IPv6 and Module 2 Conclusion

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 49 minutes
Difficulty
Beginner
CEU/CPE
10
Video Transcription
00:00
>> In wrapping up this section on IP,
00:00
we do want to talk about IP Version 6 Verbit.
00:00
IP Version 6 is coming.
00:00
But if you're like me,
00:00
then you've heard that it's been coming
00:00
for the last 15 years.
00:00
There are lots of reasons to go to IPv6.
00:00
The primary driver is the fact that IPv6 is
00:00
the first IP protocol that comes built with security.
00:00
There is no built-in security in IP Version 4,
00:00
no encryption or authentication.
00:00
With IPv6, you get that,
00:00
and security comes to us through IPSec.
00:00
Remember, that's how IPSec was created as part of IPv6.
00:00
It'll be nice to have a protocol that was designed to be
00:00
secure as opposed to having
00:00
security added as an afterthought.
00:00
Then, of course,
00:00
we discussed the tremendous need for IP addressing space.
00:00
It's not as critical as people sometimes make it sound.
00:00
We have network address translation,
00:00
which means all of our internal
00:00
IP addresses can be hidden.
00:00
So we're not so much worried about
00:00
running out of IP addresses,
00:00
but as more and more devices become IP aware,
00:00
it would be nice to have a larger address space.
00:00
We're in IP Version 4.
00:00
IP addresses are written in dotted decimal.
00:00
IPv6 is represented in hexadecimal separated by colons.
00:00
Off the bat, you can probably look at that and
00:00
determine it doesn't feel very user-friendly.
00:00
What I'm thinking about,
00:00
is walking around from system to system,
00:00
trying to manually configure IPvV6 addresses.
00:00
The idea is that this won't be necessary because
00:00
the big push with IPv6 is auto configuration.
00:00
You can see the portions of
00:00
the address, the network address,
00:00
subnet address or IP or ID,
00:00
and the client ID.
00:00
The network and subnet pieces could
00:00
and should be generated by the router.
00:00
Then have the client ID generated
00:00
based on a MAC address or some other factor.
00:00
Having this auto configuration will be
00:00
helpful in easing administrative burden.
00:00
On the right side, we can see these IPv6 addresses.
00:00
They feel very long and intimidating,
00:00
but we can shorten these.
00:00
When you have a string of zeros, like we see here,
00:00
you can omit that string of zeros
00:00
and replace them with a double colon.
00:00
The requirement for that is you can only do it once,
00:00
and it must be consecutive zeros.
00:00
You can't pick and choose which zeros.
00:00
The other piece not on this slide is looking after
00:00
2001, you have ODBA.
00:00
That leading zero can be dropped
00:00
off to make it a shorter address.
00:00
Even though IPv6 is not just an extension of IPv4,
00:00
it's a totally different protocol and
00:00
there are a lot of elements in place.
00:00
For example, IPv6 needs a loopback address,
00:00
which is a double colon one.
00:00
There are also addresses similar to APIPA when
00:00
a DHCP server can't be
00:00
reached and the client has to auto configure.
00:00
The first section of this address will be FE80.
00:00
Similarly, you could also have
00:00
either FC00 or FD00 for unique local addresses.
00:00
These are the equivalent of RFC 1918,
00:00
where you have internal private addresses like
00:00
the 10 network, 172.192. Remember those?
00:00
Another thing to note, if it begins with FF,
00:00
it's a multicast address.
00:00
Interestingly enough, there's no broadcast in IPv6.
00:00
They've moved to something called any casting,
00:00
which affects your directly connected neighbor
00:00
as opposed to broadcasting.
00:00
Anytime we're going into something new,
00:00
we can't just go out with the old and with the new.
00:00
In many cases, there's a period
00:00
of time where translation is needed.
00:00
Or you have a system configured for
00:00
IPv4 and you need to go to another network that's IPv6.
00:00
At any rate, you find out you have
00:00
networks with IPv6 and some with IPv6,
00:00
and you'll figure out how to make
00:00
that work as efficiently as possible.
00:00
One of the ways to do this is by running a dual stack.
00:00
That means you've got a system using IPv4,
00:00
and on that same system,
00:00
you're also running IPv6.
00:00
You can run as many protocols
00:00
in the background as needed.
00:00
When you configure it, there's a binding order that you
00:00
can use to choose your protocol of preference.
00:00
You can turn on both IPv4 and IPv6.
00:00
There's a type of router called ISATAP
00:00
router designed primarily for that type of environment.
00:00
If you have IPv6 traffic running on
00:00
an IPv4 network or vice versa,
00:00
ISATAP can provide
00:00
the additional addressing information and
00:00
configure those pockets so that they can get to
00:00
where they're going across
00:00
whatever type a network is running.
00:00
You can take a look at the W, X, Y,
00:00
Z encapsulated IPv4 address here on the right.
00:00
You can also tunnel,
00:00
which simply means wrap
00:00
one type of protocol inside one of another.
00:00
There's a 6 to 4 tunneling protocol,
00:00
so your IPv6 packets are essentially
00:00
placed inside your IPv4 packets.
00:00
They're then treated as IPv4 packets on the network.
00:00
They're received at the destination and
00:00
converted back to IPv6.
00:00
This is not something that would be
00:00
used behind a NAT device,
00:00
rather, the idea's to go
00:00
out to the external network to the Internet.
00:00
I've got internal IPv6 traffic
00:00
that I want to run across the IPv4 Internet.
00:00
The next option is Teredo and Miredo,
00:00
Teredo from Microsoft and Miredo for Linux and Unix.
00:00
Ultimately, the IPv6 packets are sent based
00:00
on UDP messages over a specific port 3544.
00:00
Inserting the IPv4 pockets inside of UDP allows it to
00:00
tunnel through a NAT device without
00:00
requiring the use of IPv6 addresses.
00:00
GRE or generic root encapsulation
00:00
is a routing protocol that goes back prior to IPv4,
00:00
back to AppleTalk of a TCPIP network.
00:00
This is an encapsulation.
00:00
A link is created between devices from router to router,
00:00
and various protocols can be
00:00
encapsulated between those two points.
00:00
It doesn't have to be about IPv6 and IPv4,
00:00
it's simply an encapsulation protocol that can work with
00:00
both IPv6 and IPv4.
00:00
Last but not least, we have one called 4 to 6,
00:00
an alternative to 6 to 4 that's a different environment.
00:00
I've got IPv4 traffic
00:00
that I want to go to in IPv6 network.
00:00
With 6 to 4,
00:00
I have internal trafficking that's using
00:00
IPv6 that I went to send out to the public IPv4 network.
00:00
You're rarely going to see that
00:00
right now, because of course,
00:00
the Internet is on IPv4
00:00
and we don't really need that conversion.
00:00
All of this becomes more or less relevant
00:00
depending on how popular IPv6 becomes.
00:00
Currently, there has been a massive flocking to
00:00
IPv6 here in the States
00:00
even though it's been around for a while.
00:00
It depends what our environment
00:00
looks like in the next few years.
00:00
With networking being done on the Cloud,
00:00
there are lots of
00:00
different variables that come into play.
00:00
That brings us to the end of Module 2.
00:00
We talked a lot about IP addressing
00:00
because it's such a crucial part of networking.
00:00
We looked at the basics of what an IP address is,
00:00
discussed what the subnet masks do,
00:00
and talked about classful addressing,
00:00
and local versus remote.
00:00
We talked about local addressing being on
00:00
my scene network and remote
00:00
addressing needing to go through a router.
00:00
Next, we discuss special-purpose IP
00:00
addressing like APIPA.
00:00
We talked about the loop back for
00:00
troubleshooting, unicast, multicast,
00:00
and broadcast addresses,
00:00
and also discussed private internal IPs,
00:00
which we see a lot in the workplace.
00:00
We then moved to CIDR.
00:00
That's something people can have trouble
00:00
with if they haven't worked through it before.
00:00
I recommend going back to that section to
00:00
review those videos and make sure you're solid.
00:00
You can expect to see plenty of questions about that on
00:00
the exam since they know it's
00:00
something students sometimes struggle with.
00:00
Last but not least, we discussed some issues with IPv6,
00:00
whether or not it will ever be here,
00:00
and the different types of addressing
00:00
and benefits of using it.
Up Next