8.

Le protocole IPv6
http://www.scoop.it/t/ipv6-training/
Franois-Emmanuel Goffinet Formateur IT 2013Q4

goffinet@goffinet, Protocole IPv6, CC-BY

Programme
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Pourquoi IPv6 ? Fondamentaux IPv6 Paquets IPv6 Reprsentations des adresses IPv6 Types dadresses IPv6 Dcouverte de voisinage et adresse automatique Plan dadressage IPv6 Routage IPv6 Gestion dadresses IPv6 (IPAM) Introduction la scurit IPv6 Manipulation de paquets Firewalling IPv6 IPSEC IPv6 Applications IPv6 Mthodes de transition
goffinet@goffinet, Protocole IPv6, CC-BY

Routage IPv6
Leon 8

goffinet@goffinet, Protocole IPv6, CC-BY

Routage
Chaque machine de l'intr-rseau dispose de sa table de routage, soit pour chaque entre :

Un rseau de destination et son masque une interface de sortie et une passerelle

Sous Windows : route print Sous GNU/Linux/MacOSX : netstat -r Sous Cisco IOS : show ipv6 route

Cette table sert encapsuler le paquet (L3) sur la liaison (L2) la plus proche de la destination.

Routeurs
Seuls les routeurs sont capables de transfrer les paquets d'une interfaces une autre. Les routeurs limitent les domaines de diffusion sur chacune de leur interface. Les routeurs changent entre eux des informations concernant les diffrentes destinations (des rseaux joindre) grce des protocoles de routage ou des entres statiques.

Topologie personnelle
Pour l quipe 0x200

goffinet@goffinet, Protocole IPv6, CC-BY

Topologie du lab

goffinet@goffinet, Protocole IPv6, CC-BY

Plan dadressage
quipe 0x100 0x200 0x300 0x400 0x500 0x600 0x700 Rseau rout 0x100::/56 (Rserv) 0x200::/56 0x300::/56 0x400::/56 0x500::/56 0x600::/56 0x700::/56 Fa0/1 WAN fe80::200/64 autoconfig fe80::300/64 autoconfig fe80::400/64 autoconfig fe80::500/64 autoconfig fe80::600/64 autoconfig fe80::700/64 autoconfig Fa0/0 LAN fe80::1/64 2001:470:7b6d:1lab::1/64 fe80::1/64 2001:470:7b6d:200::1/64 fe80::1/64 2001:470:7b6d:300::1/64 fe80::1/64 2001:470:7b6d:400::1/64 fe80::1/64 2001:470:7b6d:500::1/64 fe80::1/64 2001:470:7b6d:600::1/64 fe80::1/64 2001:470:7b6d:700::1/64 2001:470:7b6d:280::1/64 2001:470:7b6d:2ff::1/64 2001:470:7b6d:380::1/64 2001:470:7b6d:3ff::1/64 2001:470:7b6d:480::1/64 2001:470:7b6d:4ff::1/64 2001:470:7b6d:580::1/64 2001:470:7b6d:5ff::1/64 2001:470:7b6d:680::1/64 2001:470:7b6d:6ff::1/64 2001:470:7b6d:780::1/64 2001:470:7b6d:7ff::1/64

goffinet@goffinet, Protocole IPv6, CC-BY

Mthodologie
1. Configuration de linfrastructure physique
a. Connectique WAN et LAN b. Connectique console (pilotes, putty)

2. Configuration de la connectivit IPv4/IPv6 sur le routeur :

a. Remise zro de la configuration b. Configuration IPv4 c. Configuration IPv6

Connexion la console du routeur

Cble invers (roll-over) du port COM1 du PC au routeur sur le port console. Lancer un logiciel d'mulation de terminal (putty/hyperterminal) 9600 bauds

Navigation CLI
Passage en mode privlge >enable # Passage en mode de configuration globale #configure terminal (config)# Configuration dune interface (config)#interface FastEthernet 0/0 (config-if)# Passage aux modes infrieurs (config-if)#exit (config)#exit #
goffinet@goffinet, Protocole IPv6, CC-BY

Aide au CLI
Une aide est accessible via le point dinterrogation. Les commandes sauto-compltent avec la touche de tabulation. Lenvironnement indique lendroit dune erreur. Les commandes sabrgent si il ny pas dambigut. En cas dambigut, lenvironnement propose les choix. Par dfaut les logs apparaissent dans la console, pas en terminal distant. raccourcis clavier : on peut faire dfiler lhistorique des commandes avec les flches du haut et du bas, on peut revenir au mode privilge directement (CTRL-Z), etc. La commande do permet dexcuter une commande du mode privilge dans un autre mode.
goffinet@goffinet, Protocole IPv6, CC-BY

Navigation CLI
Toutes les commandes dadministration s excutent en mode privilge :
Commande IOS #show running-config Signification Visualise la configuration courante (RAM)

#show ip interface brief #show ipv6 interface brief #show ipv6 route #copy running-config startup-config #write memory

Visualise ltat des interfaces IPv4 Visualise ltat des interfaces IPv6 Visualise la table de routage IPv6 Enregistre la configuration courante Enregistre la configuration courante

goffinet@goffinet, Protocole IPv6, CC-BY

Vrification des interfaces

1. Accder au mode privilge :
Router>enable Router#

2. Vrifier les interfaces :

Router#show ip interface brief
Interface Protocol FastEthernet0/0 FastEthernet0/1 Vlan1 IP-Address OK? Method Status

unassigned unassigned unassigned

YES unset YES unset YES unset

administratively down down administratively down down administratively down down

Configuration IPv4
1. Configuration globale 2. Cl SSH 3. Configuration IPv4
a. b. c. d. e. LAN WAN (DHCP) IP Routing (DHCP) NAT DHCP LAN

4. Test de connectivit IPv4

goffinet@goffinet, Protocole IPv6, CC-BY

Configuration globale
conf t ! hostname 0xX00 enable secret mon_mot_de_passe ip cef ip domain name goffinet.org ! line vty 0 4 login local transport input ssh ! username root secret mon_mot_de_passe ! crypto key generate rsa

goffinet@goffinet, Protocole IPv6, CC-BY

Cl SSH
The name for the keys will be: 0xX00.goffinet.org Choose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 10 seconds) 0xX00(config)# *Dec 6 00:41:38.574: %SSH-5-ENABLED: SSH 1.99 has been enabled

goffinet@goffinet, Protocole IPv6, CC-BY

Connectivit IPv4
ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp pool LAN_IPv4 network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 dns-server 11.0.0.254 ! interface FastEthernet0/0 ip address 192.168.1.254 255.255.255.0 ip nat inside no shutdown ! interface FastEthernet0/1 ip address dhcp ip nat outside no shutdown ! ip nat inside source list 1 interface FastEthernet0/1 overload ! access-list 1 permit 192.168.1.0 0.0.0.255 ! end wr
goffinet@goffinet, Protocole IPv6, CC-BY

Test de connectivit IPv4

#ping Protocol [ip]: Target IP address: www.google.com Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 192.168.1.254 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose [none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 173.194.41.146, timeout is 2 seconds: Packet sent with a source address of 192.168.1.254 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/52 ms 0xX00#sh ip nat translations Pro Inside global global Inside local Outside local Outside 173.194.41.146:

icmp 11.0.0.120:1024 192.168.1.254:0 173.194.41.146:0 goffinet@goffinet, Protocole IPv6, CC-BY 1024

Configuration IPv6
Interface WAN IPv6 Interface LAN IPv6 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Interface WAN IPv6

interface FastEthernet0/1 ipv6 enable do sh ipv6 int brie ! ipv6 address FE80::X00 link-local do sh ipv6 int brie ! ipv6 address autoconfig do sh ipv6 int brie

goffinet@goffinet, Protocole IPv6, CC-BY

Interface LAN IPv6

interface FastEthernet0/0 ipv6 enable ipv6 address 2001:470:7B6D:200::1/64 ipv6 address FE80::1 link-local

goffinet@goffinet, Protocole IPv6, CC-BY

Routage IPv6
(config)#ipv6 unicast-routing (config)# ipv6 route ::/0 FastEthernet0/1 FE80::1

goffinet@goffinet, Protocole IPv6, CC-BY

Table de routage IPv6

#show ipv6 route IPv6 Routing Table - default - 10 entries Codes: C - Connected, L - Local, S - Static,NDp - ND Prefix S ::/0 [1/0] via FE80::1, FastEthernet0/1 NDp 2001:470:7B6D:1AB::/64 [2/0] via FastEthernet0/1, directly connected L 2001:470:7B6D:1AB::200/128 [0/0] via FastEthernet0/1, receive C 2001:470:7B6D:200::/64 [0/0] via FastEthernet0/0, directly connected L 2001:470:7B6D:200::1/128 [0/0] via FastEthernet0/0, receive
goffinet@goffinet, Protocole IPv6, CC-BY

2001:470:7B6D:201::/64 [0/0]

via Loopback0, directly connected L C 2001:470:7B6D:201::1/128 [0/0] via Loopback0, receive 2001:470:7B6D:2FF::/64 [0/0] via Loopback1, directly connected L L 2001:470:7B6D:2FF::1/128 [0/0] via Loopback1, receive FF00::/8 [0/0] via Null0, receive

Vrification du routage
#ping Protocol [ip]: ipv6 Target IPv6 address: www.google.com Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands? [no]: y Source address or interface: fastethernet0/0 UDP protocol? [no]: Verbose? [no]: Precedence [0]: DSCP [0]: Include hop by hop option? [no]: Include destination option? [no]: Sweep range of sizes? [no]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2A00:1450:4007:803::1014, timeout is 2 seconds: Packet sent with a source address of !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 136/276/408 ms 2001:470:7B6D:200::1

goffinet@goffinet, Protocole IPv6, CC-BY

Adresse IPv6 (1/2)

#show ipv6 interface f0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::C802:CFF:FE9D:8 No Virtual link-local address(es): Global unicast address(es): 2001:470:CBF7:200::1, subnet is 2001:470:7B6D:200::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 FF02::1:FF9D:8 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND RAs are suppressed (periodic) Hosts use stateless autoconfig for addresses.
goffinet@goffinet, Protocole IPv6, CC-BY

Adresses IPv6
#sh ipv6 interface f0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 No Virtual link-local address(es): Global unicast address(es): 2001:470:CBF7:200::1, subnet is 2001:470:7B6D:200::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND RAs are suppressed (periodic) Hosts use stateless autoconfig for addresses.
goffinet@goffinet, Protocole IPv6, CC-BY

Vrification terminale
Test de base IPv6 : ipconfig, netsh interface ipv6 , ping, tracert Firefox, plugin show IP, google, http://test-ipv6. com/, youtube, lesoir 1. Test Dual-Stack 2. Fixez ladresse IPv4 sans DNS IPv4 3. Dsactivez IPv4
goffinet@goffinet, Protocole IPv6, CC-BY

Quiz 8
Quiz sur la configuration du routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Routage OSPFv3
Routage inter-lan ? Configuration du routage global en spcifiant manuellement le router-id en format 32 bits dcimal point. (config)# router ospfv3 1 (config-router)# router-id 10.1.1.1 Ce nest pas sans consquences sur llection DR/BDR. Activation partir des interfaces (config)# interface fa0/1 (config-if)# ipv6 ospf 1 area 0 Diagnostic show ipv6 ospf show ipv6 ospf interface show ipv6 ospf neighbor

goffinet@goffinet, Protocole IPv6, CC-BY

Droits
Protocole IPv6 de goffinet@goffinet.eu est mis disposition selon les termes de la licence Creative Commons Attribution 4.0 International.
goffinet@goffinet, Protocole IPv6, CC-BY