ipv6 0x08 routage ipv6

31
goffinet@goffinet, Protocole IPv6, CC-BY 8. Le protocole IPv6 http://www.scoop.it/t/ipv6-training/ François-Emmanuel Goffinet Formateur IT 2013Q4

Upload: francois-emmanuel-goffinet

Post on 27-Nov-2015

101 views

Category:

Documents


9 download

DESCRIPTION

Interface WAN IPv6Interface LAN IPv6Routage IPv6OSPFv3

TRANSCRIPT

Page 1: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

8. Le protocole IPv6http://www.scoop.it/t/ipv6-training/

François-Emmanuel GoffinetFormateur IT

2013Q4

Page 2: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Programme1. Pourquoi IPv6 ?2. Fondamentaux IPv63. Paquets IPv64. Représentations des adresses IPv65. Types d’adresses IPv66. Découverte de voisinage et adresse automatique7. Plan d’adressage IPv68. Routage IPv69. Gestion d’adresses IPv6 (IPAM)

10. Introduction à la sécurité IPv611. Manipulation de paquets12. Firewalling IPv613. IPSEC IPv614. Applications IPv615. Méthodes de transition

Page 3: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Routage IPv6Leçon 8

Page 4: IPv6 0x08 Routage IPv6

Routage

Chaque machine de l'intér-réseau dispose de sa table de routage, soit pour chaque entrée :

● Un réseau de destination et son masque● une interface de sortie et une passerelleSous Windows : route printSous GNU/Linux/MacOSX : netstat -rSous Cisco IOS : show ipv6 route

Cette table sert à encapsuler le paquet (L3) sur la liaison (L2) la plus proche de la destination.

Page 5: IPv6 0x08 Routage IPv6

Routeurs

● Seuls les routeurs sont capables de transférer les paquets d'une interfaces à une autre.

● Les routeurs limitent les domaines de diffusion sur chacune de leur interface.

● Les routeurs échangent entre eux des informations concernant les différentes destinations (des réseaux à joindre) grâce à des protocoles de routage ou à des entrées statiques.

Page 6: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Topologie personnelle

Pour l’équipe 0x200

Page 7: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Topologie du lab

Page 8: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Plan d’adressageÉquipe Réseau

routéFa0/1 WAN Fa0/0 LAN

0x100 0x100::/56 (Réservé)

- fe80::1/642001:470:7b6d:1lab::1/64

0x200 0x200::/56 fe80::200/64autoconfig

fe80::1/642001:470:7b6d:200::1/64

2001:470:7b6d:280::1/64 2001:470:7b6d:2ff::1/64

0x300 0x300::/56 fe80::300/64autoconfig

fe80::1/642001:470:7b6d:300::1/64

2001:470:7b6d:380::1/64 2001:470:7b6d:3ff::1/64

0x400 0x400::/56 fe80::400/64autoconfig

fe80::1/642001:470:7b6d:400::1/64

2001:470:7b6d:480::1/64 2001:470:7b6d:4ff::1/64

0x500 0x500::/56 fe80::500/64autoconfig

fe80::1/642001:470:7b6d:500::1/64

2001:470:7b6d:580::1/64 2001:470:7b6d:5ff::1/64

0x600 0x600::/56 fe80::600/64autoconfig

fe80::1/642001:470:7b6d:600::1/64

2001:470:7b6d:680::1/64 2001:470:7b6d:6ff::1/64

0x700 0x700::/56 fe80::700/64autoconfig

fe80::1/642001:470:7b6d:700::1/64

2001:470:7b6d:780::1/64 2001:470:7b6d:7ff::1/64

Page 9: IPv6 0x08 Routage IPv6

Méthodologie

1. Configuration de l’infrastructure physiquea. Connectique WAN et LANb. Connectique console (pilotes, putty)

2. Configuration de la connectivité IPv4/IPv6 sur le routeur :a. Remise à zéro de la configurationb. Configuration IPv4 c. Configuration IPv6

Page 10: IPv6 0x08 Routage IPv6

Connexion à la console du routeur

● Câble inversé (roll-over) du port COM1 du PC au routeur sur le port console.

● Lancer un logiciel d'émulation de terminal (putty/hyperterminal) 9600 bauds

Page 11: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Navigation CLIPassage en mode privlège>enable

#

Passage en mode de configuration globale#configure terminal

(config)#

Configuration d’une interface(config)#interface FastEthernet 0/0

(config-if)#

Passage aux modes inférieurs(config-if)#exit

(config)#exit

#

Page 12: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Aide au CLI● Une aide est accessible via le point d’interrogation.● Les commandes s’auto-complètent avec la touche de

tabulation.● L’environnement indique l’endroit d’une erreur.● Les commandes s’abrègent si il n’y pas d’ambiguïté.● En cas d’ambiguïté, l’environnement propose les choix.● Par défaut les logs apparaissent dans la console, pas en

terminal distant.● raccourcis clavier : on peut faire défiler l’historique des

commandes avec les flèches du haut et du bas, on peut revenir au mode privilège directement (CTRL-Z), etc.

● La commande do permet d’exécuter une commande du mode privilège dans un autre mode.

Page 13: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Navigation CLI

Toutes les commandes d’administration s’exécutent en mode privilège :Commande IOS Signification

#show running-config Visualise la configuration courante (RAM)

#show ip interface brief Visualise l’état des interfaces IPv4

#show ipv6 interface brief Visualise l’état des interfaces IPv6

#show ipv6 route Visualise la table de routage IPv6

#copy running-config startup-config Enregistre la configuration courante

#write memory Enregistre la configuration courante

Page 14: IPv6 0x08 Routage IPv6

Vérification des interfaces

1. Accéder au mode privilège :Router>enable

Router#

2. Vérifier les interfaces :Router#show ip interface brief

Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down Vlan1 unassigned YES unset administratively down down

Page 15: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Configuration IPv4

1. Configuration globale2. Clé SSH3. Configuration IPv4

a. LANb. WAN (DHCP)c. IP Routing (DHCP)d. NATe. DHCP LAN

4. Test de connectivité IPv4

Page 16: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Configuration globaleconf t!hostname 0xX00enable secret mon_mot_de_passeip cefip domain name goffinet.org!line vty 0 4 login local transport input ssh!username root secret mon_mot_de_passe!crypto key generate rsa

Page 17: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Clé SSHThe name for the keys will be: 0xX00.goffinet.orgChoose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [512]: 2048% Generating 2048 bit RSA keys, keys will be non-exportable...[OK] (elapsed time was 10 seconds)

0xX00(config)#*Dec 6 00:41:38.574: %SSH-5-ENABLED: SSH 1.99 has been enabled

Page 18: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Connectivité IPv4ip dhcp excluded-address 192.168.1.1 192.168.1.99ip dhcp pool LAN_IPv4 network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 dns-server 11.0.0.254!interface FastEthernet0/0 ip address 192.168.1.254 255.255.255.0 ip nat inside no shutdown!interface FastEthernet0/1 ip address dhcp ip nat outside no shutdown!ip nat inside source list 1 interface FastEthernet0/1 overload!access-list 1 permit 192.168.1.0 0.0.0.255!endwr

Page 19: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Test de connectivité IPv4#ping

Protocol [ip]:

Target IP address: www.google.com

Repeat count [5]: Datagram size [100]: Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.1.254

Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 173.194.41.146, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/52 ms

0xX00#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 11.0.0.120:1024 192.168.1.254:0 173.194.41.146:0 173.194.41.146:1024

Page 20: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Configuration IPv6

● Interface WAN IPv6● Interface LAN IPv6● Routage IPv6

Page 21: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Interface WAN IPv6

interface FastEthernet0/1

ipv6 enable do sh ipv6 int brie

!

ipv6 address FE80::X00 link-local do sh ipv6 int brie

!

ipv6 address autoconfig do sh ipv6 int brie

Page 22: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Interface LAN IPv6interface FastEthernet0/0 ipv6 enable ipv6 address 2001:470:7B6D:200::1/64 ipv6 address FE80::1 link-local

Page 23: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Routage IPv6

(config)#ipv6 unicast-routing(config)# ipv6 route ::/0 FastEthernet0/1 FE80::1

Page 24: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Table de routage IPv6#show ipv6 route

IPv6 Routing Table - default - 10 entries

Codes: C - Connected, L - Local, S - Static,NDp - ND Prefix

S ::/0 [1/0]

via FE80::1, FastEthernet0/1

NDp 2001:470:7B6D:1AB::/64 [2/0]

via FastEthernet0/1, directly connected

L 2001:470:7B6D:1AB::200/128 [0/0]

via FastEthernet0/1, receive

C 2001:470:7B6D:200::/64 [0/0]

via FastEthernet0/0, directly connected

L 2001:470:7B6D:200::1/128 [0/0]

via FastEthernet0/0, receive

C 2001:470:7B6D:201::/64 [0/0]

via Loopback0, directly connected

L 2001:470:7B6D:201::1/128 [0/0]

via Loopback0, receive

C 2001:470:7B6D:2FF::/64 [0/0]

via Loopback1, directly connected

L 2001:470:7B6D:2FF::1/128 [0/0]

via Loopback1, receive

L FF00::/8 [0/0]

via Null0, receive

Page 25: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Vérification du routage#ping

Protocol [ip]: ipv6

Target IPv6 address: www.google.com

Repeat count [5]: Datagram size [100]: Timeout in seconds [2]:

Extended commands? [no]: y

Source address or interface: fastethernet0/0

UDP protocol? [no]: Verbose? [no]: Precedence [0]: DSCP [0]: Include hop by hop option? [no]: Include destination option? [no]: Sweep range of sizes? [no]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2A00:1450:4007:803::1014, timeout is 2 seconds:

Packet sent with a source address of 2001:470:7B6D:200::1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 136/276/408 ms

Page 26: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Adresse IPv6 (1/2)#show ipv6 interface f0/0

FastEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::C802:CFF:FE9D:8

No Virtual link-local address(es):

Global unicast address(es):

2001:470:CBF7:200::1, subnet is 2001:470:7B6D:200::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF9D:8

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND RAs are suppressed (periodic)

Hosts use stateless autoconfig for addresses.

Page 27: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Adresses IPv6#sh ipv6 interface f0/0

FastEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::1

No Virtual link-local address(es):

Global unicast address(es):

2001:470:CBF7:200::1, subnet is 2001:470:7B6D:200::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

MTU is 1500 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds (using 30000)

ND RAs are suppressed (periodic)

Hosts use stateless autoconfig for addresses.

Page 28: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Vérification terminale

Test de base IPv6 : ipconfig, netsh interface ipv6 …, ping, tracertFirefox, plugin show IP, google, http://test-ipv6.com/, youtube, lesoir

1. Test Dual-Stack2. Fixez l’adresse IPv4 sans DNS IPv43. Désactivez IPv4

Page 29: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Quiz 8

Quiz sur la configuration du routage IPv6

Page 30: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

Routage OSPFv3Routage inter-lan ?Configuration du routage global en spécifiant manuellement le router-id en format 32 bits décimal pointé.(config)# router ospfv3 1(config-router)# router-id 10.1.1.1

Ce n’est pas sans conséquences sur l’élection DR/BDR.Activation à partir des interfaces(config)# interface fa0/1(config-if)# ipv6 ospf 1 area 0

Diagnosticshow ipv6 ospfshow ipv6 ospf interfaceshow ipv6 ospf neighbor

Page 31: IPv6 0x08 Routage IPv6

goffinet@goffinet, Protocole IPv6, CC-BY

DroitsProtocole IPv6 de [email protected] est

mis à disposition selon les termes de la licence Creative Commons Attribution 4.0

International.