1 00:00:02,060 --> 00:00:08,414 [music] 2 00:00:08,415 --> 00:00:14,087 Now, just like IPv4, there are numerous ways to get them 3 00:00:14,088 --> 00:00:18,157 and there honestly might even be ways that I'm not going to list here. 4 00:00:18,158 --> 00:00:21,784 I'm going to list definitely the most popular and the most 5 00:00:21,785 --> 00:00:25,396 common ways to do this, but that's not to say there aren't others. 6 00:00:25,397 --> 00:00:30,730 First and foremost is what I'm hoping is the obvious, which is simply 7 00:00:30,731 --> 00:00:36,363 static address assignment. You go to a device, you give it a static address. 8 00:00:36,364 --> 00:00:43,922 Again, if this is Windows, Mac, Linux, Cisco, it's all pretty straightforward. 9 00:00:43,923 --> 00:00:48,617 For most of those it's going to be a GUI to just put in an IPv6 address. 10 00:00:48,618 --> 00:00:52,846 Really, really a piece of cake, nothing to it. 11 00:00:52,847 --> 00:00:59,625 Your other choice, and this of course is brand new with IPv6, 12 00:00:59,626 --> 00:01:01,704 and we're going to spend a bit of time on this. 13 00:01:01,705 --> 00:01:05,587 Not to worry. We'll go through configuration and everything. 14 00:01:05,588 --> 00:01:09,248 Again, like I said, I'm going to do the configuration on Cisco routers. 15 00:01:09,249 --> 00:01:12,213 But the fact of the matter is that almost all devices, 16 00:01:12,214 --> 00:01:16,520 functionally they all do the same thing. It's just a matter of syntax. 17 00:01:16,521 --> 00:01:22,426 The Stateless Address Auto Configuration. 18 00:01:22,427 --> 00:01:30,004 Somebody looked at this and basically said, do we really need DHCP? 19 00:01:31,314 --> 00:01:37,474 If you've been looking at the networking world in general as of late, 20 00:01:37,475 --> 00:01:41,493 I know Cisco-- and not just Cisco, although they're using it sort 21 00:01:41,494 --> 00:01:43,742 of as their tag line lately. 22 00:01:43,743 --> 00:01:46,549 All of the vendors are doing this whole-- 23 00:01:46,561 --> 00:01:49,714 Cisco's calling it the Internet of everything. 24 00:01:49,715 --> 00:01:57,135 Other vendors-- I've heard terms like all-to-all connectivity and, whatever. 25 00:01:57,136 --> 00:02:02,209 The idea is smart devices, right? 26 00:02:02,210 --> 00:02:06,789 Look, I'll go all the way to the refrigerator in your house, 27 00:02:06,790 --> 00:02:14,813 active RFID tags in warehouses, sensors on equipment along production lines. 28 00:02:14,814 --> 00:02:20,223 Tracking a product from the time it's created all the way 29 00:02:20,224 --> 00:02:24,306 to the time it's put on a shelf in a store. All of these things. 30 00:02:24,307 --> 00:02:26,455 This is where things are headed, right? 31 00:02:26,456 --> 00:02:31,255 Cisco's actually shown some presentations at Cisco Live and such, 32 00:02:31,256 --> 00:02:36,603 where they'll have sensors-- I think they did it-- I could be incorrect here. 33 00:02:36,604 --> 00:02:42,654 I believe it was Walmart, but they did sensors under the parking spots 34 00:02:42,655 --> 00:02:47,510 in a retail store - like I said, I believe it was Walmart - 35 00:02:47,511 --> 00:02:51,959 to find out if there was a car parked in that spot. 36 00:02:51,960 --> 00:02:56,553 Why? Well, depending on the number of cars in the parking lot, 37 00:02:56,554 --> 00:02:59,495 can give the manager a pretty good indicator, 38 00:02:59,507 --> 00:03:01,946 hey, do I have enough registers open? 39 00:03:01,947 --> 00:03:05,843 You know, there's 800 cars in the parking lot, and I've got 2 cashiers? 40 00:03:05,844 --> 00:03:09,083 I've got a problem - almost guarantee it. 41 00:03:09,084 --> 00:03:14,987 I've got 10 cars in the parking lot, and 8 cashiers working - 42 00:03:14,988 --> 00:03:17,073 might be a little overstaffed right now. 43 00:03:17,074 --> 00:03:20,751 Maybe I can have them-- give them something fun to do. 44 00:03:20,752 --> 00:03:23,885 I don't know. Clean the bathrooms or something. I don't know. I'm just saying. 45 00:03:23,886 --> 00:03:27,991 The point is-- and look, we all know it's not an exact science. 46 00:03:27,992 --> 00:03:33,602 Of course it's not, you know? There could be 10 people in each of those cars, 47 00:03:33,603 --> 00:03:37,358 or there could have been 1 person in each of those cars. 48 00:03:37,359 --> 00:03:40,295 Depending on the number of people in those cars, 49 00:03:40,296 --> 00:03:45,964 those 10 cars could have had 10 people or a hundred people. 50 00:03:45,965 --> 00:03:49,528 It's not exact, but you know it's not 1,000 people, 51 00:03:49,529 --> 00:03:53,612 and you know it's not 2 people, unless some of them drove a car, 52 00:03:53,613 --> 00:03:55,574 walked home, got another car, you know. 53 00:03:55,575 --> 00:04:01,891 So the whole point is this, though: lots and lots of of devices, 54 00:04:01,892 --> 00:04:09,029 sensors, triggers, inventory scanners, all this kind of stuff that, 55 00:04:09,030 --> 00:04:13,922 at the end of the day, all they need is network connectivity. 56 00:04:13,923 --> 00:04:17,474 So if you think about it from that perspective, what do they need? 57 00:04:17,475 --> 00:04:22,465 They need an address, a prefix length - we don't call it a subnet 58 00:04:22,466 --> 00:04:26,026 mask anymore, we call it a prefix length now - 59 00:04:26,027 --> 00:04:31,417 and, well, almost everything needs to talk off of its own segment anymore, 60 00:04:31,418 --> 00:04:37,173 so a default gateway. Now if you think about those three items, 61 00:04:37,174 --> 00:04:42,408 wow, that's real simple isn't it? Let's see. 62 00:04:42,420 --> 00:04:47,550 The actual network portion of the address - 63 00:04:47,551 --> 00:04:52,806 remember that, just like IPv4, IPv6 is going to be split into three sections. 64 00:04:52,807 --> 00:04:58,484 You're going to have network, probably subnet, and host. 65 00:04:58,485 --> 00:05:02,841 Now the difference is-- and we'll get into this a bit later with routing and such. 66 00:05:02,842 --> 00:05:05,918 The difference is, generally speaking, your company 67 00:05:05,919 --> 00:05:10,387 should get say like a /48 with IPv6, 68 00:05:10,388 --> 00:05:14,264 and you split that up into /64's for your subnetting. 69 00:05:14,265 --> 00:05:19,584 So at the end of the day, really all your client networks should be /64s 70 00:05:19,585 --> 00:05:22,602 But that's not really our discussion right now. The point is this. 71 00:05:22,603 --> 00:05:27,795 There's one device on that segment that's not going to be a scanner. 72 00:05:27,796 --> 00:05:32,159 It's not going to be a parking lot sensor. It's not going to be any of those things. 73 00:05:32,160 --> 00:05:37,301 It's going to be, well, the router. The way off that segment. 74 00:05:37,302 --> 00:05:39,900 There's one thing that he certainly knows. 75 00:05:39,901 --> 00:05:44,036 That is, what is the prefix and the prefix 76 00:05:44,048 --> 00:05:48,677 length for that segment. He's got to know that. 77 00:05:48,678 --> 00:05:52,414 So why can't he just send that out to the clients? 78 00:05:52,415 --> 00:05:57,795 There you go. Part one of what we needed to know taken care of. 79 00:05:57,796 --> 00:06:01,265 Really two parts depending how far you want to break it down. 80 00:06:01,266 --> 00:06:05,056 He now knows the prefix and he knows the prefix length. 81 00:06:05,057 --> 00:06:16,222 So he knows, for example, that it's 2001:db8:100:10::/64. He knows that. 82 00:06:16,223 --> 00:06:20,704 Okay, what else do you need? A host portion. 83 00:06:20,705 --> 00:06:23,663 Great, I believe I just had a discussion on 84 00:06:23,675 --> 00:06:26,713 the last slide about using your MAC address. 85 00:06:26,714 --> 00:06:31,624 Or if you don't like to use the MAC address, do what Windows does, 86 00:06:31,625 --> 00:06:34,933 pseudo randomly pull it out of thin air. 87 00:06:34,934 --> 00:06:38,365 Like I said, they have a process. I'm making fun a little bit, 88 00:06:38,366 --> 00:06:43,645 but hey look, on the Cisco router you can use something called a CGA, 89 00:06:43,646 --> 00:06:46,761 which is a cryptographically generated address. 90 00:06:46,762 --> 00:06:52,151 You can actually have it generate your address portion randomly off 91 00:06:52,152 --> 00:06:55,154 of a seed of an RSA key. 92 00:06:55,155 --> 00:07:00,678 So let your cryptography engine generate the random, basically is 93 00:07:00,679 --> 00:07:02,208 what it comes down to. 94 00:07:02,209 --> 00:07:07,035 So, you know, I don't care how he gets his host portion. 95 00:07:07,036 --> 00:07:11,168 That's the point though. We're not giving him the host portion. 96 00:07:11,169 --> 00:07:17,215 You see that word, stateless? That's what that means. I'm not giving the client. 97 00:07:17,216 --> 00:07:22,822 I'm not giving the sensor, the warehouse monitor, the video camera, the IP phone - 98 00:07:22,823 --> 00:07:27,422 whatever it is. I'm not giving it it's address. 99 00:07:27,434 --> 00:07:31,372 I'm giving it the prefix and the length. 100 00:07:31,373 --> 00:07:33,970 He makes up the host portion on his own, 101 00:07:33,971 --> 00:07:39,389 and he does DAD, like we just discussed, to make sure it's unique. 102 00:07:39,390 --> 00:07:42,156 Boom. He's got an address. 103 00:07:42,157 --> 00:07:44,422 He's got a network portion from the router, 104 00:07:44,423 --> 00:07:50,078 the prefix length from the router, and the host portion from thin air. 105 00:07:50,079 --> 00:07:54,236 It really doesn't matter what. Randomly generated like I said. It doesn't matter. 106 00:07:54,237 --> 00:07:58,532 He has a unique /64 host portion. Now, there 107 00:07:58,544 --> 00:08:02,850 was one more piece of information he needed. 108 00:08:02,851 --> 00:08:07,675 He needed the default gateway. Well, here's a shocker. You're ready? 109 00:08:07,676 --> 00:08:10,420 Hopefully you're sitting down wherever you're at. 110 00:08:10,421 --> 00:08:14,326 If you're driving or something while you're listening, don't let this startle you. 111 00:08:14,327 --> 00:08:18,146 He uses the router that gave him the prefix 112 00:08:18,158 --> 00:08:22,163 information. Whoa, shocking isn't it? I know. 113 00:08:22,164 --> 00:08:24,874 He already knows who the router is. 114 00:08:24,875 --> 00:08:29,811 This is all sent through something called a router advertisement message. 115 00:08:29,812 --> 00:08:32,929 So he already knows who the router is, 116 00:08:32,930 --> 00:08:35,025 and that's who he's going to use as his default gateway. 117 00:08:35,026 --> 00:08:38,475 Now, we can set priority on that if there's two routers on a segment. 118 00:08:38,476 --> 00:08:41,008 We can get into a whole lot of advanced stuff, 119 00:08:41,009 --> 00:08:46,929 but that's the basic idea behind stateless address auto configuration. 120 00:08:46,930 --> 00:08:50,237 Now, if you're listening to this, one thing you might be thinking is, 121 00:08:50,238 --> 00:08:54,653 well what about my DNS server? Lots of things need a DNS server. 122 00:08:54,654 --> 00:09:01,058 Yes, well, you could statically set that on all those devices. 123 00:09:01,059 --> 00:09:04,288 I know what you're thinking again. 124 00:09:04,289 --> 00:09:08,426 Well, what if I'm setting this up for, I don't know, 125 00:09:08,427 --> 00:09:12,110 a Starbucks or a Panera Bread or whatever, 126 00:09:12,122 --> 00:09:15,989 some place that's going to have public WiFi? 127 00:09:15,990 --> 00:09:24,873 I don't need to track their addresses. I don't need a DHCP server, and a pool, 128 00:09:24,874 --> 00:09:30,091 and a database, and track what clients I gave what addresses to. 129 00:09:30,092 --> 00:09:33,703 I don't care. These people come and go every ten minutes. 130 00:09:33,704 --> 00:09:36,364 I mean, unless they're at Starbucks, then, you know, they buy one coffee 131 00:09:36,365 --> 00:09:40,480 and they think that entitles them to the table for 6 to 12 hours, 132 00:09:40,481 --> 00:09:43,340 and they'll sit there all day and do their work because I guess they 133 00:09:43,341 --> 00:09:46,289 can't afford an office or something. I don't 134 00:09:46,301 --> 00:09:48,933 know. I'm making fun. I'm joking again. 135 00:09:48,934 --> 00:09:52,391 I'm not really. You know they do it. I'm just saying. 136 00:09:52,392 --> 00:09:58,077 But in any case-- no, seriously, the point is it's very short term, theoretically. 137 00:09:58,078 --> 00:10:02,329 I don't need to keep track of that - not my problem. 138 00:10:02,330 --> 00:10:07,217 Stateless slack here is perfect for that kind of an environment, 139 00:10:07,218 --> 00:10:09,929 but it's lacking, okay? 140 00:10:09,930 --> 00:10:16,277 You can't expect somebody to say, oh I need to check my Facebook status, 141 00:10:16,278 --> 00:10:21,082 what is the IPv6 address of Facebook? 142 00:10:21,083 --> 00:10:24,338 Oh darn, you know, I had it right here the other day. 143 00:10:24,339 --> 00:10:32,234 The point is, hopefully you can understand, even more than IPv4, the need for DNS here. 144 00:10:32,235 --> 00:10:39,583 Nobody's going to be remembering 128-bit IPv6 hexadecimal 145 00:10:39,584 --> 00:10:45,089 addressing for sites. It's not going to happen. 146 00:10:45,090 --> 00:10:48,419 We don't remember 32-bit IPv4 addresses for most sites. 147 00:10:48,420 --> 00:10:50,941 I mean, you might have a couple or something that you know, but, 148 00:10:50,942 --> 00:10:55,242 generally speaking, we pretty heavily rely on DNS. 149 00:10:55,243 --> 00:10:58,589 Now, all of these sensors and devices and everything I've mentioned 150 00:10:58,590 --> 00:11:03,541 so far, see they don't need to surf the web. They're not trying to get to Facebook. 151 00:11:03,542 --> 00:11:08,152 They're not trying to get to Ford or Chevy or Toyota or-- they're 152 00:11:08,153 --> 00:11:13,443 not looking for a new car. They're not out there trying to surf the web. 153 00:11:13,444 --> 00:11:17,498 They're getting a job done. They know who they need to contact. 154 00:11:17,499 --> 00:11:19,933 They've been preprogrammed with who to contact, 155 00:11:19,934 --> 00:11:22,455 probably through some sort of cloud service, 156 00:11:22,456 --> 00:11:26,048 and all they need to know is how to contact that cloud service. 157 00:11:26,049 --> 00:11:30,785 That cloud service gives them all the rest of the config they need - done. 158 00:11:30,786 --> 00:11:35,562 And SLAAC is perfect for that. 159 00:11:35,563 --> 00:11:38,664 I just hear people hear all this a lot and go, 160 00:11:38,665 --> 00:11:44,774 yeah, I hear what you're saying but what about the TFTP server for my phones 161 00:11:44,775 --> 00:11:49,177 and my wireless access points? What about the DNS server for my clients? 162 00:11:49,178 --> 00:11:53,101 Because again, this is a public WiFi, and I don't really want to run 163 00:11:53,102 --> 00:11:59,504 DHCP, but I need them to know the DNS server. I'm glad you asked. 164 00:11:59,505 --> 00:12:04,747 Because that's exactly what stateless DHCPv6 is for. 165 00:12:06,008 --> 00:12:09,750 By the way, I put it in parentheses here, DHCPv6 Lite. 166 00:12:09,751 --> 00:12:14,959 I've seen it listed that way in some documentation, particularly from Cisco. 167 00:12:14,960 --> 00:12:18,912 I've seen it a couple other places, just wanted to throw it out there. 168 00:12:18,913 --> 00:12:24,067 Almost every place lately I've seen it called stateless DHCPv6, 169 00:12:24,068 --> 00:12:28,443 so I think the big trend is everybody's going to call it that. 170 00:12:28,444 --> 00:12:32,400 But if you get some older documentation or maybe an older book or 171 00:12:32,401 --> 00:12:34,515 something, you might see it listed that way. 172 00:12:34,516 --> 00:12:38,412 Just wanted you to know they're the same thing, if you do see that term somewhere. 173 00:12:38,413 --> 00:12:44,847 Basically what this is, is take all the advantages of stateless 174 00:12:44,848 --> 00:12:49,312 that we just talked about above, lightweight, no database to track, 175 00:12:49,313 --> 00:12:51,649 none of that, very simple. 176 00:12:51,650 --> 00:12:59,244 But I do need to give you DHCP options. 177 00:12:59,245 --> 00:13:06,170 The basic idea here is I'm not giving host portion. 178 00:13:06,171 --> 00:13:11,926 That DHCP server will not have a scope. 179 00:13:11,927 --> 00:13:15,863 Okay, maybe that wasn't the best way to say it. 180 00:13:15,864 --> 00:13:19,498 It won't have an address range for the scope, 181 00:13:19,510 --> 00:13:23,077 let's put it that way, better way to say it. 182 00:13:23,078 --> 00:13:26,234 You're going to have a scope because that's sort of exactly 183 00:13:26,235 --> 00:13:29,271 what you're going to do is you're going to set up the options. 184 00:13:29,272 --> 00:13:34,048 Now, some DHCP servers may let you get away with just doing that as 185 00:13:34,049 --> 00:13:41,167 server options and literally not need a scope. So maybe you do, maybe you don't. 186 00:13:41,168 --> 00:13:47,350 The fact of the matter is, however that DHCP server lets you do the options. 187 00:13:47,351 --> 00:13:50,637 So you need to give out a TFTP server? There you go. 188 00:13:50,638 --> 00:13:55,512 You need to give out a DNS server? There you go. That's how you do it. 189 00:13:55,513 --> 00:14:07,283 Stateless DHCPv6 is an ability to add DHCP options to slack. 190 00:14:07,284 --> 00:14:10,295 So that's what it lets you have - the best of both worlds there. 191 00:14:10,296 --> 00:14:14,011 You're not handing out host portions. So 192 00:14:14,023 --> 00:14:18,296 basically, I'm giving you all of your options, 193 00:14:18,297 --> 00:14:21,797 your prefix length - I'm giving you all of that. 194 00:14:21,798 --> 00:14:25,339 The only thing that you're not getting with 195 00:14:25,351 --> 00:14:28,984 these first-- well, I say first two options. 196 00:14:28,985 --> 00:14:32,906 These two options - options 2 and 3 together here. 197 00:14:32,907 --> 00:14:35,890 The only thing you're not getting is a host portion. 198 00:14:35,891 --> 00:14:38,514 And since I'm not giving you a host portion, 199 00:14:38,515 --> 00:14:45,751 then I don't need to track which host has been given to which MAC address. 200 00:14:45,752 --> 00:14:51,123 Hence, no database. See, I still have no DHCP database. 201 00:14:51,124 --> 00:14:56,640 So these two things together, this is what would be perfect in, 202 00:14:56,641 --> 00:15:00,467 like I said, your public WiFi hotspots. 203 00:15:00,468 --> 00:15:04,036 Maybe your company offers guest access to wireless 204 00:15:04,048 --> 00:15:07,277 just for Internet access, that sort of thing. 205 00:15:07,278 --> 00:15:11,105 I already used the examples Starbucks, Panera 206 00:15:11,117 --> 00:15:14,872 Bread, whoever it is that has a public WiFi. 207 00:15:14,873 --> 00:15:18,799 This is perfect for those kind of places, because why should I keep 208 00:15:18,800 --> 00:15:24,463 a database tracking what MAC address was given to what hosts? 209 00:15:24,464 --> 00:15:27,640 I don't care. They're going to be there ten minutes and they're gone. 210 00:15:27,641 --> 00:15:33,893 Okay? Now, if any of those things I just said don't work for you 211 00:15:33,894 --> 00:15:38,238 in your environment, well then we just simply move on. We have a list. 212 00:15:38,239 --> 00:15:41,097 How about full-blown DHCPv6? 213 00:15:41,098 --> 00:15:45,899 There you go. We still have full-blown DHCP and I can give you the 214 00:15:45,900 --> 00:15:48,895 host portion, I have a database, I can track it. 215 00:15:48,907 --> 00:15:51,669 So if you're sitting there going, well yeah, 216 00:15:51,670 --> 00:15:58,232 but if the FBI shows up or whoever, and they want to know who had what address, 217 00:15:58,233 --> 00:16:02,320 at what time, and this and that, and I need to be able to show them, 218 00:16:02,321 --> 00:16:11,258 well then there you go - its fine. Step up to DHCPv6, log your leases, back them up. 219 00:16:11,259 --> 00:16:14,907 Keep that database then. That's fine. 220 00:16:14,908 --> 00:16:18,143 That just means that we're handing out the host portion as well. 221 00:16:18,144 --> 00:16:20,695 That's literally all it adds over the first 222 00:16:20,707 --> 00:16:23,386 two options there-- or the two options above. 223 00:16:23,387 --> 00:16:28,088 You pick up the database and therefore you have trackability 224 00:16:28,089 --> 00:16:32,253 and accountability, but that means you also have a database to track. 225 00:16:32,254 --> 00:16:37,077 So that's certainly an option. We'll take a look at it when we get to configuration, 226 00:16:37,078 --> 00:16:39,675 but that's another way that they can get addresses. 227 00:16:39,676 --> 00:16:42,417 There is one fundamental difference, before you look at this and go, 228 00:16:42,418 --> 00:16:45,659 oh, so I don't have to change anything from what I know about 229 00:16:45,660 --> 00:16:49,923 IPv4 to IPv6. I can just keep using DHCP. 230 00:16:49,924 --> 00:16:56,096 Yes, you can. There is one little thing you want to be aware of though. 231 00:16:56,097 --> 00:17:01,822 The RFCs for DHCP do not allow for the handing out of the router. 232 00:17:01,823 --> 00:17:05,981 So you can hand out your DNS, all those other options, 233 00:17:05,982 --> 00:17:09,300 but not the default gateway or the router. 234 00:17:09,301 --> 00:17:15,173 Those have to be learned through router advertisement messages 235 00:17:15,174 --> 00:17:18,853 that are basically what slack uses up above. 236 00:17:18,854 --> 00:17:22,709 So there is not-- and we'll see this when we get into the configuration. 237 00:17:22,710 --> 00:17:24,619 I'll show you on the Cisco device. 238 00:17:24,620 --> 00:17:29,857 I'll use one of our Cisco routers as a DHCPv6 server, and I'll just 239 00:17:29,858 --> 00:17:33,425 show you right in there that handing out the router, not an option. 240 00:17:33,426 --> 00:17:37,543 It's not one of the available options, so we'll see that. 241 00:17:37,544 --> 00:17:45,264 Now, your next choice, this is a fun one and I'll set it up and 242 00:17:45,265 --> 00:17:50,368 I'll show it to you, but this is one of those technologies that I 243 00:17:50,369 --> 00:17:55,741 look at and it's really cool and I see what they were doing with it, 244 00:17:55,742 --> 00:18:02,964 and then on the flip side I look at it and go, but who's going to use it? 245 00:18:02,965 --> 00:18:06,652 You know, it's one of those things, I think it's really cool. 246 00:18:06,653 --> 00:18:11,552 Let me give you the basic idea, and that is, 247 00:18:11,553 --> 00:18:15,684 generally speaking, it would probably be a service provider type setup. 248 00:18:15,685 --> 00:18:19,532 It wouldn't have to be, it could be the core of your network, whatever. 249 00:18:19,533 --> 00:18:26,482 But basically, the idea is one router or device is the DHCP server. 250 00:18:26,483 --> 00:18:32,860 Another device comes online and requests not an address from 251 00:18:32,861 --> 00:18:38,472 DHCP, they request a prefix from DHCP. 252 00:18:38,473 --> 00:18:43,978 So just as an example, let's say you're a company and you set up your 253 00:18:43,979 --> 00:18:47,160 CE router, your router going to the provider, 254 00:18:47,161 --> 00:18:53,080 to get a prefix delegation address from your service provider. 255 00:18:53,081 --> 00:18:59,423 So your service provider then gives you this address for prefix delegation 256 00:18:59,424 --> 00:19:06,721 and they'll generally give you something like a /48, so a /48 prefix length. 257 00:19:06,722 --> 00:19:11,258 You then take that prefix that you got from the provider. 258 00:19:11,259 --> 00:19:19,282 Within your network, you then split that up into subnets like /64s. 259 00:19:20,890 --> 00:19:24,381 You then enumerate your entire internal 260 00:19:24,393 --> 00:19:28,334 address space off of this prefix delegation. 261 00:19:28,335 --> 00:19:35,963 Now again, so far it sounds cool. Service provider gives me a /48, I take that /48, 262 00:19:35,964 --> 00:19:39,125 I split it up into as many subnets as I need. 263 00:19:39,126 --> 00:19:42,822 And by the way, in case you haven't actually done the math yet, 264 00:19:42,823 --> 00:19:48,550 if the service provider gives you a /48 and you split that up into 265 00:19:48,551 --> 00:19:54,152 /64s, that gives you 16 bits that are subnet. 266 00:19:55,793 --> 00:20:01,559 Or essentially, the entire fourth field of the IPv6 address, 267 00:20:01,560 --> 00:20:05,780 the entire fourth field becomes subnet. 268 00:20:07,513 --> 00:20:17,774 2 to the 6 is 65,536, so that basically gives you 65,536 usable subnets. 269 00:20:17,775 --> 00:20:23,796 That should cover your entire company. I really don't care how big you are. 270 00:20:23,797 --> 00:20:29,701 If it doesn't, I really got to ask how you're doing your subnetting. 271 00:20:29,702 --> 00:20:34,105 And I suppose if it really, really, really, really didn't, 272 00:20:34,106 --> 00:20:38,046 then you might have to get two /48s. 273 00:20:38,047 --> 00:20:42,335 But that's the basic idea behind how this whole thing's supposed to work. 274 00:20:42,336 --> 00:20:47,596 So you take this /48 you get from your service provider through DHCP, 275 00:20:47,597 --> 00:20:55,371 you subnet out to, well, up to 65,000 subnets, and you make all these /64s. 276 00:20:55,372 --> 00:21:01,046 So there you go. Your entire address space is dynamically allocated. 277 00:21:01,047 --> 00:21:04,050 Now let me tell you where this was supposed to go. 278 00:21:04,051 --> 00:21:08,140 The idea behind this was supposed to be, 279 00:21:08,141 --> 00:21:13,647 okay, well for whatever reason you're upset with your service provider. 280 00:21:13,648 --> 00:21:19,522 You're done with them, you've had it with them, you're going to somebody else. 281 00:21:19,523 --> 00:21:23,251 Okay, so you go sign up with another service provider, 282 00:21:23,252 --> 00:21:30,889 they then send you a completely different /48 through prefix delegation, 283 00:21:30,890 --> 00:21:33,858 and this is where the cool slash I don't know 284 00:21:33,870 --> 00:21:36,527 who's going to do this, comes into play. 285 00:21:36,528 --> 00:21:42,375 What that would do is that would then instantly re-enumerate your 286 00:21:42,376 --> 00:21:49,135 entire inside network with whatever prefix they just gave you. 287 00:21:49,136 --> 00:21:55,328 Now, the cool is you just switched service providers without even 288 00:21:55,329 --> 00:22:01,821 blinking an eye and, wham, everything just automatically moves on its own, 289 00:22:01,822 --> 00:22:04,395 and we're all happy. 290 00:22:04,396 --> 00:22:10,814 But the problem is we're making a couple assumptions here, 291 00:22:10,815 --> 00:22:17,206 that every single device on your network is actually pulling its address from DHCP 292 00:22:17,207 --> 00:22:24,497 and/or stateless auto-config. What about printers? What about servers? 293 00:22:24,498 --> 00:22:27,343 What about network management equipment? 294 00:22:27,344 --> 00:22:31,583 What about things that we generally give a static address to? 295 00:22:31,584 --> 00:22:38,075 They would still be statically on the wrong prefix if you had set them up manually. 296 00:22:38,076 --> 00:22:44,599 Or you could make the argument, okay, well everything has to be DHCP now. 297 00:22:44,600 --> 00:22:48,293 Okay, then how are you going to find it when it moves? 298 00:22:48,294 --> 00:22:55,253 Now you're going to rely on dynamic DNS. Wonderful. Where are the DNS servers? 299 00:22:55,254 --> 00:22:58,979 Who owns those? Where are all those entries? 300 00:22:58,980 --> 00:23:03,198 You see, my point is I'm not saying it can't work and I'm not saying 301 00:23:03,199 --> 00:23:06,154 it's not going to work and I'm not saying any of that. 302 00:23:06,155 --> 00:23:11,518 I'm just saying I see some potentially large problems with this idea 303 00:23:11,519 --> 00:23:15,533 that we're just going to move from one service provider to the other, 304 00:23:15,534 --> 00:23:20,862 and just let that completely re-enumerate the inside of our network. 305 00:23:22,038 --> 00:23:29,102 Now, the reason this was done - just to let you know - is, originally 306 00:23:29,103 --> 00:23:36,007 there was going to be what they referred to as strict aggregation with IPv6. 307 00:23:36,008 --> 00:23:42,348 In other words, the original idea was no service provider 308 00:23:42,349 --> 00:23:47,582 would ever be allowed to advertise anything longer-- and this is 309 00:23:47,583 --> 00:23:49,897 a little old now, so I could be a little bit 310 00:23:49,909 --> 00:23:52,029 off on the numbers here, so I apologize. 311 00:23:52,030 --> 00:23:55,898 You may want to look this up if you really want exact numbers, 312 00:23:55,899 --> 00:24:02,509 but I want to say it was a /32, might have been a /24. 313 00:24:02,510 --> 00:24:07,636 Basically, no service provider ever shall advertise anything to the 314 00:24:07,637 --> 00:24:14,071 Internet, into BGP, longer than a /24 or 32, whatever it was. 315 00:24:14,072 --> 00:24:21,237 And then there was, no regional authority should ever advertise anything 316 00:24:21,238 --> 00:24:29,967 longer than a /16. The cool part of that would have meant that-- 317 00:24:29,968 --> 00:24:33,351 just to throw this out there, I'm stationed in the United States 318 00:24:33,352 --> 00:24:40,244 or North America, so we're under the North American numbering authority here. 319 00:24:40,245 --> 00:24:42,073 Depending where you are in the world, 320 00:24:42,074 --> 00:24:45,917 you have your own regional authority, but the idea would be that, 321 00:24:45,918 --> 00:24:49,350 like, for example, from North America, where I am right now, 322 00:24:49,351 --> 00:24:53,687 to get to all of South America, Australia, 323 00:24:53,688 --> 00:25:00,253 Africa, Asia, Europe, to get to every other numbering authority, 324 00:25:00,254 --> 00:25:07,779 we would literally have had one route. One route gets me to all of Europe. 325 00:25:07,780 --> 00:25:10,981 Once it gets to Europe, well then of course you guys are 326 00:25:10,982 --> 00:25:16,421 breaking it down by your service providers and all that. That was the idea. 327 00:25:16,422 --> 00:25:22,966 That was the idea. But then, you know, you start hitting-- and again that's sort of-- 328 00:25:22,967 --> 00:25:26,687 the reason I'm going there with prefix delegation is, the idea was 329 00:25:26,688 --> 00:25:29,030 that if you move from one service provider to another, 330 00:25:29,031 --> 00:25:34,826 you had to go to their address space because they had to do strict aggregation. 331 00:25:34,827 --> 00:25:37,484 So as you switch service providers, 332 00:25:37,485 --> 00:25:42,019 you h am right now, to Australia, Africa, Asia, Europe, to get to every other 0:24:58.440000 --> 0:25:03.280000 numbering authority, we would literally have had one route. 0:25:03.280000 --> 0:25:07.220000 One route gets me to all of Europe. 0:25:07.220000 --> 0:25:11.440000 Once it gets to Europe, well, then of course you guys are breaking it 0:25:11.440000 --> 0:25:14.920000 down by your service providers and all that. 0:25:14.920000 --> 0:25:16.460000 That was the idea. 0:25:16.460000 --> 0:25:17.580000 That was the idea. 0:25:17.580000 --> 0:25:24.120000 But then you start hitting, and again, the reason I'm going there with 0:25:24.120000 --> 0:25:28.060000 prefix delegation is the idea was that if you move from one service provider 0:25:28.060000 --> 0:25:33.280000 to another, you had to go to their address space because they had to do 0:25:33.280000 --> 0:25:35.060000 strict aggregation. 0:25:35.060000 --> 0:25:40.460000 So as you switch service providers, you had no choice but to switch to 0:25:40.460000 --> 0:25:46.440000 their prefixes. And a lot of side effects came out of this. 0:25:46.440000 --> 0:25:49.760000 As much as they tried to plan this whole thing out and as cool as all 0:25:49.760000 --> 0:25:55.600000 of that sounds, reality comes in and you get people going, well, that 0:25:55.600000 --> 0:26:00.280000 means if I switch service providers, I have to re-enumerate my whole network. 0:26:00.280000 --> 0:26:04.040000 Right. No, I'm not doing that. 0:26:04.040000 --> 0:26:05.740000 So here's what I'm going to do. 0:26:05.740000 --> 0:26:09.180000 I'm just going to enumerate my whole inside network and then I'll just 0:26:09.180000 --> 0:26:10.920000 do NAT on the outside. 0:26:10.920000 --> 0:26:14.760000 And then all I have to do is change my outside router and I can still 0:26:14.760000 --> 0:26:18.440000 move from service provider to service provider and not re-enumerate my 0:26:18.440000 --> 0:26:21.960000 inside network. And I just have to change the outside and we'll just keep 0:26:21.960000 --> 0:26:24.600000 doing NAT like we always have. 0:26:24.600000 --> 0:26:28.660000 And then you have everybody in the IPv6 world going, whoa, no, no, no, 0:26:28.660000 --> 0:26:30.720000 no, no, no, no, no, stop, stop. 0:26:30.720000 --> 0:26:33.400000 That's exactly what we don't want you doing. 0:26:33.400000 --> 0:26:37.280000 We didn't write all this, so you could keep using NAT. 0:26:37.280000 --> 0:26:42.080000 I mean, if we wanted to keep using NAT, we maybe could have fixed up IPv4. 0:26:42.080000 --> 0:26:45.600000 NAT's gotten us as a crutch through a lot of stuff. 0:26:45.600000 --> 0:26:49.240000 We maybe could have kept NAT-ing. 0:26:49.240000 --> 0:26:54.220000 No, this is not what we're supposed to be doing. 0:26:54.220000 --> 0:26:57.220000 And everybody kept saying, we're just going to do NAT then. 0:26:57.220000 --> 0:26:58.640000 Because you know what? 0:26:58.640000 --> 0:27:03.620000 Yeah, it breaks the end-to-end connectivity model, but we're not really 0:27:03.620000 --> 0:27:05.400000 heading towards anything that wants to do that. 0:27:05.400000 --> 0:27:09.340000 And of course, the product vendors are sitting back there going, no, no, 0:27:09.340000 --> 0:27:13.200000 no, no, no, no, we're developing products that need that, that we want 0:27:13.200000 --> 0:27:15.360000 to be able to ultimately sell these guys. 0:27:15.360000 --> 0:27:17.460000 So we can't have them doing NAT. 0:27:17.460000 --> 0:27:21.720000 So, you know, there's this whole, you're not supposed to use NAT anymore. 0:27:21.720000 --> 0:27:24.280000 And all these companies were coming back saying, well, we're just going 0:27:24.280000 --> 0:27:25.600000 to stick with NAT then. 0:27:25.600000 --> 0:27:28.880000 Because we're not going to change all of our printers and our servers 0:27:28.880000 --> 0:27:31.380000 and our DNS servers and our network management. 0:27:31.380000 --> 0:27:34.400000 And we're not going to go change all this just because we want to change 0:27:34.400000 --> 0:27:35.840000 service providers. 0:27:35.840000 --> 0:27:40.480000 You know, we want our own prefix range. 0:27:40.480000 --> 0:27:48.120000 Why can't customer A, you know, why can't company A own a slash 48 and 0:27:48.120000 --> 0:27:53.200000 then carry that from service provider to service provider just like we 0:27:53.200000 --> 0:27:56.060000 do with IPV4 today? 0:27:56.060000 --> 0:27:58.200000 Because let's face it, that's what we're doing today, right? 0:27:58.200000 --> 0:28:00.160000 Most of your companies out there. 0:28:00.160000 --> 0:28:03.240000 Now I realize some of you may be from small to mid-sized companies and 0:28:03.240000 --> 0:28:04.900000 maybe this is not applied to you. 0:28:04.900000 --> 0:28:09.280000 But a lot of companies out there do in fact own their own IPV4 address 0:28:09.280000 --> 0:28:12.900000 space. And if they switch providers, they just announce it out through 0:28:12.900000 --> 0:28:15.100000 BGP through a different provider. 0:28:15.100000 --> 0:28:20.780000 The problem is that means that they have to allow slash 24s to be advertised 0:28:20.780000 --> 0:28:23.220000 into BGP for the internet. 0:28:23.220000 --> 0:28:28.600000 And of course they're looking at that on IPV6 going, holy cow. 0:28:28.600000 --> 0:28:36.440000 So we need to start allowing customers to advertise slash 48s out into 0:28:36.440000 --> 0:28:43.460000 the internet. And basically, you know, public pushback was basically, 0:28:43.460000 --> 0:28:45.680000 well, you have a choice. 0:28:45.680000 --> 0:28:52.240000 You can either A, allow us to own address space and allow us to use BGP 0:28:52.240000 --> 0:28:57.020000 to advertise that out to the internet just like we do with IPV4 today. 0:28:57.020000 --> 0:29:01.980000 Or we're all going to switch over to NAT and there's really no point in 0:29:01.980000 --> 0:29:05.800000 you pushing this whole IPV6 thing anyway. 0:29:05.800000 --> 0:29:11.360000 That's pretty much the pushback from how I've heard it anyway. 0:29:11.360000 --> 0:29:13.520000 It's not like I was in all these meetings or anything, you know. 0:29:13.520000 --> 0:29:16.440000 But this is the basic feedback as I've heard it. 0:29:16.440000 --> 0:29:21.220000 And basically they cracked and they said, fine. 0:29:21.220000 --> 0:29:26.340000 And I don't know if it's a 100% official or anything like that. 0:29:26.340000 --> 0:29:36.700000 But strict prefix summarization is pretty much dead in the IPV6 internet. 0:29:36.700000 --> 0:29:41.000000 Now there'll always be providers like, you know, you go with small company 0:29:41.000000 --> 0:29:43.380000 home, you know, things like that. 0:29:43.380000 --> 0:29:46.420000 There of course always providers signed address space. 0:29:46.420000 --> 0:29:52.240000 And they probably always will be, you know, but for your larger companies. 0:29:52.240000 --> 0:29:55.840000 Because not to mention the fact when all of this was being said, all of 0:29:55.840000 --> 0:29:58.580000 this, all of this throw one more monkey wrench into the whole thing. 0:29:58.580000 --> 0:30:02.000000 What about companies that are multinational? 0:30:02.000000 --> 0:30:06.460000 They're global. And not just between multiple countries on the same continent 0:30:06.460000 --> 0:30:10.400000 either. So now all of a sudden you're telling me that I've got a company 0:30:10.400000 --> 0:30:16.420000 in, you know, three different numbering authorities and they have three 0:30:16.420000 --> 0:30:18.240000 different address spaces. 0:30:18.240000 --> 0:30:20.000000 How's that going to work? 0:30:20.000000 --> 0:30:23.120000 So again, it sounded like a really good idea. 0:30:23.120000 --> 0:30:25.740000 Keep the internet routing tables much smaller. 0:30:25.740000 --> 0:30:28.840000 But at the end of the day, the fact of the matter is it's not going to 0:30:28.840000 --> 0:30:32.060000 happen. We're going to end up with slash 48's. 0:30:32.060000 --> 0:30:36.440000 Our BGP tables are going to be just as big, if not bigger, than they are 0:30:36.440000 --> 0:30:40.800000 in IPV4. And of course, you know, everybody's kicking and screaming, oh 0:30:40.800000 --> 0:30:43.080000 no, it's going to get huge. 0:30:43.080000 --> 0:30:45.180000 Yeah, yeah, it's true. 0:30:45.180000 --> 0:30:49.300000 It's going to. But the flip side of that is you have to look back at it 0:30:49.300000 --> 0:30:54.380000 and go, yeah, but memory is getting cheaper and CPU's are getting faster. 0:30:54.380000 --> 0:30:58.660000 And we just have to make sure that our internet routers are capable of 0:30:58.660000 --> 0:31:03.640000 handling a large IPV6 routing table because that's how it's going to end 0:31:03.640000 --> 0:31:05.080000 up having to be. 0:31:05.080000 --> 0:31:12.380000 So since we don't really have strict prefix summarization anymore, I really, 0:31:12.380000 --> 0:31:16.520000 really, really see less and less of a need for this whole prefix delegation 0:31:16.520000 --> 0:31:18.560000 that I'm describing. 0:31:18.560000 --> 0:31:25.100000 Because if you own your slash 48, you switch providers, you're not changing 0:31:25.100000 --> 0:31:26.700000 your internal numbering. 0:31:26.700000 --> 0:31:28.320000 Everything stays the same. 0:31:28.320000 --> 0:31:31.220000 You wouldn't have gotten it through DHCP to begin with. 0:31:31.220000 --> 0:31:33.100000 You would have just owned it. 0:31:33.100000 --> 0:31:36.860000 In fact, you'd be advertising it out through BGP. 0:31:36.860000 --> 0:31:43.240000 So that's why I said, you know, the niche market for this prefix delegation 0:31:43.240000 --> 0:31:46.240000 will look at it just so you've seen it because I don't know, you know, 0:31:46.240000 --> 0:31:48.900000 maybe you're sitting there listening to it going, yeah, yeah, I hear all 0:31:48.900000 --> 0:31:52.980000 of that. But this would work really good inside of my company to hand 0:31:52.980000 --> 0:31:57.620000 out, you know, prefixes to remote locations. 0:31:57.620000 --> 0:32:02.360000 There I could possibly see a use for it certainly. 0:32:02.360000 --> 0:32:07.000000 Because in those cases, your internal DNS servers aren't going to change. 0:32:07.000000 --> 0:32:10.980000 Your internal, you know, your internal servers and stuff, you know, your 0:32:10.980000 --> 0:32:14.340000 data center and all that, they're all static. 0:32:14.340000 --> 0:32:15.840000 They're not going to change that. 0:32:15.840000 --> 0:32:17.880000 But maybe for remote sites or something. 0:32:17.880000 --> 0:32:21.420000 So I see it as a useful feature. 0:32:21.420000 --> 0:32:24.680000 You just got to really watch and think through where you would want to 0:32:24.680000 --> 0:32:27.500000 use it versus where you wouldn't. 0:32:27.500000 --> 0:32:32.320000 But again, in the next section, we'll be getting into a lot of these things 0:32:32.320000 --> 0:32:33.900000 that I've talked about. 0:32:33.900000 --> 0:32:38.480000 And, you know, this was just some general overview of IPv6 technologies 0:32:38.480000 --> 0:32:43.020000 will certainly loop back to most of this stuff in the upcoming lessons 0:32:43.020000 --> 0:32:44.640000 as we go through. 0:32:44.640000 --> 0:32:48.140000 We can figure it and this is, don't look at this section as our outline 0:32:48.140000 --> 0:32:49.500000 for the course either. 0:32:49.500000 --> 0:32:52.300000 That's posted with the course material. 0:32:52.300000 --> 0:32:54.640000 You know, we're going to be hitting other things too. 0:32:54.640000 --> 0:32:58.080000 You know, we got security, routing protocols, all sorts of stuff that 0:32:58.080000 --> 0:32:58.940000 I want to get us into.