Friday, December 02, 2005

IPv6 - The Practical

For people who want a free IPv6 address space, you can go for the IPv6 tunnel broker, this is one of my preferred tunnel broker - BT Exact. What I really like is that it cooks well with my DSL connection of which detecting the changes of my dynamic IP and notify me, hence it's FREE with term and conditions.
However here I will show IPv6 in LAN and the usage of IPv6. Let's acknowledge myself not a expert of IPv6 and currently trying to understand it, so what's make IPv6 difference than IPv4?


1. 128 bits address

2. Address is presented in 32 Hex numbers

3. No broadcast, instead utilize multicast

4. Security Oriented

5. Eliminate classful

There are more to mentionned, however here's the few points I want to make, when IPv4 was invented, they are not considering security as an issue, instead they are more concentrating on network issue. Nobody ever think of IPv4 address space will be exhausted that fast since 2^32 is a huge number.
Now I will show ping6 in IPv6 LAN, the ping for IPv6. Clearly enough making use of IPv6 is fun since ssh, apache, dns and all those services that are protocol independent working well in the IPv6 Environment.

Since it's in the LAN, so we are most likely tinkering with IPv6 over ethernet, so normally you will be able to query or connecting to link-local address. The link-local address of lnc0 is fe80::20c::29ff:fe81:c986, you might notice the %lnc0 behind it, it indicates the scope-id. You will have to specify scope-id as well while using ping6 in the LAN or site-local address, this is not neccesary when you are trying to ping IPv6 glocal address.
Scope-id is the interface index for the interface to which the link-local address is assigned. Link-local address starts with the prefix of fe80, and the suffix(last 64bits) or we call it interface identifier is using MAC address. However since MAC address is only 48 bits, it splits into two part, the oui of MAC address(first three octets) becomes the company id, the fourth and fifth octets of the are set to the fixed value FFFE hexadecimal, and the last three octets is added behind it. So you might see MAC address of 00:0c:29:81:c9:86 to be 20c:29ff:fe81:c986, remember 0 is always been suppressed.
Ping6 is good in diagnosing IPv6 problem, you might see I'm pinging ff02::1, for who are not familiar with IPv6, ff02::1 is the link-local all-node multicast address, it will reach every node in the network link, doesn't it sounds like broadcast :]
You might see the result indicate there's a duplicate packets, this is normal when you are doing multicasting since all of the nodes replying to same request, however if you have duplicated packets when doing unicast, there's something wrong with your hardware or misconfiguration.
You will also see I unable to ping and getting error message of udp connect: network is unreacheable when I'm not pinging with scope-id.
Ping6 -f is a flooding ping and it requires root priviledge to run, I just putting it here for fun.
For people who curious how a single node discovers the other nodes in the ethernet network with the command of ping6 -W ff02::1, it is actually sending a packet with ICMPv6 Node Information Query(type 139 Code 0), all other nodes that receving the Node Information Query will reply with the packet of ICMPv6 Node Information Reply(type 140 Code 0) together with the dns label(hostname) such as trinity.

There are more to learn about IPv6, however one should learn IPv4 before learning IPv6 since foundation is the most important thing. Learning new stuff is always fun.

My ip is ::1, don't hack me :P

No comments: