march-18.jpg

IPv4 the Hard Way, IPv6 Made Easy

Among my many IPv6 roles, I am a cohost – along with Ed Horley and Tom Coffeen – of the IPv6 Buzz Podcast available through Packet Pushers. We recently recorded an episode of IPv6 Buzz with Rick Graziani.  Rick is a Computer Science (CS) and Computer Information Systems (CIS) instructor at Cabrillo College, an adjunct faculty member at the University of California Santa Cruz, and a long-time Cisco Networking Academy curriculum contributor.  Rick is also the author of the popular Cisco Press book titled “IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6”.  He teaches his students about Internet networking, both IPv4 and IPv6.  His students get to compare and contrast the two Internet Protocols as they learn them both for the first time.  By comparison, many veteran network engineers working in the industry learned IPv4 first, then learned IPv6 much later (if at all).

 

But this got me to thinking: How would our perspective change if we learned IPv6 first, then IPv4 second?

 

IPv4: The Struggle is Real

Typically, IPv4 is what we have all learned when beginning our careers as network engineers and IT professionals.  One of the “rites of passage” on the way to being a seasoned network engineer is to master IPv4 subnetting.  The process of breaking down larger blocks of IPv4 addresses into smaller “subnets” to be assigned to network interfaces can be a tedious and complicated process.  Network engineers get “initiated” by engaging in the activity of bit-fiddling with the 32 bits of the IPv4 address. This is often necessary in order to create the minimum size subnet that also contains the maximum number of host addresses needed for nodes within that subnet.  Remembering to reserve the subnet number (all-zeros) and the subnet broadcast address (all-ones) and converting back and forth between binary and decimal numbers can be tedious and prone to error.

 

We all strive to comprehend and master the complicated method of subnetting to allocate the minimum subnet size for the exact number of hosts we need.  A typical exercise involves you asking yourself, “Can we go with a /28 here or do we have to splurge and use a /27?”  You may have uttered the words “Uh Oh, we used a /29 and now we need to expand it to a /28” or “We are totally wasting that /24 over there, let’s move all the nodes into the lower half, split it into two /25s, keep the low-order /25 where it is now and use the high-order /25 for a new environment we are building”.  If this sounds familiar, then you know “the struggle is real.”

 

Learning Things The Hard Way

Have you ever met someone who insisted on doing some task the hard way when you knew of an easier or more efficient method producing the same results?  There are many subjects where people learn the hard way first, then later learn a trick or two to make the task far easier.  The online course “Learn Python the Hard Way” comes to mind.  Sometimes it is better to go right to the “life hack” first and save ourselves a lot of time and wasted effort.

 

This is true for network protocols as well: We first have to learn about the IPv4 manual addressing methods before we learn and appreciate the easier approach IPv6 provides.

 

IPv6: Refreshingly Simple

Once we progress to learning IPv6 subnetting we realize how much simpler it is. But first, we have a bit of a challenge in learning and understanding the hexadecimal used to form an IPv6 address.  Because we are so familiar with using base-10 and decimal notation for everything involving numbers, base-16 and hexadecimal notation may at first be a challenge, but it can be easy to learn. It’s hexadecimal that makes IPv6 addresses themselves appear initially intimidating, but after we learn a few tips and techniques, they can be even easier to work with than IPv4 addresses.

 

Just like with many other topics, comprehension and facility becomes easier when we realize that we can break something up into sections.  The same holds true for IPv6 addresses.

 

Let’s take this example, where our organization has been allocated a /32 IPv6 prefix from our friendly neighborhood Regional Internet Registry (RIR).  In the picture below, this is the blue shaded area of two groupings of four hex digits each (two hextets).  Don’t be scared by the hex numbers.  Just think of them as a single digit in a number that goes from 0 to F, rather than 0 to 9.  Don’t think too deeply about it at first.  Since this /32 has been allocated to our organization, this will be the same for all our networks and we will quickly memorize this blue-section of hex digits in just a couple of minutes of use.

 

IB - IPv4 the Hard Way - IPv6 Made Easy.jpg

 

We will then proceed to break up the /32 into the 65,536-possible /48 prefixes.  The next 4 hex digits in the green block represent the site that we are addressing.  A /48 is the standard prefix length for every site.  This could be a building or facility or some part of our environment.  Our IPv6 address plan will dictate this portion of our address.

 

The next step is to break the /48 up into its 65,536-possible /64s that will be assigned to individual networks.  This is the purple section of the address shown above.

 

We don’t worry about creating a subnet that will hold all the nodes on that LAN segment.  There are 18-qunitillion possible Internet Identifiers (IIDs) within that /64 so we are no longer constrained with thinking about how many hosts we may, or may not, have on a given network interface.  There are methods such as DHCPv6, SLAAC, and RDNSS which help guarantee uniqueness so we don’t need to worry about the last 64-bits of the IPv6 address.  As a network engineer, we focus our attention on the first 4 hextets of the IPv6 address.

 

That’s it! Just a few layers on hierarchy, nothing more, nothing less.  Don’t overthink it, keep it simple and easy.  The lower 64 bits are reserved for the host, and unless you are accessing that resources specifically you can effectively ignore them. You have to admit that this is much easier than IPv4 subnet madness.

 

We will instantly memorize the first two hextets (blue), our eyes will focus in on the green and purple sections of the address, and we will simply ignore the remaining four hextets that represent the Interface Identifier (i.e., the lowest 64 bits).

 

Caveats and Next Steps

Now we have to admit that the example given above is perhaps overly simplistic and would not reflect an organization’s actual depolyment.  Your organization may have specific requirements for different IPv6 address plans based on the types of sites and networks within it.  If you want to learn more about IPv6 Address Planning, there’s a great book on the topic.

 

Furthermore, the examples given above use the “IPv6 Address Prefix Reserved for Documentation” (IETF RFC 3849) of 2001:db8::/32 which is reserved and used for education and training purposes.  In our examples above, we used it for demonstration purposes to represent possible global IPv6 addresses.  Your organization will request a unique IPv6 address allocation and prefix from your Regional Internet Registry (RIR).

 

When it comes to the “green” and “purple” sections of the address as depicted above, it is recommended that you use an IP Address Management (IPAM) system for this to help ease the burden on your hexadecimal math skills.  Using an IPAM system can help you allocate the proper amount of addresses and avoid duplicate allocation or other mistakes.

 

The next step is to determine the number of sites you have and start to work through how to request IPv6 addressing resources from your RIR.  For example, The American Registry for Internet Numbers (ARIN) has a page that steps you through submitting your first IPv6 request and it gives you the IPv6 prefix you could qualify for based on the number of end-sites in your network.  Now that you see how simple this can be, you should not fear IPv6 addresses and feel confident that this is something that you can learn and feel comfortable using.

 

Showing results for 
Search instead for 
Do you mean 

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin