diff --git a/acronyms.tex b/acronyms.tex index 920ce99..6fffb84 100644 --- a/acronyms.tex +++ b/acronyms.tex @@ -23,10 +23,13 @@ \newacronym{cix}{CIX}{Commercial Internet Exchange} \newacronym{cph}{CPH}{Copenhagen} \newacronym{cwdm}{CWDM}{} +\newacronym{dad}{DAD}{Duplicate Address Detection} \newacronym{db}{DB}{Database} \newacronym{dhcp}{DHCP}{Dynamic Host Control Protocol} +\newacronym{dhcp6}{DHCPv6}{Dynamic Host Control Protocol version 6} \newacronym{dknog}{DKNOG}{Danish Network Operators' Group} \newacronym{dns}{DNS}{Domain Name System} +\newacronym{dns6}{DNSv6}{Domain Name System version 6} \newacronym{dr}{DR}{Danmarks Radio} \newacronym{dsl}{DSL}{Digital Subscriber Line} \newacronym{dst}{dst}{destination} @@ -60,16 +63,18 @@ \newacronym{iab}{IAB}{Internet Architecture Board} \newacronym{iana}{IANA}{Internet Assigned Numbers Authority} \newacronym{icann}{ICANN}{Internet Corporation for Assigned Names and Numbers} +\newacronym{icmp}{ICMP}{Internet Control Message Protocoll} +\newacronym{icmp6}{ICMPv6}{Internet Control Message Protocol version 6} \newacronym{ieee}{IEEE}{Institute of Electrical and Electronics Engineers} \newacronym{ietf}{IETF}{Internet Engineering Task Force} \newacronym{igrp}{IGRP}{Interior Gateway Routing Protocol} \newacronym{imap}{IMAP}{Internet Message Access Protocol} \newacronym{ios}{IOS}{Internetwork Operating System} \newacronym{ip}{IP}{Internet Protocol} -\newacronym{ip4}{IPv4}{Internet Protocol v4} -\newacronym{ip6}{IPv6}{Internet Protocol v6} -\newacronym{ipv4}{IPv4}{Internet Protocol v4} -\newacronym{ipv6}{IPv6}{Internet Protocol v6} +\newacronym{ip4}{IPv4}{Internet Protocol version 4} +\newacronym{ip6}{IPv6}{Internet Protocol version 6} +\newacronym{ipv4}{IPv4}{Internet Protocol version 4} +\newacronym{ipv6}{IPv6}{Internet Protocol version 6} \newacronym{irc}{IRC}{Internet Relay Chat} \newacronym{irtf}{IRTF}{Internet Research Task Force} \newacronym{isis}{IS-IS}{Intermediate System to Intermediate System} @@ -94,6 +99,9 @@ \newacronym{msg}{msg}{message} \newacronym{mst}{MST}{Multiple Spanning Tree} \newacronym{nac}{NAC}{Network Admission Control} +\newacronym{nat}{NAT}{Network Address Translation} +\newacronym{nd}{ND}{Neighbor Discovery} +\newacronym{nic}{NIC}{Network Interface Card} \newacronym{nlri}{NLRI}{Network Layer Reachability Information} \newacronym{nms}{NMS}{Network Management Software} \newacronym{nsa}{NSA}{National Security Agency} @@ -132,6 +140,7 @@ \newacronym{sdsl}{SDSL}{Symmetric Digital Subscriber Line} \newacronym{sftp}{SFTP}{Secure Shell File Transfer Protocol} \newacronym{sla}{SLA}{Service Level Agreement} +\newacronym{slaac}{SLAAC}{Stateless Address Autoconfiguration} \newacronym{smtp}{SMTP}{Simpe Mail Transfer Protocol} \newacronym{snmp}{SNMP}{Simple Network Management Protocol} \newacronym{sntp}{SNTP}{Secure Network Time Protocol} @@ -153,6 +162,7 @@ \newacronym{tosdr}{ToS;DR}{Terms of Service; Didn't Read} \newacronym{udld}{UDLD}{Unidirectional Link Detection} \newacronym{udp}{UDP}{User Datagram Protocol} +\newacronym{ula}{ULA}{Unique Local Address} \newacronym{utc}{UTC}{Coordinated Universal Time} \newacronym{vlan}{VLAN}{Virtual Local Area Network} \newacronym{vpn}{VPN}{Virtual Private Network} diff --git a/chapter/ip.tex b/chapter/ip.tex new file mode 100644 index 0000000..7a524fe --- /dev/null +++ b/chapter/ip.tex @@ -0,0 +1,146 @@ +\chapter[IP]{Internet Protocol} + +\section[IPv6]{Internet Protocol v6} + +\gls{ipv6} has recently been defined in an updated \rfc{8200} which obsoletes several of the older \gls{rfc} documents regarding \gls{ipv6}. + +\gls{ipv6} came about in 1998 when the original \rfc{2460} was published. It aims to provide globally route-able addresses (i.e. no need for \gls{nat}) and provides a hierarchical way to allocate address prefixes in a way which makes it simple to do route aggregation.\footnote{This helps limits the size of the Internet's global routing table!}\cite{wiki:IPv6} + +\wikicommons[An illustration of an example IPv6 address with leading zeros in the binary rendering]{ipv6_address_leading_zeros} + +\subsection{IP to client} + +Several ways to assign a client an address exists. +\begin{itemize} + \item Let the client handle it itself (i.e. \gls{dhcp} server present): \gls{slaac}. + \begin{itemize} + \item \gls{icmp6} router discovery messages is used to detect info 'bout the connected network segment. + \item Upon \textit{link up} client sends link-local solicitation multicast req. for network parameters, + \item router \textit{responds with} router adv. packet cont. \gls{ip} cfg parameters. + \end{itemize} + \item Let the \gls{dhcp} server assign \textit{partial} info to the client. + \item Let the \gls{dhcp} server assign \textit{every} info to the client. +\end{itemize} + +\textbf{Privacy} is a large concern regarding \gls{ipv6} because of the globally unique address the client posses. + +Implementation to do privacy regarding the host bits of an \gls{ip6} has been done to protect the clients (and users) from being tracked. Alas, if the \gls{isp} do static prefix assignments to end users. This privacy protection may be somewhat unusable. As the network prefix will always remain the same. Regardless of the host-bits being changed often. + +Have 3 different forms: +\begin{enumerate} + \item \texttt{2001:0db8:0000:0000:0000:ff00:0042:8329}, + \item \texttt{2001:db8:0:0:0:ff00:42:8329}, {\footnotesize (i.e. remove leading zeroes per group delimited by colon)} + \item \texttt{2001:db8::ff00:42:8329}. {\footnotesize (i.e. remove groups containing all zeroes in succession after each other) (only done \textit{once!}} +\end{enumerate} + +\subsection{Packet Headers}\cite{IPv6Pack77:online} + +\wikicommons{ipv6_header} + +\begin{enumerate} + \item \textbf{Version} -- 1-byte field containing '6'. + \item \textbf{Traffic Class} -- 2-bytes hex notation for traffic class. + \item \textbf{Flow label} -- 5-bytes. + \item \textbf{Payload length} -- 4-bytes unsigned integer, which is the rest of the packet that follows the IPv6 header, in octets. + \item \textbf{Next header} -- 4-bytes selector. Identifies the type of header that immediately follows the IPv6 header. Uses the same values as the IPv4 protocol field. + \item \textbf{Hop limit} -- 32-bytes unsigned integer. Decremented by one by each node that forwards the packet. The packet is discarded if the hop limit is decremented to zero. + \item \textbf{Source address} -- 32-bytes. + \item \textbf{Destination address} -- 32-bytes. The intended recipient is not necessarily the recipient if an optional routing header is present. +\end{enumerate} + +\subsection[EH]{Extension Headers}\cite{IPv6Pack77:online} + +\begin{enumerate} + \item \textbf{Routing} -- Extended routing, such as IPv4 loose source route + \item \textbf{Fragmentation} -- Fragmentation and reassembly + \item \textbf{Authentication} -- Integrity and authentication, and security + \item \textbf{Encapsulating Security Payload} -- Confidentiality + \item \textbf{Hop-by-Hop options} -- Special options that require hop-by-hop processing + \item \textbf{Destination options} -- Optional information to be examined by the destination node +\end{enumerate} + +\subsection{Address Types} + +\subsubsection{Link-Local} + +\begin{itemize} + \item Address assigned from the \texttt{fe80::/10} prefix. + \item Either derived with the EUI-64\footnote{The EUI-64 involves the MAC address and injecting fffe into the middle making it 64 bits and using this as host bits} method or randomly selected. Then assigned after \gls{dad} has been run on the network segment. + \item \itemhead[]{Unique Link Local}\cite{wiki:Unique_local_address} + \begin{itemize} + \item Defined as block \texttt{fc00::/7}. See \rfc{4193}. + \item \gls{ula} is \glspl{ip6} counter-part to \glspl{ip4} \rfc{1918} address space. + \item Only usable within a private network. + \item Divided into 2 /8 \gls{ip6} blocks. + \begin{enumerate} + \item \texttt{fc00::/8} -- Not \textit{yet} officially allocated/defined by the \gls{ietf}. + \item \texttt{fd00::/8} -- Defined as /48 prefixes. The last 40 bits is randomly generated and appended to the first 8 significant bits {\small (i.e. \texttt{0xFD} aka. \texttt{11111101})}. + \end{enumerate} + \end{itemize} + \item \itemhead[]{Solicited-node multicast address}\cite{wiki:Solicited-node_multicast_address} + \begin{itemize} + \item Consist of the prefix \texttt{ff02::1:ff00:0/104} for the first 104 bits. + \item The last 24 bits represents the target address within the prefix. + \item Solicited-node multicast address is segment only traffic. I.e. the traffic does not flow \textit{between} \gls{l3} \gls{ip} segments. + \item Used in combination with \gls{nd} to replace \glspl{ip4} \gls{arp} functionality. + \end{itemize} +\end{itemize} + +\subsubsection{Global Addressing} + +\begin{itemize} + \item Address types + \begin{itemize} + \item Unicast: Identifies each \gls{nic}. + \item Anycast: Identifies a group of \glspl{nic} belonging to the same group and providing the same services/content/applications. Nearest one to source is used. + \item Multicast: Used to deliver content to multiple \glspl{nic} at once. Traffic is a single flow from the source (i.e. not multiple unicast streams). + \item Broadcast: \textit{Not} implemented. Replaced by use of multicast groups. + \end{itemize} +\end{itemize} + +\subsubsection{Multicast} + +\begin{itemize} + \item Address format:\cite{IPv6Addr96:online} + \begin{enumerate} + \item \texttt{8-bits: 1111 1111} -- Identifies the address as multicast. + \item \texttt{4-bits: FLGS} -- Set of 4 flags. + \begin{enumerate} + \item \texttt{0}: Must be zero. + \item \texttt{0}: Must be zero. + \item \texttt{P}: Can be either '1' or '0'. + \begin{itemize} + \item \texttt{0} -- Multicast address that is \textit{not} assigned based on the network prefix. + \item \texttt{1} -- Multicast address that \textit{is} assigned based on the network prefix. + \end{itemize} + \item \texttt{T}: If the P-flag is '1'. T-flag must be '1', too. + \end{enumerate} + \item \texttt{4-bits: SCOP} + \item \texttt{8-bits: Reserved} -- Reserved value of zero.\footnote{Yet to make sense for me...} + \item \texttt{8-bits: Plen} -- Number of bits in the site prefix that identify the subnet, for a multicast address that is assigned based on a site prefix. + \item \texttt{64-bits: Network prefix} + \item \texttt{32-bits: Group ID} -- Identifier for the multicast group, either permanent or dynamic + \end{enumerate} +\end{itemize} + +\subsubsection[Teredo]{Teredo addressing \& tunneling} + +ip6 has a feature of being able to route by use of teredo tunnels over ip4 addresses. So that clients supporting ip6 on either end, but not the fabric in the middle. Can append the ip4 ip to a special ip6 prefix also called teredo tunneling run ip traffic across ip4. + +\subsection{AAAA} + +\gls{dns6} had 2 running proposals when first proposed, \rfc{2874} (1st), \rfc{3364} (later discussion), and \rfc{3363} thou deprecated this proposal to experimental status. + +The winning one was \rfc{3596} with the idea of doing \textit{quad}-A records and hierarchically divided by \textit{nibble} {\small (i.e. 4 bits)}. + +The idea is fx. \texttt{2001:db8:ef::2} is noted in ip6.arpa as \texttt{2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.e.0.0.8.b.d.0.1.0.0.2.ip6.arpa}. {\small Note the used of '.' between \textit{each} \textit{hexadecimal} character used, and that \textit{all zeroes} has been included. ip6.arpa does not allow any characters to be omitted from the original full-length \gls{ip6} address.}\footnote{Found description \href{https://stackoverflow.com/q/6619682}{here} on stackoverflow.com/q/6619682.} + +\subsection{Addresses} + +\plaintextinput{ipaddressblocks6} + +\section[IPv4]{Internet Protocol v4} + +\subsection{Addresses} + +\plaintextinput{ipaddressblocks} \ No newline at end of file diff --git a/chapter/layer2.tex b/chapter/layer2.tex index 84876bc..da6ee4f 100644 --- a/chapter/layer2.tex +++ b/chapter/layer2.tex @@ -17,6 +17,7 @@ Of course you can \textit{disable} \gls{vtp} altogether. Key things to be aware of \textit{before} enabling \gls{vtp} in your environment is to make double sure of only having 1 \gls{vtp} domain. \textbf{If} 2 or more \gls{vtp} domains exists. Be triple sure to separate them! As to avoid having an \gls{vtp} server \gls{db} overridden with data from another \gls{vtp} domain. The three \gls{vtp} modes \textit{operates} as follow + \begin{itemize} \item Transparent \begin{itemize} diff --git a/chapter/layer3.tex b/chapter/layer3.tex index af035a4..e637ddb 100644 --- a/chapter/layer3.tex +++ b/chapter/layer3.tex @@ -12,7 +12,7 @@ \wikicommons{BGP_FSM} The protocol of the internet used since 1994.\cite{wiki:Border_Gateway_Protocol} -Currently based upon \rfc{4271} with updates following in \rcf{6286} \rfc{6608}, \rfc{6793}, \rfc{7606}, \rfc{7607}, \rfc{7705}. +Currently based upon \rfc{4271} with updates following in \rfc{6286} \rfc{6608}, \rfc{6793}, \rfc{7606}, \rfc{7607}, \rfc{7705}. @@ -29,11 +29,11 @@ Currently based upon \rfc{4271} with updates following in \rcf{6286} \rfc{6608}, \begin{itemize} \item Routes can be aggregated between \Glspl{as}. \item Properties can be changed on the fly by mathing - \begin{enumerate*}[label={\alph*)}] + \begin{enumerate}[label={\alph*)}] \item \Gls{bgp} communities, \item \Gls{ip} prefix, \item \Gls{bgp} as-path, - \end{enumerate*} + \end{enumerate} \end{itemize} \item \end{itemize} diff --git a/code/ipaddressblocks.txt b/code/ipaddressblocks.txt index 12e5fed..0b9dab9 100644 --- a/code/ipaddressblocks.txt +++ b/code/ipaddressblocks.txt @@ -20,16 +20,3 @@ Address Block Present Use Reference 240.0.0.0/4 Reserved for Future Use RFC 1112, Section 4 255.255.255.255/32 Limited Broadcast RFC 0919, Section 7 RFC 0922, Section 7 -::1/128 Loopback Address RFC 4291 -::/128 Unspecified Address RFC 4291 -64:ff9b::/96 IPv4-IPv6 Translat. RFC 6052 -::ffff:0:0/96 IPv4-mapped Address RFC 4291 -100::/64 Discard-Only Address Block RFC 6666 -2001::/23 IETF Protocol Assignments RFC 2928 -2001::/32 TEREDO RFC 4380 -2001:2::/48 Benchmarking RFC 5180 -2001:db8::/32 Documentation RFC 3849 -2001:10::/28 ORCHID RFC 4843 -2002::/16 [2] 6to4 RFC 3056 -fc00::/7 Unique-Local RFC 4193 -fe80::/10 Linked-Scoped Unicast RFC 4291 diff --git a/code/ipaddressblocks6.txt b/code/ipaddressblocks6.txt new file mode 100644 index 0000000..9dd301e --- /dev/null +++ b/code/ipaddressblocks6.txt @@ -0,0 +1,15 @@ +Address Block Present Use Reference +-------------------------------------------------------------------- +::1/128 Loopback Address RFC 4291 +::/128 Unspecified Address RFC 4291 +64:ff9b::/96 IPv4-IPv6 Translat. RFC 6052 +::ffff:0:0/96 IPv4-mapped Address RFC 4291 +100::/64 Discard-Only Address Block RFC 6666 +2001::/23 IETF Protocol Assignments RFC 2928 +2001::/32 TEREDO RFC 4380 +2001:2::/48 Benchmarking RFC 5180 +2001:db8::/32 Documentation RFC 3849 +2001:10::/28 ORCHID RFC 4843 +2002::/16 [2] 6to4 RFC 3056 +fc00::/7 Unique-Local RFC 4193 +fe80::/10 Linked-Scoped Unicast RFC 4291 diff --git a/commands.tex b/commands.tex index 0857e3b..bc88bf2 100644 --- a/commands.tex +++ b/commands.tex @@ -95,6 +95,7 @@ License: \texttt{\href{https://creativecommons.org/licenses/by-sa/3.0/}{CC BY-SA \lstnewenvironment{txt}{\lstset{style=plaintxt}}{} + % Usage: % Enviroment @var cisco \lstnewenvironment{cisco}{\lstset{language=cisco}}{} @@ -129,3 +130,8 @@ License: \texttt{\href{https://creativecommons.org/licenses/by-sa/3.0/}{CC BY-SA % Usage: \newcommand{\rfc}[1]{RFC #1\footnote{\href{https://tools.ietf.org/html/rfc#1}{tools.ietf.org/html/rfc#1}}} + + +% Usage: +% https://tex.stackexchange.com/a/75349 +\newcommand{\plaintextinput}[1]{\lstinputlisting[language={},style=plaintxt]{code/#1.txt}} diff --git a/img/ipv6/ipv6-packet-header.png b/img/ipv6/ipv6-packet-header.png new file mode 100644 index 0000000..2d3bdb0 Binary files /dev/null and b/img/ipv6/ipv6-packet-header.png differ diff --git a/img/wikimediacommons/ipv6_address_leading_zeros.png b/img/wikimediacommons/ipv6_address_leading_zeros.png new file mode 100644 index 0000000..d21614b Binary files /dev/null and b/img/wikimediacommons/ipv6_address_leading_zeros.png differ diff --git a/img/wikimediacommons/ipv6_header.png b/img/wikimediacommons/ipv6_header.png new file mode 100644 index 0000000..5bb2a84 Binary files /dev/null and b/img/wikimediacommons/ipv6_header.png differ diff --git a/main.tex b/main.tex index 06521e4..d588308 100644 --- a/main.tex +++ b/main.tex @@ -23,6 +23,7 @@ % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\include{chapter/ip} \include{chapter/layer2} \include{chapter/l2tol3} \include{chapter/layer3} diff --git a/references-websites.bib b/references-websites.bib index a469821..2bd3a4b 100644 --- a/references-websites.bib +++ b/references-websites.bib @@ -13,3 +13,21 @@ howpublished = {\url{https://orhanergun.net/2017/01/tier-1-tier-2-tier-3-service-providers/}}, note = "[Online; accessed 17-June-2017]" } + +@misc{IPv6Pack77:online, + author = {Oracle}, + title = {IPv6 Packet Header Format - System Administration Guide: IP Services}, + howpublished = {\url{http://docs.oracle.com/cd/E23823_01/html/816-4554/ipv6-ref-2.html}}, + month = {}, + year = {2010}, + note = {(Accessed on 07/23/2017)} +} + +@misc{IPv6Addr96:online, + author = {Oracle}, + title = {IPv6 Addressing Formats Beyond the Basics - System Administration Guide: IP Services}, + howpublished = {\url{http://docs.oracle.com/cd/E23823_01/html/816-4554/ipv6-ref-77.html#ipv6-overview-201}}, + month = {}, + year = {2010}, + note = {(Accessed on 07/23/2017)} +} \ No newline at end of file diff --git a/references-wikipedia.bib b/references-wikipedia.bib index 2b626d1..bdfd516 100644 --- a/references-wikipedia.bib +++ b/references-wikipedia.bib @@ -72,4 +72,28 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Border\%20Gateway\%20Protocol&oldid=785954244}}, note = "[Online; accessed 18-June-2017]" +} + +@misc{ wiki:IPv6, + author = "Wikipedia", + title = "{IPv6} --- {W}ikipedia{,} The Free Encyclopedia", + year = "2017", + howpublished = {\url{http://en.wikipedia.org/w/index.php?title=IPv6&oldid=790986104}}, + note = "[Online; accessed 18-July-2017]" +} + +@misc{ wiki:Unique_local_address, + author = "Wikipedia", + title = "{Unique local address} --- {W}ikipedia{,} The Free Encyclopedia", + year = "2017", + howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Unique\%20local\%20address&oldid=791265343}}, + note = "[Online; accessed 19-July-2017]" +} + +@misc{ wiki:Solicited-node_multicast_address, + author = "Wikipedia", + title = "{Solicited-node multicast address} --- {W}ikipedia{,} The Free Encyclopedia", + year = "2017", + howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Solicited-node\%20multicast\%20address&oldid=787116453}}, + note = "[Online; accessed 19-July-2017]" } \ No newline at end of file diff --git a/structure.tex b/structure.tex index 2d3e50a..30263a5 100644 --- a/structure.tex +++ b/structure.tex @@ -40,6 +40,7 @@ \usepackage[toc,acronym,footnote,nomain]{glossaries} % Load the package with the acronym option \usepackage{chngcntr} \usepackage[toc]{multitoc} +\usepackage{dblfnote} % https://tex.stackexchange.com/a/8180 \usepackage[unicode=false, colorlinks=true, linkcolor=darkgray,