a TCP proxy to facilitate the communication between nodes or applications that cannot connect using a common Internet layer protocol (IPv4 or IPv6).
For most hosts, no configuration is required because stateless address autoconfiguration automatically configures addresses, routes, and other settings. To manually configure the IPv6 protocol for the Windows .NET Server 2003 family, use the netsh interface ipv6 commands.
A Windows .NET Server IPv6 router advertises itself as a default router if it has a default route that is configured to be published.
HTTP: Both Internet Explorer and IIS are IPv6-enabled.
CIFS/SMB: Both the file- and printer-sharing client (the Workstation service) and server (the Server service) are IPv6-enabled.
Ipconfig.exe now displays both IPv4 and IPv6 configurations.
Route.exe now displays both IPv4 and IPv6 routing tables.
Ping.exe now uses both ICMPv4 Echo and ICMPv6 Echo Request messages and supports additional options for IPv6.
Tracert.exe now uses both ICMPv4 Echo and ICMPv6 Echo Request messages and supports additional options for IPv6.
Pathping.exe now uses both ICMPv4 Echo and ICMPv6 Echo Request messages and supports additional options for IPv6.
Netstat.exe now displays the IPv6 routing table and information about the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols.
The IPv6 address length is 128 bits so that it can be divided into hierarchical routing domains that reflect the topology of the modern-day Internet. The use of 128 bits, 64 bits for the subnet ID and 64 bits for the interface ID, allows for multiple levels of hierarchy and flexibility in designing hierarchical addressing and routing between the backbone of the IPv6 Internet and the individual subnets within an organization's site.
Global: 001
Link-local: 1111 1110 10
Site-local: 1111 1110 11
FEC0::1:2AA:0:0:7A or FEC0:0:0:1:2AA::7A. By convention, when there are multiple equal-length blocks of zeros that can be compressed, the left-most block is compressed.
In 3341::1:2AA:9FF:FE56:24DC, :: expresses 32 bits ((8 - 6) x 16).
In FF02::2, :: expresses 96 bits ((8 - 2) x 16).
A sending host uses a unicast address to send packets to a single interface (within the scope of the unicast address).
A sending host uses a multicast address to send packets to zero or more interfaces belonging to the multicast group (within the scope of the multicast address).
A sending host uses an anycast address to send packets to a single nearest interface belonging to the set of interfaces using the anycast address (within the scope of the anycast address).
All IPv4 broadcast addresses are replaced with IPv6 multicast addresses.
TLA ID - Top-Level Aggregation Identifier. The size of this field is 13 bits. The TLA ID identifies the highest level in the routing hierarchy. TLA IDs are administered by IANA and allocated to local Internet registries that, in turn, allocate individual TLA IDs to large, long haul ISPs.
Res - Eight bits that are reserved for future use in expanding the size of either the TLA ID or the NLA ID.
NLA ID - Next-Level Aggregation Identifier. The size of this field is 24 bits. The NLA ID allows an ISP to create multiple levels of addressing hierarchy within its network to both organize addressing and routing for downstream ISPs and identify organization sites.
SLA ID - Site-Level Aggregation Identifier. The SLA ID is used by an individual organization to identify subnets within its site. The size of this field is 16 bits.
Interface ID - Indicates the interface on a specific subnet. The size of this field is 64 bits.
Global: The IPv6 Internet
Site-local: A site, an organization network or portion of an organization's network that has a defined geographical location (such as an office, an office complex, or a campus)
Link-local: A single link
The global address and site-local address share the same structure beyond the first 48 bits of the address. In global addresses, the SLA ID field identifies the subnet within an organization. For site-local addresses, the Subnet ID field performs the same function. Because of this, you can create a subnetting infrastructure that is used for both site-local and global unicast addresses.
Flags - Indicates flags set on the multicast address. The size of this field is 4 bits.
Scope - Indicates the scope of the IPv6 network for which the multicast traffic is intended to be delivered. The size of this field is 4 bits.
Group ID - Identifies the multicast group and is unique within the scope. The size of this field is 112 bits. RFC 2373 recommends setting the 80 high-order bits to zero and using only the low-order 32 bits for the group ID.
The last 32 bits of an IPv6 multicast address map to the last 32 bits of an Ethernet multicast MAC address. By using only the last 32 bits of the IPv6 multicast address as the group ID, there is a one-to-one correlation between a multicast group ID and an Ethernet multicast MAC address.
Because the last 24 bits of the solicited-node multicast address either is based on the manufacturer ID portion of an IEEE 802 address or is randomly derived, the chances of two nodes on the same link having the same solicited-node multicast address is small. Therefore, because there is typically only one listener on a subnet for a given solicited-node multicast address, it is almost like using a unicast address.
Routers within the routing domain of the anycast address have host routes that provide information on the location of the nearest anycast group member. Routers outside the routing domain of the anycast address have a summary route that provides information on the location of the routing domain of the anycast address.
The result is the following subnetted network prefixes:
1 - FEC0:0:0:3D80::/61 | 2 - FEC0:0:0:3D88::/61 |
3 - FEC0:0:0:3D90::/61 | 4 - FEC0:0:0:3D98::/61 |
5 - FEC0:0:0:3DA0::/61 | 6 - FEC0:0:0:3DA8::/61 |
7 - FEC0:0:0:3DB0::/61 | 8 - FEC0:0:0:3DB8::/61 |
9 - FEC0:0:0:3DC0::/61 | 10 - FEC0:0:0:3DC8::/61 |
11 - FEC0:0:0:3DD0::/61 | 12 - FEC0:0:0:3DD8::/61 |
13 - FEC0:0:0:3DE0::/61 | 14 - FEC0:0:0:3DE8::/61 |
15 - FEC0:0:0:3DF0::/61 | 16 - FEC0:0:0:3DF8::/61 |
::E1C:9FF:FEA8:F9CE
FE80::E1C:9FF:FEA8:F9CE
FF02::1:FFA8:F9CE
::9
FE80::9
Assuming the RFC 2373 recommendation of using the last 32-bits of the multicast address as the multicast group ID, either FF05::A:4F11 (Transient flag set to 0) or FF15::A:4F11 (Transient flag set to 1).
Type of Address | Begins with ... |
---|---|
Link-local unicast address | FE80 |
Site-local unicast address | FEC0 |
Global address | 2 or 3 |
Multicast address | FF |
Link-local scope multicast address | FF02 or FF12 |
Site-local scope multicast address | FF05 or FF15 |
Solicited-node multicast address | FF02::1:FF |
IPv4-compatible address | :: |
IPv4-mapped address | ::FFFF |
6to4 address | 2002: |
In IPv6, the link layer performs bit-level error detection for the entire IPv6 packet.
There is no equivalent. The IPv6 header is always a fixed size of 40 bytes.
The Traffic Class field is equivalent to the IPv4 Type of Service field. The Flow Label field allows the flow—the series of packets between a source and destination with a non-zero flow label—to be identified by intermediate routers for non-default QoS handling without relying on upper-layer protocol stream identifiers such as TCP or UDP ports (which may be encrypted with ESP).
Fragmentable:
Authentication header - Needed only by final destination
ESP header and trailer - Needed only by final destination
Destination Options header (for final destination) - Needed only by final destination
Not fragmentable:
Hop-by-Hop Options header - Needed by every intermediate router
Destination Options header (for intermediate destinations) - Might be needed by intermediate destinations
Routing header - Might be needed by intermediate destinations
Fragment header - Not present prior to fragmentation
IPv6 packets sent to IPv4 destinations that undergo IPv6-to-IPv4 header translation may receive a path MTU update of less than 1,280. In this case, the sending host sends IPv6 packets with a Fragment header and a smaller payload size of 1,272 bytes. In the Fragment header, the Fragment Offset field is set to 0 and the More Fragments flag is not set. The Fragment header is included so that the IPv6-to-IPv4 translator can use the Identification field in the Fragment header to perform IPv4 fragmentation to reach the IPv4 destination.
TCP and UDP implementations must be updated to perform the checksum calculation that includes the new IPv6 pseudo-header when sending or receiving data over IPv6.
The link layer must provide a fragmentation and reassembly scheme that is transparent to IPv6.
The value of the Type field for error messages is in the range 0 to 127. (The high-order bit is set to 0.) The value of the Type field for informational messages is in the range 128 to 255. (The high-order bit is set to 1.)
Identifier, Sequence Number, Data
1,184 bytes (1,280 - 40 byte IPv6 header - 8 byte ICMPv6 header - 40 byte IPv6 header - 8 byte Fragment header)
If the Code field in the ICMPv6 Destination Unreachable message is set to 1, the packet was discarded by a firewall that is enforcing network policy. If the Code field is set to 3, a router could not resolve the link-layer address of the destination.
The maximum IPv4 packet size is 65,535 bytes, a number that can be expressed with 16 bits. To support IPv6 jumbograms, 32 bits are needed to express the MTU of the link.
If the 2 high-order bits in the Option Type field are set to 00, the option is ignored. If the 2 high-order bits in the Option Type field are set to 01, the packet is silently discarded.
A Source Quench message is sent to inform a sending host to lower its transmission rate when the router is congested. To minimize the processing of the router, the router should devote its processing and resources to clearing the congestion, and not creating and sending Source Quench packets.
ARP, Gratuitous ARP, ICMP Router Discovery, Redirect
Neighbor unreachability detection; ability to advertise changes in link-layer addresses and the node's role on the network; ability to advertise configuration parameters, address prefixes, and routes.
Router Solicitation: Source Link-Layer Address option
Router Advertisement: Source Link-Layer Address, Prefix Information, MTU, Advertisement Interval, Home Agent Information, Route Information options
Neighbor Solicitation: Source Link-Layer Address option
Neighbor Advertisement: Target Link-Layer Address option
Redirect: Redirected Header, Target Link-Layer Address options
The Length field is the number of 8-byte blocks in the entire Neighbor Discovery option.
[1280 - 40 (IPv6 header) - 40 (ICMPv6 Redirect message header)]/8 = 150
Set the MTU option on the router to advertise a 1,500-byte link MTU so that the ATM nodes do not send 9,180-byte IPv6 packets.
It is not included because the reply must be multicast to all nodes on the link, rather than unicast to the sender of the Neighbor Solicitation message.
Router Advertisement message:
Prefix Information option:
An unsolicited Neighbor Advertisement message is sent in response to a duplicate address detection Neighbor Solicitation and when either the link-layer address or the role of the node changes.
In Neighbor Advertisement messages, the Override flag is always set to 0. Duplicate address detection is not performed for anycast addresses.
The response is multicast because the sender of the Neighbor Solicitation message cannot receive unicast packets at the duplicated IPv6 address. The defending node always sends the response.
To prevent ND-based attacks from being launched from off-link nodes. The Hop Limit field for all traffic of an off-link node is always less than 255.
The Target Address field. The Target Address field updates the Next-hop Address field of the destination cache entry corresponding to the Destination Address field on the host that receives the Redirect message.
Pseudo-periodically and in response to a Router Solicitation message.
Host B receives no confirmation that Host A received and processed the Neighbor Advertisement sent by Host B.
It is set to the destination address of the IPv6 packet. The destination is considered to be on-link.
The IPv6 Router Alert option is used to ensure that routers process MLD messages that are sent to multicast addresses on which the router is not listening.
The Source Address field is set to the link-local address of the interface on which the message is being sent. If a Multicast Listener Report message is for a solicited-node multicast address corresponding to a unicast address for which duplicate address detection has not completed successfully, the source address is set to the unspecified address (::).
In the general query, the Destination Address field in the IPv6 header is set to the link-local scope all-nodes multicast address (FF02::1) and the Multicast Address field in the MLD message is set to the unspecified address (::). In the multicast-address-specific query, the Destination Address field in the IPv6 header and the Multicast Address field in the MLD message are set to the specific address being queried.
The link-local scope all-nodes multicast address (FF02::1)
Multicast Listener Query (both general and multicast-address-specific)
Valid Lifetime - Preferred Lifetime
It obtains them through manual configuration.
None.
If the EUI-64-derived link-local address is a duplicate, the IPv6 protocol for the Windows .NET Server 2003 family and Windows XP can continue with the receipt of a multicast Router Advertisement message containing site-local or global prefixes and automatically configure site-local or global addresses based on the EUI-64-derived interface ID or a temporary global address with a randomly-derived interface ID.
LAN interface: FE80::[EUI-64 interface ID], FEC0::29D8:[EUI-64 interface ID], 3FFE:FFFF:A3:29D8:[EUI-64 interface ID], 3FFE:FFFF:A3: 29D8:[random interface ID]
Automatic Tunneling Pseudo-Interface: FE80::5EFE:172.30.90.65
Loopback Interface: ::1, FE80::1
It is named the "AAAA" record because 128-bit IPv6 addresses are four times longer than 32-bit IPv4 addresses, which use a host (A) record.
With the Windows .NET Server 2003 family DNS Server service, you can type the IPv6 address as a single string and use double-colons to compress a block of zeros.
FEC0::C140:0:5EFE:172.30.90.65, 3FFE:FFFF:A3:C140::5EFE:172.30 .90.65
Address selection rules decide which type of address (IPv4 vs. IPv6) and the scope of the address (public vs. private for IPv4 and link-local vs. site-local vs. global vs. coexistence for IPv6), for both the source and the destination addresses for subsequent communication.
Based on the list of matching routes, the route that has the largest prefix length is chosen. If there are multiple longest matching routes, the router uses the lowest metric to select the best route. If there are multiple longest matching routes with the lowest metric, IPv6 can choose which routing table entry to use.
ICMPv6 Packet Too Big
The IPv6 MTU of the forwarding interface is lower than the size of the IPv6 packet being forwarded.
ICMPv6 Destination Unreachable-Address Unreachable
The neighboring destination node does not respond to Neighbor Solicitation messages being sent to resolve its link-layer address. Or, the packet is a ping-pong packet (a packet being sent to a destination address that does not exist on a point-to-point link).
ICMPv6 Time Exceeded-Hop Limit Exceeded in Transit
The Hop Limit field for a packet is less than 1 after decrementing it.
ICMPv6 Destination Unreachable-Port Unreachable
There is no application on the router listening on the UDP destination port (for packets sent to an address assigned to a router interface).
ICMPv6 Destination Unreachable-No Route to Destination
There is no matching route in the IPv6 routing table.
ICMPv6 Parameter Problem-Unrecognized IPv6 Option Encountered
The router processed an unrecognized option within a Hop-by-Hop Options or Destination Options (for intermediate destinations) extension header and the two high-order bits of the Option Type field were set to either 10 or 11.
Network Destination Gateway ----------------------- ------------- ::/0 FE80::2AA:FF:FE45:A431:2C5D FEC0:0:0:952A::/64 On-link FEC0:0:0:952C::/64 FE80::2AA:FF:FE45:A431:2C5D
The IPv6 node assumes that the destination is on-link (a neighbor) and attempts to send the packet. If a sending IPv4 node does not find a matching route in the IPv4 routing table, it indicates an internal forwarding error and does not attempt to send the packet.
IDRPv2 does not use a separate autonomous system identifier. IDRPv2 uses IPv6 prefixes to identify an AS or a routing domain confederation.
netsh int ipv6 set int 4 forw=enabled adv=enabled
netsh int ipv6 set int 5 forw=enabled adv=enabled
netsh int ipv6 add rou FEC0:0:0:1A4C::/64 4 pub=yes
netsh int ipv6 add rou FEC0:0:0:90B5::/64 5 pub=yes
With just these commands being run on the static router, will a host on the subnet FEC0:0:0:90B5::/64 have a default route? Why or why not?
No. In order for a static router running the IPv6 protocol for the Windows .NET Server 2003 family or Windows XP to advertise itself as a default router, it must have a default route that is configured to be published. For example, the command:
netsh int ipv6 add rou ::/0 6 FE80::2AA:FF:FE19:9B84 pub=yes
would add a publishable default route.
Migration is the equipping and configuration of all nodes to replace one protocol (IPv4) with another (IPv6). Coexistence is the allowance of both types of protocols to maintain connectivity; an advantage while migration is occurring.
To allow for the maximum amount of flexibility for organizations and the Internet to migrate from IPv4 to IPv6 when needed, without compromising existing connectivity.
It communicates by using an Application or Transport layer gateway or proxy that translates or proxies IPv4 traffic to IPv6 traffic, and vice versa. The PortProxy component of the IPv6 protocol for the Windows .NET Server 2003 family is an example of a Transport layer proxy.
An IPv4-compatible address is used to automatically tunnel IPv6 traffic across an IPv4 infrastructure. An IPv4-mapped address is used by an IPv6 implementation to internally represent IPv4-only hosts and IPv4 addresses.
No. The IPv6 protocol for Windows XP and the Windows .NET Server 2003 family includes a separate implementation of TCP and UDP and is known as a dual stack implementation.
For configured tunneling, the source and destination IPv4 addresses are determined from the manually configured tunnel endpoints.
For automatic tunneling, the source address is determined from the IPv4 address assigned to the interface that is forwarding the packets. The destination IPv4 address is derived from the next-hop address for the packet.
6to4 addresses have the following form:
2002:WWXX:YYZZ:[SLA ID]:[Interface ID]
in which WWXX:YYZZ is the NLA ID portion of a global address and the colon hexadecimal representation of a public IPv4 address (w.x.y.z) assigned to a site. The SLA ID and Interface ID are the same as defined for global addresses.
When a 6to4 router forwards an IPv6 packet with a 6to4 destination address using the 2002::/16 route, it encapsulates the IPv6 packet with an IPv4 header. In the IPv4 header, the source address is the IPv4 address of the sending interface and the destination address is the IPv4 address w.x.y.z.
157.60.43.90
6to4 is used to create a global address space based on an IPv4 public address (6to4 provides the first 64 bits of an IPv6 address). ISATAP is used to create interface identifiers based on assigned IPv4 addresses (ISATAP provides the last 64 bits of an IPv6 address). By combining 6to4 and ISATAP, you can use IPv6 to communicate across multiple IPv4 infrastructures.
When the host joins an IPv6 multicast group on a LAN interface, the IPv6 multicast address is mapped to an Ethernet multicast MAC address beginning with 33-33. This multicast address is added to the table of interesting destination MAC addresses on the Ethernet adapter.
Because the host is a 6over4 host, the IPv6 multicast address is mapped to an IPv4 multicast address. When the host joins an IPv4 multicast group on a LAN interface, the IPv4 multicast address is mapped to an Ethernet multicast MAC address beginning with 01-00-5E. This multicast address is added to the table of interesting destination MAC addresses on the Ethernet adapter.
By using 6to4, the ISP does not have to support native IPv6 routing. The ISP has to provide only IPv4 routing and the allocation of a single public IPv4 address to each customer.
Manual configuration - The home subnet prefix, home address, and the address of the home agent are manually configured, typically through a keyboard-based command, and are permanent until manually changed.
Pseudo-automatic configuration - The user has the option (typically through a button in the user interface of the operating system) to indicate to the IPv6 protocol that the node is now connected to the home link. Based on this indication, the IPv6 protocol stores the home subnet link prefix and home address and listens for additional router advertisements containing the Home Agent (H) flag.
Automatic configuration - The IPv6 node is always listening for router advertisements with the H flag set. Based on additional protocol or operating system parameters and the establishment of a security relationship with the home agent, the IPv6 node determines that it is on its home link.
When the binding cache entry for the mobile node is about to expire.
The home agent compiles the list of home agents from received Router Advertisement messages with the H flag set. The list of home agents is conveyed to the mobile node through the ICMPv6 Home Agent Address Discovery process.
The link layer indicated a media change or because the node received a router advertisement that contains a new prefix.
The mobile node sends the home agent the following types of packets:
The home agent sends the mobile node the following types of packets:
The mobile node sends the correspondent node the following types of packets:
The correspondent node sends the mobile node the following types of packets:
Although there are no packets sent directly between the correspondent node and the home agent, the home agent intercepts packets sent by the correspondent node to the mobile node's home address and tunnels them to the mobile node's care-of address.
In the IPv6 header, the source address is set to the sending node's care-of address and the destination address is set to the destination node's care-of address.
The Routing extension header contains the destination node's home address.
The Home Address option in the Destination Options header contains the source node's home address.
The mobile node sends a binding update to the home agent when it attaches to its first foreign link, changes to a new foreign link, returns home, or in response to a binding request.
The mobile node sends a binding update to a correspondent node when it receives a packet from the correspondent node that was tunneled from the home agent, changes care-of addresses and the correspondent node is in its binding update list, or in response to a binding request.
A mobile node determines it has returned home when it receives a router advertisement that contains its home prefix.
It does not perform duplicate address detection for its address. Instead, the mobile node informs the home agent that it has returned to the home link. After receiving a binding acknowledgment from the home agent, the mobile node then sends an unsolicited multicast Neighbor Advertisement message to the link-local scope all-nodes multicast address (FF02::1) with the Override (O) flag set to inform local hosts of the correct link-layer address for the mobile node's home address.