ExperTeach Networking Logo

PowerPackage IPv6

Addressing, Routing, Interworking, Security

ExperTeach Networking Logo
Introducing IPv6 into an enterprise network is a very complex issue. Starting with the functioning of the IPv6 protocol and going on to discuss security aspects and useful migration strategies, this BootCamp will teach you everything you need to know to use this technology successfully.

This IPv6 all-in-one course includes all the subjects covered in the ExperTeach Networking courses IPv6,  and IPv6 and Security. The knowledge you gain here will allow you to implement a structured, safe, and well-thought-out migration to IPv6.

Course Contents

  • What's New in IPv6
  • IPv6 Headers, Extension Headers, and the Setup of IPv6 Addresses
  • The IPv6 Communication and Its Shortcomings
  • Stateless and Stateful Auto-Configuration
  • Planning a Safe Migration from IPv4 to IPv6
  • IPv6 in End Devices, Routers, and Firewalls
  • Tunneling from IPv6 through IPv4
  • Interworking between IPv6 and IPv4 (NAT64 and DNS64)
  • Routing and Network Services (DNS, DHCP, RADIUS, and SNMP) with IPv6
  • Applications: WWW, FTP, and E-mail with IPv6
  • Internet Access and ISP Networks with IPv6
  • Enterprise Networks and IPv6
  • IPv6 in Mobile Communications
  • Security and IPv6: New Points of Attack, Protection, Firewall, and VPN

Print E-Book PDF Symbol You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.

Target Group

This course is designed for planners, administrators and security managers who intend to introduce IPv6 into a network and need to be able to assess potential security risks in advance.

Knowledge Prerequisites

This course is designed for planners, administrators and security managers who intend to introduce IPv6 into a network and need to be able to assess potential security risks in advance.
1 IPv6 - The Protocol
1.1 Weak Points of IPv4
1.1.1 Efficiency
1.1.2 Address Space
1.1.3 Size of the Routing Tables
1.1.4 Complexity due to Auxiliary Protocols
1.2 Demands Made on the New IP
1.3 The RFCs
1.4 The Header Format
1.4.1 Version, Payload Length, and Hop Limit
1.4.2 Traffic Class
1.4.3 Flow Label
1.5 Extensions with the Next Header
1.5.1 Extensions for the Routers
1.5.2 Extensions for the End Systems
1.6 Mobile IPv6
   
2 The Migration in an Overview
2.1 IPv6—Act Now
2.1.1 Benefits for an ISP
2.1.2 Added Value for Corporate Networks
2.1.3 IPv6 at Home—Why?
2.1.4 Motivation for IPv6 in Mobile Communications Networks
2.2 Migration Procedure
2.2.1 Networks with Dual Stack Nodes
2.2.2 Native IPv6 Networks
2.2.3 Tunnel
2.3 Migration Strategies
2.3.1 Backbone First
2.3.2 Edges First
2.4 Planning the Migration
2.4.1 Determining an Aim
2.4.2 Analyzing the Current State
2.4.3 Inventory and Analysis
2.4.4 An IPv6 Test Environment
2.5 Migrating—but when?
   
3 Addressing with IPv6
3.1 IPv6 Addresses
3.1.1 Address Types
3.1.2 End Device IDs
3.2 Global Unicast Addresses
3.2.1 IPv6 Address Request
3.2.2 Control
3.3 IPv6 Address Design
3.3.1 Site Concept
3.3.2 Concept of Use
3.3.3 Size of the Network Sections
3.3.4 Subgroups
3.4 Unique Local Unicast
3.4.1 Setup of Unique Local Addresses
3.4.2 Advantages and Disadvantages of Private Addresses
3.5 The Benefit of Anycast
3.6 Multicast Addresses
3.7 Neighbor Solicitation
3.8 Address Assignment
3.8.1 Static
3.8.2 Stateless Auto-configuration
3.8.3 Stateful with DHCPv6
   
4 The Dual Stack Variant
4.1 Two Parallel Networks
4.1.1 Advantages and Disadvantages of Dual Stack
4.1.2 DNS Makes It Possible
4.1.3 What is preferred?
4.2 End Devices and IPv6
4.2.1 Microsoft
4.2.2 Linux
4.2.3 Mac OS X
4.2.4 IPv6 and Virtualization
4.3 Routers and IPv6
4.3.1 Ready for IPv6 or not?
4.3.2 Migrating the Routing
4.4 IPv6 during Dial-In
4.4.1 Configuration of the WAN End
4.4.2 Configuration of the LAN End
   
5 Tunneling Variants
5.1 Static Tunnels—6in4
5.1.1 Tunnel Setup
5.1.2 Routing through the Tunnels
5.1.3 IPv6 in GRE
5.2 Dynamic Tunnels—6to4
5.2.1 Address Format of 6to4
5.2.2 Communication with the IPv6 Internet
5.3 Teredo—Dial-in into the IPv6 Internet
5.3.1 Problems with Tunnels and NAT
5.3.2 The Solution of Teredo
5.3.3 Communication between Teredo Clients
5.4 Tunnel Broker
5.4.1 Tunnel Broker—The Procedure
5.4.2 Tasks of the Tunnel Broker
5.4.3 Tunneling Protocols
5.5 Intra-Site—ISATAP
5.5.1 The ISATAP Address
5.5.2 Communication with the IPv6 Internet
   
6 Provider Aspects of IPv6
6.1 Offering IPv6 to the Customer
6.1.1 Native IPv6 Access
6.1.2 MPLS and IPv6
6.2 Multi-Homing of Customers
6.3 Communication from IPv6 to IPv4
6.3.1 NAT64
6.3.2 DNS64
6.4 Providing IPv4 Further on
6.4.1 NAT444
6.4.2 NAT464
6.4.3 Dual Stack Lite
   
7 Adapting Applications
7.1 Changes in UDP and TCP
7.2 DNS and IPv6
7.2.1 Forward Lookup
7.2.2 Reverse Lookup
7.3 Network Management in IPv6 Networks
7.4 Radius and IPv6
7.5 IPv6 in Applications
7.5.1 IPv6-Enabled Open Source Software
7.5.2 IPv6 in Microsoft Networks
   
8 Basic Security Considerations
8.1 IPv4 and IPv6—Security in Comparison
8.1.1 Differences between IPv4 and IPv6
8.1.2 The Current Security Situation
8.2 Vulnerable IPv6 Stacks
8.3 Security Aspects of the IPv6 Header
8.3.1 Extension Header Parsing
8.3.2 Security Relevance of Extension Headers
8.3.3 Filtering IPv6
8.4 Testing Security—Tools for IPv6 Vulnerability Tests
8.4.1 NMAP
8.4.2 Nessus and OpenVAS
8.4.3 Packet Generators
8.4.4 The THC Tool Collection
8.4.5 SI6 Tools
   
9 Security Aspects of IPv6 Addressing
9.1 Security Relevance of NAT
9.2 Security Aspects of the Address Types
9.2.1 EUI 64—Addresses Which Are Recognized
9.2.2 Temporary Addresses
9.2.3 ULA—Entirely Private
9.3 Discovering IPv6 Addresses
9.3.1 Passive Sniffing
9.3.2 Multicast Enumeration
9.3.3 Registration Query
9.3.4 Scanning IPv6 Networks
9.3.5 Guessing IPv6 Addresses
9.3.6 DNS Reconnaissance
   
10 Security during Migration
10.1 IPv6 Latent Threats
10.2 Dual Stack—Double Protection Required
10.2.1 End Device Security from the Viewpoint of IPv6
10.3 Questioning the Tunnel Security
10.3.1 Protecting a Configured Tunnel
10.3.2 ACLs for Dynamic Tunnels
10.4 Encrypting the Tunnel Traffic
   
11 IPv6 and First Hop Security
11.1 Neighbor Discovery Attacks
11.1.1 NDP Exhaustion Attack
11.1.2 Neighbor Advertisement Flooding
11.1.3 NDP Spoofing
11.2 SLAAC Attacks
11.2.1 Rogue Router
11.2.2 Man-in-the-Middle with RAs
11.2.3 Faked Default Gateway
11.2.4 RA Flooding
11.3 DHCPv6 Attacks
11.3.1 DHCPv6 Starvation
11.3.2 Rogue DHCPv6 Server
11.4 ICMPv6 Attacks
11.4.1 Amplification Attack
11.4.2 Redirect Attacks
11.4.3 DoS_New_IPv6
11.5 Security Measures
11.5.1 SEND
11.5.2 ACLs for Protection
11.5.3 RA Guard
11.5.4 DHCPv6 Guard/Shield
11.5.5 NDP Spoofing
   
12 Security in IPv6 Networks
12.1 Protecting Routers in IPv6 Networks
12.1.1 Configuration of IPv6 ACLs
12.1.2 Filtering ICMPv6
12.1.3 Protecting Routing Protocols
12.1.4 Preventing IP Spoofing
12.2 Adapting Firewalls
12.2.1 Testing the IPv6-Capability
12.2.2 Adapt Objects
12.2.3 Completing Sets of Rules
12.2.4 Bogon Filtering
12.3 Radius and IPv6
12.3.1 Testing the IPv6-Capability
12.3.2 RADIUS IPv6 Attributes
12.4 IPS in IPv6 Networks
12.5 Proxies in IPv6 Networks
12.6 IPsec in IPv6 Networks
12.6.1 Host-to-Host Encryption
12.6.2 IPv6 VPNs
12.6.3 IPv6 VPDN with IPsec
12.6.4 IPsec RAS VPNs and IPv6
   
A List of Abbreviations

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Hybrid training

Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.

Introducing IPv6 into an enterprise network is a very complex issue. Starting with the functioning of the IPv6 protocol and going on to discuss security aspects and useful migration strategies, this BootCamp will teach you everything you need to know to use this technology successfully.

This IPv6 all-in-one course includes all the subjects covered in the ExperTeach Networking courses IPv6,  and IPv6 and Security. The knowledge you gain here will allow you to implement a structured, safe, and well-thought-out migration to IPv6.

Course Contents

  • What's New in IPv6
  • IPv6 Headers, Extension Headers, and the Setup of IPv6 Addresses
  • The IPv6 Communication and Its Shortcomings
  • Stateless and Stateful Auto-Configuration
  • Planning a Safe Migration from IPv4 to IPv6
  • IPv6 in End Devices, Routers, and Firewalls
  • Tunneling from IPv6 through IPv4
  • Interworking between IPv6 and IPv4 (NAT64 and DNS64)
  • Routing and Network Services (DNS, DHCP, RADIUS, and SNMP) with IPv6
  • Applications: WWW, FTP, and E-mail with IPv6
  • Internet Access and ISP Networks with IPv6
  • Enterprise Networks and IPv6
  • IPv6 in Mobile Communications
  • Security and IPv6: New Points of Attack, Protection, Firewall, and VPN

Print E-Book PDF Symbol You will receive the comprehensive documentation package of the ExperTeach Networking series – printed documentation, e-book, and personalized PDF! As online participant, you will receive the e-book and the personalized PDF.

Target Group

This course is designed for planners, administrators and security managers who intend to introduce IPv6 into a network and need to be able to assess potential security risks in advance.

Knowledge Prerequisites

This course is designed for planners, administrators and security managers who intend to introduce IPv6 into a network and need to be able to assess potential security risks in advance.

1 IPv6 - The Protocol
1.1 Weak Points of IPv4
1.1.1 Efficiency
1.1.2 Address Space
1.1.3 Size of the Routing Tables
1.1.4 Complexity due to Auxiliary Protocols
1.2 Demands Made on the New IP
1.3 The RFCs
1.4 The Header Format
1.4.1 Version, Payload Length, and Hop Limit
1.4.2 Traffic Class
1.4.3 Flow Label
1.5 Extensions with the Next Header
1.5.1 Extensions for the Routers
1.5.2 Extensions for the End Systems
1.6 Mobile IPv6
   
2 The Migration in an Overview
2.1 IPv6—Act Now
2.1.1 Benefits for an ISP
2.1.2 Added Value for Corporate Networks
2.1.3 IPv6 at Home—Why?
2.1.4 Motivation for IPv6 in Mobile Communications Networks
2.2 Migration Procedure
2.2.1 Networks with Dual Stack Nodes
2.2.2 Native IPv6 Networks
2.2.3 Tunnel
2.3 Migration Strategies
2.3.1 Backbone First
2.3.2 Edges First
2.4 Planning the Migration
2.4.1 Determining an Aim
2.4.2 Analyzing the Current State
2.4.3 Inventory and Analysis
2.4.4 An IPv6 Test Environment
2.5 Migrating—but when?
   
3 Addressing with IPv6
3.1 IPv6 Addresses
3.1.1 Address Types
3.1.2 End Device IDs
3.2 Global Unicast Addresses
3.2.1 IPv6 Address Request
3.2.2 Control
3.3 IPv6 Address Design
3.3.1 Site Concept
3.3.2 Concept of Use
3.3.3 Size of the Network Sections
3.3.4 Subgroups
3.4 Unique Local Unicast
3.4.1 Setup of Unique Local Addresses
3.4.2 Advantages and Disadvantages of Private Addresses
3.5 The Benefit of Anycast
3.6 Multicast Addresses
3.7 Neighbor Solicitation
3.8 Address Assignment
3.8.1 Static
3.8.2 Stateless Auto-configuration
3.8.3 Stateful with DHCPv6
   
4 The Dual Stack Variant
4.1 Two Parallel Networks
4.1.1 Advantages and Disadvantages of Dual Stack
4.1.2 DNS Makes It Possible
4.1.3 What is preferred?
4.2 End Devices and IPv6
4.2.1 Microsoft
4.2.2 Linux
4.2.3 Mac OS X
4.2.4 IPv6 and Virtualization
4.3 Routers and IPv6
4.3.1 Ready for IPv6 or not?
4.3.2 Migrating the Routing
4.4 IPv6 during Dial-In
4.4.1 Configuration of the WAN End
4.4.2 Configuration of the LAN End
   
5 Tunneling Variants
5.1 Static Tunnels—6in4
5.1.1 Tunnel Setup
5.1.2 Routing through the Tunnels
5.1.3 IPv6 in GRE
5.2 Dynamic Tunnels—6to4
5.2.1 Address Format of 6to4
5.2.2 Communication with the IPv6 Internet
5.3 Teredo—Dial-in into the IPv6 Internet
5.3.1 Problems with Tunnels and NAT
5.3.2 The Solution of Teredo
5.3.3 Communication between Teredo Clients
5.4 Tunnel Broker
5.4.1 Tunnel Broker—The Procedure
5.4.2 Tasks of the Tunnel Broker
5.4.3 Tunneling Protocols
5.5 Intra-Site—ISATAP
5.5.1 The ISATAP Address
5.5.2 Communication with the IPv6 Internet
   
6 Provider Aspects of IPv6
6.1 Offering IPv6 to the Customer
6.1.1 Native IPv6 Access
6.1.2 MPLS and IPv6
6.2 Multi-Homing of Customers
6.3 Communication from IPv6 to IPv4
6.3.1 NAT64
6.3.2 DNS64
6.4 Providing IPv4 Further on
6.4.1 NAT444
6.4.2 NAT464
6.4.3 Dual Stack Lite
   
7 Adapting Applications
7.1 Changes in UDP and TCP
7.2 DNS and IPv6
7.2.1 Forward Lookup
7.2.2 Reverse Lookup
7.3 Network Management in IPv6 Networks
7.4 Radius and IPv6
7.5 IPv6 in Applications
7.5.1 IPv6-Enabled Open Source Software
7.5.2 IPv6 in Microsoft Networks
   
8 Basic Security Considerations
8.1 IPv4 and IPv6—Security in Comparison
8.1.1 Differences between IPv4 and IPv6
8.1.2 The Current Security Situation
8.2 Vulnerable IPv6 Stacks
8.3 Security Aspects of the IPv6 Header
8.3.1 Extension Header Parsing
8.3.2 Security Relevance of Extension Headers
8.3.3 Filtering IPv6
8.4 Testing Security—Tools for IPv6 Vulnerability Tests
8.4.1 NMAP
8.4.2 Nessus and OpenVAS
8.4.3 Packet Generators
8.4.4 The THC Tool Collection
8.4.5 SI6 Tools
   
9 Security Aspects of IPv6 Addressing
9.1 Security Relevance of NAT
9.2 Security Aspects of the Address Types
9.2.1 EUI 64—Addresses Which Are Recognized
9.2.2 Temporary Addresses
9.2.3 ULA—Entirely Private
9.3 Discovering IPv6 Addresses
9.3.1 Passive Sniffing
9.3.2 Multicast Enumeration
9.3.3 Registration Query
9.3.4 Scanning IPv6 Networks
9.3.5 Guessing IPv6 Addresses
9.3.6 DNS Reconnaissance
   
10 Security during Migration
10.1 IPv6 Latent Threats
10.2 Dual Stack—Double Protection Required
10.2.1 End Device Security from the Viewpoint of IPv6
10.3 Questioning the Tunnel Security
10.3.1 Protecting a Configured Tunnel
10.3.2 ACLs for Dynamic Tunnels
10.4 Encrypting the Tunnel Traffic
   
11 IPv6 and First Hop Security
11.1 Neighbor Discovery Attacks
11.1.1 NDP Exhaustion Attack
11.1.2 Neighbor Advertisement Flooding
11.1.3 NDP Spoofing
11.2 SLAAC Attacks
11.2.1 Rogue Router
11.2.2 Man-in-the-Middle with RAs
11.2.3 Faked Default Gateway
11.2.4 RA Flooding
11.3 DHCPv6 Attacks
11.3.1 DHCPv6 Starvation
11.3.2 Rogue DHCPv6 Server
11.4 ICMPv6 Attacks
11.4.1 Amplification Attack
11.4.2 Redirect Attacks
11.4.3 DoS_New_IPv6
11.5 Security Measures
11.5.1 SEND
11.5.2 ACLs for Protection
11.5.3 RA Guard
11.5.4 DHCPv6 Guard/Shield
11.5.5 NDP Spoofing
   
12 Security in IPv6 Networks
12.1 Protecting Routers in IPv6 Networks
12.1.1 Configuration of IPv6 ACLs
12.1.2 Filtering ICMPv6
12.1.3 Protecting Routing Protocols
12.1.4 Preventing IP Spoofing
12.2 Adapting Firewalls
12.2.1 Testing the IPv6-Capability
12.2.2 Adapt Objects
12.2.3 Completing Sets of Rules
12.2.4 Bogon Filtering
12.3 Radius and IPv6
12.3.1 Testing the IPv6-Capability
12.3.2 RADIUS IPv6 Attributes
12.4 IPS in IPv6 Networks
12.5 Proxies in IPv6 Networks
12.6 IPsec in IPv6 Networks
12.6.1 Host-to-Host Encryption
12.6.2 IPv6 VPNs
12.6.3 IPv6 VPDN with IPsec
12.6.4 IPsec RAS VPNs and IPv6
   
A List of Abbreviations

Classroom training

Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!

Hybrid training

Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.

Online training

You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.

Tailor-made courses

You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses

PDF SymbolYou can find the complete description of this course with dates and prices ready for download at as PDF.