Erion IPv6 Training Modules

IPv6 Modules

Below you will find a selection of our IPv6 training modules. We can include any module from any of our IPv6 courses. If the topic that you require is not listed below it is likely that we will have the material in one of our many course variations that have not been published on our standard course list. Contact us for further information.

1
IPv6 Forensics Fundamentals

  • The purpose and definition of forensics
  • Principles of forensics
  • Legal and ethical considerations
  • Evidence and best evidence
  • Footprints
  • Challenges of modern forensics
  • The challenges of IPv6 forensics
  • Digital forensics overview
  • Network forensics overview
  • Course overview and introduction

2
Sources of IPv6 Evidence

  • Overview of sources of IPv6 evidence
  • IPv6 addresses and IPv6 multicast
  • The IPv6 protocol
  • The neighbor discovery protocol (ND)
  • ICMPv6
  • IPv6 address autoconfiguration
  • SLAAC and DHCPv6
  • IPv6 transition mechanisms
  • IPv6 features (IPsec, mobility and QoS)
  • IPv6 security features
  • Name resolution and DNS
  • IPv6 applications
  • IPv6 nodes; switches, routers and other devices

3
Interpreting IPv6 Addresses

  • Why IPv6 addresses are important in forensics
  • The structure of IPv6 addresses
  • How IPv6 and IPv4 addresses differ
  • Overview of IPv6 address types
  • Sources of IPv6 address evidence
  • Reserved IPv6 addresses and prefixes
  • IPv6 address interface identifiers (IIDs)
  • Modified EUI-64
  • Privacy, opaque and temporary Addresses
  • CGAs and HBAs
  • Transition addresses
  • Understanding IPv6 prefixes
  • Interpreting and analysing IPv6 addresses
  • Tracing the source of an IPv6 address
  • Implications for IPv6 address management

4
IPv6 Traffic Capture & Analysis

  • The role of traffic capture
  • IPv6 protocol capture and analysis
  • Overview of packet capture tools
  • How to use Wireshark with IPv6
  • How to use tcpdump with IPv6
  • IPv6 capture filters
  • Other traffic capture tools
  • Analysis of IPv6 packets
  • Advanced IPv6 traffic capture techniques
  • Intrusion detection and analysis
  • Flow analysis
  • Upper layer analysis
  • Preparation for traffic capture
  • Large scale traffic capture

5
IPv6 Flow Capture & Analysis

  • Acquiring flow data
  • Overview of flow information sources
  • IPv6 flow analysis
  • NetFlow/IPFIX collection and analysis
  • NetFlow v9/IPFIX and IPv6
  • Flow capture components
  • Overview of open-source flow tools
  • Using open-source tools to examine flows
  • nfcapd, nfpcapd, and nfdump
  • Elasticsearch: Flow data ingestion and analysis
  • Examples of IPv6 flows analysis

6
Evidence from Neighbor Discovery (ND)

  • ND overview
  • Sources of ND evidence
  • Stateless Address Autoconfiguration (SLAAC)
  • Relationship to DHCPv6
  • The RDNSS & DNSSL options
  • Detecting specific ND attacks
  • ND security tools
  • ND inspection & MLD snooping
  • Secure Neighbor Discovery (SeND)
  • Acquiring ND evidence
  • Interpreting ND evidence
  • ND on hosts, switches and routers

7
DHCPv6 Forensics

  • Overview of DHCPv6
  • DHCPv6 as a source of address evidence
  • Obtaining DHCPv6 state information
  • DHCPv6 logs
  • Capture and analysis of DHCPv6 traffic
  • DHCPv6-shield in switches
  • Other DHCPv6 security tools
  • Detecting DHCPv6 attacks and misuse
  • Examining a node's DHCPv6 state
  • DHCPv6 and DDI (DHCPv6, DNS and IPAM)

8
IPv6 Name Resolution and Forensics

  • Overview of IPv6 name resolution
  • Complexities from use of two protocols
  • Relationship with transition mechanisms
  • Interpreting DNS logs
  • Capture and analysis of DNS traffic
  • Detecting specific attacks against DNS
  • Fast flux
  • Domain name generation algorithms (DGAs)
  • DNS tunnelling
  • Examining a node’s name resolution state
  • DNS and name resolution tools

9
IPv6 Transition Forensics

  • Overview of IPv6 transition mechanisms
  • 6over4, 6to4, 6rd, ISATAP, Teredo, DSLite
  • NAT46, NAT64, DNS64, 464XLAT
  • IPv6 dual stack operation
  • Common IPv6 transition scenarios
  • Forensic and transition mechanisms
  • Obtaining evidence from transition mechanisms
  • Capture and analysis of transition traffic
  • Transition mechanism security
  • Detecting attacks via transition mechanisms
  • Legacy mechanisms

10
IPv6 Application Forensics

  • IPv6 implications for application forensics
  • Overview of sources of application evidence
  • Capturing and interpreting application traffic
  • Logging and log aggregation
  • Syslog and eventing
  • Microsoft protocols
  • IPv6 SMTP and interpreting SMTP logs
  • IPv6 HTTP and Interpreting HTTP logs
  • Application proxies
  • Content Delivery Networks (CDNs)
  • Largescale log analytics

11
IPv6 IPsec Forensics

  • Overview of IPsec
  • Implications for forensics
  • Implications for firewalls
  • IPsec traffic capture and analysis
  • IPsec flow analysis

12
IPv6 Network Evidence

  • Dynamic routing information
  • RIPng, OSPFv3, IS-IS, EIGRPv6, BGP4, PIM
  • Firewall log monitoring
  • Intrusion detection system (IDS) logs
  • Network security monitoring logs
  • Syntax and log formats
  • Rules and signatures
  • Families of IDS and NSM solutions

1
The Need for IPv6

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Network Management

  • SNMP & IPv6
  • The extended MIB for IPv6
  • SNMP Security
  • IPv6 Protocol Analysers
  • Troubleshooting

19
Migrating to IPv6

  • What when and how to migrate
  • The current status of IPv6
  • Operating systems and IPv6
  • Business applications and IPv6
  • Predictions

1
The Need for IPv6

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Network Management

  • SNMP & IPv6
  • The extended MIB for IPv6
  • SNMP Security
  • IPv6 Protocol Analysers
  • Troubleshooting

19
Migrating to IPv6

  • What when and how to migrate
  • The current status of IPv6
  • Operating systems and IPv6
  • Business applications and IPv6
  • Predictions

1
The Need for IPv6

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Network Management

  • SNMP & IPv6
  • The extended MIB for IPv6
  • SNMP Security
  • IPv6 Protocol Analysers
  • Troubleshooting

19
Migrating to IPv6

  • What when and how to migrate
  • The current status of IPv6
  • Operating systems and IPv6
  • Business applications and IPv6
  • Predictions

1
The Need for IPv6

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM
  • BGMP and IPv6

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Network Management

  • SNMP & IPv6
  • The extended MIB for IPv6
  • SNMP Security
  • IPv6 Protocol Analysers
  • Troubleshooting

19
Migrating to IPv6

  • What when and how to migrate
  • The current status of IPv6
  • Operating systems and IPv6
  • Business applications and IPv6
  • Predictions

1
The Need for IPv6

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Network Management

  • SNMP & IPv6
  • The extended MIB for IPv6
  • SNMP Security
  • IPv6 Protocol Analysers
  • Troubleshooting

19
Migrating to IPv6

  • What when and how to migrate
  • The current status of IPv6
  • Operating systems and IPv6
  • Business applications and IPv6
  • Predictions

1
The Need for IPv6

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Network Management

  • SNMP & IPv6
  • The extended MIB for IPv6
  • SNMP Security
  • IPv6 Protocol Analysers
  • Troubleshooting

19
Migrating to IPv6

  • What when and how to migrate
  • The current status of IPv6
  • Operating systems and IPv6
  • Business applications and IPv6
  • Predictions

1
The Need for IPv6

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Network Management

  • SNMP & IPv6
  • The extended MIB for IPv6
  • SNMP Security
  • IPv6 Protocol Analysers
  • Troubleshooting

19
Migrating to IPv6

  • What when and how to migrate
  • The current status of IPv6
  • Operating systems and IPv6
  • Business applications and IPv6
  • Predictions

1
Introduction to IoT

  • What is the Internet of Things (IoT)?
  • Overview of IoT
  • IoT benefits
  • Where is IoT used?
  • Characteristics of IoT networks and devices
  • Low power Personal Area Networks (LowPANs)
  • Why IPv6 is important to IoT
  • Why 6LowPAN?
  • Alternatives to 6LowPAN

2
IPv6 Basics for IoT

  • IPv6 datagram format and headers
  • IPv6 extension headers
  • IPv6 addresses
  • IPv6 address representation
  • Unicast, multicast & anycast in IPv6
  • Link local, site local and unique local addresses
  • IPv6 autoconfiguration methods
  • Options for the IPv6 interface identifier
  • Neighbor discovery (ND) and IPv6
  • IPv6 router discovery (RS and RA)
  • IPv6 and QoS
  • IPv6 Traffic class and Flow label
  • IPv6 and DNS
  • IPv6 AAAA resource records
  • Reverse DNS lookups in IPv6

3
Embedded Hardware Overview

  • Sensors and actuators
  • Wireless
  • Microprocessors
  • Examples of existing solutions

4
6LowPAN Datalink Protocols

  • How the datalink influences 6LowPAN
  • IEEE 802.15.4
  • Bluetooth
  • DECT Ultra Low Energy
  • G.9959 Short range narrow-band digital
  • NFC (Near Field Communication)

5
Introduction to 6LowPAN

  • The purpose of 6LowPAN
  • Overview of 6LowPAN
  • 6LowPAN addressing
  • IPv6 and 6LowPAN MTUs
  • The 6LowPAN adaption layer
  • 6LowPAN header formats
  • Address autoconfiguration in 6LowPAN
  • Header cimpression
  • 6LowPAN basic header compression (HC)
  • 6LowPAN IPHC compression
  • 6LowPAN NHC compression
  • 6Low PAN generic header compression (GHC)

6
6LowPAN and IEEE 802.15.4

  • IEEE 802.15.4
  • IEEE 802.15.4 physical layer
  • IEEE 802.15.4 packet structure
  • The MAC layer in IEEE 802.15.4
  • Full and reduced function devices
  • Topologies
  • 6LowPAN and IEEE 802.15.4
  • Capturing and decoding IEEE 802.15.4 traffic

7
Routing in 6LowPAN Networks

  • IPv6 default routes
  • Overview of dynamic routing
  • Routing considerations for IoT
  • L2 forwarding or "Mesh-Under"
  • L3 routing or "Route-Over"
  • RPL ROLL
  • RPL and compression
  • Routing header dispatch

8
6LowPAN Neighbor Discovery

  • The problems with neighbor discovery
  • ND changes for 6LowPAN
  • 6LowPAN ND options
  • Address registration option
  • 6LowPAN context option
  • Authoritative border router option
  • Duplicate address messages (DAR & DAC)
  • Overview of 6LowPAN ND operation
  • The context table
  • Registration and unreachability detection
  • Address resolution
  • Sleeping
  • Bootstrapping

9
6LowPAN Application Protocols

  • Application protocols
  • Designing 6LowPAN applications
  • RESTful applications
  • Constrained Application Protocol (CoAP)

10
Developing 6LowPAN Applications

  • Hardware options
  • Protocol stacks
  • Contiki & Cooja
  • TinyOS and BLIP
  • Sensinode Nanostack
  • Jennic 6LowPAN
  • Nivis IAS 100

11
Monitoring and Testing 6LowPAN

  • Packet Capture
  • SNMP & IPv6
  • The extended MIB for IPv6
  • The 6LowPAN MIB

12
6LowPAN Security

  • Link-layer security
  • IEEE802.15.4 security
  • Securing neighbor discovery
  • Lightweight secure ND

13
6LowPAN and IPsec

  • Cryptographic techniques
  • Link-layer security
  • IEEE802.15.4 security
  • IPv6 and IPsec
  • IPv6 AH & ESP headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKEv2
  • Implicit-IV (Initialization Vector)
  • Diet-ESP
  • IKEv2 and Diet-ESP
  • Diet-ESP payload compression

14
Mobile IPv6 for IoT

  • Mobile IPv6 Home Agents (HAs)
  • Binding updates & binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 security
  • NEMO

15
Alternatives to 6LowPAN

  • Zigbee
  • Z-Wave
  • RF for Consumer Electronics RF4CE
  • IEEE 802.15.6 WBANs
  • IEEE 802.15 WPAN TG4j MBANs
  • ETSI TR 101 557

16
Deploying IPv6 for IoT

  • IPv6 deployment scenarios
  • IPv6 network configuration considerations
  • Obtaining an IPv6 prefix
  • Creating an IPv6 address schema
  • Providing IPv4 support
  • NAT64 and DNS64
  • Utilising transition mechanisms
  • 6over4, 6to4, 6rd, ISATAP and Teredo
  • What when and how to migrate to IPv6
  • IPv6 strategic factors

1
The Need for IPv6 (Summary)

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6 (Summary)

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6 (Summary)

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6 (Summary)

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Security Threats

  • Summary of IPv6 threats
  • Comparison of IPv6 with IPv4 threats
  • Threats common to IPv4 and IPv6
  • IPv6 specific security threats
  • End-to-end transparency
  • Scanning in IPv6
  • IPv6 extension header threats
  • IPv6 router header abuse
  • IPv6 fragmentation threats
  • ICMPv6 threats
  • IPv6 neighbor discovery (ND) threats
  • ND threat examples

19
IPv6 Security Features

  • Security features in IPv6
  • Mobile IPv6 security
  • RA-Guard and DHCPv6-Shield
  • Dynamic routing security
  • Examples of IPv6 security

20
Securing Neighbor Discovery

  • Neighbor discovery threats
  • Privacy addresses
  • Temporary addresses
  • Monitoring Neighbor Discovery (ND)
  • Mitigating Router Advertisement (RA) attacks
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • Security at the datalink
  • IEEE 802.1X
  • Securing Router Advertisements (RAs)

21
IPv6 Transition Security Threats

  • IPv6 transition mechanisms threats
  • Transition mechanisms
  • Transition security problems
  • Dual stack threats
  • Mitigating dual stack threats
  • Tunnelling threats
  • 6to4 threats
  • Mitigating 6to4 threats
  • ISATAP threats
  • Mitigating ISATAP threats
  • Teredo threats
  • Mitigating Teredo threats
  • Other mechanisms
  • IPv6 DNS threats
  • Transition security best practice

22
Building IPv6 Firewalls

  • Configuring IPv6 firewalls
  • IPv6 firewall filtering rules
  • Filtering ICMPv6
  • IPv6 extension headers
  • Implementing IPv6 Ingress filtering
  • Assigned IPv6 addresses
  • Status of IPv6 firewalls
  • Deploying IPv6 firewalls

23
IPv6 Deployment Risks

  • IPv6 pilots
  • IPv6 DNS server
  • Addressing schemes
  • Deploying ICMPv6
  • End-to-end transparency
  • IPsec transport mode
  • Reduced functionality
  • Operational issues
  • ND proxies
  • Training

24
IPv6 Security Best Practice

  • Creating an IPv6 security policy
  • Summary of IPv6 security best practice

1
The Need for IPv6 (Summary)

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6 (Summary)

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6 (Summary)

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6 (Summary)

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Security Threats

  • Summary of IPv6 threats
  • Comparison of IPv6 with IPv4 threats
  • Threats common to IPv4 and IPv6
  • IPv6 specific security threats
  • End-to-end transparency
  • Scanning in IPv6
  • IPv6 extension header threats
  • IPv6 router header abuse
  • IPv6 fragmentation threats
  • ICMPv6 threats
  • IPv6 neighbor discovery (ND) threats
  • ND threat examples

19
IPv6 Security Features

  • Security features in IPv6
  • Mobile IPv6 security
  • RA-Guard and DHCPv6-Shield
  • Dynamic routing security
  • Examples of IPv6 security

20
Securing Neighbor Discovery

  • Neighbor discovery threats
  • Privacy addresses
  • Temporary addresses
  • Monitoring Neighbor Discovery (ND)
  • Mitigating Router Advertisement (RA) attacks
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • Security at the datalink
  • IEEE 802.1X
  • Securing Router Advertisements (RAs)

21
IPv6 Transition Security Threats

  • IPv6 transition mechanisms threats
  • Transition mechanisms
  • Transition security problems
  • Dual stack threats
  • Mitigating dual stack threats
  • Tunnelling threats
  • 6to4 threats
  • Mitigating 6to4 threats
  • ISATAP threats
  • Mitigating ISATAP threats
  • Teredo threats
  • Mitigating Teredo threats
  • Other mechanisms
  • IPv6 DNS threats
  • Transition security best practice

22
Building IPv6 Firewalls

  • Configuring IPv6 firewalls
  • IPv6 firewall filtering rules
  • Filtering ICMPv6
  • IPv6 extension headers
  • Implementing IPv6 Ingress filtering
  • Assigned IPv6 addresses
  • Status of IPv6 firewalls
  • Deploying IPv6 firewalls

23
IPv6 Deployment Risks

  • IPv6 pilots
  • IPv6 DNS server
  • Addressing schemes
  • Deploying ICMPv6
  • End-to-end transparency
  • IPsec transport mode
  • Reduced functionality
  • Operational issues
  • ND proxies
  • Training

24
IPv6 Security Best Practice

  • Creating an IPv6 security policy
  • Summary of IPv6 security best practice

1
The Need for IPv6 (Summary)

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6 (Summary)

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6 (Summary)

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6 (Summary)

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Security Threats

  • Summary of IPv6 threats
  • Comparison of IPv6 with IPv4 threats
  • Threats common to IPv4 and IPv6
  • IPv6 specific security threats
  • End-to-end transparency
  • Scanning in IPv6
  • IPv6 extension header threats
  • IPv6 router header abuse
  • IPv6 fragmentation threats
  • ICMPv6 threats
  • IPv6 neighbor discovery (ND) threats
  • ND threat examples

19
IPv6 Security Features

  • Security features in IPv6
  • Mobile IPv6 security
  • RA-Guard and DHCPv6-Shield
  • Dynamic routing security
  • Examples of IPv6 security

20
Securing Neighbor Discovery

  • Neighbor discovery threats
  • Privacy addresses
  • Temporary addresses
  • Monitoring Neighbor Discovery (ND)
  • Mitigating Router Advertisement (RA) attacks
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • Security at the datalink
  • IEEE 802.1X
  • Securing Router Advertisements (RAs)

21
IPv6 Transition Security Threats

  • IPv6 transition mechanisms threats
  • Transition mechanisms
  • Transition security problems
  • Dual stack threats
  • Mitigating dual stack threats
  • Tunnelling threats
  • 6to4 threats
  • Mitigating 6to4 threats
  • ISATAP threats
  • Mitigating ISATAP threats
  • Teredo threats
  • Mitigating Teredo threats
  • Other mechanisms
  • IPv6 DNS threats
  • Transition security best practice

22
Building IPv6 Firewalls

  • Configuring IPv6 firewalls
  • IPv6 firewall filtering rules
  • Filtering ICMPv6
  • IPv6 extension headers
  • Implementing IPv6 Ingress filtering
  • Assigned IPv6 addresses
  • Status of IPv6 firewalls
  • Deploying IPv6 firewalls

23
IPv6 Deployment Risks

  • IPv6 pilots
  • IPv6 DNS server
  • Addressing schemes
  • Deploying ICMPv6
  • End-to-end transparency
  • IPsec transport mode
  • Reduced functionality
  • Operational issues
  • ND proxies
  • Training

24
IPv6 Security Best Practice

  • Creating an IPv6 security policy
  • Summary of IPv6 security best practice

1
The Need for IPv6 (Summary)

  • History of IP
  • The problems with IPv4
  • The IPv4 header format
  • Address space and functionality
  • IPv4 Security and QoS
  • Reality Check: IPv6 vs. IPv4

2
The Features of IPv6 I

  • IPv6 datagram format and header
  • IPv6 extension headers
  • Hop-by-hop and destination options
  • Routing header, fragmentation header
  • Mobility header and No next header
  • IPv6 addresses
  • IPv6 address representation
  • Unicast Multicast & Anycast in IPv6
  • Link local, site local and unique local addresses

3
The Features of IPv6 II

  • Summary of the new features of IPv6
  • ICMPv6 (IP Control Message Protocol v6)
  • Path MTU discovery (PMTU)
  • IPv6 multicast group management
  • MLD (Multicast Listener Discovery) and MLDv2

4
Autoconfiguration of IPv6 I

  • Autoconfiguration methods
  • Choosing the interface identifier
  • Modified EUI-64
  • CGA, HBA, Privacy and Temporary Addresses
  • Neighbour discovery in IPv6 (NDP)
  • IPv6 router discovery (RS and RA)
  • IPv6 Router renumbering

5
Autoconfiguration of IPv6 II

  • DHCPv6
  • DHCPv6 Relay Agents
  • DUIDs and IAIDs
  • Stateless DHCPv6
  • DHCPv6 prefix delegation (PD)

6
Internetworking IPv6 (Summary)

  • IPv6 routing and IPv6 routing tables
  • IPv6 default routes

7
IPv6 Dynamic Routing

  • ICMPv6 Redirects
  • RIPng
  • OSPFv3
  • IS-IS and IPv6
  • EIGRPv6
  • BGPv4 & IPv6
  • IPv6 Multicast Routing
  • IPv6 PIM

8
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN
  • Radius and IPv6

9
Transport Layer and IPv6 (Summary)

  • Operation of TCP and UDP
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

10
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

11
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64
  • NAT64
  • NAT-PT
  • NAPT-PT
  • TRT
  • 464XLAT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

12
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

13
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

14
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

15
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

16
Application Changes for IPv6 (Summary)

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

17
The IPv6 Programming Interface

  • IPv6 Programming Basics
  • Socket Library changes for IPv6
  • IPv6 Code Migration Tools
  • Sockets & Winsock APIs
  • Perl, Java, C# support for IPv6

18
IPv6 Security Threats

  • Summary of IPv6 threats
  • Comparison of IPv6 with IPv4 threats
  • Threats common to IPv4 and IPv6
  • IPv6 specific security threats
  • End-to-end transparency
  • Scanning in IPv6
  • IPv6 extension header threats
  • IPv6 router header abuse
  • IPv6 fragmentation threats
  • ICMPv6 threats
  • IPv6 neighbor discovery (ND) threats
  • ND threat examples

19
IPv6 Security Features

  • Security features in IPv6
  • Mobile IPv6 security
  • RA-Guard and DHCPv6-Shield
  • Dynamic routing security
  • Examples of IPv6 security

20
Securing Neighbor Discovery

  • Neighbor discovery threats
  • Privacy addresses
  • Temporary addresses
  • Monitoring Neighbor Discovery (ND)
  • Mitigating Router Advertisement (RA) attacks
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • Security at the datalink
  • IEEE 802.1X
  • Securing Router Advertisements (RAs)

21
IPv6 Transition Security Threats

  • IPv6 transition mechanisms threats
  • Transition mechanisms
  • Transition security problems
  • Dual stack threats
  • Mitigating dual stack threats
  • Tunnelling threats
  • 6to4 threats
  • Mitigating 6to4 threats
  • ISATAP threats
  • Mitigating ISATAP threats
  • Teredo threats
  • Mitigating Teredo threats
  • Other mechanisms
  • IPv6 DNS threats
  • Transition security best practice

22
Building IPv6 Firewalls

  • Configuring IPv6 firewalls
  • IPv6 firewall filtering rules
  • Filtering ICMPv6
  • IPv6 extension headers
  • Implementing IPv6 Ingress filtering
  • Assigned IPv6 addresses
  • Status of IPv6 firewalls
  • Deploying IPv6 firewalls

23
IPv6 Deployment Risks

  • IPv6 pilots
  • IPv6 DNS server
  • Addressing schemes
  • Deploying ICMPv6
  • End-to-end transparency
  • IPsec transport mode
  • Reduced functionality
  • Operational issues
  • ND proxies
  • Training

24
IPv6 Security Best Practice

  • Creating an IPv6 security policy
  • Summary of IPv6 security best practice

1
IPv6 Basics

  • Comparison of IPv6 and IPv4
  • What is IPv6?
  • Why is IPv6 required?
  • Address Space
  • Is there an address shortage?
  • IPv6 improvements over IPv4
  • New features in IPv6
  • The benefits of IPv6
  • Motivations to implement IPv6
  • IPv6 status summary
  • Timescale predictions

2
IPv6 Security Features

  • Security features in IPv6
  • IPv6 IPSec
  • Privacy addresses
  • Temporary addresses
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • Mobile IPv6 security
  • Dynamic routing security
  • Examples of IPv6 security

3
IPv6 Security Threats

  • Summary of IPv6 threats
  • Comparison of IPv6 with IPv4 threats
  • Threats common to IPv4 and IPv6
  • IPv6 specific security threats
  • End-to-end transparency
  • Scanning in IPv6
  • IPv6 extension header threats
  • IPv6 router header abuse
  • IPv6 fragmentation threats
  • ICMPv6 threats
  • Neighbor discovery threats
  • ND threat examples
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • SEND and CGA
  • Mitigating ICMPv6 threats

4
IPv6 Transition Security Threats

  • IPv6 transition mechanisms threats
  • Transition mechanisms
  • Transition security problems
  • Dual stack threats
  • Mitigating dual stack threats
  • Tunnelling threats
  • 6to4 threats
  • Mitigating 6to4 threats
  • ISATAP threats
  • Mitigating ISATAP threats
  • Teredo threats
  • Mitigating Teredo threats
  • Other mechanisms
  • IPv6 DNS threats
  • Transition security best practice

5
IPv6 Firewalls

  • Configuring IPv6 firewalls
  • IPv6 firewall filtering rules
  • Filtering ICMPv6
  • IPv6 extension headers
  • Implementing IPv6 Ingress filtering
  • Assigned IPv6 addresses
  • Status of IPv6 firewalls
  • Deploying IPv6 firewalls

6
IPv6 Deployment Risks

  • IPv6 pilots
  • IPv6 DNS server
  • Addressing schemes
  • Deploying ICMPv6
  • End-to-end transparency
  • IPSec transport mode
  • Reduced functionality
  • Operational issues
  • ND proxies
  • Training

7
IPv6 Security Best Practice

  • Creating an IPv6 security policy
  • Summary of IPv6 security best practice

1
IPv6 Basics

  • Comparison of IPv6 and IPv4
  • What is IPv6?
  • Why is IPv6 required?
  • Address Space
  • Is there an address shortage?
  • IPv6 improvements over IPv4
  • New features in IPv6
  • The benefits of IPv6
  • Motivations to implement IPv6
  • IPv6 status summary
  • Timescale predictions
  • Reality Check: IPv6 vs IPv4

2
Overview of the IPv6 Protocols

  • IPv6 datagram header
  • IPv6 addresses
  • IPv6 extension headers
  • ICMPv6
  • Multicast IPv6
  • IPv6 auto configuration (SLAAC & DHCPv6)
  • IPv6 neighbor discovery
  • Router discovery in IPv6
  • Router Renumbering
  • RIPng, OSPFv3, IS-IS and ERIGP
  • BGP and IPv6
  • IPv6 IPsec
  • Mobile IPv6
  • IPv6 and QoS
  • IPv6 dual stack
  • DNS and IPv6

3
IPv6 Transition Mechanisms Overview

  • IPv6 dual stacks
  • 6to4 and 6over4
  • IPv6 rapid deployment (6rd)
  • ISATAP and Teredo
  • Dual-stack Lite (DS Lite)
  • BIS and BIA
  • SIIT DNS64, NAT64 and NAT-PT
  • Transport Relay Translator (TRT)
  • IPv6 and MPLS: 6PE and 6VPE

4
General Principles of Network Security

  • Network security basics
  • Analysis and threat mitigation

5
IPv6 Security Threats

  • Summary of IPv6 threats
  • Comparison of IPv6 with IPv4 threats
  • Threats common to IPv4 and IPv6
  • IPv6 specific security threats
  • IPv6 address architecture threats
  • End-to-end transparency
  • Scanning in IPv6
  • IPv6 extension header threats
  • IPv6 router header abuse
  • IPv6 fragmentation threats
  • ICMPv6 threats
  • Neighbor discovery (ND) threats
  • ND threat examples
  • DHCPv6 threats
  • IPv6 security testing tools
  • Reality check: IPv4 vs. IPv6 security

6
Basic IPv6 Security Features

  • Security features in IPv6
  • Privacy addresses
  • Temporary addresses
  • RA-Guard
  • IPv6 multicast security and MLD snooping
  • Mobile IPv6 security
  • DHCPv6 security and DHCPv6-Shield
  • Dynamic routing security
  • Examples of IPv6 security

7
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

8
Securing Neighbor Discovery I

  • Neighbor discovery threats
  • Cryptographically Generated Addresses (CGA)
  • SEcure Neighbor Discovery (SEND)
  • Certificate Path Messages

9
Securing Neighbor Discovery II

  • Monitoring Neighbor Discovery (ND)
  • Mitigating Router Advertisement (RA) attacks
  • Securing Router Advertisements (RAs)
  • Deploying and configuring RA-Guard
  • Security at the datalink
  • IEEE 802.1X

10
IPv6 Transition Security

  • IPv6 transition mechanisms threats
  • Transition security problems
  • Dual stack threats and mitigation
  • Tunnelling threats
  • 6to4 threats and mitigation
  • ISATAP threats and mitigation
  • Teredo threats and mitigation
  • DS-Lite threats and mitigation
  • Securing translation techniques (NAT64 etc)
  • Securing IPv6 MPLS: 6PE and 6VPE
  • IPv6 DNS threats and mitigation
  • Transition security best practice

11
Building IPv6 Firewalls

  • Configuring IPv6 firewalls
  • IPv6 firewall filtering rules
  • Filtering ICMPv6
  • IPv6 extension headers
  • Implementing IPv6 Ingress filtering
  • Assigned IPv6 addresses
  • Status of IPv6 firewalls and IDS
  • Deploying IPv6 firewalls
  • Mitigating IPv6 DDoS attacks
  • Deploying IPv6 IPS

12
IPv6 Deployment Risks

  • IPv6 pilots
  • Securing dual stack hosts
  • IPv6 DNS server
  • Addressing schemes
  • Deploying ICMPv6
  • End-to-end transparency
  • IPsec transport mode
  • Reduced functionality
  • Operational issues
  • ND proxies
  • Training

13
IPv6 Security Best Practice

  • Creating an IPv6 security policy
  • IPv6 security assessments
  • IPv6 forensics
  • Summary of IPv6 security best practice

1
The Need for IPv6

  • Problems with IPv4
  • Is there an Address shortage?
  • New requirements

2
New Features of IPv6

  • IPv6 Design
  • Comparison with IPv4
  • Autoconfiguration
  • IPv6 Security
  • Quality of Service
  • Mobile IPv6
  • Performance

3
Network Applications & IPv6

  • Name services (DNS)
  • Web Servers
  • Browsers

4
The Migration Process

  • Transition features of IPv6
  • Planning
  • Evaluation
  • Migration of Platforms
  • Migration of Applications
  • Software Development
  • When to Migrate
  • Time-scale Predictions

5
The Current Status

  • Operating Systems
  • Network Infrastructure
  • IPv6 Networks
  • Business Applications
  • Mobile IP & 3G

6
Analysis

1
Introduction - The Need for IPv6

  • History of IP
  • The problems with IPv4
  • Address space
  • Functionality
  • Comparison of IPv6 with IPv4
  • Reality Check - IPv6 vs. IPv4

2
IPv6 Protocol Basics

  • IPv6 datagram header
  • IPv6 protocol features
  • IPv6 Addressing & Prefixes
  • Extension headers in IPv6
  • ICMPv6

3
Autoconfiguration of IPv6

  • IPv6 autoconfiguration methods
  • IPv6 Link-Local Addresses
  • Neighbor Discovery in IPv6
  • Router Discovery in IPv6
  • DHCPv6
  • IPv6 Router Renumbering

4
Internetworking IPv6

  • IPv6 Routing Tables
  • IPv6 path MTU discovery
  • Neighbor reachability in IPv6
  • IPv6 Dynamic Routing
  • Router renumbering with IPv6

5
IPv6 Security QoS and Mobility

  • What is Network Security?
  • IPv6 security threats
  • IPv6 IPsec
  • AH & ESP Headers
  • IPSec Transport and tunnel modes
  • IPSec Security associations
  • What is Quality of Service?
  • IPv6 Traffic Class & Flow Label
  • DiffServ, IntServ & RSVP
  • ISAKMP & IKE
  • The Need for Mobile IP
  • Link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • Mobile IPv6 in operation

6
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Ports and Sockets
  • Changes to TCP & UDP

7
IPv6 and DNS

  • AAAA, PTR, A6 & DNAME RRs
  • ip6.arpa. & ip6.int.
  • A6 chains
  • BIND and MS DNS

8
The IPv6 Programming Interface

  • IPv6 programming basics
  • IPv4 socket API vs IPv6 socket API
  • Changes to the socket API
  • Porting to IPv6
  • Sockets & Winsock APIs
  • Perl, Java, C etc

9
Migrating to IPv6

  • IPv4 and IPv6 Compatibility
  • Overview of IPv6 transition mechanisms
  • Dual stacks
  • IPv6 Compatibility addresses
  • 6to4 & 6over4
  • ISATAP, Teredo, 6rd & DS-Lite
  • NAT-PT, NAT64 and DNS64
  • IPv6 Tunnel brokers
  • Protocol Translators
  • BIS and BIA
  • IPv6 Compatibility and DNS
  • Windows/Active Directory and IPv6
  • What, when and how to migrate
  • Reasons to Migrate to IPv6
  • The current status of IPv6
  • Predictions

1
Background to IPv6

  • Why your ISP is deploying IPv6
  • The IPv4 address exhaustion problem
  • How IPv6 solves IPv4 address problem
  • Other benefits brought by IPv6

2
IPv6 Protocol Basics

  • The IPv6 address structure
  • Important IPv6 addresses
  • Link and global addresses
  • Important IPv6 prefixes
  • Viewing address configuration
  • Testing IPv6 addresses

3
Autoconfiguration of IPv6

  • IPv6 Auto-configuration methods
  • Stateless address autoconfiguration
  • DHCPv6
  • Other methods
  • Verifying IPv6 configuration
  • Troubleshooting IPv6 configuration

4
Internetworking IPv6

  • Basic IPv6 routing
  • The IPv6 default route
  • Testing routing
  • Path MTU discovery
  • Troubleshooting routing and MTU issues

5
Overview of IPv6 Features

  • IPv6 IPsec
  • Quality of service in IPv6
  • IPv6 mobility

6
IPv6 Connectivity Options

  • IPv4 and IPv6 compatibility
  • IPv6 transition mechanisms
  • Dual stack operation
  • Tunnelled IPv6
  • 6to4
  • Teredo
  • NAT64 and DNS64
  • Other techniques
  • Understanding different connectivity scenarios
  • Performance issues

7
IPv6 and DNS

  • AAAA, PTR, A6 & DNAME RRs
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS servers
  • Testing IPv6 name resolution
  • Troubleshooting name resolution

8
Testing & Troubleshooting IPv6

  • RIPE Best Current Practice
  • Using isp.testipv6.com
  • Basic IPv6 tests
  • DNS IPv6 troubleshooting
  • Checking a router's IPv6 configuration
  • When to escalate IPv6 problems
  • Understanding isp.testipv6.com codes
  • Acting on isp.testipv6.com results

1
Introduction

  • The problems with IPv4 and the Internet today

2
The IPv6 Protocol Basics

  • IPv6 header
  • IPv6 Addressing
  • IPv6 Optional headers
  • Changes to higher layers

3
IPv6 Autoconfiguration

  • Stateless & Stateful
  • DHCPv6
  • Link-Local Addresses
  • IPv6 Neighbor Discovery
  • IPv6 Router Discovery

4
New Features of IPv6

  • IPv6 Security
  • Quality of Service in IPv6
  • Mobile IPv6
  • Routing Changes in IPv6
  • Fragmentation
  • Changes to higher layers

5
The IPv6 Migration Process

  • Planning IPv6 Migration
  • Evaluating IPv6 Readiness
  • Upgrading your servers to IPv6
  • Changes to Applications
  • Affects on software development

6
The Current Status of IPv6

  • Operating Systems & IPv6
  • Network Software
  • Network Infrastructure
  • IPv6 Networks
  • Business Applications
  • Your Applications

1
Introduction

  • The problems with IPv4
  • The solution - IPv6
  • What does this mean for us?

2
The IPv6 Protocol Basics

  • IPv6 datagram header
  • IPv6 Addressing
  • Optional headers

3
Autoconfiguration

  • Stateless & Stateful
  • DHCPv6
  • IPv6 Link-Local Addresses
  • Neighbour Discovery
  • Router Discovery

4
Routing and Internetworking

  • Network Addressing
  • Routing Protocols
  • Fragmentation

5
IPv6 Security

  • IPv6 IPSec
  • AH and ESP Headers
  • ISAKMP
  • Authentication & Confidentiality

6
IPv6 Quality of Service

  • The type of service header
  • Flow Identifiers
  • Prioritisation

7
Transport Layer

  • Changes to TCP & UDP

8
DNS (BIND)

  • DNS and IPv6
  • The new IPv6 DNS records
  • Configuring BIND for IPv6

9
Application Changes

  • Basic Internet commands
  • Superdaemons: inetd xinetd
  • ping, telnet, FTP
  • SSH
  • Web Browsers

10
The Apache Web-Server

  • Installing Apache with IPv6
  • Configuration Apache with IPv6
  • Changes to Apache for IPv6
  • Security Considerations

11
E-mail and IPv6

  • Upgrading E-mail systems
  • Upgrading Sendmail for IPv6
  • Sendmail Configuration for IPv6
  • Changes to POP and IMAP
  • Security Considerations

12
The Programming Interface

  • The updated Socket API
  • How this affects Perl CGI
  • Changes to other languages (Java Servlets, JSP, PHP)

1
The Need for IPv6

  • The problems with IPv4
  • Internet growth
  • The solution - IPv6
  • What does this mean for us?

2
The Features of IPv6

  • IPv6 datagram header
  • IPv6 addresses
  • IPv6 address representation
  • Multicast, unicast & anycast
  • IPv6 link-local addresses
  • The IPv6 datagram format
  • IPv6 extension headers
  • IPv6 fragmentation
  • ICMPv6
  • IPv6 multicast group management

3
Autoconfiguration

  • Stateless & Stateful
  • Neighbor Discovery in IPv6
  • IPv6 Router Discovery
  • DHCPv6
  • Stateless DHCPv6
  • IPv6 Router Renumbering

4
Routing and Internetworking IPv6

  • IPv6 routing protocols
  • MTU Path Discovery in IPv6
  • IPv6 dynamic routing

5
Interfacing IPv6 to the Lower Layers

  • Data-link and physical layer
  • Point to point and IPv6
  • NBMA networks and IPv6
  • IPv6 and PPP
  • ATM and IPv6
  • IEEE802 and IPv6
  • IPv6 in 3G, 4G, LTE and IMS
  • MPLS and IPv6
  • 6PE and 6VPN

6
Transport Layer and IPv6

  • Operation of TCP and UDP
  • Ports and Sockets
  • Changes to TCP for IPv6
  • Changes to UDP for IPv6

7
IPv6 Transition Mechanisms I

  • Overview of transition mechanisms
  • IPv6 Dual stacks
  • Compatibility addresses
  • Automatic and configured tunnelling
  • 6over4 and 6to4
  • 6rd - IPv6 rapid deployment
  • ISATAP
  • Teredo
  • Dual stack Lite (DSLite)
  • Dual Stack Transition Mechanism (DSTM)
  • IPv6 Tunnel brokers
  • Tunnel setup protocol (TSP)

8
IPv6 Transition Mechanisms II

  • Protocol translators
  • SIIT
  • Application layer gateways
  • DNS64 & NAT64
  • NAT-PT & NAPT-PT
  • TRT
  • IPv6 SOCKS
  • Bump-in-the-stack (BIS)
  • Bump-in-the-API (BIA)
  • Transition mechanisms and DNS

9
IPv6 Security (IPSec)

  • Cryptographic techniques
  • IPv6 and IPSec
  • IPv6 AH & ESP Headers
  • Transport and tunnel modes
  • Security associations
  • ISAKMP & IKE

10
Mobile IPv6

  • Limitations of link layer mobility
  • Mobile IPv4 vs Mobile IPv6
  • IPv6 Home agents
  • Binding updates and the binding cache
  • Mobile IPv6 in operation
  • Mobile IPv6 Security
  • NEMO

11
IPv6 and Quality of Service

  • Traffic class in IPv6
  • The IPv6 Flow label
  • Differential services (DiffServ)
  • Integrated services (IntServ)
  • Traffic flows in IPv6
  • RSVP and IPv6 QoS

12
DNS and IPv6

  • The domain name system
  • Changes to DNS for IPv6
  • IPv6 AAAA resource records
  • PTR records and IPv6
  • Reverse lookups in IPv6
  • ip6.arpa. & ip6.int.
  • IPv6 in BIND and MS DNS
  • IPv6 and EDNS0

13
Application Changes for IPv6

  • Basic Internet commands
  • IPv6 ping, telnet and FTP
  • Mail systems and IPv6
  • IPv6 enabled web-servers

14
The IPv6 Programming Interface

  • The basic IPv6 programming API
  • IPv4 socket API vs IPv6 socket API
  • Address structures
  • Socket functions
  • Name resolution
  • Interface identification
  • New constants, macros and header files
  • Sockets and Winsock
  • Support for IPv6 in Perl, Java and C#

15
Migrating code to IPv6

  • Aims of code migration to IPv6
  • IPv6 code migration problems
  • Code migration scenarios
  • Writing protocol independent code
  • Converting code to IPv6
  • IPv6 code migration tools
  • Testing IPv6 (dual stack) code

16
IPv6 new features and coding

  • Overview of IPv6 new features
  • Interface selection
  • Selecting source and destination addresses
  • IPv6 multicast
  • Coding to use IPv6 QoS
  • Coding to use IPv6 IPSec
  • Mobile IPv6 issues

Typical Course Configurations

In our experience, modular courses normally have the following parameters.

  • Length: Typically four modules per day
  • Practical Work: Exercises included with most modules
  • Slides: 15 to 40 slides per module
  • Notes: Comprehensive notes included

Relevant Platforms

Our modules are designed to be generic and the training applies to all environments.

The demonstrations and practical work accompanying each module are designed to work on our primary platforms of Linux, Windows and Cisco IOS. Our practical exercises can also be carried out on other platforms including Juniper and HP. Please contact us to discuss your exact requirements.