ipv6 0x08 routage ipv6

Download IPv6 0x08 Routage IPv6

Post on 27-Nov-2015

39 views

Category:

Documents

1 download

Embed Size (px)

DESCRIPTION

Interface WAN IPv6Interface LAN IPv6Routage IPv6OSPFv3

TRANSCRIPT

  • goffinet@goffinet, Protocole IPv6, CC-BY

    8. Le protocole IPv6http://www.scoop.it/t/ipv6-training/

    Franois-Emmanuel GoffinetFormateur IT

    2013Q4

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Programme1. Pourquoi IPv6 ?2. Fondamentaux IPv63. Paquets IPv64. Reprsentations des adresses IPv65. Types dadresses IPv66. Dcouverte de voisinage et adresse automatique7. Plan dadressage IPv68. Routage IPv69. Gestion dadresses IPv6 (IPAM)

    10. Introduction la scurit IPv611. Manipulation de paquets12. Firewalling IPv613. IPSEC IPv614. Applications IPv615. Mthodes de transition

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Routage IPv6Leon 8

  • Routage

    Chaque machine de l'intr-rseau dispose de sa table de routage, soit pour chaque entre : Un rseau de destination et son masque une interface de sortie et une passerelleSous Windows : route printSous GNU/Linux/MacOSX : netstat -rSous Cisco IOS : show ipv6 route

    Cette table sert encapsuler le paquet (L3) sur la liaison (L2) la plus proche de la destination.

  • Routeurs

    Seuls les routeurs sont capables de transfrer les paquets d'une interfaces une autre.

    Les routeurs limitent les domaines de diffusion sur chacune de leur interface.

    Les routeurs changent entre eux des informations concernant les diffrentes destinations (des rseaux joindre) grce des protocoles de routage ou des entres statiques.

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Topologie personnelle

    Pour lquipe 0x200

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Topologie du lab

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Plan dadressagequipe Rseau

    routFa0/1 WAN Fa0/0 LAN

    0x100 0x100::/56 (Rserv)

    - fe80::1/642001:470:7b6d:1lab::1/64

    0x200 0x200::/56 fe80::200/64autoconfig

    fe80::1/642001:470:7b6d:200::1/64

    2001:470:7b6d:280::1/64 2001:470:7b6d:2ff::1/64

    0x300 0x300::/56 fe80::300/64autoconfig

    fe80::1/642001:470:7b6d:300::1/64

    2001:470:7b6d:380::1/64 2001:470:7b6d:3ff::1/64

    0x400 0x400::/56 fe80::400/64autoconfig

    fe80::1/642001:470:7b6d:400::1/64

    2001:470:7b6d:480::1/64 2001:470:7b6d:4ff::1/64

    0x500 0x500::/56 fe80::500/64autoconfig

    fe80::1/642001:470:7b6d:500::1/64

    2001:470:7b6d:580::1/64 2001:470:7b6d:5ff::1/64

    0x600 0x600::/56 fe80::600/64autoconfig

    fe80::1/642001:470:7b6d:600::1/64

    2001:470:7b6d:680::1/64 2001:470:7b6d:6ff::1/64

    0x700 0x700::/56 fe80::700/64autoconfig

    fe80::1/642001:470:7b6d:700::1/64

    2001:470:7b6d:780::1/64 2001:470:7b6d:7ff::1/64

  • Mthodologie

    1. Configuration de linfrastructure physiquea. Connectique WAN et LANb. Connectique console (pilotes, putty)

    2. Configuration de la connectivit IPv4/IPv6 sur le routeur :a. Remise zro de la configurationb. Configuration IPv4 c. Configuration IPv6

  • Connexion la console du routeur

    Cble invers (roll-over) du port COM1 du PC au routeur sur le port console.

    Lancer un logiciel d'mulation de terminal (putty/hyperterminal) 9600 bauds

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Navigation CLIPassage en mode privlge>enable

    #

    Passage en mode de configuration globale#configure terminal

    (config)#

    Configuration dune interface(config)#interface FastEthernet 0/0

    (config-if)#

    Passage aux modes infrieurs(config-if)#exit

    (config)#exit

    #

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Aide au CLI Une aide est accessible via le point dinterrogation. Les commandes sauto-compltent avec la touche de

    tabulation. Lenvironnement indique lendroit dune erreur. Les commandes sabrgent si il ny pas dambigut. En cas dambigut, lenvironnement propose les choix. Par dfaut les logs apparaissent dans la console, pas en

    terminal distant. raccourcis clavier : on peut faire dfiler lhistorique des

    commandes avec les flches du haut et du bas, on peut revenir au mode privilge directement (CTRL-Z), etc.

    La commande do permet dexcuter une commande du mode privilge dans un autre mode.

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Navigation CLI

    Toutes les commandes dadministration sexcutent en mode privilge :Commande IOS Signification

    #show running-config Visualise la configuration courante (RAM)

    #show ip interface brief Visualise ltat des interfaces IPv4

    #show ipv6 interface brief Visualise ltat des interfaces IPv6

    #show ipv6 route Visualise la table de routage IPv6

    #copy running-config startup-config Enregistre la configuration courante

    #write memory Enregistre la configuration courante

  • Vrification des interfaces

    1. Accder au mode privilge :Router>enable

    Router#

    2. Vrifier les interfaces :Router#show ip interface brief

    Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down Vlan1 unassigned YES unset administratively down down

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Configuration IPv4

    1. Configuration globale2. Cl SSH3. Configuration IPv4

    a. LANb. WAN (DHCP)c. IP Routing (DHCP)d. NATe. DHCP LAN

    4. Test de connectivit IPv4

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Configuration globaleconf t!hostname 0xX00enable secret mon_mot_de_passeip cefip domain name goffinet.org!line vty 0 4 login local transport input ssh!username root secret mon_mot_de_passe!crypto key generate rsa

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Cl SSHThe name for the keys will be: 0xX00.goffinet.orgChoose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.

    How many bits in the modulus [512]: 2048% Generating 2048 bit RSA keys, keys will be non-exportable...[OK] (elapsed time was 10 seconds)

    0xX00(config)#*Dec 6 00:41:38.574: %SSH-5-ENABLED: SSH 1.99 has been enabled

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Connectivit IPv4ip dhcp excluded-address 192.168.1.1 192.168.1.99ip dhcp pool LAN_IPv4 network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 dns-server 11.0.0.254!interface FastEthernet0/0 ip address 192.168.1.254 255.255.255.0 ip nat inside no shutdown!interface FastEthernet0/1 ip address dhcp ip nat outside no shutdown!ip nat inside source list 1 interface FastEthernet0/1 overload!access-list 1 permit 192.168.1.0 0.0.0.255!endwr

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Test de connectivit IPv4#ping

    Protocol [ip]:

    Target IP address: www.google.com

    Repeat count [5]: Datagram size [100]: Timeout in seconds [2]:

    Extended commands [n]: y

    Source address or interface: 192.168.1.254

    Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]:

    Type escape sequence to abort.

    Sending 5, 100-byte ICMP Echos to 173.194.41.146, timeout is 2 seconds:

    Packet sent with a source address of 192.168.1.254

    !!!!!

    Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/52 ms

    0xX00#sh ip nat translations

    Pro Inside global Inside local Outside local Outside global

    icmp 11.0.0.120:1024 192.168.1.254:0 173.194.41.146:0 173.194.41.146:1024

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Configuration IPv6

    Interface WAN IPv6 Interface LAN IPv6 Routage IPv6

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Interface WAN IPv6

    interface FastEthernet0/1

    ipv6 enable do sh ipv6 int brie

    !

    ipv6 address FE80::X00 link-local do sh ipv6 int brie

    !

    ipv6 address autoconfig do sh ipv6 int brie

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Interface LAN IPv6interface FastEthernet0/0 ipv6 enable ipv6 address 2001:470:7B6D:200::1/64 ipv6 address FE80::1 link-local

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Routage IPv6

    (config)#ipv6 unicast-routing(config)# ipv6 route ::/0 FastEthernet0/1 FE80::1

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Table de routage IPv6#show ipv6 route

    IPv6 Routing Table - default - 10 entries

    Codes: C - Connected, L - Local, S - Static,NDp - ND Prefix

    S ::/0 [1/0]

    via FE80::1, FastEthernet0/1

    NDp 2001:470:7B6D:1AB::/64 [2/0]

    via FastEthernet0/1, directly connected

    L 2001:470:7B6D:1AB::200/128 [0/0]

    via FastEthernet0/1, receive

    C 2001:470:7B6D:200::/64 [0/0]

    via FastEthernet0/0, directly connected

    L 2001:470:7B6D:200::1/128 [0/0]

    via FastEthernet0/0, receive

    C 2001:470:7B6D:201::/64 [0/0]

    via Loopback0, directly connected

    L 2001:470:7B6D:201::1/128 [0/0]

    via Loopback0, receive

    C 2001:470:7B6D:2FF::/64 [0/0]

    via Loopback1, directly connected

    L 2001:470:7B6D:2FF::1/128 [0/0]

    via Loopback1, receive

    L FF00::/8 [0/0]

    via Null0, receive

  • goffinet@goffinet, Protocole IPv6, CC-BY

    Vrification du routage#ping

    Protocol [ip]: ipv6

    Target IPv6 address: www.google.com

    Repeat count [5]: Datagram size [100]: Timeout in seconds [2]:

    Extended commands? [no]: y

    Source address or interface: fastethernet0/0

    UDP protocol? [no]: Verbose? [no]: Precedence [0]: DSCP [0]: Include hop by hop option? [no]: Include destination option? [no]: Sweep range of s

Recommended

View more >