Improve your experience. We are very sorry but this website does not support Internet Explorer. We recommend using a different browser that is supported such as Google Chrome or Mozilla Firefox.

HBT301 - IPv6 Deep Dive for Engineers

IPv6 deep dive designed for those who will deploy IPv6.

Description

Overview:

As with any new technology, IPv6 requires a learning curve for IT administration and operations personnel.  Training for IT engineers on IPv6 is important and needs to take place first so the transition can start to take place.  IT engineers will need in-depth training in order to prepare them for eventual deployment of IPv6 throughout the enterprise network environment.  Your organization will bring together network administrators, NOC staff, system administrators, security administrators, and application teams for a multi-day hands-on IPv6 class taught at your location.  This document will cover the contents of this technical IPv6 training class.

 

People Who Should Attend This Class:

Anyone in any IT department role who will be involved with the technical implementation of IPv6

System administrators, network administrators, helpdesk support, DevOps teams, application developers, DNS administrators, security administrators

Anyone who wants to learn the basics of IPv6 and advanced topics of IPv6 and who wants to gain a foundation to prepare for implementation of IPv6

 

Class Schedule:

Following is a table of the different classes, the duration of those classes and the possible attendees.

Class Topic

Duration

Introduction to IPv6

Lecture on the IPv6 protocol and simple live demonstrations

1/2 day

(3.5 hours)

IPv6 Networking Deep Dive

IPv6 routing protocols, Cisco & Arista routers/switches, IPv6 multicast with virtual lab and physical lab

1/2 day

(3.5 hours)

IPv6 Services and Applications

IPv6-capable systems, software, applications, live demonstration

1/2 day

(3.5 hours)

Troubleshooting IPv6 Networks and Systems

How to troubleshoot dual-protocol environments

1/2 day

(3.5 hours)

IPv6 Security

Lecture and live demonstration of IPv6 security attacks and protection measures

2 days

(14 hours)

 

Course Outline:

Following is the agenda for the multi-day IPv6 class.

Day 1

 

IPv6 Introduction – 2 Hours – 8:00AM to 10:00AM

Rationale for IPv6

               Requirement for abundant global addresses, IPv4 address exhaustion

               Brief review of IPv4 address shortage, CGN/LSN, address transfers

               Comparison of IPv4 to IPv6

IPv6 Features and Benefits

IPv6 Header structure, extension headers

IPv6 Addressing and address planning principles, concepts and techniques

ICMPv6 Protocol review and operations (NDP, PMTUD, MLD, ...)

Router Discovery and Neighbor Discovery with ICMPv6

ICMPv6 RA message format

Stateless and Stateful address autoconfiguration

IPv6 Transition Techniques

               Dual Protocol/Dual Stack behavior

               Tunneling (manual, dynamic), 6to4, ISATAP, Teredo IPv6/v4 tunneling

               Translation/ALG methods, IPv4 as a Service (v4aaS)

 

30 Minute Break – 10:00AM to 10:30AM

 

IPv6 Introduction (Cont.) – 1.5 Hour – 10:30AM to 12:00PM

IPv6-only environments

               Performance improvements with IPv6

IPv6 adoption methods, IPv6 Transition planning

Preparing an IPv6 Inventory, Impact Analysis, Transition Plan

               Creation of an IPv6 transition team

               IPv6 adoption in industry peer-group (higher education, government, commercial enterprises, service providers, etc.)

Current Level of IPv6 Support

Operating System and Application Support

Service Provider Support

Review of current Internet adoption of IPv6

Statistics of IPv6 Internet adoption

IPv6 Summary

IPv6 Advantages and Challenges

IPv6 resources, References & Suggested Reading

IPv6 Forum training and certification requirements

Questions and Answers

Basic demo of IPv6, IPv6 enablement on operating system, viewing IPv6 addresses on interfaces, review ICMPv6 RA messages sent by routers

 

Lunch Break - 1 Hour – 12:00PM to 1:00PM

 

IPv6 Networking Deep Dive – 2 Hours – 1:00PM to 3:00PM

IPv6 deployment strategies to maintain contiguous connectivity

IPv6 Routing Protocols and configuration commands for Cisco, Junos, and VyOS

               IPv6 prefix lengths

               Static routing, link-local address for next-hop address

RIPng, EIGRP, OSPFv3 (with multiple address families)

IS-IS (single-topology versus multi-topology)

MP-BGP configuration for IPv6

Hands-on configuration exploration and configuration commands for IPv6 routing protocols

               Dual Stack router configurations

IPv6 capabilities of ISPs, Internet IPv6 routing

               Additional IPv6 routing concepts

IPv6 with Multiprotocol Label Switching (MPLS)

IPv6 support by Software Defined Networking (SDN) systems and OpenFlow

 

30 Minute Break – 3:00PM to 3:30PM

 

IPv6 Networking Deep Dive (Cont.) – 1.5 Hours – 3:30PM to 5:00PM

IPv6 with SD-WAN systems

IPv6 multicast routing

Hands-on exploration of IPv6 multicast sources and receivers

Policy Based Routing (PBR)

DHCPv6 Prefix Delegation

IPv6 First Hop Redundancy Protocols

               NUD, HSRPv6, GLBPv6, VRRPv3

IPv6 Quality of Service (QoS) considerations

               QoS marking and Flow Label usage

Current level of IPv6 support in networking products

               WAN Optimization

               Wireless LANs and IPv6

               VoIP networks and IPv6

               Other networking software and products, Quagga, CPE devices

Questions and Answers

 

Day 2

 

IPv6 Services and Applications – 2 Hours – 8:00AM to 10:00AM

IPv6 DNS operations and configuration

DNS configuration and testing (BIND, Windows, Infoblox, etc.)

DHCPv6 configuration and operation (Windows, Infoblox, ISC, etc.)

               SLAAC versus DHCPv6 versus RDNSS

Comparison of techniques based on use-case, data center versus end-user access-networks

IPv6 brokenness, Happy eyeballs, OS implementations

               World IPv6 Day/Week/Launch

IPv6 features in operating systems and applications

               IPv6 prefix policy, source/destination address selection rules

Current Level of IPv6 Support in host operating systems

Microsoft Windows, Linux, Apple MAC OS X, and other operating systems

Configuration commands for each IPv6-enabled operating system

Hands-on labs with student VMs and student devices in dual-protocol lab environment

 

30 Minute Break – 10:00AM to 10:30AM

 

IPv6 Services and Applications (Cont.) – 1.5 Hours – 10:30AM to 12:00PM

IPv6 in virtualized and cloud environments (VMware, AWS, OpenStack, Containers, among others)

IPv6 in public cloud services

IPv6-enabled web services and applications

Apache, IIS web servers using IPv6

IPv6 application load balancing

IPv6-capable CDNs, geolocation, public Certificate Authorities (CAs)

Hands on testing of various IPv6 applications

IPv6 Applications and Software

IPv6 Coding Standards

Hands on testing of dual-protocol python scripts provided to students

Questions and Answers

 

Lunch Break - 1 Hour – 12:00PM to 1:00PM

 

Troubleshooting IPv6 Networks and Systems – 2 Hours – 1:00PM to 3:00PM

Troubleshooting methodologies for dual-protocol environments

Troubleshooting with the OSI model

IPv6 documentation techniques

Layer 1 and Layer 2 troubleshooting

Capturing IPv6 packets using Wireshark, tcpdump, and other methods of packet capture

Troubleshooting IPv6 Neighbor Discovery Protocol (NDP)

Hands-on exercises to capture IPv6 packets

Layer 3 troubleshooting

               Troubleshooting LAN-based and end-to-end dual-protocol connections

Verifying IPv6 addressing and routing on various operating systems

Troubleshooting ICMPv6 messages, RAs, and Neighbor Discovery Protocol (NDP)

Discuss common ICMPv6 issues and examples of troubleshooting methods

Using Ping, traceroute and numerous other end-to-end testing of IPv6 connectivity

Methods of generating synthetic IPv6 testing packets, end-to-end troubleshooting

Troubleshooting DNS

IPv6 packet capture and protocol decoding

 

30 Minute Break – 3:00PM to 3:30PM

 

Troubleshooting IPv6 Networks and Systems (Cont.) – 1.5 Hours – 3:30PM to 5:00PM

Hands-on use of troubleshooting tools in the lab environment

Layer 4 troubleshooting

Troubleshooting TCP and UDP end-to-end connectivity

IPv6 testing and troubleshooting applications and utilities

IPv6 performance measurement methods

Web-based IPv6 troubleshooting utilities

Web Browsers and IPv6

Troubleshooting IPv6-enabled applications

Understanding Path MTU Discovery and OS behavior with fragmentation

Hands-on PMTUD troubleshooting

IPv6 Multicast Troubleshooting

IPv6 Network Management methods

               Coverage of IPv6-capable management utilities

               SNMPv3, NetFlow, syslog, NTP, and other management-plane protocols

Summary, Questions and Answers

 

Day 3

 

IPv6 Security – 2 Hours – 8:00AM to 10:00AM

Introductions, review of agenda, class logistics

Overview of IPv6 Security

Security concerns about IPv6 and dual-stack operating systems

Review of the "Latent IPv6 Threat"

State of standards development for IPv6 security specific, well-known issues

Consequences of running two IP versions simultaneously

Security as it relates to the OSI model and the introduction of IPv6 to environments

IPv6 compatible security tools (i.e. routers ACLs, firewalls, proxies, IDS/IPS)

Level of hacker IPv6 experience

Examples of IPv6 security hacker tools available

Examples of documented IPv6 vulnerabilities & vendor response (patches)

IPv6 Threats

Reconnaissance differences in IPv6 compared to IPv4

Describe what techniques attackers will use to perform reconnaissance on IPv6 networks

Comparison of local reconnaissance and remote reconnaissance for IPv6 networks

Attacker reconnaissance methods using IPv6 on a LAN

Hands-on use of utilities to perform IPv6 network reconnaissance

Review how IPv6 addressing changes security paradigms

LAN Threats using Neighbor Discovery Protocol (NDP)

ICMPv6 Threats on a LAN

Rouge ICMPv6 RA messages, using tools to generate rogue RAs

Review methods to detect and/or prevent rogue RAs

Extensive review of IPv6 First-Hop Security (FHS) protection measures

Review of Secure Neighbor Discovery (SEND)

DHCPv6 security

Discuss protection methods of IPv6 on a LAN

Hands-on experience performing link-local IPv6 attacks

 

30 Minute Break – 10:00AM to 10:30AM

 

Live IPv6 Security Demonstration – 1.5 Hours – 10:30AM to 12:00PM

Students connect their computers to IPv6 lab and perform IPv6 packet crafting attacks

Demonstrate attacks against Neighbor Discovery Protocol (NDP)

Demonstrate of ICMPv6 crafted RA/RS and NA/NS messages

Show methods to prevent these types of attacks

Hands-on lab for students to try these same techniques

Demonstration of IPv6 First Hop Security (FHS) techniques

Review of common IPv6 security attack tools, use these in the lab environment

 

Lunch Break - 1 Hour – 12:00PM to 1:00PM

 

IPv6 Security (Cont.) – 2 Hours – 1:00PM to 3:00PM

IPv6 Threats (Continued)

IPv6 Privacy Addressing

Extension Headers attacks

Creating crafted packets across an IPv6 network

Routing Header (RH0) attacks

Fragmentation attacks

Transition Mechanism Threats

               Attacks on tunneling, translation

 

30 Minute Break – 3:00PM to 3:30PM

 

Live IPv6 Security Demonstration – 1.5 Hours – 3:30PM to 5:00PM

Hands-on IPv6 hop-by-hop and other crafted packet exploits and how to protect against them

Demonstrate protocol “fuzzing” attacks for IPv6

Demonstrate issues with extension headers

Perform a RH0 attack and show how to disable this attack

Demonstrate attacks using extension headers, fragmentation, DoH, HbH, etc.

Perform fragmentation attacks and other crafted packet attacks in the lab

Execute Layer3/4 spoofing attack and show mitigation techniques

Demonstrate filtering protection measures for these types of attacks

Hands-on labs for students to generate crafted packets, detect or block these packets

 

Day 4

 

IPv6 Security (Cont.) – 2 Hours – 8:00AM to 10:00AM

Review Popular IPv6 Protection Measures

               Unicast Reverse-Path Forwarding (RPF) for IPv6

               Source/Destination Remotely-Triggered Black Hole (RTBH), ACLs, BGP FlowSpec

               Filtering IPv6 BOGONS

               IPv6 transition mechanism threats

Application-layer Threats

Man-In-The-Middle Threats

Flooding – DoS, Viruses and Worms

               IPv6 vulnerability scanning

Hardening host OSs for IPv6

 

30 Minute Break – 10:00AM to 10:30AM

 

IPv6 Security (Cont.) – 1.5 Hours – 10:30AM to 12:00PM

IPv6-Capable Firewalls (appliances, host-based firewalls)

               IPv6 Access Control Lists (ACLs)

Host-based IPv6 firewalls

Review of IPv6-capable firewalls and how they are configured

               Firewall policy creation and naming conventions for policies

Review IPv6 configurations of popular enterprise firewalls

IPv6-Capable Intrusion Prevention Systems (IPS)

IPv6-capable Security Information Event Management (SIEMs)

IPv6 Anomaly Detection systems

Web Application Firewalls (WAFs) for IPv6

Review of other security protection measures and level of IPv6 support

 

Lunch Break - 1 Hour – 12:00PM to 1:00PM

 

IPv6 Security (Cont.) – 2 Hours – 1:00PM to 3:00PM

Show configuration of Cisco ASA, router ACLs, and IOS firewall

Review Palo Alto Networks firewall configurations

Demonstrations of other vendor’s stateful firewalls for IPv6

Demonstration of IPv6-capable IPS configuration

 

30 Minute Break – 3:00PM to 3:30PM

 

IPv6 Security (Cont.) – 1.5 Hours – 3:30PM to 5:00PM

IPv6 Router Threats

How to defend routers and switches from IPv6 attacks

IPv6 and VPNs

IPsec configuration for IPv6

SSL VPN configuration for IPv6

Show IPsec configurations between various devices

IPsec configuration between diverse operating systems

Mobile IPv6 Security

Describe security implications of MIPv6 and how to protect the MN and HA from attacks

Questions and Answers

 

Similar courses

HBT302 - IPv6 Host OS Training Class

IPv6 configuration and testing of host operating systems

More Information

Press enter to see more results