Home > IPv6 Questions

IPv6 Questions

July 20th, 2017 in ROUTE 300-101 Go to comments

Question 1

Explanation

Dual-stack method is the most common technique which only requires edge routers to run both IPv4 and IPv6 while the inside routers only run IPv4. At the edge network, IPv4 packets are converted to IPv6 packets before sending out.

6to4 tunnel is a technique which relies on reserved address space 2002::/16 (you must remember this range). These tunnels determine the appropriate destination address by combining the IPv6 prefix with the globally unique destination 6to4 border router’s IPv4 address, beginning with the 2002::/16 prefix, in this format:

2002:border-router-IPv4-address::/48

For example, if the border-router-IPv4-address is 64.101.64.1, the tunnel interface will have an IPv6 prefix of 2002:4065:4001:1::/64, where 4065:4001 is the hexadecimal equivalent of 64.101.64.1. This technique allows IPv6 sites to communicate with each other over the IPv4 network without explicit tunnel setup but we have to implement it on all routers on the path.

NAT-PT provides IPv4/IPv6 protocol translation. It resides within an IP router, situated at the boundary of an IPv4 network and an IPv6 network. By installing NAT-PT between an IPv4 and IPv6 network, all IPv4 users are given access to the IPv6 network without modification in the local IPv4-hosts (and vice versa). Equally, all hosts on the IPv6 network are given access to the IPv4 hosts without modification to the local IPv6-hosts. This is accomplished with a pool of IPv4 addresses for assignment to IPv6 nodes on a dynamic basis as sessions are initiated across IPv4-IPv6 boundaries.

Question 2

Explanation

Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure (a core network or the Internet). By using overlay tunnels, you can communicate with isolated IPv6 networks without upgrading the IPv4 infrastructure between them. Overlay tunnels can be configured between border routers or between a border router and a host; however, both tunnel endpoints must support both the IPv4 and IPv6 protocol stacks.

IPv6_tunneling.jpg

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/ip6-tunnel.html

Question 3

Explanation

In Stateless Configuration mode, hosts will listen for Router Advertisements (RA) messages which are transmitted periodically from the router (DHCP Server). This RA message allows a host to create a global IPv6 address from:
+ Its interface identifier (EUI-64 address)
+ Link Prefix (obtained via RA)
Note: Global address is the combination of Link Prefix and EUI-64 address

Question 4

Explanation

The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the an EUI-48 MAC address.

In this question, the MAC address C601.420F.0007 is divided into two 24-bit parts, which are “C60142” (OUI) and “0F0007” (NIC). Then “FFFE” is inserted in the middle. Therefore we have the address: C601.42FF.FE0F.0007.

Then, according to the RFC 3513 we need to invert the Universal/Local bit (“U/L” bit) in the 7th position of the first octet. The “u” bit is set to 1 to indicate Universal, and it is set to zero (0) to indicate local scope. In this case we don’t need to set this bit to 1 because it is already 1 (C6 = 11000110).

Therefore with the subnet of 2001:DB8:0:1::/64, the full IPv6 address is 2001:DB8:0:1:C601:42FF:FE0F:7/64

Question 5

Question 6

Explanation

NPTv6 stands for Network Prefix Translation. It’s a form of NAT for IPv6 and it supports one-to-one translation between inside and outside addresses

Question 7

Explanation

The command “ipv6 flowset” allows the device to track destinations to which the device has sent packets that are 1280 bytes or larger.

Question 8

Explanation

NAT64 is used to make IPv4-only servers available to IPv6 clients.

Note:
NAT44 – NAT from IPv4 to IPv4
NAT66 – NAT from IPv6 to IPv6
NAT46 – NAT from IPv4 to IPv6
NAT64 – NAT from IPv6 to IPv4

Question 9

Explanation

The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the an EUI-48 MAC address.

Question 10

Explanation

IPv6 allows devices to configure their own IP addresses and other parameters automatically without the need for a DHCP server. This method is called “IPv6 Stateless Address Autoconfiguration” (which contrasts to the server-based method using DHCPv6, called “stateful”). In Stateless Autoconfiguration method, a host sends a router solicitation to request a prefix. The router then replies with a router advertisement (RA) message which contains the prefix of the link. Host will use this prefix and its MAC address to create its own unique IPv6 address.

Note:
+ RA messages are sent periodically and in response to device solicitation messages
+ In the absence of a router, a host can generate only link-local addresses. Link-local addresses are only sufficient for allowing communication among nodes that are attached to the same link

Comments
  1. phillip
    January 17th, 2017

    Please correct answer reply..
    1. The enterprise network WAN link has been receiving several denial of service attacks from both
    IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its
    header, in order to filter future attacks? (Choose three.)
    A. Traffic Class
    B. Source address
    C. Flow Label
    D. Hop Limit
    E. Destination Address
    F. Fragment Offset
    Correct Answer: A,C,D –It is correct or any more
    2. Which three IP SLA performance metrics can you use to monitor enterprise-class networks?
    (Choosethree.)
    A. Delay
    B. Reliability
    C. Packet loss
    D. Traps
    E. Connectivity
    Correct Answer: A,C,E–Pls say to correct answer
    3. Refer to the following configuration command.
    Router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
    Which statement about the command is true ?
    A. Any packet that is received in the inside interface with a source IP port address of
    172.16.10.8:80 is translated to 172.16.10.8:8080.
    B. Any packet that is received in the inside interface with a source IP port address of
    172.16.10.8:8080 is transtated to 172.16.10.8:80.
    C. The router accepts only a TCP connection from port 8080 and port 80 on IP address
    172.16.10.8.
    D. Any packet that is received in the inside interface with a source IP address of 172.16.10.8 is
    redirected to port 8080 or port 80.
    Correct Answer: A—Pls correct answer say to me .., anybody
    reply
    phillip January 17th, 2017
    Please give me a answer in the following IPv6 Question .
    Which two statements are true about 6to4 tunnels? (Choose two.)
    A. In a 6to4 tunnel, the first two bytes of the IPv6 address will be 0?002 and the next four bytes will be the hexadecimal equivalent of the IPv4 address.
    B. In a 6to4 tunnel, the first two bytes of the IPv6 address will be locally derived and the next two bytes will be the hexadecimal equivalent of the IPv4 address.
    C. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the 2002:c0a8:6301::/48 IPv6 address.
    D. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the 2002:c0a8:6301::/16 IPv6 address.
    E. In a 6to4 tunnel, the IPv4 address 192.168.99.1 would be converted to the 2002:1315:4463:1::/64 IPv6 address.
    Anonymous August 11th, 2016

  2. Baqah
    March 13th, 2017

    I think the Answer is (B) because when the packet arrives at the inside interface it will be translated from 8080 to 80 and when arrives at the outside interface it will be translated back to 8080 (80 to 8080)… if I am wrong then correct me… thank you

  3. Baqah
    March 13th, 2017

    Note that the configuration description for the static NAT command indicates any packet received in the inside interface with a source address of 172.16.10.8:8080 is translated to 172.16.10.8:80. This also implies that any packet received on the outside interface with a destination address of 172.16.10.8:80 has the destination translated to 172.16.10.8:8080.

    http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html#

  4. jokie
    August 2nd, 2017
  5. Akil
    November 8th, 2017

    IPv6 and Routing Protocols of it is important, you should check this
    http://ipcisco.com/?s=IPv6

  6. Seth
    November 9th, 2017

    Smashed my route exam today, 9xx used the dumps from it libraries and tut.

  7. durshen
    November 11th, 2017

    Hi friends, I have the valid dump with me and I’m wiling to share. Please contact me via durshen81 @ gmail .com

  8. Jefferson
    November 28th, 2017

    Passed, if you go the exam study the 21q dumps.

  9. Sigh
    November 29th, 2017

    I just finished the exam and failed (750/1000). A lot of pppoe and ipv6 question. If you have valid dumps, please share it to me.

  10. Eusebio
    December 12th, 2017

    Scored 9xx, used dumps from IT-Libraries. You can find them on the net for free or in the comments here.

  11. Emerson
    December 12th, 2017

    Smashed my route exam today, 9xx used the dumps from it libraries and tut.

  12. durshen
    December 13th, 2017

    Hi friends, I’m willing to share valid dumps that guarantee you pass. Please contact me via durshen81 @ gmail .com

  13. 1Way
    January 9th, 2018

    Q1 Explanation needs a citation as that is not my understanding of dual stack. My understanding is that dual stack uses both IPv4 and IPv6 on single connection and certainly does not do any IPv4 IPv6 conversion without a suitable tunnelling protocol.

    If the question is ‘Which method allows IPv4 and IPv6 to work together without requiring both to be used for a single connection during the migration process?’ Then the answer should be ‘D’ or possible ‘B’ to a lesser extent.

    Happy to be corrected on this though and welcome others thoughts.

  14. 1WAY
    January 9th, 2018

    Revising my above comment to say only ‘D’ (NAT-PT) is the correct answer as ‘B’ (6to4 tunnelling) requires both tunnel termination end points to support IPv4 and IPv6.

  15. help me
    April 2nd, 2018

    The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.)
    A. Traffic Class
    B. Source address
    C. Flow Label
    D. Hop Limit
    E. Destination Address
    F. Fragment Offset

    what is the correct answer please?

  16. Marcus
    April 15th, 2018

    I read the comment by @1Way and now I’m confused about Q1.

  17. unstoppable
    April 15th, 2018

    Q1: the example :”
    if the border-router-IPv4-address is 64.101.64.1, the tunnel interface will have an IPv6 prefix of 2002:4065:4001:1::/64, where 4065:4001 is the hexadecimal equivalent of 64.101.64.1″
    WHY THERE IS ONE MORE :1 after the 4065:4001 ?typing error?

  18. fatcat
    April 22nd, 2018

    Q4
    The correct answer is 2001:DB8:0:1:C401:42FF:FE0F:7

    Whether or not the 7th bit is 1 it will still have to be flipped in order to indicate whether this interface identifier is universally or locally administered. If 0, the address is locally administered and if 1, the address is globally unique.

    https://supportforums.cisco.com/t5/network-infrastructure-documents/understanding-ipv6-eui-64-bit-address/ta-p/3116953

  19. Raito
    June 25th, 2018

    Q10:

    Can anyone explain to me what is meant by “an external path from the local subnet” ? I am confused, even though I read the official cert guide.

  20. IPv6 Correct answer by Hrabos
    July 6th, 2018

    The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.)
    A. Traffic Class
    B. Source address
    C. Flow Label
    D. Hop Limit
    E. Destination Address
    F. Fragment Offset

    I’ve seen it everywhere with so many different choices and all wrong.

    We are talking about filtering IPv6 not about listing it’s header options so question is tricky.
    You can filter it obviously in usual way as ipv4 with SOURCE and DESTINATION plus
    ipv6 gives you option to add FLOW:

    ANSWER: B,C,D

    Reference: cisco ip6 filtering doc

  21. Marc
    July 13th, 2018

    Q1 – For the people asking where does the last number 1 come from, I will try to explain it in an easier way.

    Why the tunnel interface ALWAYS uses 2002:xxxx:xxx/48 as its prefix?. That is because 2002 is predefined and the other 32 bits come from IP (remember, each octet of an IPv4 is 8 bits and the total is 32 bits).
    In order to convert 64.101.64.1 into IPv6 we have to remember that a number in IPv6 is equivalent to 4 bits, so two numbers are equivalent to an IPv4 octet. Then to do the calculation we just take the IPv4. 1 in IPv4 in hexadecimal is translated as 01 and 64 is 40, because it is 4×16+0.

    The last :1 is a typo error because a 6to4 tunnel prefix has ALWAYS 48 bits and not 64.

  22. Anonymous
    August 24th, 2018

    The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.)
    A. Traffic Class
    B. Source address
    C. Flow Label
    D. Hop Limit
    E. Destination Address
    F. Fragment Offset

    The questions says future attacks. You can create a filter for all 6 options but you want to filter base on the origin of the attack .. my guess is ABC : source address , flow label and traffic class

  23. Rrr
    September 13th, 2018

    Question 5

    For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost. What caused this issue?
    A. The traffic filter is blocking all ICMPv6 traffic.
    B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly.
    C. The link-local addresses that were used by OSPFv3 were explicitly denied, which caused the neighbor relationships to fail.
    D. IPv6 traffic filtering can be implemented only on SVIs.

    _____________________________________________

    i think a is the good

    when you configure a ipv6 access-list a implicit permit for icmp router solicitation and router advertisement is create therfore when you create the access-list if you configure a deny any any at the end that cause the link local adresse fail now!

    https://books.google.ca/books?id=7-88BQAAQBAJ&pg=PT842&lpg=PT842&dq=permit+icmp+any+any+nd-ns+sequence+30&source=bl&ots=WaS0sg0PmW&sig=92CKqjwtbmEKyJzqdjKXhT16hHA&hl=fr&sa=X&ved=2ahUKEwixtbDz9LjdAhWpVt8KHZfYACQQ6AEwBHoECAYQAQ#v=onepage&q=permit%20icmp%20any%20any%20nd-ns%20sequence%2030&f=false

  24. Ahmad
    September 21st, 2018

    Thanks all, done with the router. 539q dumps from IT-Libraries are valid. Practice the labs since the ips change on the exam

  25. mimo
    September 22nd, 2018

    Ahmad can you send me a dump ?

    Ultel93 @gmail.com

  26. .
    October 22nd, 2018

    bb

  27. _saiko
    October 22nd, 2018

    The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.)
    A. Traffic Class
    B. Source address
    C. Flow Label
    D. Hop Limit
    E. Destination Address
    F. Fragment Offset

    should be B, C, E according to the updates since oct 2016

  28. Dany1
    November 27th, 2018

    I agree with FatCat related to Question 4. The correct answer is not in the response and is 2001:DB8:0:1:C401:42FF:FE0F:7.
    7th bit is 1 it will still have to be flipped in order to indicate whether this interface identifier is universally or locally administered. For EUI-64 If 0, the address is locally administered and if 1, the address is globally unique.
    In our case, mac address is C601.420F.0007 and that mean 1100 0110. The 7 bit for MAC address has significance as 0 for UNIVERSAL for “build-in” MAC address ( “built in” MAC address will always have this bit set to 0- you can check with MAC address finder). So MAC address in that example is CRAFTED(7th bit is set to 1), so interface has locally significance.
    DIGITALTUT please correct your answer and explanation

  29. RouteRider
    November 27th, 2018

    @Dany1

    48 bit MAC to 64 bit EUI
    C601.420F.0007–>C601.42 FF.FE 0F.0007–>C601.42FF.FE0F.7

    Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign itself a unique 64-Bit IP Version 6 interface identify them EUI-64). This feature is a key benefit over IPv4 as it eliminates the need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the EUI-48 MAC address.
    And what did you mention, it doesn’t play any role here, because the question doesn’t say that this address is a universally or locally administered address.

  30. Dany1
    November 28th, 2018

    RouterRider.
    What you said is the procedure of obtain IPv6 EUI-64, which i allready explain. But you skip one step and digitaltut ignore that step.
    That is written in cisco docs “Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies whether this interface identifier is universally or locally administered. If 0, the address is locally administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.”

  31. Dany1
    November 28th, 2018

    RFC 4291 section 2.5.1
    “The motivation for inverting the “u” bit when forming an interface
    identifier is to make it easy for system administrators to hand
    configure non-global identifiers when hardware tokens are not
    available. This is expected to be the case for serial links and
    tunnel end-points, for example. The alternative would have been for
    these to be of the form 0200:0:0:1, 0200:0:0:2, etc., instead of the
    much simpler 0:0:0:1, 0:0:0:2, etc.
    IPv6 nodes are not required to validate that interface identifiers
    created with modified EUI-64 tokens with the “u” bit set to universal
    are unique.
    The use of the universal/local bit in the Modified EUI-64 format
    identifier is to allow development of future technology that can take
    advantage of interface identifiers with universal scope.”
    Depend of each of you guys to respect RFC or to decide to ignore that. For my opinion, here is about specs from science book not cooking book, where everybody can add salt more or less to the specific food.

  32. Dany1
    November 28th, 2018

    And what RouterRouter did not specify is that:

    1. MAC address C601.420F.0007 is crafted one, because of seventh bit is 1 (That mean LOCAL ADMINISTRED)

    2. but 2001:DB8:0:1:C601:42FF:FE0F:7 has seventh bit 1, that mean interface(the SAME ONE) is UNIVERSAL (global adminstered)
    IS none sense.
    You understand now?

  1. No trackbacks yet.