Login
- Table of Contents
-
- H3C S6116 Ultra-Low Latency Switch Series Configuration Guide-Release 671x-6W100
- 00-Preface
- 01-Interface forwarding configuration
- 02-CLI configuration
- 03-RBAC configuration
- 04-Login management configuration
- 05-FTP and TFTP configuration
- 06-File system management configuration
- 07-Configuration file management configuration
- 08-Software upgrade configuration
- 09-Device management configuration
- 10-Tcl configuration
- 11-Bulk interface configuration
- 12-IP addressing configuration
- 13-IPv6 basics configuration
- 14-Static routing configuration
- 15-IPv6 static routing configuration
- 16-AAA configuration
- 17-Public key management
- 18-SSH configuration
- 19-System maintenance and debugging configuration
- 20-NTP configuration
- 21-SNMP configuration
- 22-RMON configuration
- 23-Event MIB configuration
- 24-Information center configuration
- 25-PTP configuration
- 26-Network synchronization configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 13-IPv6 basics configuration | 169.96 KB |
Configuring basic IPv6 settings
Configuring an IPv6 global unicast address
About IPv6 global unicast address
Generating an EUI-64 IPv6 address
Manually assigning an IPv6 global unicast address
Stateless address autoconfiguration
Configuring prefix-specific address autoconfiguration
Configuring an IPv6 link-local address
Configuring automatic generation of an IPv6 link-local address for an interface
Manually assigning an IPv6 link-local address to an interface
Configuring an IPv6 anycast address
Display and maintenance commands for IPv6 basics
Configuring basic IPv6 settings
Only the management Ethernet interfaces of this series support the IPv6 feature.
About IPv6
IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.
IPv6 features
Simplified header format
IPv6 removes several IPv4 header fields or moves them to the IPv6 extension headers to reduce the length of the basic IPv6 packet header. The basic IPv6 packet header has a fixed length of 40 bytes to simplify IPv6 packet handling and improve forwarding efficiency. Although the IPv6 address size is four times the IPv4 address size, the basic IPv6 packet header size is only twice the size of the option-less IPv4 packet header.
Figure 1 IPv4 packet header format and basic IPv6 packet header format
Larger address space
IPv6 can provide 3.4 x 1038 addresses to meet the requirements of hierarchical address assignment for both public and private networks.
Hierarchical address structure
IPv6 uses a hierarchical address structure to speed up route lookup and reduce the IPv6 routing table size through route aggregation.
Address autoconfiguration
To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration.
· Stateful address autoconfiguration enables a host to acquire an IPv6 address and other configuration information from a server (for example, a DHCPv6 server).
· Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and other configuration information by using its link-layer address and the prefix information advertised by a router.
To communicate with other hosts on the same link, a host automatically generates a link-local address based on its link-layer address and the link-local address prefix (FE80::/10).
Built-in security
IPv6 defines extension headers to support IPsec. IPsec provides end-to-end security and enhances interoperability among different IPv6 applications.
QoS support
The Flow Label field in the IPv6 header allows the device to label the packets of a specific flow for special handling.
Enhanced neighbor discovery mechanism
The IPv6 neighbor discovery protocol uses a group of ICMPv6 messages to manage information exchange among neighboring nodes on the same link. The group of ICMPv6 messages replaces ARP messages, ICMPv4 router discovery messages, and ICMPv4 redirect messages and provides a series of other functions.
Flexible extension headers
IPv6 eliminates the Options field in the header and introduces optional extension headers to provide scalability and improve efficiency. The Options field in the IPv4 packet header contains a maximum of 40 bytes, whereas the IPv6 extension headers are restricted to the maximum size of IPv6 packets.
IPv6 addresses
IPv6 address format
An IPv6 address is represented as a set of 16-bit hexadecimals separated by colons (:). An IPv6 address is divided into eight groups, and each 16-bit group is represented by four hexadecimal numbers, for example, 2001:0000:130F:0000:0000:09C0:876A:130B.
To simplify the representation of IPv6 addresses, you can handle zeros in IPv6 addresses by using the following methods:
· The leading zeros in each group can be removed. For example, the above address can be represented in a shorter format as 2001:0:130F:0:0:9C0:876A:130B.
· If an IPv6 address contains one or more consecutive groups of zeros, they can be replaced by a double colon (::). For example, the above address can be represented in the shortest format as 2001:0:130F::9C0:876A:130B.
|
|
IMPORTANT: A double colon can appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represents and correctly convert it to zeros to restore a 128-bit IPv6 address. |
An IPv6 address consists of an address prefix and an interface ID, which are equivalent to the network ID and the host ID of an IPv4 address.
An IPv6 address prefix is written in IPv6-address/prefix-length notation. The prefix-length is a decimal number indicating how many leftmost bits of the IPv6 address are in the address prefix.
IPv6 address types
IPv6 addresses include the following types:
· Unicast address—An identifier for a single interface, similar to an IPv4 unicast address. A packet sent to a unicast address is delivered to the interface identified by that address.
· Multicast address—An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is delivered to all interfaces identified by that address.
Broadcast addresses are replaced by multicast addresses in IPv6.
· Anycast address—An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to the nearest interface among the interfaces identified by that address. The nearest interface is chosen according to the routing protocol's measure of distance.
The type of an IPv6 address is designated by the first several bits, called the format prefix.
Table 1 Mappings between address types and format prefixes
|
Type |
Format prefix (binary) |
IPv6 prefix ID |
|
|
Unicast address |
Unspecified address |
00...0 (128 bits) |
::/128 |
|
Loopback address |
00...1 (128 bits) |
::1/128 |
|
|
Link-local address |
1111111010 |
FE80::/10 |
|
|
Global unicast address |
Other forms |
N/A |
|
|
Multicast address |
11111111 |
FF00::/8 |
|
|
Anycast address |
Anycast addresses use the unicast address space and have the identical structure of unicast addresses. |
||
Unicast addresses
Unicast addresses include global unicast addresses, link-local unicast addresses, the loopback address, and the unspecified address.
· Global unicast addresses—Equivalent to public IPv4 addresses, global unicast addresses are provided for Internet service providers. This type of address allows for prefix aggregation to restrict the number of global routing entries.
· Link-local addresses—Used for communication among link-local nodes for neighbor discovery and stateless autoconfiguration. Packets with link-local source or destination addresses are not forwarded to other links.
· A loopback address—0:0:0:0:0:0:0:1 (or ::1). It has the same function as the loopback address in IPv4. It cannot be assigned to any physical interface. A node uses this address to send an IPv6 packet to itself.
· An unspecified address—0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets. The unspecified address cannot be used as a destination IPv6 address.
Multicast addresses
IPv6 multicast addresses listed in Table 2 are reserved for special purposes.
Table 2 Reserved IPv6 multicast addresses
|
Address |
Application |
|
FF01::1 |
Node-local scope all-nodes multicast address. |
|
FF02::1 |
Link-local scope all-nodes multicast address. |
|
FF01::2 |
Node-local scope all-routers multicast address. |
|
FF02::2 |
Link-local scope all-routers multicast address. |
Multicast addresses also include solicited-node addresses. A node uses a solicited-node multicast address to acquire the link-layer address of a neighboring node on the same link and to detect duplicate addresses. Each IPv6 unicast or anycast address has a corresponding solicited-node address. The format of a solicited-node multicast address is FF02:0:0:0:0:1:FFXX:XXXX. FF02:0:0:0:0:1:FF is fixed and consists of 104 bits, and XX:XXXX is the last 24 bits of an IPv6 unicast address or anycast address.
EUI-64 address-based interface identifiers
An interface identifier is 64 bits long and uniquely identifies an interface on a link.
On an IEEE 802 interface, the interface identifier is derived from the link-layer address (typically a MAC address) of the interface. The MAC address is 48 bits long.
To obtain an EUI-64 address-based interface identifier, follow these steps:
1. Insert the 16-bit binary number 1111111111111110 (hexadecimal value of FFFE) behind the 24th high-order bit of the MAC address.
2. Invert the universal/local (U/L) bit (the seventh high-order bit). This operation makes the interface identifier have the same local or global significance as the MAC address.
Figure 2 Converting a MAC address into an EUI-64 address-based interface identifier
On a tunnel interface, the lower 32 bits of the EUI-64 address-based interface identifier are the source IPv4 address of the tunnel interface. The higher 32 bits of the EUI-64 address-based interface identifier of an ISATAP tunnel interface are 0000:5EFE, whereas those of other tunnel interfaces are all zeros.
On an interface of another type (such as a serial interface), the EUI-64 address-based interface identifier is generated randomly by the device.
Protocols and standards
· RFC 1881, IPv6 Address Allocation Management
· RFC 1887, An Architecture for IPv6 Unicast Address Allocation
· RFC 1981, Path MTU Discovery for IP version 6
· RFC 2375, IPv6 Multicast Address Assignments
· RFC 2460, Internet Protocol, Version 6 (IPv6) Specification
· RFC 2464, Transmission of IPv6 Packets over Ethernet Networks
· RFC 2526, Reserved IPv6 Subnet Anycast Addresses
· RFC 3307, Allocation Guidelines for IPv6 Multicast Addresses
· RFC 4191, Default Router Preferences and More-Specific Routes
· RFC 4291, IP Version 6 Addressing Architecture
· RFC 4443, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
· RFC 4862, IPv6 Stateless Address Autoconfiguration
IPv6 basics tasks at a glance
To configure basic IPv6 settings, perform the following tasks:
1. Configuring an IPv6 address
Choose the following tasks as needed:
¡ Configuring an IPv6 global unicast address
¡ Configuring an IPv6 link-local address
¡ Configuring an IPv6 anycast address
Configuring an IPv6 global unicast address
About IPv6 global unicast address
Use one of the following methods to configure an IPv6 global unicast address for an interface:
· EUI-64 IPv6 address—The IPv6 address prefix of the interface is manually configured, and the interface ID is generated automatically by the interface.
· Manual configuration—The IPv6 global unicast address is manually configured.
· Stateless address autoconfiguration—The IPv6 global unicast address is generated automatically based on the address prefix information contained in the RA message.
· Prefix-specific address autoconfiguration—The IPv6 global unicast address is generated automatically based on the prefix specified by its ID. The prefix can be manually configured or obtained through DHCPv6.
You can configure multiple IPv6 global unicast addresses on an interface.
Manually configured global unicast addresses (including EUI-64 IPv6 addresses) take precedence over automatically generated ones. If you manually configure a global unicast address with the same address prefix as an existing global unicast address on an interface, the manually configured one takes effect. However, it does not overwrite the automatically generated address. If you delete the manually configured global unicast address, the device uses the automatically generated one.
Restrictions and guidelines
An interface ID is used in EUI-64 IPv6 address configuration and stateless address autoconfiguration. The interface ID is derived from the MAC address of the interface. If the MAC address changes, the interface ID, global unicast address, and link-local address will also change. This will cause the entry table to rebuild for some protocols. If you do not want this situation to occur, use other IPv6 address configuration methods that do not use MAC addresses, for example, manually specify an IPv6 address.
Generating an EUI-64 IPv6 address
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure an EUI-64 IPv6 address on the interface.
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64
By default, no EUI-64 IPv6 address is configured on an interface.
Manually assigning an IPv6 global unicast address
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Assign an IPv6 global unicast address to the interface.
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
By default, no IPv6 global unicast address is configured on an interface.
Stateless address autoconfiguration
About this task
Stateless address autoconfiguration enables an interface to automatically generate an IPv6 global unicast address by using the address prefix in the received RA message and the interface ID. On an IEEE 802 interface (such as an Ethernet interface), the interface ID is generated based on the interface's MAC address and is globally unique. An attacker can exploit this rule to identify the sending device easily.
To fix the vulnerability, you can configure the temporary address feature. With this feature, an IEEE 802 interface generates the following addresses:
· Public IPv6 address—Includes the address prefix in the RA message and a fixed interface ID generated based on the MAC address of the interface.
· Temporary IPv6 address—Includes the address prefix in the RA message and a random interface ID generated through MD5.
You can also configure the interface to preferentially use the temporary IPv6 address as the source address of sent packets. When the valid lifetime of the temporary IPv6 address expires, the interface deletes the address and generates a new one. This feature enables the system to send packets with different source addresses through the same interface. If the temporary IPv6 address cannot be used because of a DAD conflict, the public IPv6 address is used.
The preferred lifetime and valid lifetime for a temporary IPv6 address are determined as follows:
· The preferred lifetime of a temporary IPv6 address takes the smaller of the following values:
¡ The preferred lifetime of the address prefix in the RA message.
¡ The preferred lifetime configured for temporary IPv6 addresses minus DESYNC_FACTOR (a random number in the range of 0 to 600 seconds).
· The valid lifetime of a temporary IPv6 address takes the smaller of the following values:
¡ The valid lifetime of the address prefix.
¡ The valid lifetime configured for temporary IPv6 addresses.
Restrictions and guidelines
If the IPv6 prefix in the RA message is not 64 bits long, stateless address autoconfiguration fails to generate an IPv6 global unicast address.
To generate a temporary address, an interface must be enabled with stateless address autoconfiguration. Temporary IPv6 addresses do not overwrite public IPv6 addresses, so an interface can have multiple IPv6 addresses with the same address prefix but different interface IDs.
If an interface fails to generate a public IPv6 address because of a prefix conflict or other reasons, it does not generate any temporary IPv6 address.
Executing the undo ipv6 address auto command on an interface deletes all IPv6 global unicast addresses and link-local addresses that are automatically generated on the interface.
Enabling stateless address autoconfiguration
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Enable stateless address autoconfiguration on an interface, so that the interface can automatically generate a global unicast address.
ipv6 address auto
By default, the stateless address autoconfiguration feature is disabled on an interface.
Configuring the temporary address feature and preferentially using the temporary IPv6 address as the source address of outgoing packets
1. Enter system view.
system-view
2. Enable the temporary IPv6 address feature.
ipv6 temporary-address [ valid-lifetime preferred-lifetime ]
By default, the temporary IPv6 address feature is disabled.
3. Enable the system to preferentially use the temporary IPv6 address as the source address of the outgoing packets.
ipv6 prefer temporary-address
By default, the system does not preferentially use the temporary IPv6 address as the source address of the outgoing packets.
Configuring prefix-specific address autoconfiguration
1. Enter system view.
system-view
2. Configure an IPv6 prefix.
Choose one option as needed:
¡ Configure a static IPv6 prefix.
ipv6 prefix prefix-number ipv6-prefix/prefix-length
By default, no static IPv6 prefixes exist.
¡ Use DHCPv6 to obtain a dynamic IPv6 prefix.
3. Enter interface view.
interface interface-type interface-number
4. Specify an IPv6 prefix for an interface to automatically generate an IPv6 global unicast address and advertise the prefix.
ipv6 address prefix-number sub-prefix/prefix-length
By default, no IPv6 prefix is specified for the interface to automatically generate an IPv6 global unicast address.
Configuring an IPv6 link-local address
About IPv6 link-local address
Configure IPv6 link-local addresses using one of the following methods:
· Automatic generation—The device automatically generates a link-local address for an interface according to the link-local address prefix (FE80::/10) and the link-layer address of the interface.
· Manual assignment—Manually configure an IPv6 link-local address for an interface.
Restrictions and guidelines
After you configure an IPv6 global unicast address for an interface, the interface automatically generates a link-local address. This link-local address is the same as the one generated by using the ipv6 address auto link-local command. If a link-local address is manually assigned to an interface, this manual assigned link-local address takes effect. If the manually assigned link-local address is deleted, the automatically generated link-local address takes effect.
Using the undo ipv6 address auto link-local command on an interface deletes only the link-local address generated by the ipv6 address auto link-local command. If the interface has an IPv6 global unicast address, it still has a link-local address. If the interface has no IPv6 global unicast address, it has no link-local address.
An interface can have only one link-local address. As a best practice, use the automatic generation method to avoid link-local address conflicts. If both the automatic generation and manual assignment methods are used, the manual assignment takes precedence.
· If you first use automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated one.
· If you first use manual assignment and then automatic generation, both of the following occur:
¡ The link-local address is still the manually assigned one.
¡ The automatically generated link-local address does not take effect. If you delete the manually assigned address, the automatically generated link-local address takes effect.
An interface ID is used for generating the link-local address for an interface. On an IEEE 802 interface (such as an Ethernet interface), the interface ID is derived from the MAC address of the interface. If the MAC address changes, the interface ID, global unicast address, and link-local address will also change. This will cause the entry table to rebuild for some protocols. If you do not want this situation to occur, use other IPv6 address configuration methods that do not use MAC addresses, for example, manually specify a link-local address.
Configuring automatic generation of an IPv6 link-local address for an interface
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure the interface to automatically generate an IPv6 link-local address.
ipv6 address auto link-local
By default, no link-local address is configured on an interface.
After an IPv6 global unicast address is configured on the interface, a link-local address is generated automatically.
Manually assigning an IPv6 link-local address to an interface
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Manually assign an IPv6 link-local address to the interface.
ipv6 address { ipv6-address [ prefix-length ] | ipv6-address/prefix-length } link-local
By default, no link-local address is configured on an interface.
Configuring an IPv6 anycast address
4. Enter system view.
system-view
5. Enter interface view.
interface interface-type interface-number
6. Configure an IPv6 anycast address.
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast
By default, no IPv6 anycast address is configured on an interface.
Display and maintenance commands for IPv6 basics
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display IPv6 FIB entries. |
display ipv6 fib [ ipv6-address [ prefix-length ] ] |
|
Display the IPv6 FIB table usage. |
display ipv6 fib usage |
|
Display ICMPv6 traffic statistics. |
display ipv6 icmp statistics [ slot slot-number ] |
|
Display IPv6 information about the interface. |
display ipv6 interface [ interface-type [ interface-number ] ] [ brief [ description ] ] |
|
Display the IPv6 prefix information. |
display ipv6 prefix [ prefix-number ] |
|
Display brief information about IPv6 RawIP connections. |
display ipv6 rawip [ slot slot-number ] |
|
Display detailed information about IPv6 RawIP connections. |
display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ] |
|
Display IPv6 and ICMPv6 packet statistics. |
display ipv6 statistics [ slot slot-number ] |
|
Display brief information about IPv6 TCP connections. |
display ipv6 tcp [ slot slot-number ] |
|
Display detailed information about IPv6 TCP connections. |
display ipv6 tcp verbose [ slot slot-number [ pcb pcb-index ] ] |
|
Display brief information about IPv6 TCP proxy. |
display ipv6 tcp-proxy slot slot-number |
|
Display brief information about IPv6 UDP connections. |
display ipv6 udp [ slot slot-number ] |
|
Display detailed information about IPv6 UDP connections. |
display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ] |
|
Clear IPv6 and ICMPv6 packet statistics. |
reset ipv6 statistics [ slot slot-number ] |
