Cisco CCNA 200-301 – IPv6 Addressing and Routing Part 5

9. SLAAC Stateless Address AutoConfiguration

You’ll learn about Slack SLAAC that’s stateless address auto configuration in IPV six. Our normal hosts, like usually our desktop computers, can be assigned their IPV six addresses through either static addressing where the administrator goes on. Each host individually and manually puts an IP address on there, or through Dhcpv six, which is equivalent to DHCP and IPV four, or through Slack, which there is no equivalent for in IPV four. Our DHCP servers, if we’re using DHCP, track the Mac address to IP address assignments of the IP addresses that they have given out, so they’re keeping state information about the state of what IP addresses they gave out, what Mac address that maps to.

So that is stateful addressing with Slack, which is stateless address auto configuration. Hosts learn the Slash 64 subnet that their IPV six interfaces on from the local router that’s also on that link, and then the host uses that information to generate its own IPV six address, usually based on the Eui 64 address, similar to what we did with the routers earlier. However, modern operating systems don’t use that standardized Eui 64 method because that raises privacy concerns because PCs can be tracked by their Mac address.

So modern operating systems, like modern versions of Windows, use a different method to generate the 64 bit host portion of the address, which is completely randomized. The router. When you do this, when you’re using Slack, does not track which hosts have which IP address. It doesn’t track the IP address to Mac address mapping. So that is stateless addressing as opposed to the state full addressing when the IP addresses are given out by DHCP.

When a global unicast IPV six address is configured on a router interface, then router advertisements which advertise the 64 bit network portion of the address on that interface are sent out by the router. By default, it’s sent out using ICMP and it’s sent to the all nodes multicast address using the Interfaces link local address as the source address. So that gets sent out to everybody on the local link. So that’s how the hosts can learn what the network portion is on that link, and they can use that to generate their full 128 bit IPV six address. So if you use Slack, it means that your hosts can get their IP address without having to use a DHCP server as well as the router advertisements going out from the router.

Hosts can also send a router solicitation message to request that information as well as telling the hosts which subnet to generate their IP address on the router. Will also tell the hosts to use itself the router as the default gateway, but the original implementation did not support any information other than the default gateway address. I’ll speak about that a bit more in a second, but let’s first off see what happens here. So let’s say that we’re looking at PC one down in the bottom left corner on R one we’ve configured Interface Fast 20 facing the PC with IP address 2001 DB 80 zero double colon one. Soon as you configure that Global Unicast address on the router, it will start sending out router advertisements on that link, telling anybody who’s interested that the 64 bit network portion of the address there is 2001 DB 80 64.

So if PC One has been configured to automatically generate its address using Slack, it will learn the network portion of the address and then it will automatically generate the host portion. So that is how Slack works. The router will also tell PC One that, hey, I am 2001 DB 80 zero double colon one, use me as your default gateway. So when you first see this, you think, great, Slack is a brilliant idea. It means that we don’t have to use DHCP anymore, so it’s one less thing that can go wrong.

We don’t have a DHCP server there. Also we don’t need to configure it, and it’s a bit more efficient because it’s stateless as well. So that’s how it seems at first. But the problem, which is kind of unbelievable when you hear it, is that when Slack was designed, there’s no mechanism for giving out other information other than the router address. So the PC cannot learn its DNS server from slack. And obviously DNS is completely critical to networking. We need DNS for networking to work in modern networks. So you’re still going to need a DHCP server anyway. Now, there are some standards that are being put in place which will support this additional information, but there’s not really widespread support for that yet. So in practice, a DHCP server will still be required to give out additional information like the DNS server.

But if the IP address is assigned by Slack and the DNS server is assigned by DHCP, then that does still also result in a stateless configuration, because the DHCP server, it’s only just sending out the DNS information. It’s not tracking which IP address is mapped to which Mac address because it’s not giving out the IP addresses. Those are being learned by Slack. When a host is using Slack, it’s going to send a traffic out using a source address of colon. Colon colon is the unspecified address. So when a host is going to get its IP address from Slack or from DHCP, it’s going to be using that until it gets the normal IPV Six address on there.

Because colon colon is unspecified or unknown, it’s also used for our default static routes as well. So if you do an IPV Six route to zero, that’s equivalent to a route to the default route in IPV Four. Next thing to tell you about is Neighbor Discovery. Neighbor Discovery is the IPV Six version of IPV Four’s ARP, and it works in a very similar way. But rather than using ARP requests and replies, neighbor Discovery uses ICMP neighbor solicitations and neighbor advertisements. They’re basically the equivalent of ARP requests and replies. Neighbor solicitation messages are sent to the solicited node multicast address, which reaches all hosts on that subnet. Last thing to tell you about here is a command that we can use to verify our IPV Six neighbors, which is Show IPV Six neighbors. So we’re using the normal network topology that we’ve been using throughout the rest of this section. And if I go on R Two and do a Show IPV Six Neighbors, this is when we haven’t generated any traffic to Global Unicast addresses yet.

So let’s go back a slide, and you’ll see that those Global Unicast addresses, beginning 2001, DB Eight, Colon zero, they have been configured on the routers right now, but we’re not generating any traffic with them yet. So when we do the Show IPV Six neighbors have done that on R Two, you’ll see that it discovers the link local addresses on R One and R Three, because the routers are going to be constantly sending out some traffic using those link local addresses as the source address. But it won’t discover the Global Unicast addresses until it actually sees some traffic from there.

So if I go onto R two when I first did a shoe, IPV six addresses, it doesn’t see R one’s global Unicast address. But if I then ping R One’s Global Unicast address to generate some traffic, and then I do a shoe IPV Six neighbors, you can see down at the bottom in the diagram here, but it can see the link local address on R One, it can see the link local address on R Three. And it does also report the Global Unicast address on R One as well now, because we had some traffic going to it. Okay, so that was it for this lecture. One more lecture to do in this section where we’ll take a look at access control lists in IPV Six. See you for that in the next lecture.

10. IPv6 Static Routes

You’ll learn about connected, local and static routes for IPV Six. IPV Six routing works pretty much exactly the same way as it does for IPV Four. But IPV Four routing and IPV Six routing are separate processes, and they each have their own separate routing table. So if a router receives an IPV Four packet, meaning it’s got an IPV Four addresses the destination, it will route it according to its IPV Four routing table. And if that same router receives an IPV Six packet, it will get routed according to its IPV Six routing table. Now obviously for a router to be able to route IPV Six traffic, it needs to have IPV Six enabled. So it needs to have IPV Six unicast routing, it needs to have its own IPV Six addresses, and it needs to have the IPV Six routes in its routing table.

The IPV Four and IPV Six routing tables are built in exactly the same way through static routes or via dynamic routing protocols like Rape, EIGRP and OSPF. All of those dynamic routing protocols support both IPV Four and IPV Six as well. IPV Four routing is enabled by default on a Cisco iOS router, but IPV Six routing is not. So you have to turn it on. The way that you do turn it on is with the command IPV Six Unicast Routing. Now, if you forget to put that command on there, you can still configure IPV Six addresses on the routers interfaces, and it will be able to communicate with hosts that are on those same subnets. But if a host tries to send IPV Six traffic through the router, the router won’t forward it. So this can be confusing, because the host will be able to ping the router, the router might be able to ping whatever on the other side. But if you don’t have IPV Six unicast routing enabled, the router is not going to forward the traffic. So whenever you’re configuring IPV Six on a router, that should be the first command that you put in.

The connected and local routes, just like everything else, work the same way in IPV Six as they do in IPV four. So you see in the example configuration here, we’ve got a geostat router, meaning that it’s running IPV Four and IPV Six at the same time. You don’t need to do that if you’re running IPV Six. So you could have a router with IPV Four only, or you could have a router with IPV Six only, or you can have a router running both IPV Four and IPV Six. When you do that, it’s called a dual stack router. So the way we can do that is like you see in the example here on Interface Fast Ethernet. We’ve configured an IPV Four address, that’s IP address 1010 one One, and we’ve also configured an IPV Six address on that interface 2001 DB 80 One DOUBLECOOL Eleven, which is the standard 64. And we’ve also configured an IPV four and an IPV six address on Fast Ethernet 20.

As usual, when we are configuring IPV Four, the command starts with just IP like IP address. When we’re configuring IPV Six, it starts with IPV Six. Like IPV Six address. So we’ve got those IP addresses configured on the interfaces. When you do that, it will automatically enter a connected and a local route for those interfaces into the routing table. So what I’m going to do in this sections, we’ll look at IPV Four first as a refresher, and then we’ll compare that with how things will look with IPV Six. So we’ve configured our interfaces with IPV Four and IPV Six. We then do a Show IP route and that will show us the IPV Four routing table. And you can see we’ve got entries that match the interfaces we just configured. I have a connected route for 1010 24 out interface Fast 20, and a connected route for 1010 interface Fast Zero from iOS 15. The router will also add on local routes as well. Local routes always have a 32 mask, so I can see 10100 132 on Fast 20 and Ten 1132 on Fast Zero.

The reason we can see both connected and local routes, the reason that this was added is that it allows us to see the fuel configuration on the interface. From a Show IP route command, I can see the connected route is 1010 24 and the matching local route is 1010 132. So I know that the IP address on the interface is 1010 124. Okay? So that was for IPV Four. The same example to see the IPV Six routing table is of course Show IPV Six route, and we’ll have similar entries in here as well. So I’ve got my two connected routes which match the IPV Six addresses that I added, and my two local routes as well. IPV Six uses a 128 bit address, so the local routes will show up as 128. So I’ve got my connected route for 2001 DB Eight doublecolon 64 on Fast Ethernet 20, and my other connector route, 2001 DB 80.

One doublecolon 64 is on Fast Zero, and I can see my 128 local routes there as well. If a router receives traffic for a network which it is not directly attached to, it needs to know how to get there in order to forward the traffic. So like you just saw, whenever we configure an IP address on the interface, the router is directly attached to those networks and those routes will be automatically added into the routing table. But if it wants to get to a network that it is not directly attached to, it needs to know how to get there. So as an administrator, you can manually do that by adding a static route to that destination, or the router can learn it via a routing protocol like Grip, OSPF, EIGRP, BGP and ISIS.

So let’s have a look at an example of adding static routes. I’ve got R Two on the left, which is connected to the ten networks, so it doesn’t need routes added for them. But the 1024 and the 100 224 networks are behind R One. So R Two is going to need to have routes added to get to those networks behind R One. Similarly, R One will need to have a route added to get to the ten one O 24 network, which is behind R Two. So I add the routes on R One. I’ve got IP route ten 10 255-255-2550 for the subnet mask, and the next top address is 100 Two, which is the interface that is on R Two that R One can reach directly. Then for my routes going back in the other direction, I’m going to have IP routes for 100 10 and ten 20 both with a 24 bit mask on R Two, where the next top is R One at 100 one. So you know that already. That’s how we do it in IPV Four. For IPV six, obviously it’s going to be very similar. So here on R One, we need to add a route to the 2001 DB 80 zero network, which is behind R Two. So in IPV four. It’s IP route. In IPV six, we say IPV six route.

So we’ve got IPV, six route 2001, colon DB eight. And I don’t need to put in the zero and zero because remember when we’ve got a contiguous bank of zeros, we can just say colon colon there. So we say 2001 colon DB eight, colon colon, meaning that all the rest of the fields are zero 64. And then the next hop address is R Two at 2001 DB 80 one, double colon two. So that’s the route on R One. To get to the network behind R two. I’m also going to need a couple of routes on R Two to get to the networks behind R One. So I say IPV six route on R two, 2001 DB eight two. And another route for 2001 DB 8364. And the next hop address is R One. At 2001 DB 80 one, double colon one. Okay, so that’s how we add our static routes. Just like with IPV four. We can also do summary and default routes in IPV Six as well. Looking at how we do it in IPV Four first. So the routes here are on R One. I’ve got a summary route here up at the top. So you see the networks beginning with ten dot one. I’ve got ten dot one. Dot one is between R four and R three. And ten dot one dot O is between R Three and R two.

R One is not directly connected to those networks, so it’s going to need a route to get there. I could do that by adding two separate routes. I could have a route for Ten, another route for ten 1124, but I can summarize that to ten one o 16, and then that will encompass both networks. So I can do it by just adding one route rather than adding multiple routes. So my command there is IP route ten, dot one dot o do 0255 dot two five five dot o dot o. And the next hop address is on R two@ten. o, dot o dot two. I also need a normal route for IP route ten, dot one, dot three dot o, which is between R four and R five. I use a 24 bit masclare 252-5250. And the next top address is R five at 100 three two. Then we’ll see that R one is also connected out to the Internet. So I want a default static route for all traffic that’s not on the inside is going to go out to the Internet.

The command for that is IP route o dot o dot o dot o dot o dot o dot o means it’s a default static route. And the next hop address in this example is 203 dot O dot 1132. That is the router out at our service provider. So that’s how we do it in IPV four. It’s similar scenario for IPV six. So here I’m going to do my summary route first. So you see all the networks beginning with 2001 DB 80 are available along the top path through R two. So that will cover my network between R three and R four, and my network between R two and R three. Rather than adding separate 64 routes for 2001 DB eight one and 2001 DB 802, I can add a 48 route for everything beginning with 2001 DB 80. So I say IPV six route, 2001 DB 80 double 48. So that’s going to cover everything beginning with 2001 DB 80. And the next hop address is 2001 DB 80, double colon two, which is on R two.

I also need a route for the network between R four and R five. So I say IPV six route, 2001 DB eight one one double colon slash 64. So this is not a summary route. The next hop address is R five at 2001 DB eight one, double colon two. And I’m also going to add a default static route here as well. So to do that in IPV six, it’s IPV six route doublecolon zero. That is the equivalent of order, order, order o in IPV four. And the next top address is that my service provider. That’s 2001 DB eight three double call on two. Okay, so that was our connected route, our local route, static route, summary routes, the default static route for IPV six. Next up, we’re going to take a look at how to actually configure this with a lab exam.

11. IPv6 Static Routes Lab Demo

Learn about unique local and link local IPV six addresses. We’ll start off with unique local. Those are similar to IPV Four RFC 1918 private Addresses. So ten x one 7216 to one 7231 x and 192168 got x. The private addresses, they are not publicly reachable. They are assigned from the range FC zero double seven, and as always, hosts should be assigned 64 addresses. So that’s it for our unique local addresses, not so much to tell you about them, they’re pretty simple, there’s more to tell you about the link local addresses. So link local addresses are valid for communications on their particular link only. They cannot send traffic out to another link they’re assigned from the range feat a double colon ten to Feb zero doublecolon ten. And again, as always, host should be assigned 64 addresses. So that might seem a bit confusing for now. So let’s have a look and see what we mean by link local and not being able to send traffic off their own link.

In the example here in the diagram, we’ve got routers A, B and C, and they’re all connected to the same network segment through the switch on the left. On that segment, Router A has been assigned IP address feata 64 is this link local address on that interface. Router B is FEA double colon two and router C is Fe eight a double colon three. There’s also another link here as well, which is going between B and D. B and D have also got link local addresses on that link. B is Feat double colon four and D is Feat double colon five. Now, because these are link local addresses, FEA double colon one, feat double colon two and FEA double colon three. On that link between routers A, B and C they can communicate with each other and FEA double call on four and FEA double call on five. On the link between routers B and D they can communicate with each other as well, but feata double colon one, double colon two and double colon three, do not have any connectivity to FDA double colon four or FDA double colon five.

So link local addresses you can send and receive traffic from them, but it’s only valid on that local link, it will not get routed out another interface on the other side of a router. So you may be thinking, well, why am I ever going to use the link local addresses if it can only send traffic on their local link? They can be used for communications which should not be forwarded beyond the local link like routing protocol, hello packets and updates. And the link local addresses are mandated on your Cisco router interfaces if IPV six is enabled on them, so they’re mandatory, and the link local addresses are automatically generated with Eui 64 addresses whenever you enable IPV six on an interface, but that automatically generated EU six. Eui 64 address can be overridden by manually configuring a link local address on there. So let’s see how this works.

The example here, we’ve got a new router which has got no IPV six configuration yet. So we do our Show IPV six interface brief and we see that we’ve got no addresses. We then configure our Global Unicast addresses on this router. So first up, IPV six unicast routing to enable IPV six routing on the router. Then on interface fast Zero, we say IPV six address 2001 DB 80 one, double call on one. So that’s a global, unicast address. And we’ve also put a Global Unicast address on interface Fast 20. If we then do a Show IPV six interface brief, I can see on fast Zero I’ve got that Global Unicast address that I just configured, 2001 DB 80 one, double colon one. And the router has also automatically generated a link local address on that interface as well.

It’s given it the IPV six link local address Fe 80 double colon C eight, L one two, FFF Fe 24 and also on interfacefast 20 because we configured a Global Unicast address on there, the router has also automatically configured a link local address on there. You can easily see which are the linked local addresses because they begin with Feat notice on interface fast 10 and 30 there is no link local address on there because IPV six was not enabled on those interfaces yet.

The link local addresses are valid only in the local link as we covered before. So you can use the same address on multiple interfaces because it’s unique at the interface level. It doesn’t can create a conflict if you use the same address on a different interface. So you can see that here on our one we’ve got IPV six address feat double colon one, link local on fast Zero and we’ve also configured it on Fast 20 as well. You can also see here how to configure the link local address manually. If you do this, it will override having the Eui 64 address. So this can be useful if you want to have a more logical fixed link local address on your router. Now, let’s talk about multiple addresses on our interfaces. It’s different in IPV four than it is in IPV six. You see, in our example here, we’ve gone on to R one and an interface fast zero slash zero. I’ve said IP address ten dot ten dot ten dot one, it’s a slash 24 and then I hit enter and then I configure IP address 19216 810 124.

Well, if you now do a show run, you can see that the IP address on the interface is 19216 810 one. When we entered the second IP address, it wrote over the first IP address. So if you configure multiple IPV four address commands on a router IPV four, it’s the latest one that will take effect. The older ones will be removed. If you do want to have multiple IPV four addresses on an interface on a router. The way you do that is you can see down at the bottom interface fast zero, IP address 170 216 124. And then I use the secondary keyword. That will allow you to have two IPV four addresses on an interface. But the maximum that you can have is two. If you do configure this, then you see the example here. We’ve got IP address 19216 810 one is the primary, and 170 216 one is the secondary.

Whenever you send traffic from the router itself and it’s sourced from that interface, it will use the primary IP address. It’s not normal to configure secondary IPV four addresses. This is very rarely done. Okay? So that’s how it works in IPV four. You can have a maximum of two IP addresses on an interface, and to do that, you have to use the secondary keyword. It’s different in IPV six. In IPV six you can have multiple IPV six addresses on the same interface on a router, and it’s quite happy for you to do that. So you see the example here, we’ve got an interface fast zero.

I’ve got IPV six address Fe 80 double colon one, and I save out to the Link Local address. Then IPV six address 2001 DB 80 zero doublecollon one and IPV Six address, 2001 DB 80 one, doublecollon one. And if this was an IPV four, the second one would have overwritten the first one. But an IPV six, we do a show run interface faster stratego, and I can see that all of my IP addresses are on there. So I’ve got IPV six Address Feat, double colon One, Link Local, and I’ve also got the 2001 DB eight, double colon one, and the 2001 DB 80 one, double colon one. So you can see it will take multiple IP addresses. You can also see from the example here as well that on that same interface, I’ve also got my IPV four addresses on there too. So that will work just fine.

This is a dual stack router, meaning that it’s running both IPV four and IPV six. If a packet comes into the router which has got an IPV four destination address, it will use its IPV four routing. If a packet comes in with an IPV six destination address, then it will use its IPV six routing. Whether it’s going to be IPV four or IPV six depends on the application on the end host, it’s sending traffic through the router. Okay, so to summarize our multiple IPV six addresses, link Local addresses are mandatory on IPV six enabled interfaces. Global Unicast and Unique local addresses are optional. You can have multiple addresses on the same interface and one link local address for routing protocol traffic, and one Global Unicast address for normal routing is typical on your routers. Okay, so that was our other types of addresses. In the next lecture, we’ll take a look at this with a lab demo.