Internet Protocol Version 6 IPv 6 Chun-Chuan Yang

Internet Protocol, Version 6 (IPv 6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University 1

Outline n n n n Networking Basics Introduction to IPv 6 Header Format IPv 6 Addressing Model ICMPv 6 Neighbor Discovery Transition from IPv 4 to IPv 6 vs. IPv 4 2

Basics: OSI 7 -Layer RM 3

Basics: TCP/IPv 4 Protocol Suite 4

Internet Protocol (IP) n Features: q q q n n Layer 3 (Network layer) Unreliable, Connectionless, Datagram Best-effort delivery Popular version: IPv 4 Major functions q q q Global addressing Datagram lifetime Fragmentation & Reassembly 5

IPv 4 Header 6

IPv 4 companion protocols (1) n ARP: Address Resolution Protocol q n ICMP: Internet Control Message Protocol q n n Mapping from IP address to MAC address Error reporting & Query IGMP: Internet Group Management Protocol q Multicast member join/leave Unicast Routing Protocols (Intra-AS) q q Maintaining Unicast Routing Table E. g. RIP, OSPF (Open Shortest Path First) 7

IPv 4 companion protocols (2) n Multicast Routing Protocols q q n Exterior Routing Protocols (Inter-AS) q n Maintaining Multicast Routing Table E. g. DVMRP, MOSPF, CBT, PIM E. g. BGP (Border Gateway Protocol) Quality-of-Service Frameworks q q Integrated Service (ISA, Int. Serv) Differentiated Service (Diff. Serv) 8

Why IPv 6? n n n Deficiency of IPv 4 Address space exhaustion New types of service Integration q q n Multicast Quality of Service Security Mobility (MIPv 6) Header and format limitations 9

Advantages of IPv 6 over IPv 4 n n n n Larger address space Better header format New options Allowance for extension Support for resource allocation Support for more security Support for mobility 10

Header: from IPv 4 to IPv 6 Changed Removed 11

IPv 6 Header Format 12

IPv 6 Packet (PDU) Structure 13

Traffic Class n The 8 -bit field in the IPv 6 header is available for use by originating nodes and/or forwarding routers to identify and distinguish between different classes or priorities of IPv 6 packets. q n E. g. , used as the codepoint in Diff. Serv General requirements q q q Service interface must provide means for upper-layer protocol to supply the value of traffic class Value of traffic class can be changed by source, forwarder, receiver An upper-layer protocol should not assume the value of traffic class in a packet has not been changed. 14

IPv 6 Flow Label n n Related sequence of packets from a specific origin to a specific destination (unicast, multicast) Needing special handling (real time service) Identified by src & dest addr + flow label Router treats flow as sharing attributes q E. g. path, resource allocation, discard requirements, accounting, security n May treat flows differently n Buffer sizes, different forwarding precedence, different quality of service Alternative to including all info. in every header 15 q

Payload Length n n 16 -bit unsigned integer. Length of the IPv 6 payload, i. e. , the rest of the packet following this IPv 6 header, in octets. Note that any extension headers present are considered part of the payload, i. e. , included in the length count. 16

Extension Header Order Header Type Next Header Code 1 Basic IPv 6 Header 2 Hop-by-Hop Options 0 4 Routing header 43 5 Fragment header 44 6 Authentication header 51 7 Encapsulation Security Payload header 50 8 Destination Options 60 9 Mobility header 135 No Next header (Null) 59 Upper layer: TCP, UDP, ICMP 6, 17, 58 17

Hop-by-Hop Options n Must be examined by every router q n Specifies discard/forward handling Options q q Pad 1 Pad. N Jumbo payload (packets gt 65535 bytes) Router alert (can be used for RSVP) 18

Routing Header n n List of one or more intermediate nodes to visit Header includes q q Next Header extension length Routing type (e. g. type 0 = Source Routing) Segments left 19

Source Routing Example 20

Fragment Header (1) n n Used by source to send packets gt path MTU. Fragment Offset: 8 -bit unsigned integer q q The offset, in 8 -octet units, of the data following this header, relative to the start of the Fragmentable Part of the original packet Unfragmentable part: IPv 6 header + any extension headers that must be processed by nodes en route 21

Fragment Header (2) n n M flag: 1=more fragments, 0=last fragment Identification: combined with the src & dest addr uniquely identifies the original packet 22

Reassembly (1) n n n The Unfragmentable Part of the reassembled packet consists of all headers up to, but not including, the Fragment header of the first fragment packet The Next Header field of the last header of the Unfragmentable Part is obtained from the Next Header field of the first fragment’s Fragment header The Payload Length of the reassembled packet is computed from the length of the Unfragmentable Part and the length and offset of the last fragment. 23

Reassembly (2) n PL. orig = PL. first - FL. first - 8 + (8 * FO. last) + FL. last q PL. orig = Payload Length field of reassembled packet. q PL. first = Payload Length field of first fragment packet. q q q FL. first = length of fragment following Fragment header of first fragment packet. FO. last = Fragment Offset field of Fragment header of last fragment packet. FL. last = length of fragment following Fragment header of last fragment packet. 24

Reassembly (3) PL. first IPv 6 Header Extension Header Fragment Header First Fragment . . 8 FL. first 8*FO. last IPv 6 Header Extension Header Fragment Header Last Fragment FL. last 25

IPv 6 Addressing Model n n Interface (RFC 2460). The access point of a node with a network link and a node can have multiple interfaces. Unicast. Definition of a unique interface. A packet destined for a unicast address is delivered to the interface defined by that address. 26

IPv 6 Addressing Model n Anycast. Definition of a set of interfaces usually belong to different nodes. A packet destined to the anycast address is delivered to the interface defined by that address (nearest calculated by routing protocol). n Multicast. Definition of a set of interfaces usually belong to different nodes. A packet destined to the multicast address is delivered to all interfaces defined by that address (nearest calculated by routing protocol). No need for broadcast addresses. 27

IPv 6 Addressing Model n n n Addresses are assigned to interfaces, not hosts (an IPv 6 unicast address is assigned to one interface). Interface expected to have multiple addresses Addresses have scope q q q Link-Local Site-Local Unique Local Global 28

Text Representation of Address n Colon-Hex q n 3 ffe: 3600: 2000: 0800: 0248: 54 ff: fe 5 c: 8868 Compressed Format: q 3 ffe: 0 b 00: 0 c 18: 0001: 0000: 0010 q becomes 3 ffe: b 00: c 18: 1: : 10 29

Μοντέλο διευθυνσιοδότησης n Υποδίκτυα q q Ένα πρόθεμα υποδικτύου (subnet prefix) συσχετίζεται με ένα δικτυακό σύνδεσμο (network link). Πολλά προθέματα μπορούν να συσχετιστούν με το ίδιο δικτυακό σύνδεσμο (network link). 30

Προθέματα διεύθυνσης n Μορφή: q q IPv 6 -address: μία διεύθυνση οποιασδήποτε μορφής. Prefix-length: πόσα αριστερότερα bits της διεύθυνσης απαρτίζουν το πρόθεμα. 31

Προθέματα διεύθυνσης Πρόθεμα 60 bit: 12 AB 0000 CD 3 n 12 AB: 0000: CD 30: 0000: 0000/60 n 12 AB: : CD 30: 0: 0/60 n 12 AB: 0: 0: CD 30: : 0/60 n 12 AB: 0: 0: CD 3: 0/60 (OCD 3) n 12 AB: : CD 30: : 0/60 (12 AB: 0000: 0000: CD 30) n 12 AB: : CD 3/60 (12 AB: 0000: 0000: 0 CD 3) Η διεύθυνση του κόμβου: 12 AB: 0: 0: CD 30: 0123: 4567: 89 AB: CDEF Πρόθεμα: 12 AB: 0: 0: CD 30: : /60 Ενσωματώνεται σε: 12 AB: 0: 0: CD 30: 0123: 4567: 89 AB: CDEF/60 32

Απεικόνιση τύπου διεύθυνσης Σημασία Δυαδικό πρόθεμα IPv 6 απεικόνιση Μη καθορισμένο 00… 0 (128 bits) : : /128 Loopback 00… 1 (128 bits) : : 1/128 Multicast 1111 FF 00: : /8 1111 1110 10 FE 80: : /10 Link-local unicast Global unicast Όλες οι υπόλοιπες διευθύνσεις 33

Απροσδιόριστη διεύθυνση 0: 0: 0 n Δεν αποδίδεται ποτέ σε κόμβο. n Αποστολή σε φάση αρχικοποίησης 34

Διεύθυνση ανατροφοδότηση 0: 0: 1 n Όταν κόμβος θέλει να στείλει στον εαυτό του πακέτο. n Δεν πρέπει να αποδοθεί σε φυσικό interface. n Link-local unicast ενός εικονικού interface, που βρίσκεται σε ένα σύνδεσμο που δεν οδηγεί πουθενά. n Αν παραληφθεί ένα πακέτο από ένα κόμβο αγνοείται 35

Διεύθυνση IPv 6 με ενσωματωμένες IPv 4 διευθύνσεις 80 bits 16 32 bits 0000………………… 0000 FFFF IPv 4 διεύθυνση Τεχνική ώστε κόμβοι και δρομολογητές να προωθούν πακέτα IPv 6 πάνω από IPv 4 υποδομή. n Unicast διευθύνσεις, διεύθυνση IPv 4 (μοναδική) 32 χαμηλότερης τάξης bits. 36

Global Unicast Address n Global routing prefix q n Subnet ID q n A (typically hierarchically-structured) value assigned to a site (a cluster of subnets/links) An identifier of a subnet within the site Interface ID q Constructed in Modified EUI-64 format 37

IEEE 802 IPv 6 Interface ID (48 bit MAC -> 64 bit) 38

Site-Local Address n n n Meaningful only in a single site zone, and may be reused in other sites. Designed to be used privately in organizations without a universl prefix Equivalent to the IPv 4 private address space Address are not automatically configured and must be assigned Prefix= FEC 0: : /48 Not widely used, with RFC 4291 cancelled. 39

Link-Local Address n n n Meaningful only in a single link zone, and may be reused on other links Link-local addresses for use during auto-configuration and when no routers are present Required for Neighbor Discovery process, always automatically configuration An IPv 6 router never forwards link-local traffic beyond the link Prefix= FE 80: : /64 40

Address Autoconfiguration (1) n n n Allow plug and play BOOTP and DHCP are used in IPv 4 DHCPng will be used with IPv 6 Each assigned address has lifetime Two Methods: Stateless and Stateful Stateless: q q A system uses link-local address as source and multicasts to "All routers on this link" Router replies and provides all the needed prefix info All prefixes have a associated lifetime System can use link-local address permanently if no 41 router

stateless n n A tentative link-local address is derived based on the link-local prefix of FE 80: : /64 and a EUI-64–derived interface identifier. Using duplicate address detection to verify the uniqueness of the tentative link-local address, a Neighbor Solicitation message is sent with the Target Address field that is set to the tentative linklocal address. If a Neighbor Advertisement message (sent in response to the Neighbor Solicitation message) is received, this indicates that another node on the local link is using the tentative link-local address and address autoconfiguration stops. At this point, manual configuration must be performed on the node. If no Neighbor Advertisement message (sent in response to the Neighbor Solicitation message) is received, the tentative link-local address is assumed to be unique and valid. The link-local address is initialized for the interface. The link-layer multicast address of the solicited-node address corresponding to the link-local address is registered with the network adapter. 42

Address Autoconfiguration (2) n Stateful: (client – server model) q q q q Problem w/ stateless: Anyone can connect Routers ask the new system to go DHCP server (by setting managed configuration bit) System multicasts to "All DHCP servers" DHCP server assigns an address Εάν βρίσκονται σε διαφορετικές συνδέσεις DHCP relay Περισσότεροι από ένας εξυπηρετητές DCHP πράκτορας (agent) (relay στην ίδια σύνδεση) 43

statefull q q q DHCPv 6 Solicit (πρόσκληση) multicast client DHCPv 6 Advertise (Αναγγελία) unicast από ένα πράκτορα προς ένα πελάτη DHCPv 6 Request (Αίτηση) unicast από πελάτη σε ένα εξυπηρετητή μήνυμα DHCPv 6 Reply (Απάντηση) unicast από ένα εξυπηρετητή προς ένα πελάτη DHCPv 6 Release (Αποδέσμευση) unicast από πελάτη σε ένα εξυπηρετητή μήνυμα DHCPv 6 Reconfigure (Αναδιαμόρφωση) unicast από ένα εξυπηρετητή προς ένα πελάτη 44

n n n FF 02: 0: 0: 0: 1: 2 link-local multicast όλων των DHCPv 6 agent. FF 05: 0: 0: 0: 1: 3 site-local multicast όλων των DHCPv 6 agent. FF 05: 0: 0: 0: 1: 4 site-local multicast όλων των DHCPv 6 agent. 45

IPsec Scenario 46

IPSec Benefits n Provides strong security for external traffic n Resistant to bypass n n n Below transport layer hence transparent to applications Can be transparent to end users Can provide security for individual users if needed 47

IPSec Functions n Authentication Header q n Encapsulating Security Payload (ESP) q n for authentication/integrity/encryption (privacy) A key exchange function q n for authentication/integrity only Manual or automated VPNs usually need combined function 48

Authentication Header VC ID for all packets sent during a Security Association connection Prevent playback 49

Encapsulating Security Payload 50

Network Layer in v 4 & v 6 51

ICMPv 6 n An integral part of IPv 6 and MUST be fully implement by every IPv 6 node (RFC 2463) n Next Header value= 58 n Report delivery or forwarding errors n Provide simple echo service for troubleshooting n Neighbor Discovery (ND): 5 ICMP messages n Multicast Listener Discovery (MLD): 3 ICMP messages 52

ICMPv 6 Messages 53

Neighbor Discovery (ND) n n Node (Hosts and Routers) use ND to determinate the link-layer addresses for neighbors known to reside on attached links and quick purge cached valued that become invalid Hosts also use ND to find neighboring router that willing to forward packets on their behalf Nodes use the protocol to actively keep track of which neighbors are reachable and which are not, and to detect changed link-layer addresses Replace ARP, ICMP Router Discovery, and ICMP Redirect used in IPv 4 54

IPv 6 ND Mechanisms (1) n Router discovery q n Prefix discovery q n Discovery additional parameter (ex. link MTU, default hop limit for outgoing packet) Address auto-configuration q n Equivalent to ICMPv 4 Address Mask Request/Reply Parameter discovery q n Equivalent to ICMPv 4 Router Discovery Configure IP address for interfaces Address resolution: Equivalent to ARP in IPv 4 55

IPv 6 ND Mechanisms (2) n Next-hop determination q q n n Neighbor unreachable detection (NUD) Duplicate address detection (DAD) q n Destination address, or Address of an on-link default router Determine that an address considered for use is not already in use by a neighboring node First-hop Redirect function q q Inform a host of a better first-hop IPv 6 address to reach a destination, Equivalent to ICMPv 4 Redirect 56

Transition from IPv 4 to IPv 6 57

Advantages of IPv 6 over IPv 4 (1) Feature Source and destination address IPSec Payload ID for Qo. S in the header Fragmentation Header checksum Resolve IP address to a link layer address IPv 4 IPv 6 32 bits 128 bits Optional required No identification Using Flow label field Both router and the sending hosts Only supported at the sending hosts included Not included broadcast ARP request Multicast Neighbor Solicitation message 58

Advantages of IPv 6 over IPv 4 (2) Feature IPv 4 IPv 6 Determine the address of the best default gateway ICMP Router Discovery(optional) ICMPv 6 Router Solicitation and Router Advertisement (required) Send traffic to all nodes on a subnet Broadcast Link-local scope allnodes multicast address Configure address Manually or DHCP Autoconfiguration (IGMP) Multicast Listener Discovery (MLD) Manage local subnet group membership 59

IPv 6 References n RFC 2460: IPv 6 n RFC 2461: Neighbor Discovery n RFC 2462: Stateless Address Autoconfiguration n RFC 3513: Addressing Architecture n RFC 3679: Flow Label Specification n RFC 4443: ICMPv 6 n RFC 3810: Multicast Listener Discovery (MLDv 2) 60