IPv6 pour les Nuls 10 février 2011 Marc Michault Arnaud Lheureux Technologist Lead PFE- Security Sidem Systems Solutions Microsoft France date
Ils avaient raison! C’est la fin!!!!! FoxNews – 26 jan 2011 date
? C’est quoi ce beODLZ? Tech Ed North America 2010 3/30/2017 12:31 AM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Comment rédiger des adresses IPv6 Sous-Réseautage Types d’adresses Le Paquet IPv6 Comment rédiger des adresses IPv6 Sous-Réseautage Types d’adresses Monodiffusion (Unicast) Multidiffusion (Multicast) date
Protocol Data Unit (PDU) Paquet IPv6 IPv6 utilise des adresses codées sur 128 bit En-tête réduit et fixe pour un routage rapide Options dans les en-têtes d’extensions Support de l’IPSec (en-têtes d’extensions spécifiques) Support du QoS (Identifiant de flux dans l’en-tête) En-Tête IPv6 40-octets Extension x8-octets Extension x8-octets Protocol Data Unit (PDU) … date
Adresses IPv6 FD00::21:1:0:0:5143 FD00::21:1::5143 Des “:” séparent huit blocs de 4 chiffres hexadécimaux Les zéros de gauche sont ôtés Les groupes de zéros sont compressés Une seule fois… 1111 1101 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0010 0001 0000 0000 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0101 0001 0100 0011 FD00::21:1:0:0:5143 FD00::21:1::5143 FD00:0:0:21:1:0:0:5143 FD00::21:1:0:0:5143 FD00:0:0:21:1:0:0:5143 FD000000000000210001000000005143 FD00:0000:0000:0021:0001:0000:0000:5143 FD00:0000:0000:0021:0001:0000:0000:5143 date
Sous-Réseautage Par défaut: Identifiant de réseau de 48-bit Identifiant de sous-réseau de 16-bit Identifiant d’interface de 64-bit Préfixe en notation CIDR: Adresse/Préfixe:FD00::21:1:0:0:5143/64 Réseau 48-bit S-R 16-bit Interface ID 64-bit date
Types d’Adresses IPv6 Photo de famille Tech Ed North America 2010 3/30/2017 12:31 AM Types d’Adresses IPv6 Photo de famille Un nœud a typiquement plusieurs adresses IPv6: Adresses de Mono-Diffusion Link-Local Unicast Identifiant d’Interface Global Unicast Unique Local Unicast Spéciales (Réservées) Adresses de Multi-Diffusion Solicited Node Link-Layer multicast addresses © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Adresses IPv6 Link-Local Bienvenue chez vous (adresses locales lien) Tech Ed North America 2010 3/30/2017 12:31 AM Adresses IPv6 Link-Local Bienvenue chez vous (adresses locales lien) FE80::/10 Similaire aux adresses APIPA (169.254.0.0) Toujours présentes Nécessaire pour les opérations sur le segment 1 FE80 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Identifiants de Zones (Scope) domaine de validité et d’unicité Les adresses Link-Local peuvent être dupliquées et ambigues Pour clarifier une ZONE ID indique le lien Sur Windows elle représente l’index d’interface Syntaxe: ADDRESS%ZONE_ID Exemple: FE80::C582:1680:D349:A6BF%13 date
Identifiants de Zones (Scope) Quelle carte? Je dois envoyer un paquet à fe80::1:2:3:4 … FE80::CD87:5DD6:CF39:DD08 %12 FE80::80D4:29C9:2B3C:A0E2 %13 date
Tech Ed North America 2010 3/30/2017 12:31 AM Adresses Global Unicast IPv6 IPv6 Internet Publique (unicast routable sur Internet) Utilisation similaire aux adresses IPv4 publiques 2000::/3 ( = 2000:: à 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) 2001 utilisé pour Teredo et 2002 pour 6to4 Préfixe de routage global de 48 bits (3+45) Identifiant de sous-réseau de 16 bits 1 2… Teredo = méthode permettant d'accéder à l'Internet IPv6 derrière un équipement réalisant du NAT 6to4 = méthode permet tant d'acheminer le trafic IPv6 via un ou plusieurs réseaux IPv4 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Tech Ed North America 2010 3/30/2017 12:31 AM Adresses IPv6 Unique Local Intranets privés IPv6 (adresses locales uniques) Utilisation similaire aux adresses IPv4 privées (RFC 1918) FC00::/7 Mais le 8éme bit définit “local” donc FD:: 1 “local” FD.. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Adresses IPv6 de Multi-Diffusion Tir groupé Tech Ed North America 2010 3/30/2017 12:31 AM Adresses IPv6 de Multi-Diffusion Tir groupé Utilisées pour les opérations link-local (segment) Pas de broadcast en IPv6! FF suivi par 4 bits pour les qualifiants et 4 bits pour l’étendue 1=Interface-Local 2=Link-Local 5=Site-Local Qualif. Etendue 1=Tous Noeuds 2=Tous Routeurs 1 FF.. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Adresses de Multicast Fréquentes Exemples Tech Ed North America 2010 3/30/2017 12:31 AM Adresses de Multicast Fréquentes Exemples Nœuds/Lien FF01::1 – Interface-Local tous les Nœuds FF02::1 – Link-Local tous les Nœuds FF02::1:2 – Tous les serveurs DHCP FF02::1:3 – LLMNR : Link-Local Multicast Name Resolution Routeurs FF01::2 – Interface-Local tous les Routeurs FF02::2 – Link-Local tous les Routeurs FF05::2 – Site-Local tous les Routeurs © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Tech Ed North America 2010 3/30/2017 12:31 AM Solicited Node Adresse de multidiffusion associée à l’adresse de monodiffusion Les noeuds enregistrent des adresses de multidiffusion associées à leurs adresses IPv6 Syntax: FF02::1:FF00:0/104 + <derniers 24 bits de l’Interface-ID IPv6 > Utilisé pour obtenir l’adresse physique d’un hôte (remplace ARP) FF02::1:FF49:A6BF FF02::1:FF49:A6BF FE80::C582:1680:D349:A6BF FE80::C582:1680:D349:A6BF © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Tech Ed North America 2010 3/30/2017 12:31 AM Adresses MAC de Multi-Diffusion Adresses MAC enregistrées par l’interface Pour recevoir le traffic, les noeuds enregistrent les adresses MAC de multi-diffusion associées à leurs multi-diffusions IPv6 Syntaxe: 33-33 + <Derniers 32 bit de l’adresse IPv6 multi-diffusion> Utilisées pour répondre aux multi-diffusions IPv6 à la couche physique Adresses IPv6 multicast Associated MAC multicast addresses Solicited node FF02::1:FF49:A6BF Link-local tous noeuds FF02::1 33-33-FF-49-A6-BF 33-33-00-00-00-01 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Adresses Réservées et Routage Où vais-je? Tech Ed North America 2010 3/30/2017 12:31 AM Adresses Réservées et Routage Où vais-je? ::1 : Localhost (le stack local) :: : Adresse indéfinie (l’ensemble du réseau) Le routage fonctionne de la même manière que sur IPv4 La passerelle (routeur) Peut être définie automatiquement par annonce Sollicitation et annonce de routeur ICMPv6 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.