1 00:00:02,269 --> 00:00:08,505 [music] 2 00:00:08,506 --> 00:00:10,676 Now as far as the actual addressing goes. 3 00:00:10,677 --> 00:00:17,122 So for IPv6 addressing I think most people probably know this but 4 00:00:17,123 --> 00:00:19,034 it does create a little bit of a problem. 5 00:00:19,034 --> 00:00:26,977 We're using 8 16-- I wrote byte there, that's not right, 6 00:00:26,977 --> 00:00:28,817 sorry about that, that is a mistake. 7 00:00:28,818 --> 00:00:32,360 That should be 16-bit fields. 8 00:00:32,360 --> 00:00:35,108 That would make it one heck of a long address but, 9 00:00:35,109 --> 00:00:41,496 yeah, it's 8 16-bit fields or two bytes on each field separated by 10 00:00:41,497 --> 00:00:48,742 a colon. Now the colon, you know, I always joke about this when I'm 11 00:00:48,743 --> 00:00:50,260 teaching classes and stuff. 12 00:00:50,261 --> 00:00:53,182 Look down at your keyboard. 13 00:00:53,182 --> 00:00:57,160 Couldn't they have come up with some other character, 14 00:00:57,160 --> 00:00:59,403 really? I mean, we have a lot of them. 15 00:00:59,404 --> 00:01:01,616 There's a lot lot of keys on the keyboard. 16 00:01:01,616 --> 00:01:04,226 Couldn't we have picked something other than the colon? 17 00:01:04,226 --> 00:01:07,044 And I'll tell you two problems I have with it. 18 00:01:07,045 --> 00:01:11,512 One of them is, well, quite frankly, you have to hit shift every 19 00:01:11,513 --> 00:01:15,262 time. I mean, first off, inconvenience. 20 00:01:15,263 --> 00:01:17,495 Now, you can do keyboard maps and stuff. 21 00:01:17,496 --> 00:01:18,562 There's ways to fix that. 22 00:01:18,563 --> 00:01:22,230 But the second problem I have with it, I think I have it outlined 23 00:01:22,231 --> 00:01:27,819 on the screen here for you, is if you just typed into your browser 24 00:01:27,820 --> 00:01:38,029 to go to http://2001db8100::10:8080, I would have to ask you, 25 00:01:38,030 --> 00:01:42,397 Oh, that's great, that's cute, now, the 8080, 26 00:01:42,397 --> 00:01:47,557 is that part of the address, or is that the port number? 27 00:01:49,017 --> 00:01:56,921 Now, this is a little bit of a problem with teaching and explanations, 28 00:01:56,922 --> 00:02:00,996 I haven't gotten into the rules of shortening the address yet 29 00:02:00,997 --> 00:02:03,180 but I want to talk about the colon. 30 00:02:03,180 --> 00:02:05,441 That's sort of one of those-- hopefully, 31 00:02:05,441 --> 00:02:08,592 everybody's at least semi-familiar with the double colons. 32 00:02:08,592 --> 00:02:10,079 If not, you will be in a minute. 33 00:02:10,079 --> 00:02:14,349 The problem with the double colons is it eliminates a whole field 34 00:02:14,349 --> 00:02:16,804 or fields of zeroes. 35 00:02:16,804 --> 00:02:20,003 That's great. How many fields? 36 00:02:20,004 --> 00:02:21,577 See, you don't know. 37 00:02:21,578 --> 00:02:26,931 Was that address supposed to be four fields and then the 8080 is 38 00:02:26,931 --> 00:02:32,663 a port number, or is that just a five-field address and the colons 39 00:02:32,664 --> 00:02:38,769 are eliminating three fields, not four fields of zeroes? 40 00:02:38,770 --> 00:02:40,317 See, that's the question. 41 00:02:40,318 --> 00:02:43,251 It's not really a question but I can tell you. 42 00:02:43,252 --> 00:02:48,301 That top address, the 8080, is part of the host address. 43 00:02:48,302 --> 00:02:50,568 Well, I'm assuming host. 44 00:02:50,568 --> 00:02:55,551 I'm assuming they're following the RFCs in doing a /64 but we'll 45 00:02:55,552 --> 00:02:56,626 get to that later. 46 00:02:56,626 --> 00:03:00,893 The 8080 - as it's listed right there - is part of the host address. 47 00:03:01,789 --> 00:03:04,001 If that was supposed to be a port number, 48 00:03:04,002 --> 00:03:07,377 then you need to look at the address right below it, 49 00:03:07,378 --> 00:03:10,037 that's using it as a port number. 50 00:03:10,916 --> 00:03:15,417 That format is referred to as a literal IPv6 address, 51 00:03:15,418 --> 00:03:18,154 if you ever want to look that up and get a little more detail on 52 00:03:18,154 --> 00:03:26,629 it. But that's using brackets around it to contain the IPv6 address 53 00:03:26,630 --> 00:03:31,803 so it becomes really clear what part is IPv6 address, 54 00:03:31,803 --> 00:03:35,207 and which part is port number. 55 00:03:35,207 --> 00:03:37,252 It's actually really funny, by the way, 56 00:03:37,253 --> 00:03:39,705 if you read up on some of the documentation and such. 57 00:03:39,706 --> 00:03:42,239 And I've seen in a couple of various different places. 58 00:03:42,240 --> 00:03:46,044 People make comments like, This isn't new. 59 00:03:46,045 --> 00:03:50,936 When I'm referring to this I mean the use of the brackets to contain 60 00:03:50,936 --> 00:03:54,190 the address. It's part of standard URL formatting, 61 00:03:54,191 --> 00:03:55,688 is what it comes down to. 62 00:03:55,688 --> 00:03:59,519 This isn't new, you can do this with IPv4 addresses. 63 00:03:59,520 --> 00:04:02,032 you know when I first read that I'm looking at it going, 64 00:04:02,033 --> 00:04:04,358 you know, that's interesting. 65 00:04:04,359 --> 00:04:10,088 I never actually knew that you could do that with IPv4 addresses 66 00:04:10,088 --> 00:04:17,495 because I never had to because there was no confusion, 67 00:04:17,496 --> 00:04:19,238 you know what I'm saying? 68 00:04:19,239 --> 00:04:24,114 So, you know, it's fun and all but the fact of the matter is it does 69 00:04:24,115 --> 00:04:27,635 create confusion, plus you've got to hit the shift key. 70 00:04:27,636 --> 00:04:31,384 I don't know, I just sit there and go, couldn't you have used any 71 00:04:31,385 --> 00:04:33,313 other key on the keyboard? 72 00:04:33,314 --> 00:04:37,364 Not to mention the fact, I mean, I'm picking on the right side of 73 00:04:37,364 --> 00:04:39,659 this address, there's a colon on the left too. 74 00:04:39,659 --> 00:04:46,213 HTTP: I mean, how many colons can we have in the same line that mean 75 00:04:46,214 --> 00:04:47,558 three different things? 76 00:04:47,559 --> 00:04:51,443 It's just sort of funny but it is what it is, 77 00:04:51,444 --> 00:04:54,180 we have to live with it, so I like to make fun of things. 78 00:04:54,180 --> 00:04:58,220 Nonetheless it is, it's there, it's not changing, 79 00:04:58,221 --> 00:05:00,067 so let's move on. 80 00:05:00,068 --> 00:05:04,459 so as you've gathered by now of course 8 x 16 gives us 128 bits. 81 00:05:04,459 --> 00:05:07,155 So this is 2^128. 82 00:05:08,190 --> 00:05:09,935 There's the math. 83 00:05:09,936 --> 00:05:14,927 It's 340-- I'm not a 100% sure even how to say that, 84 00:05:14,928 --> 00:05:17,863 undecillion, something or the other. 85 00:05:17,863 --> 00:05:21,254 It's a lot, how about that? 86 00:05:21,254 --> 00:05:24,878 And again, I will not be the person to sit around and say, 87 00:05:24,879 --> 00:05:31,159 it'll be more addresses than we'll ever need in our entire lifetime. 88 00:05:31,159 --> 00:05:35,412 Again, I have no idea what's happening tomorrow. 89 00:05:35,413 --> 00:05:37,850 So I will not be the one to say that. 90 00:05:37,850 --> 00:05:41,926 Does it certainly appear to be more addresses than we could possibly 91 00:05:41,926 --> 00:05:44,568 ever need? Yes, it does. 92 00:05:44,569 --> 00:05:47,338 But again, we don't know what's going to happen. 93 00:05:47,338 --> 00:05:53,623 So for things the way they are right now-- and that would be every 94 00:05:53,624 --> 00:05:57,757 man, woman, and child alive on planet Earth and all of that stuff, 95 00:05:57,757 --> 00:06:02,236 they're estimating it's probably enough address space to address 96 00:06:02,237 --> 00:06:03,938 the entire solar system. 97 00:06:03,939 --> 00:06:09,485 I think we're probably okay but some of the jokes I always use, 98 00:06:09,486 --> 00:06:16,882 you never know when they come out with nanomite technology next week 99 00:06:16,883 --> 00:06:21,866 and we all get injected with 150 billion nanomites that heal our 100 00:06:21,866 --> 00:06:23,258 bodies from the inside. 101 00:06:23,258 --> 00:06:27,278 They're all networked and they all need an IPv6 address. 102 00:06:28,662 --> 00:06:31,860 All of a sudden, every person walking on the planet needs 100 billion 103 00:06:31,860 --> 00:06:33,134 addresses just for them. 104 00:06:33,134 --> 00:06:34,792 You never know. 105 00:06:34,792 --> 00:06:36,134 I'm just saying. 106 00:06:36,135 --> 00:06:40,020 I won't be the one to say it's more addressing than we'll ever need. 107 00:06:40,020 --> 00:06:44,968 I won't say it, will not but it's a lot. 108 00:06:44,968 --> 00:06:49,011 The main reason I'm bringing this up too is that as we start getting 109 00:06:49,012 --> 00:06:52,552 into things and you look at the RFCs for IPv6 addressing, 110 00:06:52,552 --> 00:07:00,122 you're going to find that they recommend using /64s for client networks. 111 00:07:00,123 --> 00:07:05,290 end devices, hosts, subnets, things like that. And for people who 112 00:07:05,290 --> 00:07:07,137 have worked with IPv4, 113 00:07:07,138 --> 00:07:11,681 we look at that and I know I did as well, 114 00:07:11,681 --> 00:07:13,903 to really start looking at the big picture, 115 00:07:13,904 --> 00:07:17,089 you look at that and go, Yeah, okay, I hear that it's a ton of address 116 00:07:17,090 --> 00:07:20,936 space, but then I look over here and I see you telling me to use a 117 00:07:20,936 --> 00:07:24,239 /64 for every client-facing subnet. 118 00:07:24,239 --> 00:07:26,287 I mean that's crazy. 119 00:07:26,288 --> 00:07:32,332 That's exponentially double the size of our current address space, 120 00:07:32,333 --> 00:07:35,732 right? I mean the entire IPv4 address space is only 32 bits, 121 00:07:35,732 --> 00:07:39,656 and you're telling me to put-- and mathematically of course it's 122 00:07:39,656 --> 00:07:43,621 way, way, way more than double, it's exponentially double the bits 123 00:07:43,621 --> 00:07:46,186 just on one segment. 124 00:07:46,187 --> 00:07:50,067 And a lot of people who've been doing IPv4 a long time have a big 125 00:07:50,068 --> 00:07:51,226 problem with that. 126 00:07:51,227 --> 00:07:55,561 And possibly the best way to explain it is yes that's true. 127 00:07:55,562 --> 00:07:59,325 That is true. You are using way, way, way, 128 00:07:59,326 --> 00:08:02,773 way, super way more addresses on a single subnet, 129 00:08:02,773 --> 00:08:06,218 than you could possibly ever want or need. 130 00:08:06,219 --> 00:08:09,818 By billions and billions and billions. 131 00:08:09,818 --> 00:08:12,855 But, you know, a lot of people look at that, 132 00:08:12,856 --> 00:08:14,688 Yeah, they have a lot of space. 133 00:08:14,689 --> 00:08:16,297 But they're just throwing it away. 134 00:08:16,298 --> 00:08:21,202 Yeah, but that's like taking a bucket of water out of the ocean, 135 00:08:21,203 --> 00:08:22,792 throwing it away. 136 00:08:22,793 --> 00:08:24,206 And saying, Oh, that's it. 137 00:08:24,207 --> 00:08:26,128 You just wasted a bucket of water. 138 00:08:26,128 --> 00:08:31,558 I think the ocean's going to be okay, without that bucket of water. 139 00:08:31,558 --> 00:08:35,535 And I bet I can give everybody a bucket of water out of the ocean. 140 00:08:35,536 --> 00:08:36,977 And we all still have plenty. 141 00:08:36,977 --> 00:08:39,700 So if you see the point I'm trying to make here. 142 00:08:39,701 --> 00:08:44,184 You know, with IPv4, I was giving you, you know, 143 00:08:44,184 --> 00:08:46,658 maybe a little shot glass or something, 144 00:08:46,659 --> 00:08:47,868 out of the ocean. 145 00:08:47,868 --> 00:08:49,262 Now I'm giving you a bucket. 146 00:08:49,263 --> 00:08:54,054 Maybe you want to open it up to a 55 gallon drum or something, whatever. 147 00:08:54,055 --> 00:08:59,703 The point is even with giving host /64s, 148 00:08:59,703 --> 00:09:04,886 there's still such a sliver that that is out of the overall address 149 00:09:04,887 --> 00:09:07,598 space, it's not even funny. 150 00:09:07,598 --> 00:09:12,197 I know that can be tough for people just coming out of the IPv4 world 151 00:09:12,198 --> 00:09:15,632 to get their head around because believe me, 152 00:09:15,633 --> 00:09:17,039 I'm the same way. 153 00:09:17,040 --> 00:09:20,122 The first glance was, Oh yeah, so you got all this address space. 154 00:09:20,123 --> 00:09:21,700 Why don't you just throw it around? 155 00:09:21,700 --> 00:09:23,091 Let's just waste it. 156 00:09:23,092 --> 00:09:28,481 Why not? It's sort of a valid point on one level but... 157 00:09:28,482 --> 00:09:32,724 Just some quick things about shortening these addresses because at 158 00:09:32,724 --> 00:09:35,959 128 bits, they're obviously going to get incredibly long. 159 00:09:35,960 --> 00:09:41,161 The first rule is any zeroes out of a field can be dropped. 160 00:09:41,162 --> 00:09:43,553 If you look at our first example there, 161 00:09:43,554 --> 00:09:52,470 2001:0DB8:0100::1 can very easily just drop the leading zeroes - 162 00:09:52,471 --> 00:09:54,937 and I've already given you some examples like this already, 163 00:09:54,938 --> 00:09:58,660 but 2001:DB8:100. 164 00:09:58,660 --> 00:10:03,092 The basic idea look at it almost like your paycheck. 165 00:10:03,092 --> 00:10:07,375 If they dropped a bunch of leading zeros out of your paycheck you 166 00:10:07,376 --> 00:10:08,422 wouldn't care. 167 00:10:08,423 --> 00:10:13,518 If they dropped trailing zeros that would make a big difference, 168 00:10:13,518 --> 00:10:16,730 so that's how you sort of have to look at this too. 169 00:10:16,731 --> 00:10:19,051 Leading zeros, no problem. 170 00:10:19,051 --> 00:10:21,874 You cannot drop trailing zeros. 171 00:10:21,875 --> 00:10:27,911 That 100 field there, you can't make that 1::, 172 00:10:27,912 --> 00:10:32,106 1 is not the same as 100 is what it comes down to, 173 00:10:32,106 --> 00:10:36,977 but 0100 is the same as 100, so pretty easy one. 174 00:10:36,977 --> 00:10:42,592 The other thing is the consecutive fields of zeros. 175 00:10:42,592 --> 00:10:47,289 Now, again, I addressed this a little bit a few minutes ago but I 176 00:10:47,289 --> 00:10:49,969 just want to make sure a couple things are clear. 177 00:10:49,970 --> 00:10:53,769 I'm sure most of you are probably aware of this but in case you're 178 00:10:53,769 --> 00:11:01,318 not the double colons can represent any number of fields of zeros. 179 00:11:01,319 --> 00:11:06,665 The easiest way to explain this, is all the devices will take everything 180 00:11:06,666 --> 00:11:11,270 to the left of the ::, and move it to the beginning of the address 181 00:11:11,270 --> 00:11:16,186 everything to the right of the ::, move it to the far right of the 182 00:11:16,187 --> 00:11:20,172 address, and anything in the middle becomes zeros. 183 00:11:20,173 --> 00:11:22,819 That's the easiest way to explain it. 184 00:11:24,572 --> 00:11:26,901 So a lot of people look at it and go, 185 00:11:26,901 --> 00:11:29,357 So if I'm eliminating three fields of zeroes, 186 00:11:29,358 --> 00:11:32,033 do I use :::? Absolutely not. 187 00:11:32,033 --> 00:11:39,034 No. It's always :: together, and everything in the middle pads. 188 00:11:39,035 --> 00:11:40,564 You know what? 189 00:11:40,565 --> 00:11:43,618 I don't care. One field, two fields, three fields. 190 00:11:43,619 --> 00:11:50,342 In the top example there, we're eliminating five fields of zeroes. 191 00:11:50,343 --> 00:11:54,538 If you look at the second example with the default, 192 00:11:54,539 --> 00:11:57,735 just ::, that's all zeroes. 193 00:11:57,736 --> 00:11:59,396 That's eight fields of zeroes. 194 00:12:00,289 --> 00:12:01,860 Loopback. 195 00:12:01,860 --> 00:12:07,915 Yes, they did not blow a whole class of addresses on a loopback address 196 00:12:07,916 --> 00:12:11,057 this time. With IPv6, they did learn their lesson. 197 00:12:11,058 --> 00:12:13,409 Even though we have tons of address space, 198 00:12:13,409 --> 00:12:19,512 they did not waste a couple of million like they did in IPv4 with 199 00:12:19,513 --> 00:12:24,529 reserving the whole 127 address range for one address, 200 00:12:24,530 --> 00:12:29,676 127.0.0.1? It's real easy to look back and say, 201 00:12:29,677 --> 00:12:30,869 Oh, it was really stupid. 202 00:12:30,870 --> 00:12:31,918 Why did they do that? 203 00:12:31,919 --> 00:12:34,507 It's easy to look back and say that. 204 00:12:34,507 --> 00:12:39,402 At the time, I'm sure that they looked at it and said-- you've got 205 00:12:39,403 --> 00:12:43,288 to remember, IPv4 was developed to be an internal defense network 206 00:12:43,289 --> 00:12:47,833 originally. Then it expanded to colleges and stuff like that. 207 00:12:47,834 --> 00:12:49,935 Nobody saw the Internet coming. 208 00:12:49,936 --> 00:12:54,839 Obviously a few people did or at least had an idea maybe. 209 00:12:54,839 --> 00:13:00,157 But the point is nobody was designing IPv4 going, 210 00:13:00,157 --> 00:13:02,696 You better not waste those millions of addresses, 211 00:13:02,697 --> 00:13:03,755 we're going to need those. 212 00:13:03,756 --> 00:13:08,037 No, no, they were looking at it going, there's billions of addresses 213 00:13:08,037 --> 00:13:12,393 usable. That's more than we could possibly ever need by the way. 214 00:13:12,394 --> 00:13:15,025 See why I'm not saying that about IPv6. 215 00:13:15,026 --> 00:13:17,270 That's exactly my point. 216 00:13:17,270 --> 00:13:21,859 I'm sure they felt that way about the first loopback 127.0.0.1. 217 00:13:21,860 --> 00:13:25,918 Who cares? Just take the highest value in a class A address, 218 00:13:25,919 --> 00:13:26,969 make it a loopback. 219 00:13:26,970 --> 00:13:28,325 What difference does it make? 220 00:13:28,326 --> 00:13:32,748 I'm sure that's how it happened, but now looking back, 221 00:13:32,748 --> 00:13:37,584 we go, Hmm, bad idea, let's create a loopback and we'll just make 222 00:13:37,585 --> 00:13:39,203 it colon colon one. 223 00:13:39,204 --> 00:13:41,570 And of course, we have another example there. 224 00:13:41,571 --> 00:13:43,234 I'm showing you what you cannot do. 225 00:13:43,234 --> 00:13:49,821 So the last one of course-- the one that I put first is correct. 226 00:13:49,822 --> 00:13:53,097 You could eliminate-- and again if you look at this, 227 00:13:53,097 --> 00:13:57,558 you could theoretically eliminate either the zeroes before the 37 228 00:13:57,559 --> 00:14:00,019 or the zeroes after the 37. 229 00:14:00,020 --> 00:14:02,300 Either one of those is is actually correct. 230 00:14:02,301 --> 00:14:05,539 What you cannot do-- so in other words just to make sure we're clear. 231 00:14:05,539 --> 00:14:13,542 I could have done 2001:0:0:0:37::1 and that would have been okay 232 00:14:13,543 --> 00:14:15,766 - nothing illegal about that. 233 00:14:15,767 --> 00:14:17,879 It's not the most efficient. 234 00:14:17,879 --> 00:14:22,240 Usually you would want to eliminate the more fields of zeros rather 235 00:14:22,241 --> 00:14:25,714 than the fewer fields of zeros, but neither one is incorrect. 236 00:14:25,715 --> 00:14:30,936 What you cannot do - notice the all caps - you cannot do the double 237 00:14:30,937 --> 00:14:35,645 colons twice. That introduces ambiguity. 238 00:14:35,645 --> 00:14:40,700 How many fields of zeros go before the 37 versus how many fields 239 00:14:40,701 --> 00:14:43,462 go after? The router would look at that and go, 240 00:14:43,462 --> 00:14:48,487 okay, so you've eliminated five fields of zeros, 241 00:14:48,488 --> 00:14:52,258 great. Is that one in front, four after? 242 00:14:52,259 --> 00:14:54,079 Two in front, three after? 243 00:14:54,080 --> 00:14:56,429 Four in front, one after? 244 00:14:56,429 --> 00:15:00,097 There's at least - and that's just off the top of my head - there's 245 00:15:00,098 --> 00:15:02,136 at least three combinations or whatever, 246 00:15:02,137 --> 00:15:04,987 of how those could be split up. 247 00:15:04,988 --> 00:15:09,093 And you can't do that with an address, right? 248 00:15:09,094 --> 00:15:11,542 You know, try that with the post office. 249 00:15:11,543 --> 00:15:13,846 Just put 3 different addresses on a letter. 250 00:15:13,847 --> 00:15:16,232 Well it could be this street address, or maybe this one, 251 00:15:16,233 --> 00:15:17,464 or maybe this one. 252 00:15:17,465 --> 00:15:19,113 Yeah, that's not going to work. 253 00:15:19,113 --> 00:15:22,080 So yeah, there's no way you can do that. 254 00:15:22,080 --> 00:15:24,715 So that would just be an illegal address, 255 00:15:24,716 --> 00:15:26,147 cannot be done. 256 00:15:26,148 --> 00:15:29,133 Just want to make sure we're all very clear on that. 257 00:15:30,010 --> 00:15:33,264 The other thing to consider with IPv6 addressing, 258 00:15:33,265 --> 00:15:34,827 are the different address types. 259 00:15:34,827 --> 00:15:39,616 First we have the address types themselves. 260 00:15:39,617 --> 00:15:45,701 And for those of you coming from IPv4, this could be a big one to 261 00:15:45,701 --> 00:15:49,370 get used to, which is link local addresses. 262 00:15:49,370 --> 00:15:56,377 These are taken from the range Fe80::/10. 263 00:15:56,377 --> 00:15:59,701 Now please note that it's a /10. 264 00:15:59,702 --> 00:16:08,973 So really that means FE8, FE9, FEA, and FEB are all part of that 265 00:16:08,973 --> 00:16:15,800 because the 10, the F, and the E represent 8 bits and leaves-- it 266 00:16:15,801 --> 00:16:18,326 means there's 2 bits left coming out of the 8 field. 267 00:16:18,326 --> 00:16:26,120 If you take 8, it's of course 1000 in those bits but of course in 268 00:16:26,121 --> 00:16:29,776 this case, it will just be one 0, which means that it can be either - 269 00:16:29,776 --> 00:16:35,173 like I said - 8, 9, A or B are all still technically link-local. 270 00:16:35,173 --> 00:16:37,199 I've never seen anybody use them. 271 00:16:37,199 --> 00:16:41,035 Every link-local I've ever seen has been FE80. 272 00:16:41,036 --> 00:16:47,515 But I just want to make sure we're clear that that's not an FE80/16. 273 00:16:47,515 --> 00:16:54,452 It's a /10. Just being a little technical there but just be aware 274 00:16:54,453 --> 00:16:58,303 of it, okay? The more important thing is what the heck's a link-local 275 00:16:58,303 --> 00:17:03,376 address? This is where things get a little different with IPv6. 276 00:17:03,376 --> 00:17:08,766 And again you could make the argument-- while we're wasting possibly, 277 00:17:08,767 --> 00:17:13,153 you could argue addresses handing out /64s to clients like we just 278 00:17:13,154 --> 00:17:18,978 discussed, the flip side of this is this lets us save tons of addresses 279 00:17:18,978 --> 00:17:20,913 elsewhere in our network. 280 00:17:20,913 --> 00:17:27,056 The idea behind the link-local address is it is a non-routable address. 281 00:17:27,057 --> 00:17:32,769 This address, this communication, can never ever leave the segment. 282 00:17:32,769 --> 00:17:36,973 This is perfect for sending traffic, say, 283 00:17:36,974 --> 00:17:38,442 between two routers. 284 00:17:38,443 --> 00:17:42,018 You've got a WAN link going out to a remote site. 285 00:17:42,018 --> 00:17:50,817 I don't care what it is - Metro E, MPLS over Metro E or over PBP 286 00:17:50,818 --> 00:17:52,068 - I don't care what it is. 287 00:17:52,068 --> 00:17:57,189 The fact of the matter is with IPv4, you really only have a couple 288 00:17:57,190 --> 00:17:59,477 of choices. You could do IP unnumbered on it. 289 00:17:59,477 --> 00:18:04,954 That gets a little tricky you could do-- everybody knows you can 290 00:18:04,954 --> 00:18:09,038 do a /30 or a /31. 291 00:18:09,039 --> 00:18:13,049 Great, but you're still doing a /30 or a /31. 292 00:18:13,049 --> 00:18:16,393 You're putting addresses on that WAN link, 293 00:18:16,394 --> 00:18:19,151 and at the end of the day you have to ask yourself a very fundamental 294 00:18:19,152 --> 00:18:21,418 question: Why? 295 00:18:21,419 --> 00:18:25,714 And I'm not saying why on IPv4, because on IPv4 you have to, 296 00:18:25,714 --> 00:18:27,896 so the answer to why is because I have to. 297 00:18:27,897 --> 00:18:31,908 Of course. What I'm saying is in the big picture, 298 00:18:31,909 --> 00:18:37,196 why does the WAN link between a remote site and your headquarters 299 00:18:37,197 --> 00:18:42,102 need to be globally addressable? 300 00:18:42,103 --> 00:18:47,624 You don't need to be able to route that WAN segment from your desktop 301 00:18:47,625 --> 00:18:52,251 machine. See the point is a lot of the segment's on your network-- 302 00:18:52,252 --> 00:18:56,115 this can be point-to-point links between switches. 303 00:18:56,116 --> 00:18:57,609 I mean it doesn't matter. 304 00:18:57,609 --> 00:18:59,377 I'm just picking on WAN links as an example. 305 00:18:59,377 --> 00:19:03,969 Anywhere there are not, I mean just to generalize, 306 00:19:03,970 --> 00:19:07,118 anywhere there's not printers, servers, 307 00:19:07,119 --> 00:19:12,552 PCs, workstations, anywhere there's not an end device, 308 00:19:13,671 --> 00:19:16,345 you don't need to be able to route to that segment. 309 00:19:16,346 --> 00:19:18,739 We call those transit segments. 310 00:19:18,740 --> 00:19:21,742 There's no need to be able to get to those, 311 00:19:21,742 --> 00:19:25,130 so why do they have addresses then? 312 00:19:25,130 --> 00:19:29,240 In IPv4 they have addresses because that's really our only choice 313 00:19:29,241 --> 00:19:33,412 but in IPv6 they looked at it and they said if you don't need to 314 00:19:33,412 --> 00:19:38,982 route to that segment, if all you literally need to do is pass IPv6 315 00:19:38,983 --> 00:19:43,952 traffic through the segment, not to the segment, 316 00:19:44,847 --> 00:19:52,893 then in no way do you need globally routable IPv6 addresses, 317 00:19:52,894 --> 00:19:55,291 and we'll see these quite a bit as we go, 318 00:19:55,292 --> 00:19:57,817 but that's the idea behind link local. 319 00:19:57,817 --> 00:20:04,068 You don't even have to have routable IPv6 addresses on transit links 320 00:20:04,068 --> 00:20:09,939 between routers. All of your routing protocols, RIP, OSPF, 321 00:20:09,940 --> 00:20:14,142 EIGRP, even BGP depending on the conditions. 322 00:20:14,143 --> 00:20:17,199 BGP gets a little different like it does for so many things. 323 00:20:18,566 --> 00:20:21,085 It's always our little odd ball routing protocol 324 00:20:21,086 --> 00:20:23,596 because of what it does and what it's for, 325 00:20:23,597 --> 00:20:25,250 it does things a little bit different. 326 00:20:25,251 --> 00:20:33,136 But it can, but it can also maybe not, use link local addresses for it's communication. 327 00:20:33,136 --> 00:20:37,023 When we start looking at routing tables and routing protocols and 328 00:20:37,024 --> 00:20:40,673 stuff later in the course, we're going to discover that all of those 329 00:20:40,674 --> 00:20:43,387 things used the link local addresses. 330 00:20:43,388 --> 00:20:47,267 All your next hops are going to be link locals until we get to 331 00:20:47,268 --> 00:20:54,084 BGP. But they're used a ton, and we really sort of didn't have an 332 00:20:54,084 --> 00:20:58,963 equivalent to that in IPv4. 333 00:20:58,963 --> 00:21:03,356 Now of course there is global, which are, of course, 334 00:21:03,357 --> 00:21:07,085 the globally-routable, managed by IANA, 335 00:21:07,086 --> 00:21:12,166 all that kind of stuff, just like your public IPv4 addresses today. 336 00:21:13,067 --> 00:21:15,495 Now there's also another one here. 337 00:21:15,496 --> 00:21:18,858 I almost hesitated even putting it in here. 338 00:21:18,859 --> 00:21:20,792 It should be addressed. 339 00:21:20,792 --> 00:21:24,468 I'm not sure why people would be using it, 340 00:21:24,469 --> 00:21:29,942 but there's always some business case for something somewhere. 341 00:21:29,943 --> 00:21:33,417 So private addressing. 342 00:21:33,417 --> 00:21:38,123 Sort of like RFC 1918 addressing for IPv4. 343 00:21:38,123 --> 00:21:42,794 Now if anybody's been studying IPv6 before, 344 00:21:42,795 --> 00:21:48,164 don't get this confused with Site-Local Addressing, 345 00:21:48,165 --> 00:21:51,138 which was the FEC0 range. 346 00:21:51,138 --> 00:21:54,344 Those have been officially deprecated, 347 00:21:54,345 --> 00:21:57,334 so you're not supposed to be using those anymore. 348 00:21:57,335 --> 00:22:00,053 There were a lot of concerns with them. 349 00:22:00,054 --> 00:22:03,355 It wasn't as clear as it should be and various things. 350 00:22:03,356 --> 00:22:07,791 Unique local are the addresses that you're supposed to be using to 351 00:22:07,791 --> 00:22:12,689 replace that. Now if you read the RFCs, 352 00:22:12,690 --> 00:22:18,882 they basically state that this is for use inside of a non-connected 353 00:22:18,882 --> 00:22:20,882 private network. 354 00:22:20,883 --> 00:22:24,687 In other words, you're literally not connecting to the Internet or anything else. 355 00:22:24,688 --> 00:22:29,076 You just want some addressing to use inside for some reason. 356 00:22:29,076 --> 00:22:31,297 A lot of people look at this and go, Oh, 357 00:22:31,298 --> 00:22:34,097 so I'm supposed to use this inside of NAT then. 358 00:22:34,098 --> 00:22:37,722 No, NAT was a crutch. 359 00:22:37,722 --> 00:22:43,132 NAT was to deal with the fact that we were running out of IPv4 addresses. 360 00:22:43,133 --> 00:22:48,644 You're not supposed to be using NAT with IPv6. 361 00:22:48,645 --> 00:22:51,337 I hear people say it all the time, Oh, we're going to keep doing 362 00:22:51,337 --> 00:22:55,059 NAT. Let me address that real quick. 363 00:22:55,059 --> 00:22:57,986 If you're going to keep doing NAT, then let me ask you why you're 364 00:22:57,987 --> 00:22:59,842 even looking at IPv6 anyway. 365 00:22:59,842 --> 00:23:01,664 We'll start with that. 366 00:23:01,665 --> 00:23:05,393 Well eventually they're going to make us go to IPv6 for the internet. 367 00:23:05,394 --> 00:23:10,465 Translate IPv4 inside of your network to IPv6 outside of your 368 00:23:10,466 --> 00:23:14,902 network. Just do protocol translation and, 369 00:23:14,903 --> 00:23:16,583 you know, you're done. 370 00:23:16,584 --> 00:23:21,397 The whole thing is this: NAT has been great, 371 00:23:21,398 --> 00:23:24,275 we all love it, we appreciate it, it's wonderful, 372 00:23:24,276 --> 00:23:28,859 it's gotten us as far as we have gotten today without having to make 373 00:23:28,860 --> 00:23:34,453 the big jump to IPv6 just yet, but the fact of the matter is it does 374 00:23:34,454 --> 00:23:37,290 break the end-to-end connectivity model. 375 00:23:37,291 --> 00:23:41,282 It breaks a lot of the stuff that we're trying to head towards in 376 00:23:41,283 --> 00:23:44,309 this industry and, at the end of the day, 377 00:23:44,309 --> 00:23:50,839 it doesn't buy you anything and I've heard a lot of push back on 378 00:23:50,840 --> 00:23:56,237 this, especially from security folks, oh it hides my inside network. 379 00:23:58,098 --> 00:24:02,814 To an extent, but on the other hand, 380 00:24:02,815 --> 00:24:07,775 if you're following RFC 1918, I can guess within about three guesses 381 00:24:07,776 --> 00:24:10,264 what your internal addressing structure is. 382 00:24:10,265 --> 00:24:15,633 If you're using some different, public range inside of your network, 383 00:24:15,634 --> 00:24:18,323 then you've got a whole other level of NAT problems I'm not even 384 00:24:18,324 --> 00:24:19,869 going to talk about right now. 385 00:24:21,690 --> 00:24:25,632 And at the end of the day - I'm just going to be blunt here - 386 00:24:25,633 --> 00:24:32,568 if your firewall cannot protect you from threats without NAT, 387 00:24:32,569 --> 00:24:35,635 then you've got a major problem with your firewall, 388 00:24:35,635 --> 00:24:36,984 and you need a new one. 389 00:24:36,985 --> 00:24:39,066 I'm just going to throw it out there. 390 00:24:39,067 --> 00:24:43,015 You should not be using NAT as a security mechanism. 391 00:24:44,071 --> 00:24:48,894 Security through obscurity is never a good idea. 392 00:24:48,895 --> 00:24:52,930 You can't get my stuff, because you don't know what the addresses 393 00:24:52,931 --> 00:24:56,877 are, or you can't get my stuff, because the traffic has to originate 394 00:24:56,877 --> 00:25:00,391 from the inside for a NAT translation to be set up. 395 00:25:00,392 --> 00:25:01,871 I've heard that one. 396 00:25:01,872 --> 00:25:06,313 And my answer to that is stateful inspection. 397 00:25:06,314 --> 00:25:08,706 Two words. Done. 398 00:25:08,707 --> 00:25:13,738 So all the arguments about we need to keep NAT for security, 399 00:25:13,739 --> 00:25:15,469 it's nonsense. 400 00:25:15,470 --> 00:25:17,238 It's just nonsense. 401 00:25:18,529 --> 00:25:20,511 The fact of the matter is, like I said, 402 00:25:20,511 --> 00:25:23,012 your firewall needs to be able to protect you either way. 403 00:25:23,961 --> 00:25:27,063 They have provided this address space. 404 00:25:27,064 --> 00:25:29,705 If you don't believe me, go read the RFCs. 405 00:25:29,706 --> 00:25:32,866 They don't recommend doing it with NAT and all that kind of stuff, 406 00:25:32,866 --> 00:25:36,205 so I would just not even go there. 407 00:25:36,205 --> 00:25:39,749 That's why I said I almost considered not even mentioning them. 408 00:25:39,750 --> 00:25:43,616 The other thing we needed to talk about is the communication types. 409 00:25:45,100 --> 00:25:49,570 Unicast versus multicast versus anycast. 410 00:25:53,494 --> 00:25:58,847 Unicast, pretty simple just like IPv4, one-to-one. 411 00:25:58,847 --> 00:26:04,785 Multicast and anycast... 412 00:26:06,472 --> 00:26:09,785 Multicast, same exact idea as IPv4. 413 00:26:09,785 --> 00:26:14,076 So it's one machine sending a packet going to multiple destinations. 414 00:26:14,077 --> 00:26:17,349 The addressing of course changes. 415 00:26:17,349 --> 00:26:20,114 We'll talk a little bit more about this later. 416 00:26:20,114 --> 00:26:25,182 But in IPv6, all multicast addresses start FF. 417 00:26:25,183 --> 00:26:29,425 But beyond that multicast is multicast. 418 00:26:29,425 --> 00:26:34,248 Anycast. I almost hate to put this under communication types. 419 00:26:34,248 --> 00:26:37,388 This is a big pet peeve of mine personally, 420 00:26:37,389 --> 00:26:40,613 but since this is how everybody lists it, 421 00:26:40,614 --> 00:26:42,098 I'll play along. 422 00:26:42,099 --> 00:26:43,616 I'll do it too. 423 00:26:43,617 --> 00:26:47,290 And we'll say that anycast is a communications type. 424 00:26:48,658 --> 00:26:55,390 Fine. Anycast is really nothing more than a specialized manner in 425 00:26:55,390 --> 00:26:59,346 which you're going to use unicast addresses. 426 00:26:59,346 --> 00:27:03,080 So there is nothing special about an Anycast address, 427 00:27:03,081 --> 00:27:05,997 which is sort of why I split it out of the communication types. 428 00:27:05,997 --> 00:27:09,143 I've seen Anycast listed as address types before, 429 00:27:09,143 --> 00:27:11,821 and I'm like, Oh, that just bothers me so bad. 430 00:27:11,822 --> 00:27:16,126 All Anycast is, is very simply this, and we'll do it a couple of 431 00:27:16,126 --> 00:27:19,509 times. I do it for all sorts of different things. 432 00:27:19,510 --> 00:27:25,221 Something as simple as, take two servers that are offering up, 433 00:27:25,222 --> 00:27:29,575 I don't care, a web page, whatever. The trick is, 434 00:27:29,575 --> 00:27:33,117 they have to be offering identical services, 435 00:27:34,317 --> 00:27:40,302 give them both the same address, either IPv6 or IPv4, 436 00:27:40,303 --> 00:27:43,434 I don't care. Give them the same address, 437 00:27:43,435 --> 00:27:48,392 and then advertise that address into your routing protocol. 438 00:27:48,393 --> 00:27:53,543 So OSPF, RIP, EIGRP, BGP, whatever you're running. 439 00:27:54,670 --> 00:27:58,608 What everybody on your network is going to get is they're then going 440 00:27:58,609 --> 00:28:02,250 to get two routes to the same destination. 441 00:28:03,077 --> 00:28:06,981 Now, do they know that that's two separate devices offering the same 442 00:28:06,981 --> 00:28:11,873 service? No. They just know that they have two routes to get to what 443 00:28:11,874 --> 00:28:14,269 they perceive to be the same destination. 444 00:28:14,270 --> 00:28:17,931 So of course, if you're not advertising this as a host route you're 445 00:28:17,932 --> 00:28:20,564 going to have to advertise this as like a /24 subnet, 446 00:28:20,565 --> 00:28:22,064 something like that. 447 00:28:22,064 --> 00:28:27,507 Just make sure it's being advertised the same on both routers advertising 448 00:28:27,507 --> 00:28:31,946 the subnet. Everybody else on the network should then see two routes 449 00:28:31,947 --> 00:28:37,017 to get there. According to any routing protocol I've ever seen 450 00:28:37,018 --> 00:28:44,538 that means that we then follow whatever that routing protocols method-- 451 00:28:44,539 --> 00:28:46,789 of course, you know if it's RIP it's hop count, 452 00:28:46,790 --> 00:28:50,741 if it's EIGRP, by default, it's bandwidth and delay. 453 00:28:50,742 --> 00:28:53,995 With OSPF, well, there's a lot of variables, 454 00:28:53,996 --> 00:28:59,136 but to keep things simple for right now we'll just say that it generically 455 00:28:59,136 --> 00:29:01,001 comes down to lowest cost. 456 00:29:01,002 --> 00:29:03,879 There's a lot more OSPF in that of course. 457 00:29:03,879 --> 00:29:07,798 We're not going to get into that right now but it always prefers 458 00:29:07,798 --> 00:29:13,837 internal routes over external routes and routes from Area 0 and prefer 459 00:29:13,837 --> 00:29:15,882 Type 1 over Type 2 externals. 460 00:29:15,882 --> 00:29:17,217 We could go on. 461 00:29:17,218 --> 00:29:20,539 The point is, just to be very generic right now, 462 00:29:20,540 --> 00:29:22,519 we'll just say it comes down to cost. 463 00:29:22,520 --> 00:29:27,880 All the routers look at those two routes to get to that Anycast destination 464 00:29:27,881 --> 00:29:31,464 and they simply follow whatever that routing protocol says is the 465 00:29:31,464 --> 00:29:33,471 closest target. 466 00:29:33,472 --> 00:29:36,678 That, by definition, right there is what Anycast is. 467 00:29:36,679 --> 00:29:42,543 It's the guy making the decision of how to go to closest, 468 00:29:42,544 --> 00:29:48,022 closest as determined by whatever the routing protocol is - RIP, 469 00:29:48,023 --> 00:29:50,552 OSPF, EIGRP, BGP, doesn't matter, 470 00:29:50,553 --> 00:29:52,838 static routes, I don't care. 471 00:29:52,838 --> 00:29:56,360 That, by definition, is what Anycast is. 472 00:29:56,361 --> 00:30:01,073 There is a big difference - well, one big difference - between Anycast 473 00:30:01,074 --> 00:30:05,187 for IPv4 and Anycast for IPv6. 474 00:30:05,188 --> 00:30:12,061 Anycast on IPv4, those two servers that you just gave the same address 475 00:30:12,062 --> 00:30:14,966 would have to be on two different segments. 476 00:30:14,966 --> 00:30:17,392 So you would have to say, I don't care, 477 00:30:17,392 --> 00:30:20,815 have VLAN10 and VLAN20. 478 00:30:20,816 --> 00:30:26,828 Have both of them with the same subnet and put your servers on each 479 00:30:26,829 --> 00:30:33,185 of those separate VLANs then have two separate routers advertise 480 00:30:33,185 --> 00:30:37,875 those VLANs into OSPF or whatever. 481 00:30:37,875 --> 00:30:42,809 So they would have to be separate otherwise what do you end up with? 482 00:30:42,809 --> 00:30:47,590 Duplicate address exists on the network and you have that whole overlapping 483 00:30:47,591 --> 00:30:49,805 IPv4 address problem. 484 00:30:49,805 --> 00:30:55,993 With IPv6 you can actually do Anycast on the same segment. 485 00:30:55,993 --> 00:30:59,832 You can actually put them literally on the same VLAN on the same 486 00:30:59,832 --> 00:31:06,325 segment and you'll go to, well frankly whichever one answers neighbor 487 00:31:06,326 --> 00:31:07,672 discovery first. 488 00:31:07,672 --> 00:31:09,620 So we've been going for a while here. 489 00:31:09,620 --> 00:31:16,144 We're going to take a quick break and we'll start up in the next 490 00:31:16,145 --> 00:31:23,949 section here with wrapping up the rest of the introduction lesson. 491 00:31:23,950 --> 00:31:28,594 [music]