1.online Banking Network Based On IPv6 Routing

Chapter 1
1. Introduction to Online Banking Network
1|Page
1.1 Online Banking: Online Banking Network means a network of online branches where any
customer can operate financial transaction from any branch. On earlier day, one can operate his
account from only that branch where he opened his account. If he needs to send money at any
other branch, he has to use Telephony Transfer (TT). But now, Banking is more easier, one can
operate his account from any branch and not only that he can operate his account from ATM
(Automated Teller Machine) & CDM (Cash Depositor Machine), can parches from POS Machine
(Point Of Sale ) even transaction can made through website. To provide these services banking
system needs to control from centrally, information needs to updated then and then.
1.2 How it actually works with current IPv4 routing systems: It’s a big challenge to provide
online facility with security. At IPv4, real IP or public IP is very expensive. So that any
organization runes with private IP for their LAN and use public IP only for connected with WAN
Topology: Network Topology refers to layout of a network and how different nodes in a network

are connected to each other and how they communicate. Topologies are either physical (the
physical layout of devices on a network) or logical (the way that the signals act on the network
media, or the way that the data passes through the network from one device to the next).
Protocols: Network protocols are formal standards and policies comprised of rules, procedures
and formats that define communication between two or more devices over a network. Network
protocols govern the end-to-end processes of timely, secure and managed data or network
communication.
Network protocols incorporate all the processes, requirements and constraints of initiating and
accomplishing communication between computers, servers, routers and other network enabled
devices. Network protocols must be confirmed and installed by the sender and receiver to
ensure network/data communication and apply to software and hardware nodes that
communicate on a network. There are several broad types of networking protocols,
including: Network communication protocols: Basic data communication protocols, such as
TCP/IP and HTTP Network security protocols: Implement security over network communications
and include HTTPS, SSL and SFTP. Network management protocols: Provide network
governance and maintenance and include SNMP and ICMP
Data that is sent from one LAN to another along any of several available paths is said to
be routed. The protocols that support multipath LAN-to-LAN communications are known
as routable protocols. Because routable protocols can be used to tie several LANs together and
create new wide-area environments, they are becoming increasingly important.
2|Page
1.3 Why IPv6 routing should be thing of future: IPv6 can run end-to-end encryption. While
this technology was retrofitted into IPv4, it remains an optional extra that isn’t universally used.
The encryption and integrity-checking used in current VPNs is a standard component in IPv6,
available for all connections and supported by all compatible devices and systems. Widespread
adoption of IPv6 will therefore make man-in-the-middle attacks significantly more difficult.
Pv6 also supports more-secure name resolution. The Secure Neighbor Discovery (SEND)
protocol is capable of enabling cryptographic confirmation that a host is who it claims to be at
connection time. This renders Address Resolution Protocol (ARP) poisoning and other naming-
based attacks more difficult. And while not a replacement for application- or service-layer
verification, it still offers an improved level of trust in connections. With IPv4 it’s fairly easy for an
attacker to redirect traffic between two legitimate hosts and manipulate the conversation or at
least observe it. IPv6 makes this very hard.
This added security depends entirely on proper design and implementation, and the more
complex and flexible infrastructure of IPv6 makes for more work. Nevertheless, properly
configured, IPv6 networking will be significantly more secure than its predecessor.
Internet Protocol version 6 is a new addressing protocol designed to incorporate all the possible
requirements of future Internet known to us as Internet version 2. This protocol as its
predecessor IPv4, works on the Network Layer (Layer-3). Along with its offering of an enormous
amount of logical address space, this protocol has ample features to address the shortcoming of
IPv4.
After IPv4’s development in the early 80s, the available IPv4 address pool begun to shrink
rapidly as the demand of addresses exponentially increased with Internet. Taking pre-
cognizance of the situation that might arise, IETF, in 1994, initiated the development of an
addressing protocol to replace IPv4. The progress of IPv6 can be tracked by means of the RFC
published:
 1998 – RFC 2460 – Basic Protocol

 2003 – RFC 2553 – Basic Socket API
 2003 – RFC 3315 – DHCPv6
 2004 – RFC 3775 – Mobile IPv6
 2004 – RFC 3697 – Flow Label Specification
 2006 – RFC 4291 – Address architecture (revision)
 2006 – RFC 4294 – Node requirement
3|Page
1.4 Features[1]
The successor of IPv4 is not designed to be backward compatible. Trying to keep the basic
functionalities of IP addressing, IPv6 is redesigned entirely. It offers the following features:
Larger Address Space
In contrast to IPv4, IPv6 uses 4 times more bits to address a device on the Internet. This much
of extra bits can provide approximately 3.4×1038 different combinations of addresses. This
address can accumulate the aggressive requirement of address allotment for almost everything
in this world. According to an estimate, 1564 addresses can be allocated to every square meter
of this earth.
Simplified Header
IPv6’s header has been simplified by moving all unnecessary information and options (which
are present in IPv4 header) to the end of the IPv6 header. IPv6 header is only twice as bigger
than IPv4 provided the fact that IPv6 address is four times longer.
End-to-end Connectivity
Every system now has unique IP address and can traverse through the Internet without using
NAT or other translating components. After IPv6 is fully implemented, every host can directly
reach other hosts on the Internet, with some limitations involved like Firewall, organization
policies, etc.
Auto-configuration
IPv6 supports both stateful and stateless auto-configuration mode of its host devices. This way,
absence of a DHCP server does not put a halt on inter-segment communication.
Faster Forwarding/Routing
Simplified header puts all unnecessary information at the end of the header. The information
contained in the first part of the header is adequate for a Router to take routing decisions, thus
making routing decision as quickly as looking at the mandatory header.
IPSec
Initially it was decided that IPv6 must have IPSec security, making it more secure than IPv4.
This feature has now been made optional.
No Broadcast
Though Ethernet/Token Ring are considered as broadcast network because they support
Broadcasting, IPv6 does not have any broadcast support anymore. It uses multicast to
communicate with multiple hosts.
Anycast Support
4|Page
This is another characteristic of IPv6. IPv6 has introduced Anycast mode of packet routing. In
this mode, multiple interfaces over the Internet are assigned same Anycast IP address. Routers,
while routing, send the packet to the nearest destination.
Mobility
IPv6 was designed keeping mobility in mind. This feature enables hosts (such as mobile phone)
to roam around in different geographical area and remain connected with the same IP address.
The mobility feature of IPv6 takes advantage of auto IP configuration and Extension headers.
Enhanced Priority Support
IPv4 used 6 bits DSCP (Differential Service Code Point) and 2 bits ECN (Explicit Congestion
Notification) to provide Quality of Service but it could only be used if the end-to-end devices
support it, that is, the source and destination device and underlying network must support it.
In IPv6, Traffic class and Flow label are used to tell the underlying routers how to efficiently
process the packet and route it.
Smooth Transition
Large IP address scheme in IPv6 enables to allocate devices with globally unique IP addresses.
This mechanism saves IP addresses and NAT is not required. So devices can send/receive
data among each other, for example, VoIP and/or any streaming media can be used much
efficiently.
Other fact is, the header is less loaded, so routers can take forwarding decisions and forward
them as quickly as they arrive.
Extensibility
One of the major advantages of IPv6 header is that it is extensible to add more information in
the option part. IPv4 provides only 40-bytes for options, whereas options in IPv6 can be as
much as the size of IPv6 packet itself.
5|Page
1.5 Addressing Modes
In computer networking, addressing mode refers to the mechanism of hosting an address on the
network. IPv6 offers several types of modes by which a single host can be addressed. More
than one host can be addressed at once or the host at the closest distance can be addressed.
Unicast
In unicast mode of addressing, an IPv6 interface (host) is uniquely identified in a network
segment. The IPv6 packet contains both source and destination IP addresses. A host interface
is equipped with an IP address which is unique in that network segment. When a network switch
or a router receives a unicast IP packet, destined to a single host, it sends out one of its
outgoing interface which connects to that particular host.
[Figure1 : Unicast Messaging][2]
6|Page
Multicast
The IPv6 multicast mode is same as that of IPv4. The packet destined to multiple hosts is sent
on a special multicast address. All the hosts interested in that multicast information need to join
that multicast group first. All the interfaces that joined the group receive the multicast packet and
process it, while other hosts not interested in multicast packets ignore the multicast information.
[Figure 2: Multicast Messaging][2]
7|Page
Anycast
IPv6 has introduced a new type of addressing, which is called Anycast addressing. In this
addressing mode, multiple interfaces (hosts) are assigned same Anycast IP address. When a
host wishes to communicate with a host equipped with an Anycast IP address, it sends a
Unicast message. With the help of complex routing mechanism, that Unicast message is
delivered to the host closest to the Sender in terms of Routing cost. [1]
[Figure 3: Anycast Messaging][2]
Let’s take an example of TutorialPoints.com Web Servers, located in all continents. Assume that
all the Web Servers are assigned a single IPv6 Anycast IP Address. Now when a user from
Europe wants to reach TutorialsPoint.com, the DNS points to the server that is physically
located in Europe itself. If a user from India tries to reach Tutorialspoint.com, the DNS will then
point to the Web Server physically located in Asia. Nearest or Closest terms are used in terms
of Routing Cost.
In the above picture, when a client computer tries to reach a server, the request is forwarded to
the server with the lowest Routing Cost.
8|Page
ADDRESS TYPES AND FORMATS
Address Structure
An IPv6 address is made of 128 bits divided into eight 16-bits blocks. Each block is then
converted into 4-digit Hexadecimal numbers separated by colon symbols.
For example, given below is a 128-bit IPv6 address represented in binary format and divided
into eight 16-bits blocks:
0010000000000001 0000000000000000 0011001000111000 1101111111100001
0000000001100011 0000000000000000 0000000000000000 1111111011111011

Each block is then converted into Hexadecimal and separated by ‘:’ symbol:
Even after converting into Hexadecimal format, IPv6 address remains long. IPv6 provides some
rules to shorten the address. The rules are as follows:
Rule 1: Discard leading Zero(es):
2001:0000:3238:DFE1:63::FEFB
In Block 5, 0063, the leading two 0s can
be omitted, such as (5th block):
2001:0:3238:DFE1:63::FEFB
Rule 2: If two of more blocks contain consecutive zeroes, omit them all and replace with double
colon sign ::, such as (6th and 7th block):
2001:0000:3238:DFE1:63:0000:0000:FEFB
Consecutive blocks of zeroes

can be replaced only once by :: so if there are still blocks of zeroes in the address, they can be
shrunk down to a single zero, such as (2nd block):
Interface ID
IPv6 has three different types of Unicast Address scheme. The second half of the address (last
64 bits) is always used for Interface ID. The MAC address of a system is composed of 48-bits
and represented in Hexadecimal. MAC addresses are considered to be uniquely assigned
worldwide.
Interface ID takes advantage of this uniqueness of MAC addresses. A host can auto-configure
its Interface ID by using IEEE’s Extended Unique Identifier (EUI-64) format. First, a host divides
9|Page
its own MAC address into two 24-bits halves. Then 16-bit Hex value 0xFFFE is sandwiched into
those two halves of MAC address, resulting in EUI-64 Interface ID.
[Figure 4: EUI-64 Interface ID]
Conversion of EUI-64 ID into IPv6 Interface Identifier

To convert EUI-64 ID into IPv6 Interface Identifier, the most significant 7th bit of EUI-64 ID is
complemented. For example:
[Figure 5: IPV6 Interface ID]

Global Unicast Address
This address type is equivalent to IPv4’s public address. Global Unicast addresses in IPv6 are
globally identifiable and uniquely addressable
[Figure 6: Global Unicast Address]
10 | P a g e
Global Routing Prefix: The most significant 48-bits are designated as Global Routing Prefix
which is assigned to specific autonomous systems. The three most significant bits of Global
Routing Prefix is always set to 001.
Link-Local Address
Auto-configured IPv6 address is known as Link-Local Address. This address always starts with
FE80. The first 16 bits of link-local address is always set to 1111 1110 1000 0000 (FE80). The
next 48-bits are set to 0, thus:
[Figure 7 : Link-Local Address]
Link-local addresses are used for communication among IPv6 hosts on a link (broadcast
segment) only. These addresses are not routable, so a Router never forwards these addresses
outside the link.
Unique-Local Address
This type of IPv6 address is globally unique, but it should be used in local communication. The
second half of this address contains Interface ID and the first half is divided among Prefix, Local
Bit, Global ID, and Subnet ID.
[Figure 8 : Unique-Local Address]
Prefix is always set to 1111 110. L bit is set to 1 if the address is locally assigned. So far, the
meaning of L bit to 0 is not defined. Therefore, Unique Local IPv6 address always starts with
‘FD’
Scope of IPv6 Unicast Addresses
11 | P a g e
[Figure 9 : IPv6 Unicast Address Scope]
The scope of Link-local address is limited to the segment. Unique Local Address are locally
global, but are not routed over the Internet, limiting their scope to an organization’s boundary.
Global Unicast addresses are globally unique and recognizable. They shall make the essence
of Internet v2 addressing.
12 | P a g e
SPECIAL ADDRESSES
Version 6 has slightly complex structure of IP address than that of IPv4. IPv6 has reserved a
few addresses and address notations for special purposes. See the table below:
 As shown in the table, the address 0:0:0:0:0:0:0:0/128 does not specify anything and is
said to be an unspecified address. After simplifying, all the 0s are compacted to ::/128.
 In IPv4, the address 0.0.0.0 with netmask 0.0.0.0 represents the default route. The same
concept is also applied to IPv6, the address 0:0:0:0:0:0:0:0 with netmask all 0s
represents the default route. After applying IPv6 rule, this address is compressed to ::/0.
 Loopback addresses in IPv4 are represented by 127.0.0.1 to 127.255.255.255 series.
But in IPv6, only 0:0:0:0:0:0:0:1/128 represents the Loopback address. After loopback
address, it can be represented as ::1/128.
Reserved Multicast Address for Routing Protocols
 The above table shows the reserved multicast addresses used by interior routing
protocol.
 The addresses are reserved following the same rules of IPv4.
13 | P a g e
Reserved Multicast Address for Routers/Node
 These addresses help routers and hosts to speak to available routers and hosts on a
segment without being configured with an IPv6 address.
 Hosts use EUI-64 based auto-configuration to self-configure an IPv6 address and then
speak to available hosts/routers on the segment by means of these addresses.
14 | P a g e
1.6 Communication
In IPv4, a host that wants to communicate with another host on the network needs to have an IP
address acquired either by means of DHCP or by manual configuration. As soon as a host is
equipped with some valid IP address, it can speak to any host on the subnet.
To communicate on layer-3, a host must also know the IP address of the other host.
Communication on a link is established by means of hardware-embedded MAC Addresses. To
know the MAC address of a host whose IP address is known, a host sends ARP broadcast and
in return, the intended host sends back its MAC address.
In IPv6, there are no broadcast mechanisms. It is not a must for an IPv6 enabled host to obtain
an IP address from DHCP or manually configure one, but it can auto-configure its own IP.
ARP has been replaced by ICMPv6 Neighbor Discovery Protocol.
Neighbor Discovery Protocol[3]

A host in IPv6 network is capable of auto-configuring itself with a unique link-local address. As
soon as the host gets an IPv6 address, it joins a number of multicast groups. All
communications related to that segment take place on those multicast addresses only. A host
goes through a series of states in IPv6:
 Neighbor Solicitation: After configuring all IPv6’s either manually or by DHCP Server or
by auto-configuration, the host sends a Neighbor Solicitation message out to FF02::1/16
multicast address for all its IPv6 addresses in order to know that no one else occupies
the same addresses.
 DAD (Duplicate Address Detection): When the host does not listen from anything from
the segment regarding its Neighbor Solicitation message, it assumes that no duplicate
address exists on the segment.
 Neighbor Advertisement: After assigning the addresses to its interfaces and making
them up and running, the host once again sends out a Neighbor Advertisement message
telling all other hosts on the segment that it has assigned those IPv6 addresses to its
interfaces.
Once a host is done with the configuration of its IPv6 addresses, it does the following things:
 Router Solicitation: A host sends a Router Solicitation multicast packet (FF02::2/16)

out on its segment to know the presence of any router on this segment. It helps the host
to configure the router as its default gateway. If its default gateway router goes down,
the host can shift to a new router and makes it the default gateway.
 Router Advertisement: When a router receives a Router Solicitation message, it
responds back to the host, advertising its presence on that link.
15 | P a g e
 Redirect: This may be the situation where a Router receives a Router Solicitation
request but it knows that it is not the best gateway for the host. In this situation, the
router sends back a Redirect message telling the host that there is a better ‘next-hop’
router available. Next-hop is where the host will send its data destined to a host which
does not belong to the same segment.
16 | P a g e
1.7 Subnetting
In IPv4, addresses were created in classes. Classful IPv4 addresses clearly define the bits used
for network prefixes and the bits used for hosts on that network. To subnet in IPv4, we play with
the default classful netmask which allows us to borrow host bits to be used as subnet bits. This
results in multiple subnets but less hosts per subnet. That is, when we borrow host bits to create
a subnet, it costs us in lesser bit to be used for host addresses.
IPv6 addresses use 128 bits to represent an address which includes bits to be used for
subnetting. The second half of the address (least significant 64 bits) is always used for hosts
only. Therefore, there is no compromise if we subnet the network.[4]
[Figure 10 : IPv6 Subnetting]
16 bits of subnet is equivalent to IPv4’s Class B Network. Using these subnet bits, an
organization can have another 65 thousands of subnets which is by far, more than enough.
Thus routing prefix is /64 and host portion is 64 bits. We can further subnet the network beyond
16 bits of Subnet ID, by borrowing host bits; but it is recommended that 64 bits should always
be used for hosts addresses because auto-configuration requires 64 bits.
IPv6 subnetting works on the same concept as Variable Length Subnet Masking in IPv4.
/48 prefix can be allocated to an organization providing it the benefit of having up to /64 subnet
prefixes, which is 65535 sub-networks, each having 264 hosts. A /64 prefix can be assigned to
a point-to-point connection where there are only two hosts (or IPv6 enabled devices) on a link.
17 | P a g e
1.8 Mobility[5]
When a host is connected to a link or network, it acquires an IP address and all communication
takes place using that IP address on that link. As soon as the same host changes its physical
location, that is, moves into another area / subnet / network / link, its IP address changes
accordingly, and all the communication taking place on the host using old IP address goes
down.
IPv6 mobility provides a mechanism for the host to roam around different links without losing
any communication/connection and its IP address.
Multiple entities are involved in this technology:
 Mobile Node: The device that needs IPv6 mobility.

 Home Link: This link is configured with the home subnet prefix and this is where the
Mobile IPv6 device gets its Home Address.
 Home Address: This is the address which the Mobile Node acquires from the Home
Link. This is the permanent address of the Mobile Node. If the Mobile Node remains in
the same Home Link, the communication among various entities takes place as usual.
 Home Agent: This is a router that acts as a registrar for Mobile Nodes. Home Agent is
connected to Home Link and maintains information about all Mobile Nodes, their Home
Addresses, and their present IP addresses.
 Foreign Link: Any other Link that is not Mobile Node’s Home Link.
 Care-of Address: When a Mobile Node gets attached to a Foreign Link, it acquires a
new IP address of that Foreign Link’s subnet. Home Agent maintains the information of
both Home Address and Care-of Address. Multiple Care-of addresses can be assigned
to a Mobile Node, but at any instance, only one Care-of Address has binding with the
Home Address.
 Correspondent Node: Any IPv6 enabled device that intends to have communication
with Mobile Node.
Mobility Operation
When a Mobile Node stays in its Home Link, all communications take place on its Home
Address as shown below:
18 | P a g e
[Figure 11 : Mobile Node connected to Home Link]
When a Mobile Node leaves its Home Link and is connected to some Foreign Link, the Mobility
feature of IPv6 comes into play. After getting connected to a Foreign Link, the Mobile Node
acquires an IPv6 address from the Foreign Link. This address is called Care-of Address. The
Mobile Node sends a binding request to its Home Agent with the new Care-of Address. The
Home Agent binds the Mobile Node’s Home Address with the Care-of Address, establishing a
Tunnel between both.
Whenever a Correspondent Node tries to establish connection with the Mobile Node (on its
Home Address), the Home Agent intercepts the packet and forwards to Mobile Node’s Care-of
Address over the Tunnel which was already established.[6]
[Figure 12 : Mobile Node connected to Foreign Link]
19 | P a g e
Route Optimization
When a Correspondent Node initiates a communication by sending packets to the Mobile Node
on the Home Address, these packets are tunneled to the Mobile Node by the Home Agent. In
Route Optimization mode, when the Mobile Node receives a packet from the Correspondent
Node, it does not forward replies to the Home Agent. Rather, it sends its packet directly to the
Correspondent Node using Home Address as Source Address. This mode is optional and not
used by default.
20 | P a g e
Chapter 2
Routing Protocols of IPv6 Network
21 | P a g e
2.1 What is IP routing
IP routing is the process of sending packets from a host on one network to another host
on another, remote network. This process is done by routers. Routers examine the
destination IP address of a packet , determine the next-hop address, and forward the
packet.

Routers use routing tables to determine a next hop address to which the packet should
be forwarded.
Consider the following example of IP routing:[7]

[Figure 13 : Routing ]
Host A wants to communicate with host B, but host B is on another network. Host A is
configured to send all packets destined for remote networks to router R1. Router R1
receives the packets, examines the destination IP address and forwards the packet to
the outgoing interface associated with the destination network.
Default gateway
A default gateway is a router that hosts use to communicate with other hosts on remote
networks. A default gateway is used when a host doesn't have a route entry for the
specific remote network and doesn't know how to reach that network. Hosts can be
configured to send all packets destined to remote networks to a default gateway, which
has a route to reach that network.

The following example explains the concept of a default gateway more thoroughly .[8]
[Figure 14 : Default Gateway ]
22 | P a g e

Host A has an IP address of the router R1 configured as the default gateway address.
Host A is trying to communicate with host B, a host on another, remote network. Host A
looks up in its routing table to check if there is an entry for that destination network. If
the entry is not found, the host sends all data to the router R1. Router R1 receives the
packets and forwards them to host B.
Routing table
Each router maintains a routing table and stores it in RAM. A routing table is used by
routers to determine a path to a destination network. Each routing table consists of the
following entries:

1. network destination and a network subnet mask - specifies a range of IP addresses
2. remote router - IP address of the router used to reach that network
3. outgoing interface - outgoing interface the packet should go out to reach the
destination network

There are three different methods for populating a routing table:
• directly connected subnets
• using static routing
• using dynamic routing

Each of this method is described in the following chapters.

Consider the following example. Host A wants to communicate with host B, but host B is
on another network. Host A is configured to send all packets destined for remote
networks to the router. The router receives the packets, checks the routing table to see
if it has an entry for the destination address. If it does, the router forwards the packet out
the appropriate interface port. If the router doesn't find the entry, it discards the packet. [9]

[Figure 15 : Routing Protocol ]
23 | P a g e
2.2 Types of routing protocols
There are two types of routing protocols:

1. Distance vector (RIP, IGRP)
2. Link state (OSPF, IS-IS)

Cisco has created its own routing protocol – EIGRP. EIGRP is considered to be an
advanced distance vector protocol, although some materials erroneously state that
EIGRP is a hybrid routing protocol, a combination of distance vector and link state.

All of the routing protocols mentioned above are interior routing protocols (IGP), which
means that they are used to exchange routing information within one autonomous
system. BGP (Border Gateway Protocol) is an example of an exterior routing protocol
(EGP) which is used to exchange routing information between autonomous systems on
the Internet.
2.3 Distance vector protocols
As the name implies, distance vector routing protocols use distance to determine the
best path to a remote network. The distance is usually the number of hops (routers) to
the destination network.
Distance vector protocols send complete routing table to each neighbor (a neighbor is
directly connected router that runs the same routing protocol). They usually use some
version of Bellman-Ford algorithm to calculate the best routes. Compared with link state
routing protocols, distance vector protocols are simpler to configure and require little
management, but are susceptible to routing loops and converge slower than link state
routing protocols. Distance vector protocols also use more bandwidth because they
send complete routing table, while link state protocols sends specific updates only when
topology changes occur.
RIP and EIGRP are examples of distance vector routing protocols.
24 | P a g e
2.4 Link state protocols
Link state routing protocols are the second type of routing protocols. They have the
same basic purpose as distance vector protocols, to find a best path to a destination,
but use different methods to do so. Unlike distance vector protocols, link state protocols
don't advertise the entire routing table. Instead, they advertise information about a
network topology (directly connected links, neighboring routers...), so that in the end all
routers running a link state protocol have the same topology database. Link state
routing protocols converge much faster than distance vector routing protocols, support
classless routing, send updates using multicast addresses and use triggered routing
updates. They also require more router CPU and memory usage than distance-vector
routing protocols and can be harder to configure.
Each router running a link state routing protocol creates three different tables:
1. neighbor table - the table of neighboring routers running the same link state routing
protocol
2. topology table - the table that stores the topology of the entire network
3. routing table - the table that stores the best routes
Shortest Path First algorithm is used to calculate the best route. OSPF and IS-IS are
examples of link state routing protocols.
Difference between distance vector and link state routing protocols
The following table summarizes the difference:[10]

25 | P a g e
2.5 RIP (Routing Information Protocol)
RIP (Routing Information Protocol) is one of the oldest distance vector routing protocols.
It is usually used in small networks. RIP is very simple to configure and maintain, but
lacks some advanced features of routing protocols like OSPF or EIGRP. Two versions
of the protocol exists: version 1 and version 2. Both versions use hop count as a metric
and have the administrative distance of 120. RIP version 2 is capable of advertising
subnet masks and uses multicast to send routing updates, while version 1 doesn't
advertises subnet masks and uses broadcast for updates. Version 2 is backwards
compatible with version 1.

RIPv2 sends the entire routing table every 30 seconds, which can consume a lot of
bandwidth. RIPv2 uses multicast address of 224.0.0.9 to send routing updates, supports
authentication and triggered updates (updates that are sent when a change in the
network occurs).

For example of how RIP works, consider the following figure. [11]

[Figure 16 : RIP ]
Router R1 directly connects to the subnet 10.0.0.0/24. Network engineer has configured
RIP on R1 to advertise this route. R1 sends routing updates to R2 and R3. The routing
updates list the subnet, subnet mask and metric for this route. Each router, R2 and R3,
receives this update and adds the route to their respective routing tables. Both routers
list the metric of 1 because the network is only one hop away.
26 | P a g e
RIPng
RIPng is an extension of RIP for support of IPv6. The configuration of RIPng is requires
at least two steps:

1. enable RIPng using the global configuration command ipv6 router rip tag. The tag is
used to differentiate between multiple RIP processes. It does not have to be the same
on all routers.
2. enable the routing protocol on the interface using the ipv6 rip tag enable. The tag has
to match the one used in the ipv6 router rip tag command
Here is an example:

[Figure 17 : RIPng enable ]
We have done a similar configuration on the second router. To verify that routers are
indeed exchanging route information using RIPng we can use the show ipv6 route
command:

[Figure 18 : RIPng Status ]
In the picture above, we can see that the router has received a route to the
network2001:BBBB:CCCC:DDDD::/64.
27 | P a g e
2.6 EIGRP (Enhanced Interior Gateway Routing
Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol) is an advanced distance vector
routing protocol. This protocol is an evolution of an earlier Cisco protocol called IGRP,
which is now considered obsolete. EIGRP supports classless routing and VLSM, route
summarization, incremental updates, load balancing and many other useful features. It
is a Cisco proprietary protocol, so all routers in a network that is running EIGRP must be
Cisco routers.

Routers running EIGRP must become neighbors before exchanging routing information.
To dynamically discover neighbors, EIGRP routers use the multicast address of
224.0.0.10. Each EIGRP router stores routing and topology information in three tables:

• Neighbor table - stores information about EIGRP neighbors
• Topology table - stores routing information learned from neighboring routers
• Routing table - stores the best routes

Administrative distance of EIGRP is 90, which is less than both the administrative
distance of RIP and the administrative distance of OSPF, so EIGRP routes will be
preferred over these routes. EIGRP uses Reliable Transport Protocol (RTP) for sending
messages.

EIGRP calculates its metric by using bandwidth, delay, reliability and load. By default,
only bandwidth and delay are used when calculating metric, while reliability and load are
set to zero.

EIGPR uses the concept of autonomous systems. An autonomous system is a set of
EIGRP enabled routers that should become EIGRP neighbors. Each router inside an
autonomous system must have the same autonomous system number configured,
otherwise routers will not become neighbors.
EIGRP Neighbors
EIGRP must establish neighbor relationships with other EIGRP neighboring routers
before exchanging routing information. To establish neighbor relationships, routers send
hello packets every couple of seconds. Hello packets are sent to the multicast address
of 224.0.0.10.

TIP - on LAN interfaces hellos are sent every 5 seconds. On WAN interfaces every 60
seconds.

28 | P a g e
The following fields in a hello packet must be the identical in order for routers to become
neighbors:
• ASN (autonomous system number)
• subnet number
• K values (components of metric)

Routers send hello packets every couple of seconds to ensure that the neighbor
relationship is still active. By default, routers considers the neighbor to be down after a
hold-down timer has expired. Hold-down timer is, by default, three times the hello
interval. On LAN network the hold-down timer is 15 seconds.
Feasible and reported distance
Two terms that you will often encounter when working with EIGRP are feasible and
reported distance. Let's clarify these terms:
Feasible distance (FD) - the metric of the best route to reach a network. That route will
be listed in the routing table.
Reported distance (RD) - the metric advertised by a neighboring router for a specific
route. It other words, it is the metric of the route used by the neighboring router to reach
the network.

To better understand the concept, consider the following example. [12]

[Figure 19 : EIGRP ]
EIGRP has been configured on R1 and R2. R2 is directly connected to the subnet
10.0.1.0/24 and advertises that subnet into EIGRP. Let's say that R2's metric to reach
that subnet is 28160. When the subnet is advertised to R1, R2 informs R1 that its metric
to reach 10.0.1.0/24 is 10. From the R1's perspective that metric is considered to be the
reported distance for that route. R1 receives the update and adds the metric to the
neighbor to the reported distance. That metric is called feasible distance and is stored in
R1's routing table (30720 in our case).

29 | P a g e
The feasible and reported distance are displayed in R1's EIGRP topology table:

[Figure 20 : EIGRP topology table]
Successor and feasible successor
Another two terms that appear often in the EIGRP world are "successor" and "feasible
successor". A successor is the route with the best metric to reach a destination. That
route is stored in the routing table. A feasible successor is a backup path to reach that
same destination that can be used immediately if the successor route fails. These
backup routes are stored in the topology table.

For a route to be chosen as a feasible successor, one condition must be met:
a neighbor's advertised distance (AD) for the route must be less than the
successor's feasible distance (FD).

The following example explains the concept of a successor and a feasible successor .[13]

[Figure 21 : EIGRP topology]
30 | P a g e
R1 has two paths to reach the subnet 10.0.0.0/24. The path through R2 has the best
metric (20) and it is stored in the R1's routing table. The other route, through R3, is a
feasible successor route, because the feasibility condition has been met (R3's
advertised distance of 15 is less than R1's feasible distance of 20). R1 stores that route
in the topology table. This route can be immediately used if the primary route fails.
EIGRP topology table

EIGRP topology table contains all learned routes to a destination. The table holds all
routes received from a neighbor, successors and feasible successors for every route,
and interfaces on which updates were received. The table also holds all localy
connected subnets included in an EIGRP process.

Best routes (the successors) from the topology table are stored in the routing table.
Feasible successors are only stored in the topology table and can be used immediately
if the primary route fails.

Consider the following network topology.[14]
[Figure 22 : EIGRP Successor ]
EIGRP is running on all three routers. Routers R2 and R3 both connect to the subnet
10.0.1.0/24 and advertise that subnet to R1. R1 receives both updates and calculates
the best route. The best path goes through R2, so R1 stores that route in the routing
table. Router R1 also calculates the metric of the route through R3. Let's say that
advertised distance of that route is less then feasible distance of the best route. The
feasibility condition is met and router R1 stores that route in the topology table as a
feasible successor route. The route can be used immediately if the primary route fails.
31 | P a g e
2.7 OSPF (Open Shortest Path First)
OSPF (Open Shortest Path First) is a link state routing protocol. Because it is an open
standard, it is implemented by a variety of network vendors. OSPF will run on most
routers that doesn't necessarily have to be Cisco routers (unlike EIGRP which can be
run only on Cisco routers).

OSPF is a classless routing protocol that supports VLSM and CIDR, manual route
summarization, incremental updates, equal cost load balancing and many other useful
features. OSPF uses only one parameter as the metric, namely interface cost. The
administrative distance of OSPF routes is, by default, 110. OSPF uses multicast
addresses 224.0.0.5 and 224.0.0.6 for routing updates.

Routers running OSPF have to establish neighbor relationships before exchanging
routes. Because OSPF is a link state routing protocol, neighbors doesn't exchange
routing tables. Instead, they exchange information about network toplogy. Each OSFP
router then runs SFP algorithm to calculate the best routes and adds those to the
routing table. Because each router knows the entire topology of a network, a chance for
a routing loop to occur is minimal.

Each OSPF router stores routing and topology information in three tables:
• Neighbor table - stores information about OSPF neighbors
• Topology table - stores the topology structure of a network
• Routing table - stores the best routes
OSPF neighbors
OSPF routers need to establish a neighbor relationship before exchanging routing

updates. OSPF neighbors are dynamically discovered by sending Hello packets out
each OSPF-enabled interface on a router. Hello packets are sent to the multicast IP
address of 224.0.0.5.

The process is explained in the following figure :[15]

[Figure 23 : OSPF Hello]
Routers R1 and R2 are directly connected. After OSFP is enabled both routers send
Hellos to each other to establish a neighbor relationship. You can verify that the
32 | P a g e
neighbor relationship has indeed been established by typing the show ip ospf
neighbors command.

[Figure 24 : OSPF Neighbor Table]
In the example above, you can see that the router-id of R2 is 2.2.2.2.
Each OSPF router is assigned a router ID. A router ID is determined by using one of the
following:

1. Using the router-id command under the OSPF process
2. Using the highest IP address of the router's loopback interfaces
3. Using the highest IP address of the router's physical interfaces

The following fields in the Hello packets must be the same on both routers in order for
routers to become neighbors:
 subnet
 area id
 hello and dead interval timers
 authentication
 area stub flag
 MTU
By default, OSPF sends hello packets every 10 second on an Ethernet network (Hello
interval). A dead timer is four times the value of the hello interval, so if a routers on an
Ethernet network doesn't receive at least one Hello packet from an OSFP neighbor for
40 seconds, the routers declares that neighbor „down“.
OSPF neighbor states
Before establishing a neighbor relationship, OSPF routers need to go through several

state changes. These states are explained below.

1. Init state – a router has received a Hello message from the other OSFP router
2. 2-way state – the neighbor has received the Hello message and replied with a
Hello message of his own
3. Exstart state – beginning of the LSDB exchange between both routers.
Routers are starting to exchange link state information.
4. Exchange state – DBD (Database Descriptor) packets are exchanged. DBDs
contain LSAs headers. Routers will use this information to see what LSAs need
to be exchanged.
5. Loading state – one neighbor sends LSRs (Link State Requests) for every
33 | P a g e
network it doesn't know about. The other neighbor replies with the LSUs (Link
State Updates) which contain information about requested networks. After all the
requested information have been received, other neighbor goes through the
same process
6. Full state - both routers have the synchronized database and are fully adjacent
with each other.
OSPF areas
OSPF uses the concept of areas. An area is a logical grouping of contiguous networks
and routers. All routers in the same area have the same topology table, but they don't
know about routers in the other areas. The main benefits of creating areas is that the
size of the topology and the routing table on a router is reduced, less time is required to
run the SFP algorithm and routing updates are also reduced.

Each area in the OSPF network has to connect to the backbone area (area 0). All router
inside an area must have the same area ID to become OSPF neighbors. A router that
has interfaces in more than one area (area 0 and area 1, for example) is called Area
Border Router (ABR). A router that connects an OSPF network to other routing domains
(EIGRP network, for example) is called Autonomous System Border Routers (ASBR). [16]

[Figure 25 : OSPF area]
34 | P a g e
All routers are running OSPF. Routers R1 and R2 are inside the backbone area (area
0). Router R3 is an ABR, because it has interfaces in two areas, namely area 0 and
area 1. Router R4 and R5 are inside area 1. Router R6 is an ASBR, because it
connects OSFP network to another routing domain (an EIGRP domain in this case). If
the R1's directly connected subnet fails, router R1 sends the routing update only to R2
and R3, because all routing updates all localized inside the area.
NOTE – the role of an ABR is to advertise address summaries to neighboring areas.
The role of an ASBR is to connect an OSPF routing domain to another external network
(e.g. Internet, EIGRP network...).
LSA, LSU and LSR
The LSAs (Link-State Advertisements) are used by OSPF routers to exchange topology
information. Each LSA contains routing and toplogy information to describe a part of an
OSPF network. When two neighbors decide to exchange routes, they send each other a
list of all LSAa in their respective topology database. Each router then checks its
topology database and sends a Link State Request (LSR) message requesting all
LSAs not found in its topology table. Other router responds with the Link State Update
(LSU) that contains all LSAs requested by the other neighbor .[17]

[Figure 26 : OSPF neighbor]
After configuring OSPF on both routers, routers exchange LSAs to describe their
respective topology database. Router R1 sends an LSA header for its directly
connected network 10.0.1.0/24. Router R2 check its topology database and determines
that it doesn't have information about that network. Router R2 then sends Link State
Request message requesting further information about that network. Router R1
responds with Link State Update which contains information about subnet 10.0.1.0/24
(next hop address, cost...).
35 | P a g e
Chapter 3
Simulation IPv6 Routing
36 | P a g e
3.1 IP Planning
IP addresses are an integral part of any corporate network, and companies large and small are
consuming them faster with more applications and devices than ever before. Overlooking the
importance of getting a handle on IP addresses can prove disastrous. IP addresses are one of
the most critical resources that need to be managed in any network. Every networked
application and device from e-mail and Web connectivity to file storage and networked printers
depends on IP and requires address assignment. That presents a big enough challenge, but it's
becoming an even bigger challenge as new core services like VoIP and mobile networks
increase IP address assignment needs, requiring more robust allocation, classification, and
tracking of addresses.
Now Allocate IP Address:

Here This Bank is willing to use IPv6 and they got a IP Address from ISP
this Address is: 2001:DF1:6400:135::/64
Fast of all we have to divided specifically the whole infrastructure of Bank
Serial LAN Name Host (Apx)

01 Server 100
a. IT Admin 100
b. Network Team 100
02 IT Division
c. Database Team 100
d. System Team 100
a. Card Admin 100
b. Production 100
03 Card Division
c. Operation 200
d. Switching 100
a. HR Division 500
b. Central Accounce Division 300
c. Audit Division 350
04 Head Office d. GSDD 200
e. Low Division 300
f. International Division 500
g. Credit Division 500
a. Dhaka Region
b. Mymansing Region
c. Faridpur Region Each Region
d. Khulna Region has many
e. Barisal Region branches and
05 Regional Office
f. Chittagong Region each branch
g. Comilla Region have apromixtly
h. Sylhet Region 50 host
i. Rajshahi Region
j. Rongpur Region
06 Branch Office a. IT Section 10
b. Cash Section 10
c. General Banking Section 10
37 | P a g e
d. Loans & Advance Section 05
Now we can Divided our network in 5 major Sub-Networks

I. Server Network
II. IT Division Network
III. Card Division Network
IV. Head Office Network
V. Branch Network
These networks are also divided again some sub network, like
IT Division Network
1. IT Admin
2. Network Team
3. Database Team
4. System Team
Card Division Team:

1. Admin Card
2. Production Team
3. Operation Team
4. Switching Team
Head Office Network:

1. HR Division
2. Central Accounce Division
3. Audit Division
4. General Service & Development Division
5. Law Division
6. International Division
7. Credit Division
Country wide Branch Office:

1. Dhaka Region
2. Mymansing Region
3. Faridpur Region
4. Khulna Region
5. Barisal Region
6. Chittagong Region
7. Comilla Region
8. Sylhet Region
9. Rajshahi Region
10. Rongpur Office
Branch office:
1. Cash Section
2. General Banking Section
3. Loans & Advance Section
4. Foreign Exchange Section
38 | P a g e
4.2 IP Allocation
IPv6 address: 2001:DF1:6400:135::/64
Expanded Address: 2001:0DF1:6400:0135:0000:0000:0000:0000/64
Prefix: FFFF:FFFF:FFFF:FFFF:0000:0000:0000:0000
or /64
Range: 2001:DF1:6400:135:0:0:0:0 - 2001:DF1:6400:135:FFFF:FFFF:FFFF:FFFF
Gateway will be the last IP of corresponding Network and switches will get 2nd to the last
IP and gradually
Lower.
The new subnets are as follows:

2001:DF1:6400:135::/67 ------ Server
2001:DF1:6400:135:2000::/67 ------- IT Department
2001:DF1:6400:135:4000::/67 ------- Card Department
2001:DF1:6400:135:6000::/67 ------- Head OFFice
2001:DF1:6400:135:8000::/67 ------- Branch
2001:DF1:6400:135:A000::/67
2001:DF1:6400:135:C000::/67
2001:DF1:6400:135:E000::/67
Server LAN
===========
2001:DF1:6400:135::/67
----------------------
Network: 2001:DF1:6400:135::/120
1st IP: 2001:DF1:6400:135::/120
Last IP: 2001:DF1:6400:135::FF/120
Number Of Host: 256
-------------------------------------
Server IP
=======
DNS Server: 2001:DF1:6400:135::/120
Database Server: 2001:DF1:6400:135::1/120
Mail Server: 2001:DF1:6400:135::2/120
39 | P a g e
FTP & SYSLog Server: 2001:DF1:6400:135::3/120
NTP & DHCP Server: 2001:DF1:6400:135::4/120
Backup Server: 2001:DF1:6400:135::5/120
Web Server: 2001:DF1:6400:135::6/120
CMS Server: 2001:DF1:6400:135::7/120
Default Gateway: 2001:DF1:6400:135::FF/120

Server Core Switch IP: 2001:DF1:6400:135::F6/120
Server SYS Switch IP: 2001:DF1:6400:135::F5/120
Server NET Switch IP: 2001:DF1:6400:135::F4/120
IT Department
==============
2001:DF1:6400:135:2000::/67
---------------------------
2001:DF1:6400:135:2000::/120 Admin Network

2001:DF1:6400:135:2000::100/120 Network Team
2001:DF1:6400:135:2000::200/120 Database Team
2001:DF1:6400:135:2000::300/120 System Team
2001:DF1:6400:135:2000::400/120
2001:DF1:6400:135:2000::500/120
.....
.....
2001:DF1:6400:135:2000:0:3:E700/120 R&D
2001:DF1:6400:135:2000:0:3:E800/120 Data Center
Inter Device Network

======================
2001:DF1:6400:135:2000:0:3:E800/120
------------------------------------
2001:DF1:6400:135:2000:0:3:e800/122
2001:DF1:6400:135:2000:0:3:e840/122
2001:DF1:6400:135:2000:0:3:e880/122
2001:DF1:6400:135:2000:0:3:e8c0/122
Core 1 Network
---------------------
40 | P a g e
Network: 2001:DF1:6400:135:2000:0:3:e800/122
1st IP: 2001:DF1:6400:135:2000:0:3:e800/122
Last IP: 2001:DF1:6400:135:2000:0:3:e83F/122
Number Of Host: 64
Core 2 Network
---------------------
Network: 2001:DF1:6400:135:2000:0:3:e840/122
1st IP: 2001:DF1:6400:135:2000:0:3:e840/122
Last IP: 2001:DF1:6400:135:2000:0:3:e87F/122
Number Of Host: 64
Distribute Network
---------------------
Network: 2001:DF1:6400:135:2000:0:3:e880/122
1st IP: 2001:DF1:6400:135:2000:0:3:e880/122
Last IP: 2001:DF1:6400:135:2000:0:3:e8BF/122
Number Of Host: 64
Admin Network
--------------
Network: 2001:DF1:6400:135:2000::/120
1st IP: 2001:DF1:6400:135:2000::/120
Last IP: 2001:DF1:6400:135:2000::FF/120
Number Of Host: 256
Default Gateway: 2001:DF1:6400:135:2000::FF/120
Configuring 1st PC of IT Department’s Admin Section (Admin_PC1):
Step 1: Go to Network & Sharing Center
41 | P a g e
[Figure 26 : Windows 7- Network & Sharing Center]
1. Go to Network & Sharing Center

2. Click on Local Area Connection
[Figure 27 : Windows 7 -Local Area Connection]
42 | P a g e
3. Click on Properties
[Figure 28 : Windows 7- Network Properties]
4. Select Internet Protocol Version 6 (TCP/IPv6)

5. Click on Properties
[Figure 29 : Windows 7- TCP/IP]

6. Select Use Following IP Address
43 | P a g e
7. Provide dedicated IP Address
a. IPv6 Address: 2001:DF1:6400:135:2000::
b. Subnet Prefix length: 120
c. Default gateway: 2001:DF1:6400:135:2000::FF
d. Preferred DNS Server: 2001:DF1:6400:135::
[Figure 30 : Windows 7- IP]

8. Click Ok
9. Close All Window
Admin_PC2 IP address:
a. IPv6 Address: 2001:DF1:6400:135:2000::1
c. Default gateway: 2001:DF1:6400:135:2000::FF
Printer_Admin IP address:
a. IPv6 Address: 2001:DF1:6400:135:2000::F6
b. IPv6 Gateway: 2001:DF1:6400:135:2000::FF
c. IPv6 DNS Server: 2001:DF1:6400:135::
44 | P a g e
Network Team:
-------------
Network: 2001:DF1:6400:135:2000::100/120
1st IP: 2001:DF1:6400:135:2000::100/120
Last IP: 2001:DF1:6400:135:2000::1FF/120
Number Of Host: 256
Default Gateway: 2001:DF1:6400:135:2000::1FF

Preferred DNS Server: 2001:DF1:6400:135::
Net_PC1 IP address:
a. IPv6 Address: 2001:DF1:6400:135:2000::100
c. Default gateway: 2001:DF1:6400:135:2000::1FF
Net_PC2 IP address:
a. IPv6 Address: 2001:DF1:6400:135:2000::101
c. Default gateway: 2001:DF1:6400:135:2000::1FF
Printer_Net IP address:
a. IPv6 Address: 2001:DF1:6400:135:2000::1F6
b. IPv6 Gateway: 2001:DF1:6400:135:2000::1FF
c. IPv6 DNS Server: 2001:DF1:6400:135::
Database Team:
--------------
Network: 2001:DF1:6400:135:2000::200/120
1st IP: 2001:DF1:6400:135:2000::200/120
Last IP: 2001:DF1:6400:135:2000::2FF/120
Number Of Host: 256

System Team:
-------------
Network: 2001:DF1:6400:135:2000::300/120
1st IP: 2001:DF1:6400:135:2000::300/120
Last IP: 2001:DF1:6400:135:2000::3FF/120
Number Of Host: 256

45 | P a g e
Card Department:
===============
2001:DF1:6400:135:4000::/67
-------------------------------
2001:DF1:6400:135:4000::/120 Card Admin
2001:DF1:6400:135:4000::100/120 Production
2001:DF1:6400:135:4000::200/120 Operation
2001:DF1:6400:135:4000::300/120 Switching
2001:DF1:6400:135:4000::400/120
Card Admin
============
Network: 2001:DF1:6400:135:4000::/120
1st IP: 2001:DF1:6400:135:4000::/120
Last IP: 2001:DF1:6400:135:4000::FF/120
Number Of Host: 256
Default Gateway: 2001:DF1:6400:135:4000::FF

Production:
===========
Network: 2001:DF1:6400:135:4000::100/120
1st IP: 2001:DF1:6400:135:4000::100/120
Last IP: 2001:DF1:6400:135:4000::1FF/120
Number Of Host: 256

Card Operation:
==============
Network: 2001:DF1:6400:135:4000::200/120
1st IP: 2001:DF1:6400:135:4000::200/120
Last IP: 2001:DF1:6400:135:4000::2FF/120
Number Of Host: 256

Switching
===========
Network: 2001:DF1:6400:135:4000::300/120
1st IP: 2001:DF1:6400:135:4000::300/120
Last IP: 2001:DF1:6400:135:4000::3FF/120
Number Of Host: 256
46 | P a g e
Head Office
===========
2001:DF1:6400:135:6000::/67
-------------------------------
2001:DF1:6400:135:6000::/118 HR Division
2001:DF1:6400:135:6000::400/118 CAD
2001:DF1:6400:135:6000::800/118 Audit Division
2001:DF1:6400:135:6000::c00/118 GSDD
2001:DF1:6400:135:6000::1000/118 Law Division
2001:DF1:6400:135:6000::1400/118
2001:DF1:6400:135:6000::1800/118
HR Division:
------------
Network: 2001:DF1:6400:135:6000::/118
1st IP: 2001:DF1:6400:135:6000::/118
Last IP: 2001:DF1:6400:135:6000::3FF/118
Number Of Host: 1024

Central Accounce Division:

---------------------------
Network: 2001:DF1:6400:135:6000::400/118
1st IP: 2001:DF1:6400:135:6000::400/118
Last IP: 2001:DF1:6400:135:6000::7FF/118

Audit Division:
---------------------------
Network: 2001:DF1:6400:135:6000::800/118
1st IP: 2001:DF1:6400:135:6000::800/118
Last IP: 2001:DF1:6400:135:6000::BFF/118
Default Gateway: 2001:DF1:6400:135:6000::BFF

General Service and Development Division:

------------------------------------------
47 | P a g e
Network: 2001:DF1:6400:135:6000::C00/118
1st IP: 2001:DF1:6400:135:6000::C00/118
Last IP: 2001:DF1:6400:135:6000::FFF/118
Default Gateway: 2001:DF1:6400:135:6000::FFF

Law Division:
---------------------------
Network: 2001:DF1:6400:135:6000::1000/118
1st IP: 2001:DF1:6400:135:6000::1000/118
Last IP: 2001:DF1:6400:135:6000::13FF/118

48 | P a g e
Region of Branches
==================
2001:DF1:6400:135:8000::/71 Dhaka Region
2001:DF1:6400:135:8200::/71 Mymansing Region
2001:DF1:6400:135:8400::/71 Faridpur Region
2001:DF1:6400:135:8600::/71 Khulna Region
2001:DF1:6400:135:8800::/71 Barisal Region
2001:DF1:6400:135:8A00::/71 Cittagong Region
2001:DF1:6400:135:8C00::/71 Comilla Region
2001:DF1:6400:135:8E00::/71 Sylhet Region
2001:DF1:6400:135:9000::/71 Rajshahi Region
2001:DF1:6400:135:9200::/71 Rongpur Region
2001:DF1:6400:135:9400::/71
2001:DF1:6400:135:9600::/71
2001:DF1:6400:135:9800::/71
2001:DF1:6400:135:9A00::/71
2001:DF1:6400:135:9C00::/71
2001:DF1:6400:135:9E00::/71
Dhaka Region
-------------
2001:DF1:6400:135:8000::/71
---------------------------
2001:DF1:6400:135:8000::/121 Principle Branch
2001:DF1:6400:135:8000::80/121 Gulshan Branch
2001:DF1:6400:135:8000::100/121 Mirpur Branch
2001:DF1:6400:135:8000::180/121 Tongi Branch
2001:DF1:6400:135:8000::200/121
2001:DF1:6400:135:8000::280/121
2001:DF1:6400:135:8000::300/121
2001:DF1:6400:135:8000::380/121
2001:DF1:6400:135:8000::400/121
2001:DF1:6400:135:8000::480/121
...
...
2001:DF1:6400:135:8000:0:1:f380/121
2001:DF1:6400:135:8000:0:1:f400/121
Principle Branch Dhaka
-------------------------
Network: 2001:DF1:6400:135:8000::/121
1st IP: 2001:DF1:6400:135:8000::/121
49 | P a g e
Last IP: 2001:DF1:6400:135:6000::7F/121
Number Of Host: 128
---------------------
2001:DF1:6400:135:8000::/123 IT
2001:DF1:6400:135:8000::20/123 General Section
2001:DF1:6400:135:8000::40/123 Cash Section
2001:DF1:6400:135:8000::60/123 Loans & Advance
IT
---------------
1st IP: 2001:DF1:6400:135:8000:: /123
Gateway IP: 2001:DF1:6400:135:8000::1F/123
Number Of Host: 32
Server: 2001:DF1:6400:135:8000:: /123

Switch: 2001:DF1:6400:135:8000:: 1E/123
General Section
---------------
1st IP: 2001:DF1:6400:135:8000::20/123
Gateway IP: 2001:DF1:6400:135:8000::3F/123
Number Of Host: 32
Manager PC: 2001:DF1:6400:135:8000::20/123

1st pc of General Section: 2001:DF1:6400:135:8000::21/123
10th PC of General Section: 2001:DF1:6400:135:8000::2A/123
Printer IP: 2001:DF1:6400:135:8000::3E/123
Cash Section
--------------
Cash Officer IP: 2001:DF1:6400:135:8000::40/123
Gateway IP: 2001:DF1:6400:135:8000::5F/123
Number Of Host: 32
Cash_PC1: 2001:DF1:6400:135:8000::41/123
Cash_PC1: 2001:DF1:6400:135:8000::42/123
Loan & Advance Section:

-----------------------------------
1st IP: 2001:DF1:6400:135:8000::60/123
Gateway IP: 2001:DF1:6400:135:8000::7F/123
Number Of Host: 32
50 | P a g e
Gulshan Branch:
---------------
Network: 2001:DF1:6400:135:8000::80/121
2001:DF1:6400:135:8000::80/123 IT
2001:DF1:6400:135:8000::a0/123 General Section
2001:DF1:6400:135:8000::c0/123 Cash Section
2001:DF1:6400:135:8000::e0/123 Loans & Advance
IT
---------------
1st IP: 2001:DF1:6400:135:8000::80 /123
Gateway IP: 2001:DF1:6400:135:8000::9F/123
Number Of Host: 32
Server: 2001:DF1:6400:135:8000:: 80/123

Switch: 2001:DF1:6400:135:8000:: 9E/123
General Section
---------------
1st IP: 2001:DF1:6400:135:8000::A0/123
Gateway IP: 2001:DF1:6400:135:8000::BF/123
Number Of Host: 32
Manager PC: 2001:DF1:6400:135:8000::A0/123

1st pc of General Section: 2001:DF1:6400:135:8000::A1/123
10th PC of General Section: 2001:DF1:6400:135:8000::AA/123
Printer IP: 2001:DF1:6400:135:8000::BE/123
Cash Section
--------------
Cash Officer IP: 2001:DF1:6400:135:8000::C0/123
Gateway IP: 2001:DF1:6400:135:8000::DF/123
Number Of Host: 32
Cash_PC1: 2001:DF1:6400:135:8000::C1/123
Cash_PC1: 2001:DF1:6400:135:8000::C2/123

-----------------------------------
1st IP: 2001:DF1:6400:135:8000::E0/123
Gateway IP: 2001:DF1:6400:135:8000::FF/123
Number Of Host: 32
51 | P a g e
Chittagong Region
=====================================
2001:DF1:6400:135:8a00::/71
-----------------------------
2001:DF1:6400:135:8A00::/121 Ctg Corporate Branch
2001:DF1:6400:135:8A00::80/121 Main Branch
2001:DF1:6400:135:8A00::100/121 Port Branch
2001:DF1:6400:135:8A00::180/121
…..
……
2001:DF1:6400:135:8A00:0:1:f380/121
2001:DF1:6400:135:8A00:0:1:f400/121
---------------------------------
Port Branch
--------------
Network: 2001:DF1:6400:135:8A00::100/121
2001:DF1:6400:135:8A00::100/123 IT
2001:DF1:6400:135:8A00::120/123 General Section
2001:DF1:6400:135:8A00::140/123 Cash Section
2001:DF1:6400:135:8A00::160/123 Loans & Advance
IT
---------------
1st IP: 2001:DF1:6400:135:8A00::100/123
Gateway IP: 2001:DF1:6400:135:8A00::11F/123
Number Of Host: 32
Server: 2001:DF1:6400:135:8A00::100/123
Switch: 2001:DF1:6400:135:8A00::11E/123
General Section
---------------
1st IP: 2001:DF1:6400:135:8A00::120/123
Gateway IP: 2001:DF1:6400:135:8A00::13F/123
Number Of Host: 32
52 | P a g e
Manager PC: 2001:DF1:6400:135:8A00::120/123
1st pc of General Section: 2001:DF1:6400:135:8A00::121/123
10th PC of General Section: 2001:DF1:6400:135:8A00::12A/123
Printer IP: 2001:DF1:6400:135:8A00::13E/123
Cash Section
--------------
Cash Officer IP: 2001:DF1:6400:135:8A00::140/123
Gateway IP: 2001:DF1:6400:135:8000::15F/123
Number Of Host: 32
Cash_PC1: 2001:DF1:6400:135:8A00::141/123
Cash_PC1: 2001:DF1:6400:135:8A00::142/123

-----------------------------------
1st IP: 2001:DF1:6400:135:8A00::160/123
Gateway IP: 2001:DF1:6400:135:8A00::17F/123
Number Of Host: 32
53 | P a g e
Mazar Branch: (Sylhet Region)
----------------------------------
Network: 2001:DF1:6400:135:8E00::80/121
2001:DF1:6400:135:8E00::80/123 IT
2001:DF1:6400:135:8E00::A0/123 General Section
2001:DF1:6400:135:8E00::C0/123 Cash Section
2001:DF1:6400:135:8E00::E0/123 Loans & Advance
IT
---------------
1st IP: 2001:DF1:6400:135:8E00::80 /123
Gateway IP: 2001:DF1:6400:135:8E00::9F/123
Number Of Host: 32
Server: 2001:DF1:6400:135:8E00:: 80/123

Switch: 2001:DF1:6400:135:8E00:: 9E/123
General Section
---------------
1st IP: 2001:DF1:6400:135:8E00::A0/123
Gateway IP: 2001:DF1:6400:135:8E00::BF/123
Number Of Host: 32
Manager PC: 2001:DF1:6400:135:8E00::A0/123

1st pc of General Section: 2001:DF1:6400:135:8E00::A1/123
10th PC of General Section: 2001:DF1:6400:135:8E00::AA/123
Printer IP: 2001:DF1:6400:135:8E00::BE/123
Cash Section
--------------
Cash Officer IP: 2001:DF1:6400:135:8E00::C0/123
Gateway IP: 2001:DF1:6400:135:8E00::DF/123
Number Of Host: 32
Cash_PC1: 2001:DF1:6400:135:8E00::C1/123
Cash_PC1: 2001:DF1:6400:135:8E00::C2/123

-----------------------------------
1st IP: 2001:DF1:6400:135:8E00::E0/123
Gateway IP: 2001:DF1:6400:135:8E00::FF/123
Number Of Host: 32
54 | P a g e
Main Branch: (Khulna Region)
---------------
Network: 2001:DF1:6400:135:8600::100/121
2001:DF1:6400:135:8600::100/123 IT
2001:DF1:6400:135:8600::140/123 Cash Section
2001:DF1:6400:135:8600::160/123 Loans & Advance
IT
---------------
1st IP: 2001:DF1:6400:135:8600::100/123
Gateway IP: 2001:DF1:6400:135:8600::11F/123
Number Of Host: 32
Server: 2001:DF1:6400:135:8600::100/123
Switch: 2001:DF1:6400:135:8600::11E/123
General Section
---------------
1st IP: 2001:DF1:6400:135:8600::120/123
Gateway IP: 2001:DF1:6400:135:8600::13F/123
Number Of Host: 32
Manager PC: 2001:DF1:6400:135:8600::120/123

Printer IP: 2001:DF1:6400:135:8600::13E/123
Cash Section
--------------
Gateway IP: 2001:DF1:6400:135:8000::15F/123
Number Of Host: 32
Cash_PC1: 2001:DF1:6400:135:8600::141/123
Cash_PC1: 2001:DF1:6400:135:8600::142/123

-----------------------------------
1st IP: 2001:DF1:6400:135:8600::160/123
Gateway IP: 2001:DF1:6400:135:8600::17F/123
Number Of Host: 32
55 | P a g e
University Campus Branch: (Rajshahi Region)
---------------
Network: 2001:DF1:6400:135:9000::100/121
2001:DF1:6400:135:9000::100/123 IT
2001:DF1:6400:135:9000::140/123 Cash Section
2001:DF1:6400:135:9000::160/123 Loans & Advance
IT
---------------
1st IP: 2001:DF1:6400:135:9000::100/123
Gateway IP: 2001:DF1:6400:135:9000::11F/123
Number Of Host: 32
Server: 2001:DF1:6400:135:9000::100/123
Switch: 2001:DF1:6400:135:9000::11E/123
General Section
---------------
1st IP: 2001:DF1:6400:135:9000::120/123
Gateway IP: 2001:DF1:6400:135:9000::13F/123
Number Of Host: 32
Manager PC: 2001:DF1:6400:135:9000::120/123

Printer IP: 2001:DF1:6400:135:9000::13E/123
Cash Section
--------------
Gateway IP: 2001:DF1:6400:135:8000::15F/123
Number Of Host: 32
Cash_PC1: 2001:DF1:6400:135:9000::141/123
Cash_PC1: 2001:DF1:6400:135:9000::142/123

-----------------------------------
1st IP: 2001:DF1:6400:135:9000::160/123
Gateway IP: 2001:DF1:6400:135:9000::17F/123
Number Of Host: 32
56 | P a g e
3.3 Branch Configuration:
Gulsan Branch Configuration

For online banking Branch has to connected with Data center. Branch has his own LAN
and it has to connected WAN. For security connection via VPN. [18]
[Figure 31 : Local Area Network][]
In a branch all workstation connected to Server via a switch. Sarver is connected to

Router and to ISP
Router
1. Set router clock to the current date and time
Router>enable
Router#clock set 3:18:00 30 Aug 2015
Show current Time:

Router#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the router hostname to IT
Router(config)#hostname IT
GUL(config)#
3. Set Banner Message of the Day to Unauthorized Access Prohibited!
GUL(config)#banner motd #Unauthorized Access Prohibited!#
4. Newly-entered passwords must have a minimum length of 6 characters.
57 | P a g e
GUL(config)#security passwords min-length 6
5. Protect device configurations from unauthorized access with the encrypted password.
Set the password to PubaliIT
GUL(config)#enable secret PubaliIT
6. Secure all the ways to access the router. Set the passwords to PubaliHO
a) Protect Console GUL
GUL(config)#line console 0
GUL(config-line)#password PubaliHO
GUL(config-line)#login
GUL(config-line)#exit
b) Protect Virtual Terminal Line:
GUL(config)#line vty 0 4
GUL(config-line)#password PubaliHO
GUL(config-line)#login
7. Prevent all passwords from being viewed in clear text in device configuration files.
GUL(config)#service password-encryption
8. Prevent device status messages from interrupting command line entries at the device
console.
GUL(config-line)#logging synchronous
9. Prevent the router from attempting to resolve command line entries to IP addresses.
GUL(config)#no ip domain-lookup
10. Save Running Configuration to Startup:
IT#copy running-config startup-config
11. Providing IP to interface:

GUL(config)#interface gigabitEthernet 0/0
GUL(config-if)#no shutdown
GUL(config-if)# exit
GUL(config)#interface gigabitEthernet 0/0.1

GUL(config-subif)# encapsulation dot1Q 1
58 | P a g e
GUL(config-subif)#ipv6 address 2001:DF1:6400:135:8000:::FF/120
GUL(config-subif)#no shutdown
GUL(config-subif)# exit

GUL(config-subif)#ipv6 address 2001:DF1:6400:135:8000:::1FF/120


Switch:
1. Set Switch clock to the current date and time
Switch>enable
Switch#clock set 3:18:00 30 Aug 2015
Show current Time:

Switch#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the Switch hostname to GUL_SW
Switch(config)#hostname GUL_SW
GUL_SW(config)#
GUL_SW(config)#banner motd #Unauthorized Access Prohibited!#
GUL_SW(config)#security passwords min-length 6
59 | P a g e
GUL_SW(config)#enable secret PubaliIT
6. Secure all the ways to access the Switch. Set the passwords to PubaliHO
a) Protect Console GUL
GUL_SW(config)#line console 0
GUL_SW(config-line)#password PubaliHO
GUL_SW(config-line)#login
GUL_SW(config-line)#exit
GUL_SW(config)#line vty 0 4
GUL_SW(config-line)#password PubaliHO
GUL_SW(config-line)#login
GUL_SW(config)#service password-encryption
console.
GUL_SW(config-line)#logging synchronous
9. Prevent the Switch from attempting to resolve command line entries to IP addresses.
GUL_SW(config)#no ip domain-lookup
GUL_SW#copy running-config startup-config
11. Creating VLAN:

GUL_SW(config)#vlan 200
GUL_SW(config_vlan)#name IT
GUL_SW(config_vlan)#vlan 300
GUL_SW(config_vlan)#name GS
GUL_SW(config_vlan)#name CASH
GUL_SW(config_vlan)#name lone
12. Assign GULs to relative Vlan
GUL_SW(config)# interface range fastEthernet 0/1-0/5

GUL_SW(config-if-range)# switchGUL mode access
GUL_SW(config-if-range)# switchGUL access vlan 200
60 | P a g e
GUL_SW(config-if-range)# No shutdown
GUL_SW(config-if-range)# Exit

GUL_SW(config-if-range
61 | P a g e
Port Branch Configuration
Router
Router>enable
Show current Time:

Router#show clock
*3:18:51.109 UTC Sun Aug 30 2015
PORT(config)#
PORT(config)#banner motd #Unauthorized Access Prohibited!#
PORT(config)#security passwords min-length 6
PORT(config)#enable secret PubaliIT
a) Protect Console Port
PORT(config)#line console 0
PORT(config-line)#password PubaliHO
PORT(config-line)#login
PORT(config-line)#exit
PORT(config)#line vty 0 4
PORT(config-line)#password PubaliHO
PORT(config-line)#login
PORT(config)#service password-encryption
62 | P a g e
console.
PORT(config-line)#logging synchronous
PORT(config)#no ip domain-lookup

PORT(config)#interface gigabitEthernet 0/0
PORT(config-if)#no shutdown
PORT(config-if)# exit
PORT(config)#interface gigabitEthernet 0/0.1

PORT(config-subif)# encapsulation dot1Q 1
PORT(config-subif)#ipv6 address 2001:DF1:6400:135:8A00:::FF/120
PORT(config-subif)#no shutdown
PORT(config-subif)# exit

PORT(config-subif)#ipv6 address 2001:DF1:6400:135:8A00:::1FF/120


63 | P a g e
Switch:
Switch>enable
Show current Time:

Switch#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the Switch hostname to PORT_SW
Switch(config)#hostname PORT_SW
PORT_SW(config)#
PORT_SW(config)#banner motd #Unauthorized Access Prohibited!#
PORT_SW(config)#security passwords min-length 6
PORT_SW(config)#enable secret PubaliIT
PORT_SW(config)#line console 0
PORT_SW(config-line)#password PubaliHO
PORT_SW(config-line)#login
PORT_SW(config-line)#exit
PORT_SW(config)#line vty 0 4
PORT_SW(config-line)#password PubaliHO
PORT_SW(config-line)#login
PORT_SW(config)#service password-encryption
64 | P a g e
console.
PORT_SW(config-line)#logging synchronous
PORT_SW(config)#no ip domain-lookup
PORT_SW#copy running-config startup-config
11. Creating VLAN:

PORT_SW(config)#vlan 200
PORT_SW(config_vlan)#name IT
PORT_SW(config_vlan)#vlan 300
PORT_SW(config_vlan)#name GS
PORT_SW(config_vlan)#name CASH
PORT_SW(config_vlan)#name lone
12. Assign ports to relative Vlan
PORT_SW(config)# interface range fastEthernet 0/1-0/5

PORT_SW(config-if-range)# switchport mode access
PORT_SW(config-if-range)# switchport access vlan 200
PORT_SW(config-if-range)# No shutdown
PORT_SW(config-if-range)# Exit
+PORT_SW(config-if-range)# Exit

65 | P a g e
4.3 Configuring Data Center Devices:
Configuring Data Center Router:
1) Set router clock to the current date and time

Router>enable
Show current Time:

Router#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the router hostname to DC
Router(config)#hostname DC
DC(config)#
DC(config)#banner motd #Unauthorized Access Prohibited!#
DC(config)#security passwords min-length 6
DC(config)#enable secret PubaliIT
DC(config)#line console 0
DC(config-line)#password PubaliHO
DC(config-line)#login
DC(config-line)#exit
66 | P a g e
DC(config)#line vty 0 4
DC(config-line)#password PubaliHO
DC(config-line)#login
DC(config)#service password-encryption
console.
DC(config-line)#logging synchronous
DC(config)#no ip domain-lookup
DC#copy running-config startup-config

DC(config)#interface gigabitEthernet 0/0
DC(config-if)#ipv6 address 2001:DF1:6400:135::FF/120
DC(config-if)#no shutdown
DC(config-if)# exit

DC(config-if)#ipv6 address 2001:DF1:6400:135:2000::3:E803/122
DC(config-if)# exit

DC(config-if)#ipv6 address 2001:DF1:6400: 135:2000::3:E843/122
DC(config-if)# exit
67 | P a g e
Configuring Core Router 1 :

Router>enable
Show current Time:

Router#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the router hostname to CORE_1
Router(config)#hostname CORE_1
CORE_1(config)#
CORE_1(config)#banner motd #Unauthorized Access Prohibited!#
CORE_1(config)#security passwords min-length 6
CORE_1 (config)#enable secret PubaliIT
CORE_1(config)#line console 0
CORE_1(config-line)#password PubaliHO
CORE_1(config-line)#login
CORE_1(config-line)#exit
CORE_1(config)#line vty 0 4
CORE_1(config)#service password-encryption
68 | P a g e
console.
CORE_1(config-line)#logging synchronous
CORE_1(config)#no ip domain-lookup
CORE_1#copy running-config startup-config
CORE_1 (config)#interface gigabitEthernet 0/0

CORE_1(config-if)#ipv6 address 2001:DF1:6400:135:2000::3:E801/122
CORE_1(config-if)#no shutdown
CORE_1(config-if)# exit
CORE_1(config)#interface gigabitEthernet 0/1


69 | P a g e
Configuring Core Router 2 :

Router>enable
Show current Time:

Router#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the router hostname to CORE_2
Router(config)#hostname CORE_2
CORE_2(config)#
CORE_2(config)#banner motd #Unauthorized Access Prohibited!#
CORE_2(config)#security passwords min-length 6
CORE_2 (config)#enable secret PubaliIT
CORE_2(config)#line console 0
CORE_2(config)#line vty 0 4
CORE_2(config)#service password-encryption
70 | P a g e
console.
CORE_2(config-line)#logging synchronous
CORE_2(config)#no ip domain-lookup
CORE_2#copy running-config startup-config
CORE_2 (config)#interface gigabitEthernet 0/0



71 | P a g e
Configuring Core Switch 1

Switch>enable
Show current Time:

Switch#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the Switch hostname to CORE_SW1
Switch(config)#hostname CORE_SW1
CORE_SW1(config)#
CORE_SW1(config)#banner motd #Unauthorized Access Prohibited!#
CORE_SW1(config)#security passwords min-length 6
CORE_SW1 (config)#enable secret PubaliIT
CORE_SW1(config)#line console 0
CORE_SW1(config-line)#password PubaliHO
CORE_SW1(config-line)#login
CORE_SW1(config-line)#exit
CORE_SW1(config)#line vty 0 4
CORE_SW1(config)#service password-encryption
72 | P a g e
console.
CORE_SW1(config-line)#logging synchronous
CORE_SW1(config)#no ip domain-lookup
CORE_SW1#copy running-config startup-config
11. Change Switch port mode to Trank:
CORE_SW1(config)# interface range fa0/1-3

CORE_SW1 (config-if-range)# switchport mode trunk
CORE_SW1 (config-if-range)#switchport trunk native vlan 1
CORE_SW1 (config-if-range)#exit
73 | P a g e
Configuring Core Switch 2

Switch>enable
Show current Time:

Switch#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the Switch hostname to CORE_SW2
Switch(config)#hostname CORE_SW2
CORE_SW2(config)#
CORE_SW2(config)#banner motd #Unauthorized Access Prohibited!#
CORE_SW2(config)#security passwords min-length 6
CORE_SW2(config)#enable secret PubaliIT
CORE_SW2(config)#line console 0
CORE_SW2(config)#line vty 0 4
CORE_SW2(config)#service password-encryption
74 | P a g e
console.
CORE_SW2(config-line)#logging synchronous
CORE_SW2(config)#no ip domain-lookup
CORE_SW2#copy running-config startup-config
CORE_SW2(config)# interface range fa0/1-3

CORE_SW2(config-if-range)# switchport mode trunk
CORE_SW2(config-if-range)#switchport trunk native vlan 1
CORE_SW2(config-if-range)#exit
75 | P a g e
Configuring Distribution Switch 1

Switch>enable
Show current Time:

Switch#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the Switch hostname to DIST_SW1
Switch(config)#hostname DIST_SW1
DIST_SW1(config)#
DIST_SW1(config)#banner motd #Unauthorized Access Prohibited!#
DIST_SW1(config)#security passwords min-length 6
DIST_SW1(config)#enable secret PubaliIT
DIST_SW1(config)#line console 0
DIST_SW1(config-line)#password PubaliHO
DIST_SW1(config-line)#login
DIST_SW1(config-line)#exit
DIST_SW1(config)#line vty 0 4
DIST_SW1(config)#service password-encryption
76 | P a g e
console.
DIST_SW1(config-line)#logging synchronous
DIST_SW1(config)#no ip domain-lookup
DIST_SW1#copy running-config startup-config
DIST_SW1(config)# interface range fa0/1-3

DIST_SW1(config-if-range)# switchport mode trunk
DIST_SW1(config-if-range)#switchport trunk native vlan 1
DIST_SW1(config-if-range)#exit
77 | P a g e
Configuring Distribution Switch 2

Switch>enable
Show current Time:

Switch#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the Switch hostname to DIST_SW2
Switch(config)#hostname DIST_SW2
DIST_SW2(config)#
DIST_SW2(config)#banner motd #Unauthorized Access Prohibited!#
DIST_SW2(config)#security passwords min-length 6
DIST_SW2(config)#enable secret PubaliIT
DIST_SW2(config)#line console 0
DIST_SW2(config)#line vty 0 4
DIST_SW2(config)#service password-encryption
78 | P a g e
console.
DIST_SW2(config-line)#logging synchronous
DIST_SW2(config)#no ip domain-lookup
DIST_SW2#copy running-config startup-config
DIST_SW2(config)# interface range fa0/1-3

DIST_SW2(config-if-range)# switchport mode trunk
DIST_SW2(config-if-range)#switchport trunk native vlan 1
DIST_SW2(config-if-range)#exit
79 | P a g e
Configuring IT Department Router:

Router>enable
Show current Time:

Router#show clock
*3:18:51.109 UTC Sun Aug 30 2015
IT(config)#
IT(config)#banner motd #Unauthorized Access Prohibited!#
IT(config)#security passwords min-length 6
IT(config)#enable secret PubaliIT
IT(config)#line console 0
IT(config-line)#password PubaliHO
IT(config-line)#login
IT(config-line)#exit
IT(config)#line vty 0 4
IT(config-line)#password PubaliHO
IT(config-line)#login
IT(config)#service password-encryption
80 | P a g e
console.
IT(config-line)#logging synchronous
IT(config)#no ip domain-lookup

IT(config)#interface gigabitEthernet 0/0
IT(config-if)#no shutdown
IT(config-if)# exit
IT(config)#interface gigabitEthernet 0/0.1

IT(config-subif)# encapsulation dot1Q 1
IT(config-subif)#ipv6 address 2001:DF1:6400:135::FF/120
IT(config-subif)#no shutdown
IT(config-subif)# exit

IT(config-subif)#ipv6 address 2001:DF1:6400:135::1FF/120


81 | P a g e
IT(config-if)#ipv6 address 2001:DF1:6400:135:2000::3:E804/122
IT(config-if)# exit

IT(config-if)#ipv6 address 2001:DF1:6400: 135:2000::3:E844/122
IT(config-if)# exit
82 | P a g e
Configuring IT Department Switch

Switch>enable
Show current Time:

Switch#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the Switch hostname to ITD_SW
Switch(config)#hostname ITD_SW
ITD_SW(config)#
ITD_SW(config)#banner motd #Unauthorized Access Prohibited!#
ITD_SW(config)#security passwords min-length 6
ITD_SW(config)#enable secret PubaliIT
ITD_SW(config)#line console 0
ITD_SW(config-line)#password PubaliHO
ITD_SW(config-line)#login
ITD_SW(config-line)#exit
ITD_SW(config)#line vty 0 4
ITD_SW(config-line)#password PubaliHO
ITD_SW(config-line)#login
ITD_SW(config)#service password-encryption
83 | P a g e
console.
ITD_SW(config-line)#logging synchronous
ITD_SW(config)#no ip domain-lookup
ITD_SW#copy running-config startup-config
ITD_SW(config)# interface range fa0/1-3

ITD_SW(config-if-range)# switchport mode trunk
ITD_SW(config-if-range)#switchport trunk native vlan 1
ITD_SW(config-if-range)#exit
84 | P a g e
Configuring Card Department Router:

Router>enable
Show current Time:

Router#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the router hostname to CD
Router(config)#hostname CD
CD(config)#
CD(config)#banner motd #Unauthorized Access Prohibited!#
CD(config)#security passwords min-length 6
CD (config)#enable secret PubaliIT
CD(config)#line console 0
CD(config-line)#password PubaliHO
CD(config-line)#login
CD(config-line)#exit
CD(config)#line vty 0 4
CD(config-line)#password PubaliHO
CD(config-line)#login
CD(config)#service password-encryption
85 | P a g e
console.
CD(config-line)#logging synchronous
CD(config)#no ip domain-lookup
CD#copy running-config startup-config
CD (config)#interface gigabitEthernet 0/0

CD(config-if)#ipv6 address 2001:DF1:6400:135:2000::3:E801/122
CD(config-if)#no shutdown
CD(config-if)# exit
CD(config)#interface gigabitEthernet 0/1

CD(config-if)# exit
CD(config)#interface gigabitEthernet 0/2

CD(config-if)# exit
86 | P a g e
Configuring Card Department Switch:

Switch>enable
Show current Time:

Switch#show clock
*3:18:51.109 UTC Sun Aug 30 2015
2. Configuring the Switch hostname to CD_SW
Switch(config)#hostname CD_SW
CD_SW(config)#
CD_SW(config)#banner motd #Unauthorized Access Prohibited!#
CD_SW(config)#security passwords min-length 6
CD_SW(config)#enable secret PubaliIT
CD_SW(config)#line console 0
CD_SW(config-line)#password PubaliHO
CD_SW(config-line)#login
CD_SW(config-line)#exit
CD_SW(config)#line vty 0 4
CD_SW(config-line)#password PubaliHO
CD_SW(config-line)#login
CD_SW(config)#service password-encryption
87 | P a g e
console.
CD_SW(config-line)#logging synchronous
CD_SW(config)#no ip domain-lookup
CD_SW#copy running-config startup-config
CD_SW(config)# interface range fa0/1-3

CD_SW(config-if-range)# switchport mode trunk
CD_SW(config-if-range)#switchport trunk native vlan 1
CD_SW(config-if-range)#exit
88 | P a g e
3.5 OSPF Configuration
Router Core1
Core_1(config)#router ospf 1
Core_1(config-router)#router-id 1.1.1.1
Core_1(config)#interface gigabitEthernet 0/0
Core_1(config-if)#ipv6 ospf 1 area 0
Core_1(config-if)#exit
Router Core 2
Core_2(config)#router ospf 1
Core_2(config-router)#router-id 10.10.10.10
DC Router
DC (config)#router ospf 1
DC (config-router)#router-id 3.3.3.3
DC (config)#interface gigabitEthernet 0/0
DC (config-if)#ipv6 ospf 1 area 0
DC (config-if)#exit
DC(config-if)#exit
DC(config-if)#exit
IT Router
IT (config)#router ospf 1
IT(config-router)#router-id 3.3.3.3
IT(config-if)#ipv6 ospf 1 area 0
IT(config-if)#exit
89 | P a g e
IT(config-if)#exit
IT(config-if)#exit
90 | P a g e
3.6 ISP & VPN Configuration
ISP Configuration
ISP(config)#ip access-list standard RST-PRIVATE

ISP(config-std-nacl)#remark Restrict Class A Private
ISP(config-std-nacl)#deny 10.0.0.0 0.255.255.255
ISP(config-std-nacl)#remark Restrict Class B Private
ISP(config-std-nacl)#remark Restrict Class C Private
ISP(config-std-nacl)#remark Allow All Other IP
ISP(config-std-nacl)#permit any
ISP(config-std-nacl)#exit
ISP(config)#int s0/0/0
ISP(config-if)#ip access-group RST-PRIVATE in
ISP(config-if)#exit
ISP(config)#int s0/0/1
ISP(config-if)#ip access-group RST-PRIVATE in
ISP(config-if)#exit
VPN Configuration:
Step 1: Configure IKE Policy and Pre-shared Key:
CE1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CE1(config)#crypto isakmp policy 10
CE1(config-isakmp)#encryption 3des
CE1(config-isakmp)#group 2
CE1(config-isakmp)#authentication pre-share
CE1(config-isakmp)#exit
CE1(config)#crypto isakmp key 0 ipsecvpn address ipv6 2002::1/128
CE2(config)#crypto isakmp key 0 ipsecvpn address ipv6 2001::1/128
Step 2: Configuring an IPsec Transform Set and IPsec Profile:
Configure same IPsec Transform Set and IPsec Profile on the routers CE1 and CE2:
91 | P a g e
CE1(config)#crypto ipsec transform-set ipv6_tran esp-3des esp-sha-hmac
CE1(cfg-crypto-trans)#mode tunnel
CE1(cfg-crypto-trans)#exit
CE1(config)#crypto ipsec profile ipv6_ipsec_pro ……(This transform set need to bind in
VTI step4)
CE1(ipsec-profile)#set transform-set ipv6_tran
CE1(ipsec-profile)#exit
CE1(config)#
Step 3: Configure an ISAKMP Profile in IPv6:
ISAKMP profile is configured in the routers CE1 and CE2 and ensure that configuration
statement must designate the identity address of the appropriate interface on the peer
router.
CE1(config)#crypto isakmp profile 3des

% A profile is deemed incomplete until it has match identity statements
CE1(conf-isa-prof)#self-identity address ipv6
CE1(conf-isa-prof)#match identity address ipv6 2002::1/128
CE1(conf-isa-prof)#keyring default
CE1(conf-isa-prof)# exit
CE1(config)#
Step 4: Configure ipsec IPv6 VTI :
Configuring IPv6 IPsec VTI on router is pretty simple
CE1(config)#int tunnel 1
CE1(config-if)#ipv6 enable
CE1(config-if)#ipv6 address 2012::1/64
CE1(config-if)#tunnel source 2001::1
CE1(config-if)#tunnel destination 2002::1
CE1(config-if)#tunnel mode ipsec ipv6
CE1(config-if)#tunnel protection ipsec profile ipv6_ipsec_pro
*Mar 1 01:32:30.907: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
CE1(config-if)#exit
CE2(config)#int tunnel 1
CE2(config-if)#ipv6 enable
CE2(config-if)#ipv6 address 2012::2/64
CE2(config-if)#tunnel source 2002::1
92 | P a g e
CE2(config-if)#tunnel destination 2001::1
CE2(config-if)#tunnel mode ipsec ipv6
CE2(config-if)#tunnel protection ipsec profile ipv6_ipsec_pro
*Mar 1 01:32:30.907: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
CE2(config-if)#exit
CE1(config)#ipv6 route FC01::/64 2012::2
CE2(config)#ipv6 route FC00::/64 2012::1
93 | P a g e
Chapter 4
Requirements
94 | P a g e
4.1 Requirements for a Branch
Requirements for IPv6 routing are not much different from IPv4 routing. The
list of required devices are:
1. Network Interface Card
[Figure 32 : NIC][19]
2. Manageable Switch
[20]
[Figure 33: Switch]
3. Router
[21]
[Figure34: Router]
4. Media Converter
[Figure 35: MC] [22]

5. Operating System : Windows-7/ Linux / Solaris
6. Connection Link: 1 Mbps
95 | P a g e
4.2 Requirements for Data Center
For Banking network Data Center needs a lot of devices to make network
secure and fast. List of devices are given here
1. Media Converter
2. Router
3. Gateway
4. Firewall
5. Proxy server
6. NTP Server
7. DNS Server
8. Mail Server
9. FTP Server
10. Fiber Connection : 100 Mbps
96 | P a g e
Chapter 5
Conclusion
97 | P a g e
5.1 Summary of Simulation
Its is very difficult to draw real scenario in virtually. We simulate in on Cisco

Packet Tracer . Though it is very user friendly but it has some limitations also.
Cisco Networking Academy is pleased to announce the new release of Packet Tracer, a
Network Simulation Software. Packet Tracer 4.1 is the next major release of the
interactive network simulation and learning tool for Cisco CCNA instructors and
students. It allows users to create network topologies, configure devices, inject packets,
and simulate a network with multiple visual representations. This release of Packet
Tracer focuses on supporting more of the networking protocols taught in the CCNA
curriculum.
About Packet Tracer

Packet Tracer is a self-paced, visual, interactive teaching and learning tool. It is
designed to increase interaction between students and instructors, promote student
learning, and enhance instructor presentations. This technology is a new and fun way to
expand teaching and learning experiences beyond the limitations of a traditional lab
environment. Packet Tracer helps resolve some common challenges that instructors
face on a daily basis, while enabling us to explore new frontiers in networking
education.
Product Feature Solution Fit

Packet Tracer 4.1 is an enhancement of the current standalone PT4.0 product. It
expands upon the feature set that exists in PT4.0. This product is meant to be used as
an education product that provides exposure to the command-line interface of Cisco
devices for practice and discovery learning. PT4.1 also improves on the visualization
components of PT4.0, making it easier for instructors to deliver presentations and for
students to understand the inner workings and interactions of networking equipment to
perform data transfer and support communications.
Key Features
In the Simulation and Visualization Mode, students can see and control time
intervals, the inner workings of data transfer, and the propagation of data across a
network. This helps students understand the fundamental concepts behind network
operations. A solid understanding of network fundamentals can help accelerate learning
about related concepts.
The physical view of devices such as routers, switches, and hosts, presents graphical
representations of expansion cards and identifies the capabilities of each card. The
physical view also provides geographic representations, including multiple cities,
buildings, and wiring closets.
The Activity Wizard allows users to set-up a scenario using text, a basic network

topology, and predefined packets. The activity feedback is shown in summary format.
Students can create and answer “what if” scenarios and instructors can create their own
98 | P a g e
self-evaluated activities that present immediate feedback to students on their proficiency
in completing the activity.
The Real-Time Mode provides students with a viable alternative to real equipment and

allows them to gain configuration practice before working with real equipment.
99 | P a g e
5.2 Problems with IPv6: IPv6 can run end-to-end encryption. While this technology was
retrofitted into IPv4, it remains an optional extra that isn’t universally used. The encryption and
integrity-checking used in current VPNs is a standard component in IPv6, available for all
connections and supported by all compatible devices and systems. Widespread adoption of
IPv6 will therefore make man-in-the-middle attacks significantly more difficult.
IPv6 also supports more-secure name resolution. The Secure Neighbor Discovery (SEND)
protocol is capable of enabling cryptographic confirmation that a host is who it claims to be at
connection time. This renders Address Resolution Protocol (ARP) poisoning and other naming-
based attacks more difficult. And while not a replacement for application- or service-layer
verification, it still offers an improved level of trust in connections. With IPv4 it’s fairly easy for an
attacker to redirect traffic between two legitimate hosts and manipulate the conversation or at
least observe it. IPv6 makes this very hard.
This added security depends entirely on proper design and implementation, and the more
complex and flexible infrastructure of IPv6 makes for more work. Nevertheless, properly
configured, IPv6 networking will be significantly more secure than its predecessor.
100 | P a g e
References
1. Tutorials Point [ http://www.tutorialspoint.com/ipv6/ipv6_features.htm ]

2. Tutorials Point [ www.tutorialspoint.com/ipv6/ipv6_addressing_modes.htm ]
3. Tutorials Point [www.tutorialspoint.com/ipv6/ipv6_communication.htm]
4. Tutorials Point [ www.tutorialspoint.com/ipv6/ipv6_subnetting.htm]
5. Tutorials Point [ www.tutorialspoint.com/ipv6/ipv6_mobility.htm]
6. Tutorials Point [ http://www.tutorialspoint.com/ipv6/images/MN_in_FL]
7. Study CCNA [ http://study-ccna.com/images/IP_routing ]
8. Study CCNA [ http://study-ccna.com/images/default_gateway ]
9. Study CCNA [ http://study-ccna.com/images/connected_routes ]
10. Study CCNA [ http://study-
ccna.com/images/differences_distance_vector_link_state ]
11. Study CCNA [ http://study-ccna.com/images/how_rip_works ]
12. Study CCNA [ http://study-ccna.com/images/eigrp_feasible_reported_distance ]
13. Study CCNA [ http://study-ccna.com/images/successor_feasible_successor ]
14. Study CCNA [ http://study-ccna.com/images/eigrp_topology_table_topology ]
15. Study CCNA [ http://study-ccna.com/images/ospf_hellos ]
16. Study CCNA [ http://study-ccna.com/images/ospf_areas ]
17. Study CCNA [ http://study-ccna.com/images/ospf_lsa_lsr_lsu ]
18. http://keyinfotech.in/lan-to-wan-solutions
19. http://2.bp.blogspot.com/_DZhhZp9of5I/THIHpX1w_yI/AAAAAAAAC48/e2UCh3k
RXz4/s1600/nic.jpg
20. https://images-na.ssl-images-amazon.com/images/G/01/electronics/detail-
page/sc_b004ghmu56-01anglelg.jpg
21. http://www.datahardwaredepot.com/Img/1900-2
22. http://ecx.images-amazon.com/images/I/71KSln5qs-L._SL1280
101 | P a g e

1.online Banking Network Based On IPv6 Routing

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1.online Banking Network Based On IPv6 Routing

Uploaded by

Copyright:

Available Formats

Chapter 1

1. Introduction to Online Banking Network

Topology: Network Topology refers to layout of a network and how different nodes in a network

 1998 – RFC 2460 – Basic Protocol

Larger Address Space

Enhanced Priority Support

[Figure1 : Unicast Messaging][2]

[Figure 2: Multicast Messaging][2]

[Figure 3: Anycast Messaging][2]

0010000000000001 0000000000000000 0011001000111000 1101111111100001

0000000001100011 0000000000000000 0000000000000000 1111111011111011

Rule 1: Discard leading Zero(es):

Consecutive blocks of zeroes

[Figure 4: EUI-64 Interface ID]

Conversion of EUI-64 ID into IPv6 Interface Identifier

[Figure 5: IPV6 Interface ID]

[Figure 6: Global Unicast Address]

[Figure 7 : Link-Local Address]

[Figure 8 : Unique-Local Address]

Scope of IPv6 Unicast Addresses

Reserved Multicast Address for Routing Protocols

ARP has been replaced by ICMPv6 Neighbor Discovery Protocol.

Neighbor Discovery Protocol[3]

 Router Solicitation: A host sends a Router Solicitation multicast packet (FF02::2/16)

[Figure 10 : IPv6 Subnetting]

Multiple entities are involved in this technology:

 Mobile Node: The device that needs IPv6 mobility.

[Figure 12 : Mobile Node connected to Foreign Link]

Routing Protocols of IPv6 Network

[Figure 14 : Default Gateway ]

[Figure 15 : Routing Protocol ]

There are two types of routing protocols:

2.3 Distance vector protocols

Difference between distance vector and link state routing protocols

The following table summarizes the difference:[10]

[Figure 17 : RIPng enable ]

[Figure 18 : RIPng Status ]

Feasible and reported distance

[Figure 20 : EIGRP topology table]

Successor and feasible successor

[Figure 21 : EIGRP topology]

EIGRP topology table

[Figure 22 : EIGRP Successor ]

OSPF routers need to establish a neighbor relationship before exchanging routing

[Figure 23 : OSPF Hello]

[Figure 24 : OSPF Neighbor Table]

OSPF neighbor states

Before establishing a neighbor relationship, OSPF routers need to go through several

[Figure 25 : OSPF area]

LSA, LSU and LSR

[Figure 26 : OSPF neighbor]

Simulation IPv6 Routing

Now Allocate IP Address:

Fast of all we have to divided specifically the whole infrastructure of Bank

Serial LAN Name Host (Apx)

Now we can Divided our network in 5 major Sub-Networks

Card Division Team:

Head Office Network:

Country wide Branch Office:

IPv6 address: 2001:DF1:6400:135::/64

Expanded Address: 2001:0DF1:6400:0135:0000:0000:0000:0000/64

Range: 2001:DF1:6400:135:0:0:0:0 - 2001:DF1:6400:135:FFFF:FFFF:FFFF:FFFF

The new subnets are as follows: