Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
82 Cards in this Set
- Front
- Back
|
What are the two parts of IPV6 address?
|
In IPv6, as in IPv4, unicast addresses have a two-level network:host hierarchy (known in IPv6 as the prefix and interface ID) that can be separated into these two parts on any bit boundary in the address.
|
|
|
Address Type/ Range / Application
Aggregatable global unicast multicast anycast link-local unicast solicited-node multicast |
Address Type/ Range / Application
Aggregatable global unicast/ 2000::/3 / host to host communication multicast / FF00::/8 / one to many and many to many communication anycast / same as unicast / application-based, including load balancing, optimizing traffic for a particular service, and redundancy. link-local unicast / FE80::/10 / connected-link communications solicited-node multicast / FF02::1:FF00:0/104 / neighbors solicitation |
|
|
Break down the 128 bits of an IPv6 aggregatable global unicast address.
|
First 3 bits (001), prefix meaning aggregatable global unicast.
Next 45 bits represent the global routing prefix. Last 16 bits are the Site Level Aggregator or subnet ID. Last 64 bits make up the interface ID. |
|
|
Define link-local addresses
|
link-local addresses are used on a data link or multiaccess network, such as a serial link or an Ethernet network. Because they are link-local in scope, they are guaranteed to be unique only on that link or multiaccess network. Each interface type, gets a link-local address when IPv6 is enabled on that interface.
Interface ID portion is derived using the modified EUI-64 format. |
|
|
When you enable IPv6, routers automatically?
How do you reconfigure this automatic thing? |
Routers automatically configure a link local IPv6 address on all IPv6-enabled interfaces. However, you can configure the link local address with the following command. (Note the the link-local keyword to designate the address type.)
Stengel(config-if)# ipv6 address fe80::1 link-local |
|
|
What is the first command to enter to use IPv6?
|
ipv6 unicast-routing
|
|
|
Talk about a multicast receiver.
|
A multicast receiver is known as a group member, because it joins the m/c group to receive traffic. m/c addresses in IPv6 has no specific format.
|
|
|
IPv6 m/c takes the place
|
of ipv4 broadcast, there is no broadcast in IPv6.
|
|
|
Talk about address format of IPv6 m/c address
|
Address begin with FF00::/8. FF takes up the first octet.
The second octet specifies the lifetime and scope of the m/c group. Each using 4 bits. Lifetime can be permanent (0000) or temporary (0001). Scope can be any of the following node (0001) link (0010) site (0101) organization (1000) global (1110) |
|
|
Well known IPv6 m/c addresses
function / m/c group / ipv4 equivalent all host all routers ospfv3 routers ospfv3 designated routers EIGRP routers PIM routers |
all hosts / ff02::1 / subnet broadcast address
all routers / ff02::2 / 224.0.0.2 OPSFv3 routers / FF02::5 / 224.0.0.5 OSPFv3 DRs / FF02::6 / 224.0.0.6 EIGRP routers / FF02::A / 224.0.0.10 PIM routers / FF02::D / 224.0.0.13 |
|
|
The all nodes m/c group of which...
All routers must join ... All routers must join ... |
all IPv6 hosts are members.
the all routers m/c address the solicited node-group for each of its unicast and anycast addresses. format is FF02::1:FF00:0000/104 |
|
|
Talk about the format for a solicited node m/c address
For example, a unicast address of 2001:1AB:2003:1::CBAC:DF01 has a corresponding solicited-node multicast address of... |
The format for solicited-node multicast addresses is
FF02::1:FF00:0000/104 Note that all but the last 24 bits of the address are specified by the /104 prefix. Solicited-node addresses are built from this prefix concatenated with the low-order 24 bits (128 – 104 = 24) of the corresponding unicast or anycast address. For example, a unicast address of 2001:1AB:2003:1::CBAC:DF01 has a corresponding solicited-node multicast address of FF02::1:FFAC:DF01 |
|
|
Talk about anycast addresses
|
Anycast addresses can be assigned to any number of hosts that provide the same service; when other hosts access this service, the specific server they hit is determined by the unicast routing metrics on the path to that particular gorup of servers.
There is no address pool for anycast, once an address is assigned to more than one host, it becomes an anycast address by definition. Because anycast addresses cannot be used to source traffic, a router must know if one of its interface IPv6 addresses is an anycast address. So you must use anycast keyword, ie ipv6 address 2001:fffe::104/64 anycast |
|
|
What is subnet router anycast address
|
All IPv6 routers additionally must support the subnet router anycast address. This anycast address is a prefix followed by all 0s in the interface ID portion of the address. Hosts can use a subnet router anycast address to reach a particular router on the link identified by the prefix given in the subnet router anycast address.
|
|
|
What is the unspecified address?
|
This address, is simply :: . this is always a source address used by an interface that has not yet learned its unicast address. Cannot be assigned to an interface and can not be a destination address.
|
|
|
What is stateful autoconfiguration, stateless autoconfiguration, and EUI-64 for address assignment
|
Stateful - assigns a host or router its entire 128-bit IPv6 address using DHCP.
stateless - dynamically assigns the host or router interface a 64-bit prefix, and then the host or router derives the last 64 bits of its address using the EUI-64 process. |
|
|
Describe how you make an EUI-64 address
|
put FFEE in middle of mac address, then set the 7th bit in the MAC to a 1. to indicate global scope.
|
|
|
What does the Neighbor Discovery protocol do generally?
|
ND uses ICMPv6 messages and solicited-node m/c addresses for its core function, which center on discovering and tracking other IPv6 hosts on connected interfaces. ND is also used for address autoconfiguration.
|
|
|
What are the major roles of IPv6 ND
stateless.. duplicate... router... prefix... parameter... neighbor... neighbor... neighbor... |
■ Stateless address autoconfiguration (detailed in RFC 2462)
■ Duplicate address detection (DAD) ■ Router discovery ■ Prefix discovery ■ Parameter discovery (link MTU, hop limits) ■ Neighbor discovery ■ Neighbor address resolution (replaces ARP, both dynamic and static) ■ Neighbor and router reachability verification |
|
|
ND uses five message types
Message Type/ Information Sought/ Source Address/ Destination Address/ ICMP type code Router Advertisement (RA) |
Router advertisement (RA) / Routers advertise their presence and link prefixes, MTU and hop limits / FF02::1 for periodic broadcasts, address of querying host for responses to an RS / 134,0
|
|
|
ND uses five message types
Message Type/ Information Sought/ Source Address/ Destination Address/ Router solicitation (RS) |
Router Solicitation (RS) / hosts query for the presence of routers on the link / address assigned to querying interface, if assigned, or :: if not assigned / FF02::2 / 133,0
|
|
|
ND uses five message types
Message Type/ Information Sought/ Source Address/ Destination Address/ Neighbor solicitation (NS) |
Neighbor solicitation (NS) / hosts query for other nodes’ link layer addresses. Used for duplicate address detection and to verify neighbor reachability / address assigned to querying interface, if assigned, or :: if not assigned / solicited-node m/c address or the target node’s address if known / 135,0
|
|
|
ND uses five message types
Message Type/ Information Sought/ Source Address/ Destination Address/ Neighbor advertisement (NA) |
Neighbor advertisement (NA) / sent in response to NS messages and periodically to provide information to neighbors / configured or automatically assigned address of originating interface / address of node requesting the NA or FF01::1 for periodic advertisements / 136,0
|
|
|
ND uses five message types
Message Type/ Information Sought/ Source Address/ Destination Address/ Redirect |
Redirect / sent by routers to inform nodes of better next-hop routers / link-local address of originating node/ source address of requesting node / 137.0
|
|
|
What is the purpose of neighbor advertisements?
|
IPv6 nodes send NA messages periodically to inform other hosts on the same network of their presence and link-layer addresses
|
|
|
What is Neighbor Solicitation (NS)?
What are three operations that use NS messages? 1. Duplicate … 2. Neighbor… 3. Layer 3… what is the response to NS message, what does NS replace? |
IPv6 nodes send NS messages to find the link-layer address of a specific neighbor.
1. Duplicate address detection 2. Neighbor reachability verification 3. Layer 3 to Layer 2 address resolution (as a replacement for ARP) Response to NS is NA, replaces ARP. |
|
|
A Cisco IPv6 router begins sending … when the ipv6 unicast-routing command is configured.
|
Sending RA messages for each of its configured interface prefixes. You can change the default RA interval (200 seconds) using the command ipv6 nd ra-interval. Router advertisements on a given interface include all of the 64-bit IPv6 prefixes configured on that interface. RAs also include the link MTU, hop limits, and whether a router is a candidate default router.
|
|
|
By default, a Cisco router running IPv6 on an interface advertises itself as a …
If you want to hide a router completely... |
Candidate default router. If you do not want a router to advertise itself as a default candidate, use the command ipv6 nd ra-lifetime 0. By sending RAs with a lifetime of 0, a router still informs connected hosts of its presence, but tells connected hosts not to use it to reach hosts off the subnet.
If you want to hide a router completely, use ipv6 nd suppress-ra command. |
|
|
At startup, what do hosts send…
|
Router Solicitation (RS) messages to the all-routers m/c address. Hosts do this to learn the addresses of routers on a given link, as well as their various parameters, without waiting for a periodic RA message. If a hot has no configured IPv6 address, it sends an RS using the unspecified address as the source. If it has a configured address, it sources the RS from the configured address.
|
|
|
Why is there duplicate address detection and how does it work?
What is the motiviation for DAD? |
To verify that an autoconfigured address is unique, the host sends an NS message to its own autoconfigured address’s corresponding solicited-node m/c address. This message is sourced from the unspecified address, :: In the Target Address field in the NS is the address that the host seeks to verify as unique. If an NA from another host results, the sending host knows that the address is not unique. This process is used for statically configured and autoconfigured addresses.
Motivation is ... IPv6 DAD is a function of neighbor solicitation. When a host performs address autoconfiguration, it does not assume that the address is unique, even though it should be because the seed 48-bit MAC address used in the EUI-64 process should itself be globally unique. |
|
|
What are the two ways a node confirms reachability
1. A host sends a … 2. A host, in communicating |
1. A host sends a probe to the desired host’s solicited-node m/c address and receives an RA or an NA in response.
2. A host, in communicating with desired host, receives a clue from a higher-layer protocol that two-way communication is functioning. One such clue is a TCP ACK. |
|
|
ICMPv6 messages into two groups
1. … 2. … |
1. Error reporting
2. Informational |
|
|
To conserve bandwidth, ICMPv6 mandates…
|
Configurable rate limiting of ICMPv6 error messages. The method can be by limiting bandwidth to a percentage or times. IOS supports the rate limiting by setting the minimum interval between error messages and allows credit to build using a token bucket.
|
|
|
To limit ICMPv6 error messages, use the command…
|
Ipv6 icmp error-interval, default interval is 100ms and default token-bucket size is 10 tokens. With this configuration, a new token (up to a total of 10) is added to the bucker every 100 ms. Beginning when the token bucket is full, a maximum of 10 ICMPv6 error messages can be sent in rapid succession. Once the token bucket empties, the router cannot send any additional ICMPv6 error messages until at least one token is added to the bucket.
|
|
|
How do you configure IPv6 unicast RPF and what does it do?
|
The command ipv6 verify unicast reverse-path on an interface, the router will perform a recursive lookup in the IPv6 routing table to verify that the packet came in on the correct interface. If this check passes, the packet in question is allowed through, if not the router drops it.
You can specify an access list with the command to limit the addresses you want to check against. |
|
|
How do you see details of IPv6 on a neighbor with CDP?
|
Show cdp neighbors detail
|
|
|
What are the two conditions that can cause a host to use DHCPv6.
1. The host is … 2. An IPv6 router advertises… |
1. The host is explicitly configured to use DHCPv6 based on an implementation-specific setting.
2. An IPv6 router advertises in its RA messages that it wants hosts to use DHCPv6 for addressing. Routers do this by setting the M flag (Managed Address Configuration) for RAs. |
|
|
To use stateful autoconfiguration a host sends a DHCP request to…
|
One of two well-knwn IPv6 m/c addresses on UDP port 547:
a. FF02::1:2, all DHCP relay agents and servers b. FF05::1:3, all DHCP servers The DHCP server then provides the necessary configuration information in reply to the host on UDP port 546. |
|
|
What are the steps to make a Cisco router a DHCPv6 server?
|
First configure a DHCP pool, then specifically enable the DHCPv6 service using the ipv6 dhcp server pool-name interface command.
|
|
|
Key differences between access-list behavior for IPv4 and IPv6.
1. Because Neighbor Discovery … 2. When IPv6 access lists are … 3. IPv6 access lists are always… 4. IPv6 access lists are configured… |
You should be aware of a few key differences between access-list behavior for the two network layer protocols, however:
■ Because Neighbor Discovery is such a key protocol in IPv6, access lists implicitly permit ND traffic. This is necessary to avoid breaking ND’s ARP-like functionality. You can override this implicit-permit behavior using deny statements in IPv6 access lists. ■ When IPv6 access lists are used for traffic filtering, the command syntax differs from that for IPv4. To configure an interface to filter traffic using an access list, use the ipv6 traffic-filter access-list-name {in | out} command. ■ IPv6 access lists are always named; they cannot be numbered (unless you use a number as a name). ■ IPv6 access lists are configured in named access-list configuration mode, which is like IPv4 named access-list configuration mode. However, you can also enter IPv4-like commands that specify an entire access-list entry on one line. The router will convert it to the correct configuration commands for named access-list configuration mode. |
|
|
Static routing in IPv6 works almost exactly as it does in IPv4, but with several twists:
1. An IPv6 static route to… 2. An IPv6 static route to … 3. Floating static routes work … 4. An IPv6 static route to a … |
An IPv6 static route to an interface has a metric of 1, not 0 as in IPv4.
■ An IPv6 static route to a next-hop IP address also has a metric of 1, like IPv4. ■ Floating static routes work the same way in IPv4 and IPv6. ■ An IPv6 static route to a broadcast interface type, such as Ethernet, must also specify a nexthop IPv6 address IPv6 does not use ARP, there is no concept of proxy ARP for IPv6. A next-hop router will not proxy for a destination that is off the subnet. Static routes must specify the next-hop IP address where you have a broadcast interface as next hop. |
|
|
Two key aspects of configuring OSPFv3 and EIGRP
1. In each of these IPv6 unicast routing protocols … 2. In router configuration mode… |
■ In each of these IPv6 unicast routing protocols, enabling the protocol for a particular network in Cisco IOS is performed by issuing the appropriate ipv6 interface configuration command. The command format, detailed in the “Foundation Summary” section at the end of the chapter, is ipv6 {eigrp | ospf | rip} followed by the necessary keywords and arguments.
■ In router configuration mode, where the bulk of configuration is done for IPv4 routing protocols, IPv6 routing protocols require less configuration. The global configuration is also more intuitive because most of the configuration that is interface- or network-specific is done in interface configuration mode. |
|
|
Key differences between OSPFv2 and OSPFv3: 1 - 4
1. Configured using … 2. Advertising multiple networks… 3. OSPFv3 RID… 4. Flooding scope … |
Key differences between OSPFv2 and OSPFv3 include these:
■ Configured using interface commands—Cisco IOS enables OSPFv3 using interface subcommands, instead of using the OSPFv2 method (using the network command in router configuration mode). To enable OSPFv3 process ID (PID) 1 and area 2 on a given interface, the basic command is simply ipv6 ospf 1 area 2. Issuing this command also creates the ipv6 router ospf 1 command in global configuration mode. ■ Advertising multiple networks on an interface—If multiple IPv6 addresses are configured on an interface, OSPFv3 advertises all of the corresponding networks. ■ OSPFv3 RID must be set—OSPFv3 can automatically set its 32-bit RID based on the configured IPv4 addresses, using the same rules for OSPFv2. However, if no IPv4 addresses are configured, OSPFv3 cannot automatically choose its router ID. You must manually configure the RID before OSPFv3 will start. By comparison, an OSPFv2 router ID is created automatically if any IP interfaces are configured on a router. ■ Flooding scope—The scope for flooding LSAs is one of three specific types in OSPFv3: — Link-local scope—Used by the new LSA type, Link LSA. — Area scope—For LSAs flooded throughout a single OSPFv3 area. Used by Router, Network, Inter-Area Prefix, Inter-Area Router, and Intra-Area Prefix LSA types. — AS scope—LSAs of this type are flooded throughout the routing domain; this is used for AS External LSAs. |
|
|
Key differences between OSPFv2 and OSPFv3: 5 - 9
5. Multiple instances per link 6. Terminology… 7. Sources packets from … 8. Authentication… 9. Networks in .... |
■ Multiple instances per link—OSPFv3 supports multiple instances on a link. For example, suppose you have four routers on an Ethernet segment: routers A, B, 1, and 2. You want routers A and B to form adjacencies (become neighbors), and routers 1 and 2 to become neighbors, but you do not want routers A and B to form neighborships with routers 1 and 2. OSPFv3 supports this type of adjacency scoping. The range of instance numbers is 0–255, and the command format on the interface is, for example, ipv6 ospf 1 area 0 instance 33. The instance must match on all routers that are to become adjacent on a link.
■ Terminology—OSPFv3 uses the term link for what OSPFv2 calls a network. ■ Sources packets from link-local addresses—With the exception of virtual links, OSPFv3 uses link-local addresses for all communications between neighbors and sources packets from linklocal addresses. On virtual links, OSPFv3 sources packets from a globally scoped IPv6 address. ■ Authentication—OSPFv2 natively supports three authentication types: null, simple password, and MD5. OSPFv3, however, does not itself provide authentication, because IPv6 covers this requirement with its internal support for AH and ESP protocols. ■ Networks in LSAs—Whereas OSPFv2 expresses networks in LSAs as [address, mask], OSPFv3 expresses networks in LSAs as [prefix, prefix length]. The default router is expressed with a prefix length of 0. |
|
|
OSPFv3 has two additional LSA types, what are they and what do they do?
|
LSA type 8, link LSA – advertises link-local address and prefix(es) of a router to all other routers on the link, as well as option information. Sent only if more than one router is present on a link. The scope is the link.
LSA type 9, Intra-Area Prefix LSA – performs one of two functions: 1. Associates a list of IPv6 prefixes with a transit network by pointing to a Network LSA, 2. Associates a list of IPv6 prefixes with a router by pointing to a Router LSA. The scope is the Area. |
|
|
When configuring Frame Relay with the IPv6 address on a physical interface or multipoint subinterface, …
What is a pneumonic to remember this? |
The OSPF network type defaults to “non broadcast”, which requires the use of a neighbor command
Ipv6 ospf neighbor 3003::1 emember that NBMA OSPF peers require neighbor statements is the saying, “nonbroadcast needs neighbors.” |
|
|
The configuring of frame-relay map statements is much the same in IPv6, but there is a twist…
What happens if you don't account for this twist? |
It requires two map statements instead of just one. One map statement points to the link-local address and the other points to the unicast address of the next-hop interface. Only the link-local mapping statement requires the broadcast keyword (which actually permits m/c as IPv6 has no broadcast)
If you configure only the link-local mapping, OSPFv3 will be happy; the neighbors will come up, the routers will become fully adjacent, and their routing tables will fully populate. However, when you try to send IPv6 traffic to a network across the Frame Relay cloud, it will fail because of Frame Relay encapsulation failures |
|
|
Steps to configure OSPFv3
1. Identify the … 2. Determine the OSPF … 3. Identify any special … 4. Configure OSPF … 5. Configure routing… 6. Verify OSPF … |
Step 1 Identify the desired links connected to each OSPFv3 router.
Step 2 Determine the OSPF area design and the area to which each router link (interface) should belong. Step 3 Identify any special OSPF routing requirements, such as stub areas, address summarization, LSA filtering, and virtual links. Step 4 Configure OSPF on the interfaces. Step 5 Configure routing process commands, including a router ID on IPv6-only routers. Step 6 Verify OSPF configuration, routing tables, and reachability. |
|
|
How is OSPv3 authentication generally different?
|
OSPFv3 uses IPv6’s native authentication support rather than implementing its own authentication mechanisms.
|
|
|
How do you enable OSPFv3 authentication?
How do you enable OSPFv3 encryption? |
Ipv6 ospf authentication
Ipv6 ospf encryption Note that these are interface commands. Note that ESP provides both encryption and authentication. Note that AH and ESP are part of the IPSec protocol and you must configure IPSec security policies to use them. |
|
|
Three key things for OSPFv3 authentication and encryption
1. OSPFv3 can use… 2. OSPFv3 can use… 3. OSPFv3 authentication and encryption can … |
Here are three key things to know about OSPFv3 authentication and encryption:
■ OSPFv3 can use AH for authentication. ■ OSPFv3 can use ESP for authentication and encryption. ■ OSPFv3 authentication and encryption can be applied per area or per link (interface); per-link configuration is more secure because it creates more layers of security. |
|
|
What is the general housekeeping that must be done for IPv6 EIGRP?
|
A routing process needs to be defined and enabled (no shutdown) and a router ID (in 32-bit IPv4 address format) to be manually assigned using the router-id command, both of which must be done in IPv6 router configuration mode before the IPv6 EIGRP routing process can start.
|
|
|
Some differences with IPv4 EIGRP and IPv6 EIGRP
1. Configured on … 2. Must no shut… 3. Router ID… 4. Passive interfaces … 5. Router filtering … 6. Automatic summariztion .. 7. Cisco IOS support…. |
■ Configured on the interface—As with OSPFv3 (and RIPng), EIGRP advertises networks based on interface commands rather than routing process network commands. For example, the command to enable IPv6 EIGRP AS 100 on an interface is ipv6 eigrp 100.
■ Must no shut the routing process—When EIGRP for IPv6 is first configured on an interface, this action creates the IPv6 EIGRP routing process on the router. However, the routing process is initially placed in the shutdown state, and requires a no shutdown command in router configuration mode to become active. ■ Router ID—EIGRP for IPv6 requires a 32-bit router ID (a dotted-decimal IPv4 address) to be configured before it starts. A router does not complain about the lack of an EIGRP RID, however, so remember to configure one statically when doing a no shutdown in the routing process. ■ Passive interfaces—IPv6 EIGRP, passive interfaces are configured in the routing process only. That is, no related configuration commands are required on the interface. ■ Route filtering—IPv6 EIGRP performs route filtering using only the distribute-list prefixlist command. IPv6 EIGRP does not support route filtering through route maps that call distribute lists. ■ Automatic summarization—IPv6 EIGRP has no equivalent to the IPv4 (no) auto-summary command, because there is no concept of classful routing in IPv6. ■ Cisco IOS support—EIGRP for IPv6 is supported in Cisco IOS beginning with Release 12.4(6)T. |
|
|
How do you filter routes in IPv6 EIGRP?
|
IPv6 EIGRP uses prefix lists for route filtering. To filter routes from EIGRP updates, configure an IPv6 prefix list that permits or denies the desired prefixes. Then apply it to the EIGRP routing process using the distribute-list prefix-list name command.
|
|
|
Basic steps for configuring IPv6 EIGRP
1. Enable… 2. Configure … 3. In the EIGRP … 4. Issue the … 5. Use the relevant… |
Step 1 Enable IPv6 unicast routing.
Step 2 Configure EIGRP on at least one router interface. Step 3 In the EIGRP routing process, assign a router ID. Step 4 Issue the no shutdown command in the EIGRP routing process to activate the protocol. Step 5 Use the relevant show commands to check your configuration. |
|
|
What are the six combinations of IPv6 routing protocol redistribution?
|
RIPng (from one process to another)
OSPFv3 (from one process to another) IPv6 EIGRP (from one AS to another) IPv6 EIGRP to OSPFv3 and vice versa IPv6 EIGRP to RIPng and vice versa OSPFv3 to RIPng and vice versa |
|
|
four points of IPv6 route redistribution
Redistribution is configured... Redistribution can be used to. Within the redistribution process.. Redistributing into IPv6 EIGRP or RIPng ... |
consider these points:
Redistribution is configured as part of the routing process of the destination routing protocol. Redistribution can be used to apply tags, manipulate metrics, and can include or exclude (filter) routes. Within the redistribution process, route maps can be applied that call access lists or prefix lists, or to perform other actions. Redistributing into IPv6 EIGRP or RIPng requires setting a specific metric for the redistributed routes for redistribution to work, as shown in the previous EIGRP configuration examples. If you’re comfortable working with IPv6 addresses, IPv4 prefix lists and access lists, you’ll find IPv6 route redistribution to be straightforward. |
|
|
What QoS features are not available for IPv6 in Cisco routers?
1. 2. 3. 4. 5. |
1. NBAR
2. Compressed Real Time Protocol 3. Committed Access Rate 4. PQ 5. CQ |
|
|
Major differences in Classification, marking, and Queuing for IPv6 versus IPv4
a. Because IPv6 access lists… b. The match ip rtp command … c. The match cos and set cos… d. The matc cos and set cos… |
• Because IPv6 access lists cannot be numbered, but rather must be named, Cisco IOS does not support the match access-group xxx command. Instead it supports the match access-group name command.
• The match ip rtp command identifies only IPv4 RTP transport packets. There is no equivalent for matching RTP packets in IPv6. • The match cos and set cos commands for 802.1Q interfaces support only CEF-switched packets. They do not support process-switched or router-originated packets. • The match cos and set cos commands do not support ISL interfaces, even for CEF-switched packets. |
|
|
IPv6 traffic shaping difference.
|
s that IPv6 traffic shaping uses flow-based queuing by default, but you can use class-based WFQ to manage congestion if you choose. Cisco IOS also supports CB Policing, Generic Traffic Shaping (GTS), and FRTS for IPv6.
|
|
|
Summary of Tunneling Methods
Tunnel Mode / Topology and Address Space / Applications |
Automatic 6to4 / point-to-multipoint; 2002::/16 addresses / connecting isolated IPv6 island networks
Manually configured / point to point; any address space; requires dual-stack support at both ends / carries only IPv6 packets across IPv4 networks IPv6 over IPv4 GRE / point to point; unicast addresses; requires dual-stack support at both ends / carries IPv6, CLNS, and other traffic ISATAP / point to multipoint; any m/c addresses / intended for connecting IPv6 hosts within a single site Automatic IPv4 compatible / point to multipoint, ::/96 address space; requires dual-stack support at both ends / deprecated, use ISATAP instead |
|
|
Basic steps for configuring a tunnel
1. Ensure … 2. Create the tunnel… 3. Select a tunnel… 4. For nonautomatic tunnel types… 5. Configure the tunnel… 6. Configure the tunnel… |
Step 1 Ensure end-to-end IPv4 reachability between the tunnel endpoints.
Step 2 Create the tunnel interface using the interface tunnel n command. Step 3 Select a tunnel source interface and configure it using the tunnel source interface {interface-type-number | ip-address} command. Step 4 For nonautomatic tunnel types, configure the tunnel destination using the tunnel destination {ip-address | ipv6-address | hostname} command. To use the hostname argument, DNS or local hostname-to-IP-address mapping is required. Step 5 Configure the tunnel IPv6 address (or prefix, depending on tunnel type). Step 6 Configure the tunnel mode using the tunnel mode mode command. |
|
|
Cisco IOS tunnel modes and destinations
Tunnel type / tunnel mode / destination Manual Gre over IPv4 Automatic 6to4 ISATAP Automatic IPv4 compatible |
Manual / ipv6ip / any IPv4 address
GRE over IPv4 / gre ip / an IPv4 address Automatic 6to4 / ipv6ip 6to4 / automatically determined ISATAP / ipv6ip isatap / automatically determined Automatic IPv4-compatible / ipv6ip auto-tunell |
|
|
Automatic IPv4 Compatible Tunnels talk about them
|
This type of tunnel uses IPv4-compatible IPv6 addresses for the tunnel interfaces. These addresses are taken from the ::/96 address space. That is, the first 96 bits of the tunnel interface addresses are all 0s, and the remaining 32 bits are derived from an IPv4 address. These addresses are written as 0:0:0:0:0:0:A.B.C.D, or ::A.B.C.D, where A.B.C.D represents the IPv4 address. The tunnel destination for an IPv4-compatible tunnel is automatically determined from the loworder 32 bits of the tunnel interface address. To implement this tunnel type, use the command tunnel mode ipv6ip auto-tunnel in tunnel interface configuration mode. IPv4-compatible IPv6 addressing is not widely deployed and does not conform to current global usage of the IPv6 address space. Furthermore, this tunneling method does not scale well. Therefore, Cisco recommends using ISATAP tunnels instead of this method,
|
|
|
IPv6 over IPv4 GRE tunnels provide two options that other tunnel types do not
|
Encapsulating traffic over than IPv6 and support for IPSec. Designed for point to point operations.
|
|
|
Automatic 6to4 tunnels are inherently…
|
Point-to-multipoint in nature. Treat underlying IPv4 network as an NBMA cloud. In automatic 6to4 tunnels, the tunnel operates on a per-packet basis to encapsulate traffic to the correct destination. Tunnels determine the appropriate destination address by combining the IPv6 prefix with the globally unique destination 6to4 border router’s IPv4 address, beginning with 2002::/16 prefix in this format.
2002:border-router-IPv4-address::/48 |
|
|
Cisco IOS supports how many automatic 6to4 tunnels on a given router
What is the extra step for this type of tunnel? |
One.
Providing for routing the desired packets over the tunnel. |
|
|
ISATAP tunnels treat the underlying network…
ISATAP develops its addressing scheme using this format |
Like an NBMA cloud. Support point-to-multipoint operation natively and determine destination on a per-packet basis.
[64-bit link-local or global unicast prefix]:0000:5EFE:[IPv4 address of the ISATAP link] The ISATAP interface identifier is the middle part of the address, 0000:5EFE. |
|
|
What is the unique aspect of ISATAP address portion?
What is the unique aspect for the tunnel interfaces? |
It must be configured to derive the IPv6 address using the EUI-64 method. EUI-64 addressing in a tunnel interface differs from EUI-64 on a nontunnel interface in that it derives the last 32 bits of the interface ID from the tunnel source interface’s IPv4 address. This method is necessary for ISATAP tunnels to provide a mechanism for other tunnel routers to independently know how to reach this router.
By default, tunnel interfaces disable router advertisements (RA). However, RAs must be enabled on ISATAP tunnels to support client autoconfiguration. Enable RAs on an ISATAP tunnel using the no ipv6 nd suppress-ra command. |
|
|
NAT-PT works by performing
|
A sort of gateway function at the IPv4/IPv6 boundary. At that boundary, NAT-PT translates between IPv4 and IPv6. This method permits IPv4 hosts to communicate with IPv6 hosts and vice versa without the need for those hosts to run dual protocol stacks.
|
|
|
Multicast receivers must inform…
|
Their local subnet m/c router that they want to receive m/c traffic. Hosts perform this signaling using a protocol known as Multicast Listener Discovery or MLD, which is based on IGMP and performs the same tasks as IGMP does in IPv4 networks. MLD also uses ICMPv6 messages in its operation.
|
|
|
In IPv6, routers act as MLD …
|
Queriers to determine which hosts want to receive traffic for a particular m/c group. Hosts are receivers, including routers, that want to receive that m/c traffic. MLD hosts send report messages to MLD queriers to inform them of their desire to receive that m/c traffic.
|
|
|
In Cisco switches, MLD snooping
|
MLD snooping provides the same functionality as IGMP snooping for IPv4. It provides information to the switch about which connected hosts are members of a particular m/c group so that the switch can make decisions about whether, and on which interfaces, to allow traffic for that group to flow through the switch.
|
|
|
What modes of PIM does IPv6 support?
|
Sparse mode and source-specific m/c (SSM). PIM for IPv6 does not support dense mode. Requires Rendezvous Point (RP) to be statically defined at the RP router.
|
|
|
What is MLD explicitly tracking help with? How is it configured?
|
Explicit tracking allows a multicast router to track the behavior of hosts within the IPv6 network. This feature also supports the fast-leave mechanism in MLDv2, which is based on the same feature in IGMPv3. Explicit tracking is disabled by default; you can enable it on an interface by using the command ipv6 mld explicit-tracking access-list-name.
|
|
|
With IPv6 PIM, how do routers learn of the RP?
|
However, other PIM-SM routers can learn about the RP using embedded RP support. This feature works by embedding information about RPs in MLD report messages and PIM messages. Routers then watch for the RP for each multicast group and use that RP for all PIM-SM activities. You can statically override embedded PIM information by specifying RPs on a per-group basis.
|
|
|
How does IPv6 accomplish Source Specific Multicast?
|
Source-specific PIM is derived from PIM sparse mode. It is more efficient than sparse mode. In sparse mode, a PIM Join message from a host results in sending traffic from all multicast sources toward that receiver. SSM instead uses the (S,G) model from the start to deliver multicast traffic to a particular group member from only one source, which the joining host specifies, rather than from all multicast senders for that group. SSM requires MLDv2 to operate, because MLDv1 messages do not contain the required information to support SSM. However, SSM mapping supports MLDv1 hosts by either DNS or static hostname-to-IPv6 address mappings. This allows routers to look up the source of a multicast stream when they receive an MLDv1 Join message.
This feature permits extending SSM to MLDv1 hosts, in keeping with SSM’s concept of maximizing multicasting efficiency. SSM mapping must be enabled globally on a router by using the ipv6 mld ssm-map enable command. SSM mapping uses DNS by default. Disable DNS lookup for SSM mapping by using the no ipv6 mld ssm-map query dns command. Specify static mappings by using the ipv6 mld ssm-map static access-list-name source-address command. |
|
|
What is the issue with RPF and tunnels with IPv6? How do you overcome it, what is the command?
|
Just as in IPv4, multicast routing fundamentally builds its routing table based on the unicast routing table. Before any multicast traffic can be routed, that traffic must pass the router’s RPF check. That is, it must have arrived on the interface that the router’s unicast routing table indicates is the correct path back toward the traffic source.
For tunnels, in particular, the RPF check can cause problems. If multicast traffic arrives over a tunnel instead of the physical interface over which the unicast routing table indicates that traffic should have arrived, then the router will discard that traffic. To prevent this behavior, you can configure static multicast routes to instruct the router as to which interface the traffic should arrive on. This will allow the RPF check to pass. In IPv6, unicast and multicast static routes use the same command, ipv6 route, but with different options. For example, if you expect all multicast traffic on a router to arrive over the tunnel0 interface, configure the static multicast route as follows: StewPerry (config)# ipv6 route ::/0 tunnel 0 multicast |
|
|
Protocol / Standard
IPv6 Addressing Architecture IPv6 Specification IPv6 Global Unicast Address Format Neighbor Discovery for IPv6 IPv6 Stateless Address Autoconfiguration |
4291
2460 3587 4861 4862 |
|
|
Protocol / Standard
Source Address Selection for Multicast Listener Discovery (MLD) Protocol Multicast Listener Discovery Version 2 (MLDv2) for IPv6 IPv6 Scoped Address Architecture ICMPv6 for the IPv6 Specification Stateless IP/ICMP Translation Algorithm (SIIT) |
3590
3810 4007 4443 2765 |
|
|
Protocol / Standard
Network Address Translation-Protocol Translation (NAT-PT) Generic Packet Tunneling in IPv6 Specification Transition Mechanisms for IPv6 Hosts and Routers Connection of IPv6 Domains via IPv4 Clouds Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) |
4966
2473 4213 3056 5214 |
|
|
Protocol / Standard
DNS Extensions to Support IPv6 DNS Extensions to Support IPv6 Address Aggregation and Renumbering DHCPv6 IPv6 Prefix Options for DHCPv6 OSPF for IPv6 IAB/IESG Recommendations on IPv6 Address Allocation to Sites |
3596
2874 3315 3633 5340 3177 |
