Скачать презентацию IPv 6 Concepts Burt Crépeault burt Скачать презентацию IPv 6 Concepts Burt Crépeault burt

a2ae03ae07869af9c9458ab2c9078924.ppt

  • Количество слайдов: 97

IPv 6 Concepts Burt Crépeault : : burt. crepeault@iitelecom. com www. iitelecom. com 1 IPv 6 Concepts Burt Crépeault : : burt. [email protected] com www. iitelecom. com 1 IIT © IITelecom, 2004 © Institut international des télécommunications inc. , 2004

IPv 6 Concepts Session objectives At the end of this session, the participants should IPv 6 Concepts Session objectives At the end of this session, the participants should be able to: n Understand the structure of the IPv 6 packet n Understand the IPv 6 address format n Name the different IPv 6 addressing types n Have a basic understanding of the main IPv 6 protocols 2 IIT © IITelecom, 2004

Session content The IP version 6 protocol n n Address types n Unicast n Session content The IP version 6 protocol n n Address types n Unicast n Multicast n Neighbour Discovery Protocol n Address auto-configuration n DNS for IP version 6 n © IITelecom, 2004 Hierarchical addressing n 3 Address format n IIT IP version 6 header description Routing protocols

IP version 4 header description 1 1 1 1 1 2 2 2 2 IP version 4 header description 1 1 1 1 1 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 IHL Type of service IDENTIFICATION TIME TO LIVE TOTAL LENGTH FLAGS PROTOCOL FRAGMENT OFFSET HEADER CHECKSUM Source IP address Destination IP address OPTIONS Padding Data . . . 4 IIT © IITelecom, 2004 MAX. 60 BYTES MIN. 20 BYTES VERS

IP version 4 structure and classes of address Adresse IP = 4 Bytes 1 IP version 4 structure and classes of address Adresse IP = 4 Bytes 1 2 3 4 1 1 1 1 1 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 Class A Class B 1110 Class E © IITelecom, 2004 110 Class D 5 10 Class C IIT 0 netid 1111 0 hostid netid hostid multicast Reserved for future use

IP version 4 addressing architecture 191. 56. 0. 0 194. 2. 4. 0 193. IP version 4 addressing architecture 191. 56. 0. 0 194. 2. 4. 0 193. 1. 4. 0 172. 1. 0. 0 168. 1. 0. 0 10. 0 Addressing by class n 191. 0. 0. 0 191. 2. 0. 0 191. 1. 1. 0 191. 1. 2. 0 191. 2. 1. 0 191. 2. 2. 0 Hierarchical addressing IP version 4 was designed on the principle of addressing by class – Address bits are divided between network ID and host ID n IPv 4 addressing is not hierarchical. It does not allow the representation of several low-level addresses from the highlevel ones – A hierarchical addressing system works similarly to the public telephone numbering scheme (country code, regional code, etc. ) 6 IIT © IITelecom, 2004

IP version 6 Terminology Node Router A communication resource or medium by which nodes IP version 6 Terminology Node Router A communication resource or medium by which nodes can communicate at the link level, i. e. , the layer immediately below IPv 6. For example: Ethernet (direct or bridged); PPP, X. 25, Frame Relay or ATM networks; and same or upper layer protocols that are tunnelled (encapsulated), such as IPv 4 or IPv 6 itself. Neighbours © IITelecom, 2004 The protocol layer immediately above IPv 6. For example: transport protocols such as TCP and UDP, control protocols such as ICMP, routing protocols like OSPF and the lower or same level protocols that are tunnelled (encapsulated) in IPv 6, such as IPX, Apple. Talk, IPv 4 or IPv 6 itself. Link 7 A node that forwards packets that are not specifically addressed to it. Upper layer IIT Any device that implements IPv 6. Nodes that are attached to the same link

IP version 6 Terminology Interface Address the maximum transmission unit, i. e. , maximum IP version 6 Terminology Interface Address the maximum transmission unit, i. e. , maximum packet size in octets, that can be conveyed in one piece over a link Path MTU © IITelecom, 2004 An IPv 6 header and its transported data Link MTU 8 An IPv 6 identifier for an interface or a group of interfaces Packet IIT A node’s attachment point to a link the minimum link MTU of all the links in a path between a source node and a destination node

IP version 6 Packet 1 1 1 1 1 2 2 2 2 2 IP version 6 Packet 1 1 1 1 1 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 VERS Traffic Class Payload Length Flow Label Next Header Hop Limit Source IP address Destination IP address Extension header (Optional) Data 9 IIT © IITelecom, 2004 40 BYTES Source IP address

IP version 6 characteristics IPv 6 addresses are assigned to interfaces, not nodes: n IP version 6 characteristics IPv 6 addresses are assigned to interfaces, not nodes: n An interface can be assigned more than one IPv 6 address Hierarchical routing and improved addressing: n n n 128 -bits addresses instead of 32 bits. (~3. 4 * 1038) 340, 282, 366, 920, 938, 463, 374, 607, 431, 768, 211, 456 in all! 1030 addresses person on Earth! Simplified header format: n n 10 IIT © IITelecom, 2004 Fixed length – 40 bytes Reduces packet processing costs in routers

IP version 6 characteristics Improved header extensions and options: n n Options are included IP version 6 characteristics Improved header extensions and options: n n Options are included by adding a header extension Greatly simplifies adding new options in the future Quality of service and sequence identification: n A packet sequence is identified through the use of labels Authentication and encryption 11 IIT © IITelecom, 2004

IP version 6 packet compared to the IP version 4 datagram Both headers carry IP version 6 packet compared to the IP version 4 datagram Both headers carry the IP version number and the source and destination addresses Many IP version 4 fields are removed from IP version 6: n Type-of-Service, Fragment Offset, Identification, Flags, Checksum and Header Length IP version 6 reduces the need for header fields: n n 12 IIT © IITelecom, 2004 IP version 4 header = 14 fields IP version 6 header = 8 fields

IP version 6 packet compared to the IP version 4 datagram The Type of IP version 6 packet compared to the IP version 4 datagram The Type of Service (To. S) field functionality in IP version 4 was transferred to 2 new IP version 6 fields: n Flow Label and Traffic Class The fragmentation fields of IP version 4 become options in IP version 6 (Offset, Identification and Flags) The Checksum field in IP version 4 was dropped: n 13 IIT © IITelecom, 2004 Data integrity if left to the layer above

IP packet - VERS • The VERS field indicates the IP version used in IP packet - VERS • The VERS field indicates the IP version used in this packet 111112222233 0123456789012345678901 Traffic VERS Class Flow Label VERS Payload Lenght Next Header Hop Limit Payload Lenght Next Header Source IP Address Destination IP Address Data 14 IIT © IITelecom, 2004 • New version is 6

IP packet - Traffic Class • This 8 -bit field is used by source IP packet - Traffic Class • This 8 -bit field is used by source nodes and routers to mark or distinguish between different traffic classes or priorities 111112222233 0123456789012345678901 Traffic VERS Flow Label VERS Class Payload Lenght Next Header Hop Limit Payload Lenght Next Header Source IP Address Destination IP Address Data 15 IIT © IITelecom, 2004 • Similar to the TOS field in IP version 4

IP packet - Flow Label • This 20 -bit field indicates that the packet IP packet - Flow Label • This 20 -bit field indicates that the packet is part of a sequence of packets and requires special attention from the router (RFC 3697) 111112222233 0123456789012345678901 Traffic VERS Class Flow Label VERS Payload Lenght Next Header Hop Limit Next Header Source IP Address Destination IP Address Data 16 IIT © IITelecom, 2004

IP packet - Payload Length PAYLOAD LENGTH 111111 11 11 2222 2233 01 2 IP packet - Payload Length PAYLOAD LENGTH 111111 11 11 2222 2233 01 2 3 4567 89012345 67 89 01234567 8901 Traffic VERS Class Flow Label VERS Payload Lenght Hop Limit Next Header Source IP Address Destination IP Address Data 111112222233 0123456789012345678901 VERS Traffic Flow Label VERS Class Payload Lenght Next header Hop Limit Next header Source IP Address Destination IP Address Data 17 IIT © IITelecom, 2004 40 bytes PAYLOAD LENGTH n n This 16 -bit field indicates the total length of the packet data, including options (header extensions) The IPv 6 header has a fixed, 40 -byte length The data field (payload) can contain up to 64 k. B of data

IP packet - Next Header Indicates the type of header that immediately follows the IP packet - Next Header Indicates the type of header that immediately follows the IPv 6 header 111112222233 0123456789012345678901 VERS Traffic Flow Label VERS Class Payload Lenght Next Header Hop Limit Next Header Source IP Address Destination IP Address Data 18 IIT © IITelecom, 2004 n Protocols ICMP 1 TCP 6 UDP 17 Extension headers Fragmentation 44 Authentication 51 Replaces the Protocol field in IPv 4

Extension headers IP version 6 Extension header n n Extension header Transport header The Extension headers IP version 6 Extension header n n Extension header Transport header The extension headers replace the Options in IP version 4 Most extension headers are not processed by routers until the packet reaches the end of its path n Improves router performance with packets containing options n Very different from IP version 4, where: – All options must be processed by all routers in the path – Header has unlimited length, as opposed to 40 option bytes with IPv 4 19 IIT © IITelecom, 2004 Data (Payload)

Extension headers New method to process options Extension headers are added after the IPv Extension headers New method to process options Extension headers are added after the IPv 6 header Extension headers are daisy chained IPv 6 Header Next Header = TCP IPv 6 Header Next Header = Routing 20 IIT © IITelecom, 2004 TCP Header + Data Routing Header Next Header = TCP Routing Header Next Header = ESP TCP Header + Data ESP Header Next Header = TCP Header + Data

Extension headers n Hop-by-Hop option header (0): – n Routing header (43): – n Extension headers n Hop-by-Hop option header (0): – n Routing header (43): – n IIT © IITelecom, 2004 Explicitly defines the route to be used by packets in the network (ex. : Source Routing) Fragmentation header (44): – – 21 Used to include options that must be processed by routers along the path (ex. : resources reservation using RSVP) Used to send a packet with a MTU higher than the path MTU Only source nodes can fragment packets with the proper MTU, contrary to IP version 4 where routers did the fragmentation

Extension headers n Destination Options header (60): – n Authentication header (51): – n Extension headers n Destination Options header (60): – n Authentication header (51): – n IIT © IITelecom, 2004 Allows the verification that a packet was transmitted by the rightful source. Protects against hackers that change the source IP addresses of their traffic to borrow someone else’s identity (IP spoofing) Encrypted Security Payload (ESP) header (50): – 22 Used to transport general purpose option information that will be processed by the destination node Allows encryption of the payload data

Next header - Protocols Decimal 0 1 2 3 4 5 6 7 8 Next header - Protocols Decimal 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 23 IIT © IITelecom, 2004 Keyword Protocol HOPOPT ICMP IGMP GGP IP ST TCP CBT EGP IGP BBN-MON NVP-II PUP ARGUS EMCON XNET CHAOS UDP MUX DCN-MEAS HMP PRM XNS-IDP TRUNK-1 TRUNK-2 LEAF-1 LEAF-2 RDP IP version 6 Hop-by-Hop Option Internet Control Message Internet Group Management Gateway-to-Gateway IP in IP (encapsulation) Stream Transmission Control CBT Exterior Gateway Protocol Private Interior Gateway BBN-RCC Monitoring Network Voice Protocol PUP ARGUS EMCON Cross Net Debugger Chaos User Datagram Multiplexing DCN Measurement Subsystems Host Monitoring Packet Radio Measurement XEROX NS IDP Trunk-1 Trunk-2 Leaf-1 Leaf-2 Reliable Data Protocol Decimal 28 29 30 31 32 33 34 35 36 37 38 Keyword IRTP ISO-TP 4 NETBLT MFE-NSP Merit-INP SEP 3 PC IDPR Protocol XTP DDP IDPR-CMTP 39 40 41 42 43 44 45 46 47 48 49 50 TP++ IL IP version 6 SDRP IPv 6 -Route IPv 6 -FRAG IDRP RSVP GRE MHRP BNA ESP XTP Datagram Delivery Protocol IDPR Control Message Transport Protocol TP++ Transport Protocol IL Transport Protocol IP version 6 Source Demand Routing Protocol Routing Header for IP version 6 Fragment Header for IP version 6 Inter-Domain Routing Protocol Reservation Protocol General Routing Encapsulation Mobile Host Routing Protocol BNA Encap Security Payload for IPv 6 AH I-NLSP SWIPE Authentication Header for IPv 6 Integrated Net Layer Security IP with Encryption 51 52 53 Protocol Internet Reliable T. P. ISO Transport Class 4 Bulk Data Transfer MFE Network Services MERIT Internodal Protocol Sequential Exchange Third Party Connect Protocol Inter-Domain Policy Routing

Next header - Protocols Decimal 54 Keyword NARP 55 MOBILE 56 TLSP 57 SKIP Next header - Protocols Decimal 54 Keyword NARP 55 MOBILE 56 TLSP 57 SKIP 58 IPv 6 -ICMP 59 IPv 6 -No. Nxt 60 IPv 6 -Opts 61 62 CFTP 63 64 SAT-EXPAK 65 KRYPTOLAN 66 RVD 67 IPPC 68 69 SAT-MON 70 VISA 71 IPCV 72 CPNX 73 74 75 76 77 78 79 24 IIT © IITelecom, 2004 CPHB WSN PVP BRSAT-MON SUN-ND WB-MON WB-EXPAK Protocol NBMA Address Resolution Protocol IP Mobility Transport Layer Security Protocol using Kryptonet key management SKIP ICMP for IPv 6 No Next Header for IPv 6 Destination Options for IPv 6 Any host internal protocol CFTP Any local network SATNET and Backroom EXPAK Kryptolan MIT Remote Virtual Disk Protocol Internet Pluribus Packet Core Any distributed file system SATNET Monitoring Visa Protocol Internet Packet Core Utility Computer Protocol Network Executive Computer Protocol Heart Beat Wang Span Network Packet Video Protocol Backroom SATNET Monitoring SUN ND PROTOCOL-Temporary WIDEBAND Monitoring WIDEBAND EXPAK Decimal 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 Keyword ISO-IP VMTP SECURE-VMTP VINES TTP NSFNET-IGP DGP TCF EIGRP OSPFIGP Sprite-RPC LARP Protocol MTP AX. 25 IPIP 95 MICP 96 SCC-SP 97 ETHERIP 98 ENCAP 99 100 GMTP 101 -122 123 -254 255 Protocol ISO Internet Protocol VMTP SECURE-VMTP VINES TTP NSFNET-IGP Dissimilar Gateway Protocol TCF EIGRP OSPFIGP Sprite RPC Protocol Locus Address Resolution Multicast Transport Protocol AX. 25 Frames IP-within-IP Encapsulation Protocol Mobile Internetworking Control Semaphore Communications Ethernet-within-IP Encapsulation Header any private encryption scheme GMTP Assigned Unassigned Reserved

IP packet - Hop Limit HOP LIMIT TTL=6 TTL=5 TTL=4 111112222233 0123456789012345678901 VERS Traffic IP packet - Hop Limit HOP LIMIT TTL=6 TTL=5 TTL=4 111112222233 0123456789012345678901 VERS Traffic Flow Label VERS Class Payload Lenght Next Header Hop Limit Next Header Source IP Address Destination IP Address Data 25 IIT © IITelecom, 2004 TTL=3 TTL=2 n n TTL=1 TTL=3 TTL=0 Replaces the Time to Live (TTL) in IP version 4 (in seconds). Most routers will decrement the value by 1 every time, thus the term Hop Limit.

IP packet - Source and Destination addresses • 128 bits in length. To save IP packet - Source and Destination addresses • 128 bits in length. To save space, the IPv 6 address is represented in hexadecimal • Source Address indicates where the packet is coming from • Destination Address indicates where the packet is going to 111112222233 0123456789012345678901 VERS Traffic Flow Label VERS Class Payload Lenght Next Header Hop Limit Payload Lenght Next Header Source IP Address Destination IP Address Data 26 IIT © IITelecom, 2004

IP version 6 address notation in hexadecimal 16. 128. 0. 0. 8. 8. 0. IP version 6 address notation in hexadecimal 16. 128. 0. 0. 8. 8. 0. 32. 12. 65. 122 00010000000. 000000001000. 00000000. 001000001100. 01000001. 01111010 00010000000 : 00000000: 000000001000 : 00001000 0000: 001000001100: 01000001 01111010 16 bits 16 bits 1080 : 0000 : 0008 : 0800 : 200 C : 417 A 27 IIT © IITelecom, 2004

IP version 6 address notation Preferred format 16 bits 1080 : 16 bits 0 IP version 6 address notation Preferred format 16 bits 1080 : 16 bits 0 16 bits : 16 bits 0 : 8 16 bits : 800 : 200 C : 417 A Shorthand format 16 bits 1080 : 28 IIT © IITelecom, 2004 16 bits : 8 16 bits : 800 : 200 C : 417 A

IPv 6 address prefix IP version 6 address 16 bits Network 16 bits Subnet IPv 6 address prefix IP version 6 address 16 bits Network 16 bits Subnet 16 bits Prefix length Host Prefix 12 AB : 0000 : CD 30 : 0000 : 0000 / 64 n n Prefix length = network + subnet portions Identifies the number of bits in the prefix Prefix notation is identical as the one used in IPv 4 for classless inter domain routing (CIDR) In a URL, the IPv 6 address is represented inside square brackets: – http: //[1080: : 8: 800: 200 C: 417 A]: 8080/index. html – Network browser must be modified – Usage of FQDN (Fully Qualified Domain Names) is preferable 29 IIT © IITelecom, 2004

Exercise Which of the addresses below do not represent the following IPv 6 address? Exercise Which of the addresses below do not represent the following IPv 6 address? 12 AB : 0000 : CD 30 : 0000 / 64 n n n n 30 IIT © IITelecom, 2004 12 AB : : CD 30 : 0000 / 64 12 AB : 0 : CD 30 : 0 : 0 / 64 12 AB : 0 : CD 30 : : / 64 12 AB : : CD 30 : : /64 12 AB : 0 : CD 30 / 64 12 AB : 0 : CD 3 / 64 12 AB : : CD 30 / 64 12 AB : : CD 3 / 64

IPv 6 address structure Address are allocated to interfaces: n n No change with IPv 6 address structure Address are allocated to interfaces: n n No change with regards to IPv 4 Each interface is expected to have multiple IPv 6 addresses Addresses have a reach: n n n Link Local Site Local Global 31 IIT © IITelecom, 2004 Site-local Link-local

IPv 6 address structure An IPv 6 address has a limited lifetime n Valid IPv 6 address structure An IPv 6 address has a limited lifetime n Valid Address-Lifetime Stateful mode: – The valid address-lifetime value will be assigned by the DHCPv 6 server in stateful mode Stateless mode: – n 32 IIT © IITelecom, 2004 The valid address-lifetime is calculated based on the Address-Prefix Lifetime (included in the Router Advertisement Message) in stateless mode An IPv 6 address for which the valid address-lifetime has expired cannot be used Default : 2592000 seconds (30 days), fixed Preferred Address-Lifetime An IPv 6 address for which the preferred address-lifetime has expired is called an Invalid Address. Such addresses can still be used for the current transaction but must not be used for new TCP connections Default value: 604800 seconds (7 days), fixed

IPv 6 address structure 128 bits/16 bytes 3 FP 45 bits Global Routing Prefix IPv 6 address structure 128 bits/16 bytes 3 FP 45 bits Global Routing Prefix « Network » FP SLA ID INTERFACE ID 16 bits SLA ID 64 bits Interface ID « Subnet » « Host » Format Prefix (Address type) Site-Level Aggregation Identifier Interface Identifier RFC 2374 includes two more hierarchical fields: TLA et NLA. IETF decided to remove the TLA et NLA fields because they are dependant on local policies from service providers 33 IIT © IITelecom, 2004

Address allocation structure Addresses are allocated by IANA : n Delegated to the Regional Address allocation structure Addresses are allocated by IANA : n Delegated to the Regional Internet Registries (RIRs). n Then delegated to Tier-1 providers: – – n Next to intermediate providers: – n (Also known as Next-level Aggregators (NLA)) Then to sites – n (Also known as Top-level Aggregators (TLA)) Only about a dozen providers can be considered Tier 1 at the top of the IPv 4 hierarchy. (Also known as Site-level Aggregators (SLA)) Then to subnets… IPv 6 Address Space Management www. ripe. net/ripe/docs/ipv 6 -sparse. html 34 IIT © IITelecom, 2004

Address allocation structure n n IANA allocates addresses to the RIRs RIR allocates /32 Address allocation structure n n IANA allocates addresses to the RIRs RIR allocates /32 networks to the Tier -1 providers (LIR) LIR can allocate any size network to its subordinate ISP (usually /48) ISP/site has 16 bits available for subnets – n n 216 subnets per site = 65536 subnets Remaining 64 bits for the interface identifiers Total = 128 bits. Usage of the first 48 bits is based on policy (therefore it can change with time…) Reference: http: //www. ripe. net/ripe/docs/ipv 6 policy. html 35 IIT © IITelecom, 2004

Address allocation structure There are currently four Regional Internet Registries: RIPE NCC Réseaux IP Address allocation structure There are currently four Regional Internet Registries: RIPE NCC Réseaux IP Européens Network Coordination Centre http: //www. ripe. net ARIN American Registry for Internet Numbers http: //www. arin. net APNIC Asia Pacific Network Information Centre http: //www. apnic. net LACNIC Latin American and Caribbean IP address Regional Registry http: //lacnic. net To determine under which RIRs a county is covered, use list of country codes (http: //www. ripe. net/ripencc/mem-services/general/rir-areas. html). 36 IIT © IITelecom, 2004

Hierarchical routing Africa Europe Tier 1 Intermediate Provider Intermediate Provider Site Tier 1 Intermediate Hierarchical routing Africa Europe Tier 1 Intermediate Provider Intermediate Provider Site Tier 1 Intermediate provider Site 37 IIT Site © IITelecom, 2004 Site : Top-Level Aggregator (provider) : Next-Level Aggregator (provider) : Site-Level Aggregator (end-user) Site

Types of IPv 6 addresses 1) Unicast (point to point) A B C D Types of IPv 6 addresses 1) Unicast (point to point) A B C D E 2) Multicast (point to multipoint) A B X 3) Broadcast (point to multipoint) A 38 IIT © IITelecom, 2004 B

Types of IPv 6 addresses – RFC 3513 Different types of IPv 6 addresses Types of IPv 6 addresses – RFC 3513 Different types of IPv 6 addresses are recognised by their most significant bits, currently defined as follows: Address Type Binary prefix IPv 6 Notation Non specified 00. . . 0 (128 bits) : : /128 Loopback 00. . . 1 (128 bits) : : 1/128 Multicast 1111 FF 00: : /8 Link-local unicast 1111111010 FE 80: : /10 Site-local unicast 1111111011 FEC 0: : /10 Global unicast (everything else) In future specifications, it is possible that the global unicast address range be modified to meet different needs. So far however and until further notice, IPv 6 implementations must process all the prefixes defined above as global unicast addresses. 39 IIT © IITelecom, 2004

Reserved addresses Unspecified address DHCP server 0 : 0 : 0 or : : Reserved addresses Unspecified address DHCP server 0 : 0 : 0 or : : n n Used as source address for all IP version 6 packets transmitted by a node that is initializing itself before it obtains an address from the DHCP server Also used for Duplicate Address Detection (DAD) Loopback address 0 : 0 : 1 or : : 1 n n 40 IIT © IITelecom, 2004 Used by a node that transmits a packet to itself Serves the same purpose as 127. 0. 0. 1 in IP version 4

Link-Local Addresses n n 41 IIT © IITelecom, 2004 Address with a scope that Link-Local Addresses n n 41 IIT © IITelecom, 2004 Address with a scope that stays within a local link (LAN, subnet) Used for networks that are not connected to the Internet or do not have a router Each node’s interfaces have a private, link-local address that is valid on the network A link-local address is representative of a single network Switch/Hub

Link-Local Addresses 10 bits 1111111010 54 bits 0 64 bits Interface ID Network Host Link-Local Addresses 10 bits 1111111010 54 bits 0 64 bits Interface ID Network Host FE 80 : 0000 : 0290 : 27 FF : FE 17 : FC 0 F n Automatically configured on every interface using the interface’s MAC address n FE 80 : : n Link-Local addresses are only used locally – They are the only ones used on a LAN without a router n n 42 IIT © IITelecom, 2004 Their scope does not go beyond the local link Routers will not forward packets with a link-local source or destination addresses

EUI-64 Interface Identifier RFC 2464 (IP version 6 over Ethernet). Auto-configuration in Stateless mode: EUI-64 Interface Identifier RFC 2464 (IP version 6 over Ethernet). Auto-configuration in Stateless mode: n n EUI-64 Interface Identifier Mac address 00 -90 -27 -17 -FC-0 F 00 90 27 17 FC 0 F FF FE 00 90 27 FF FE 17 FC 0 F 000000 U 0 Universal/Local (U/L) bit 1 = Globally unique 0 = Local scope 02 90 27 FF FE 17 FC 0 F 43 IIT © IITelecom, 2004

Site-Local Addresses Router Switch/Hub Subnet A n n n 44 IIT © IITelecom, 2004 Site-Local Addresses Router Switch/Hub Subnet A n n n 44 IIT © IITelecom, 2004 Subnet B Subnet C Address with a scope within a site (network of subnets) Used in networks that are not connected to the Internet The network is divided in subnets by the router Each node’s interfaces own a private address that is valid for the site Similar to private addresses in IP version 4

Site-Local Addresses 10 bits 1111111011 38 bits 0 Network 16 bits Subnet ID 64 Site-Local Addresses 10 bits 1111111011 38 bits 0 Network 16 bits Subnet ID 64 bits Interface ID Subnet Host FEC 0 : 0000 : XXXX : 0290 : 27 FF : FE 17 : FC 0 F n n Valid for a site or an organisation Site-Local Addresses are used on private networks that are not connected to the Internet Built from the interface identifier (MAC address) and a 16 -bit pre-defined subnet identifier FEC 0 : : : – Therefore: 65, 536 possible subnets n n 45 IIT © IITelecom, 2004 Routers will not forward outside the network, packets with a site-local source or destination address This address does not have a default value

Aggregatable Global Unicast Address n n Used for networks that are connected to the Aggregatable Global Unicast Address n n Used for networks that are connected to the internet Each node’s interfaces own a public address valid on the Internet Site Router Tier-1 Intermediate provider Switch/Hub Subnet A 46 IIT © IITelecom, 2004 Subnet B Subnet C

Aggregatable Global Unicast Address n n RFC 2374 Public global address obtained from an Aggregatable Global Unicast Address n n RFC 2374 Public global address obtained from an Internet service provider 128 bits/16 octets 3 FP 45 bits Global Routing Prefix « Network » FP SLA ID INTERFACE ID 47 IIT © IITelecom, 2004 16 bits SLA ID 64 bits Interface ID « Subnet » « Host » Format Prefix (Address Types) Site-Level Aggregation Identifier Interface Identifier

Address types prefixes Allocation Not assigned (See Note 1) Not assigned Reserved for NSAP Address types prefixes Allocation Not assigned (See Note 1) Not assigned Reserved for NSAP (OSI) Allocation Not assigned Global Unicast Addresses (see Note 2) Not assigned Not assigned Not assigned Link-Local Unicast Addresses Site-Local Unicast Addresses Multicast Addresses Prefix (binary) 0000 0001 0000 1 0001 010 011 100 101 110 1111 110 1111 1110 11 1111 Portion of the total address space 1/256 1/128 [RFC 1888] 1/64 1/32 1/16 1/8 [RFC 2374] 1/8 1/8 1/8 1/16 1/32 1/64 1/128 1/512 1/1024 1/256 1. 2. 48 IIT © IITelecom, 2004 Addresses that are Unspecified (: : ), Loopback (: : 1) and IPv 6 Addresses with Embedded IPv 4 Addresses are allocated from the space within the 0000 prefix For now, IANA limits IPv 6 address allocation to the space within the 001 prefix. The remaining global Unicast address space (approximately 85% of the total IPv 6 address space) is reserved for future definition

IPv 4 -compatible IPv 6 addresses with embedded IPv 4 addresses are global Unicast IPv 4 -compatible IPv 6 addresses with embedded IPv 4 addresses are global Unicast addresses that begin with the binary prefix 000. One of the transition methods to IPv 6 allows a means for nodes and routers to dynamically create IPv 6 tunnels allowing transmission of IPv 6 packets over an IPv 4 infrastructure. Nodes that implement this technique are assigned a special IPv 6 address which transports an IPv 4 address in it 32 least significant bits. This type of address is call an IPv 4 -compatible IPv 6 address; its format is shown below: 80 bits 0 Prefix 16 bits 0 32 bits IPv 4 address IPv 4 ID Host 0000 : 0000 : 0000 : 143. 234. 211 The IPv 4 address used inside an IPv 4 -compatible IPv 6 address must be a public, globally routable IPv 4 address 49 IIT © IITelecom, 2004

IPv 4 -mapped IPv 6 address A second type of IPv 6 address transporting IPv 4 -mapped IPv 6 address A second type of IPv 6 address transporting an IPv 4 is also defined. This time, this type of address is used to represent an IPv 4 address for a node that does not support IPv 6. This type of address is called an IPv 4 -mapped IPv 6 address; its format is shown below: 80 bits 0 Prefix 16 bits 11111111 IPv 4 ID 32 bits IPv 4 address Host 0000 : 0000 : FFFF : 143. 234. 211 50 IIT © IITelecom, 2004

Anycast addresses n n n 51 IIT © IITelecom, 2004 This address type is Anycast addresses n n n 51 IIT © IITelecom, 2004 This address type is assigned to a group of interfaces belonging to different nodes. A packet delivered to an Anycast address is sent to one of the interfaces (the closest one, according to the routing protocol’s measure of distance). Anycast addresses are drawn from the Unicast address space (regardless of the scope). In that respect, they are identical from a syntax perspective and cannot be told apart When a Unicast address is assigned to more than one interface (making it an Anycast address), the nodes on which the address exist must be explicitly configured to respond to that address

Anycast addresses n n n 52 IIT © IITelecom, 2004 An Anycast address, when Anycast addresses n n n 52 IIT © IITelecom, 2004 An Anycast address, when used in a route sequence, allows a node to select which of many Internet service providers will carry its traffic. This functionality is often referred as source selected policies. This is implemented by configuring Anycast addresses identifying groups of routers belonging to the service providers (i. e. , one Anycast address per Internet service provider) These Anycast addresses can be listed in the IPv 6 routing header to force delivery of the packet through one or more providers along the path Another possible use of Anycast addresses is to identify the group of routers attached to a particular subnet, or a group of routers providing access to a particular routing domain

Anycast addresses n n 53 IIT © IITelecom, 2004 There is very little experience Anycast addresses n n 53 IIT © IITelecom, 2004 There is very little experience on large-scale deployment of Anycast addresses and the pitfalls and difficulties associated to it Until more experience is derived from actual deployments, the following restrictions are imposed on the use of Anycast addresses : – An Anycast address must never be used as the source address of an IPv 6 packet. – An Anycast address must never be assigned to a end-user (i. e. it should only be assigned to routers)

Anycast addresses The Subnet-Router Anycast address is predefined and described below: n bits Subnet Anycast addresses The Subnet-Router Anycast address is predefined and described below: n bits Subnet prefix 128 - n bits Prefix 0 Host 3 FFE : 0 B 00 : 0 C 18 : 0010 : 0000 • The subnet prefix in an Anycast address is the prefix that identifies the link. From a syntax perspective, this Anycast address is identical to an Unicast address on that link, with the host identifier set to zero • Packets sent to this Subnet-Router Anycast will be delivered to all routers on the network • All routers must support Subnet-Router Anycast addresses for all subnets on which they have one or more interfaces. The Subnet-Router Anycast address is designed for applications that need to communicate for any router in the group 54 IIT © IITelecom, 2004

Multicast Unicast n Communication from a node to another Multicast n n Communication from Multicast Unicast n Communication from a node to another Multicast n n Communication from one node to many nodes This function replaces the IPv 4 broadcast Multicast 55 IIT © IITelecom, 2004

Broadcast vs. Multicast n n ARP Broadcast in IP version 4 : – Uses Broadcast vs. Multicast n n ARP Broadcast in IP version 4 : – Uses Ethernet broadcast FF-FF-FF-FF – Every node on the broadcast domain process the packet, which affect a node’s performance Multicast solicitation in IP version 6 : – Uses the Ethernet multicast format: 33 -33 -FF-17 -FC-0 F – Packets will not necessarily be processed by every node. Nodes recognise their Multicast address and can decide to accept or reject the packet. This technique improves performance since not all stations will have to answer a broadcast request CPU 56 IIT © IITelecom, 2004

Multicast addresses - RFC 2375 Multicast address assignment n A packet using a Multicast Multicast addresses - RFC 2375 Multicast address assignment n A packet using a Multicast address is destined to the members of the Multicast group only 4 bits 8 bits 1111 Flags Scope FF 000 T XXXX Multicast address Flags T = 0 : permanent « well-known » multicast address, assigned by IANA. T = 1 : temporary 57 IIT © IITelecom, 2004 112 bits Group ID Scope 0000 = Reserved 0001 = Interface-local 0010 = 2 = Link-local 0011 = 3 = Reserved 0100 = 4 = Admin-local 0101 = 5 = Site-local 1000 = 8 = Organization 1110 = E = Global 1111 = F = Reserved

Reserved Multicast addresses 1) All Nodes Multicast Address (Link-local multicast) 2) All Routers Multicast Reserved Multicast addresses 1) All Nodes Multicast Address (Link-local multicast) 2) All Routers Multicast Address (Site-local multicast) 3) Solicited Node Multicast Address 58 IIT © IITelecom, 2004

All Nodes Multicast Address Flags Scope 8 bits 1111 0000 0010 112 bits Group All Nodes Multicast Address Flags Scope 8 bits 1111 0000 0010 112 bits Group ID FF 0 2 : 0000 : 0000 : 0001 n A packet with an All Nodes Multicast Address as destination address (FF 02 : : 1) will be sent to all nodes on the local-link. – FF 01: 0: 0: 0: 1 All nodes multicast with an interface-local scope is also valid n n 59 IIT © IITelecom, 2004 Multicast Ethernet address: 33 -33 -00 -00 -00 -01 To find all stations on a local-link : ping 6 ff 02: : 1

All Routers Multicast Address Flags Scope 8 bits 1111 0000 0010 112 bits Group All Routers Multicast Address Flags Scope 8 bits 1111 0000 0010 112 bits Group ID FF 0 2 : 0000 : 0000 : 0002 n A packet with an All Routers Multicast Address as a destination address (FF 02: : 2) will be sent to all routers on the local-link. – FF 01: 0: 0: 0: 2 All routers multicast with an interface-local scope is also valid – FF 05: 0: 0: 0: 2 All routers multicast with a site-local scope is also valid n 60 IIT © IITelecom, 2004 Multicast Ethernet address: 33 -33 -00 -00 -00 -02

Solicited-Node Multicast Address n Used to obtain the layer-2 address of a node : Solicited-Node Multicast Address n Used to obtain the layer-2 address of a node : – Replaces the broadcast used by the Address Resolution Protocol (ARP) in IP version 4. n Also used to detect duplicate addresses (DAD) 3 FFE : 0 B 00 : 0 C 18 : 0001 : 0290 : 27 FF : FE 17 : FC 0 E What is your MAC address? 3 FFE : 0 B 00 : 0 C 18 : 0001 : 0290 : 27 FF : FE 17 : FC 0 E 3 FFE : 0 B 00 : 0 C 18 : 0001 : 0290 : 27 FF : FE 17 : FC 0 F 61 IIT © IITelecom, 2004

Solicited-Node Multicast Address n Solicited-Node Multicast Address : – FF 02 : 0 : Solicited-Node Multicast Address n Solicited-Node Multicast Address : – FF 02 : 0 : 0 : 1 : FFXX : XXXX – A solicited-node multicast address is formed by adding to the above prefix the 24 least significant bits of the solicited node IPv 6 Example: n If you are looking for this IPv 6 Unicast address (the solicited node): – 3 FFE : 0 B 00 : 0 C 18 : 0001 : 0290 : 27 FF : FE 17 : FC 0 F n You will build a packet with the following IPv 6 Solicited -Node Multicast address – FF 02 : 0000 : 0001 : FF 17 : FC 0 F n Then encapsulate it in the following Multicast Ethernet address: – 33 -33 -FF-17 -FC-0 F 62 IIT © IITelecom, 2004

Addresses required for each node n One link-local Unicast address for each interface. n Addresses required for each node n One link-local Unicast address for each interface. n One site-local OR global Unicast address. n One loopback address. n All-Nodes Multicast Address. n n 63 IIT © IITelecom, 2004 One solicited-node Multicast address for every Unicast address assigned. One Multicast address for every Multicast group the node is a member of.

Addresses required for each node For example, on a Windows XP workstation: 3 pseudo-interfaces Addresses required for each node For example, on a Windows XP workstation: 3 pseudo-interfaces (logical, not physical) n Interface 1 (called « Loopback Pseudo–Interface » ). – n Interface 2 (called « Automatic Tunnelling Pseudo–Interface » ). – n Is a pseudo-interface used for the loopback address Is a pseudo–interface used for automatic tunnelling of IPv 6 in transition scenarios (See section 3, Transition methods) Interface 3 (called « 6 to 4 Tunnelling, Pseudo–Interface » ). – Is a pseudo–interface used for 6 to 4 tunnelling (See section 3, Transition methods) All the other interfaces are numbered sequentially in the order they were created (can be different from one station to another) 64 IIT © IITelecom, 2004

Addresses required for each node For example, on a Windows XP workstation: Interface 4: Addresses required for each node For example, on a Windows XP workstation: Interface 4: Ethernet: Local Area Connection uses Neighbor Discovery link–layer address: 00 -b 0 -d 0 -23 -47 -33 preferred link–local fe 80: : 2 b 0: d 0 ff: fe 23: 4733, life infinite multicast interface–local ff 01: : 1, 1 refs, not reportable multicast link–local ff 02: : 1: ff 23: 4733, 1 refs, last reporter, 6 seconds until report link MTU 1500 (true link MTU 1500) current hop limit 128 reachable time 36500 ms (base 30000 ms) retransmission interval 1000 ms DAD transmits 1 Interface 3: 6 to 4 Tunneling Pseudo–Interface does not use Neighbor Discovery preferred global 2002: 9 d 3 c: 89 d 9: : 9 d 3 c: 89 d 9, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 0 ms (base 0 ms) retransmission interval 0 ms DAD transmits 0 65 IIT © IITelecom, 2004 Interface 2: Automatic Tunneling Pseudo–Interface does not use Neighbor Discovery preferred link–local fe 80: : 200: 5 efe: 157. 60. 137. 217, life infinite preferred global : : 157. 60. 137. 217, life infinite link MTU 1280 (true link MTU 65515) current hop limit 128 reachable time 0 ms (base 0 ms) retransmission interval 0 ms DAD transmits 0 Interface 1: Loopback Pseudo–Interface does not use Neighbor Discovery link–layer address: preferred link–local : : 1, life infinite preferred link–local fe 80: : 1, life infinite link MTU 1500 (true link MTU 1500) current hop limit 128 reachable time 40500 ms (base 30000 ms) retransmission interval 1000 ms DAD transmits 1

Addresses required for each router n Same as on any other node : – Addresses required for each router n Same as on any other node : – – – One link-local Unicast address for each interface. One site-local OR global Unicast address. One loopback address. All-Nodes Multicast Addresses. One solicited-node Multicast address for every Unicast address assigned. One Multicast address for every Multicast group the node is a member of. PLUS n n n 66 IIT © IITelecom, 2004 The All-Routers Multicast address The « Subnet-Router Anycast » address, for each interface for which the router is configure to act as a router Any other Anycast address assigned to the router

Internet Control Message Protocol ICMP version 6 n n n RFC 2463 Protocol ICMP Internet Control Message Protocol ICMP version 6 n n n RFC 2463 Protocol ICMP version 6 (IP version 6 Next Header = 58) Similar to ICMP version 4 IP version 6 header Type Code Checksum Message body 32 bits 67 IIT © IITelecom, 2004

ICMP version 6 error messages n Type 1 : Destination unreachable – – n ICMP version 6 error messages n Type 1 : Destination unreachable – – n Type 2 : Packet too big – n IIT © IITelecom, 2004 code 0 : hop limit exceeded in transit code 1 : fragment reassembly time exceeded Type 4 : Parameter problem – – – 68 Message contains the MTU. Type 3 : Time exceeded – – n code 0 : no route to destination code 1 : communication with destination administratively prohibited code 3 : address unreachable code 4 : port unreachable Code 0: erroneous header field encountered Code 1: unrecognized Next Header type encountered Code 2: unrecognized IPv 6 option encountered

ICMP Version 6 informational messages n Type 128 : Echo request (ping) – n ICMP Version 6 informational messages n Type 128 : Echo request (ping) – n Message contains an identifier and sequence number Type 129 : Echo reply – Message contains an identifier and sequence number n n Type 136 : Neighbour Advertisement n © IITelecom, 2004 Type 135 : Neighbour Solicitation n IIT Type 134 : Router Advertisement n 69 Type 133 : Router Solicitation Type 137 : Redirect

Neighbour Discovery (ND) Protocol RFC 2461 n n n Replaces ARP in IP version Neighbour Discovery (ND) Protocol RFC 2461 n n n Replaces ARP in IP version 4, with added functionality Uses ICMPv 6 Used to : – – n n Used by the auto-configuration process All ND messages have a Hop Limit of 255 – 70 IIT © IITelecom, 2004 Find neighbours’ link-local addresses Find routers that are present on the LAN Maintain neighbour accessibility Allows routers to disseminate network information to the other nodes All messages also have a link-local scope only

Neighbour Discovery (ND) Protocol Functions : n Router Discovery : – n Prefix Discovery Neighbour Discovery (ND) Protocol Functions : n Router Discovery : – n Prefix Discovery : – n IIT © IITelecom, 2004 Configures an address for an interface Address Resolution : – 71 Discovers parameters such as MTU and Hop Limit to be inserted in packets to be sent Address Auto-Configuration : – n Allows discovery of the prefix to be used by a node to build its IPv 6 address Parameter Discovery : – n Finds the routers that are on the same local-link (LAN) Similar to ARP: discovers the layer 2 address of a node by only providing an IPv 6 address

Neighbour Discovery (ND) Protocol Functions : n Next-Hop Determination : – n Neighbour Unreachability Neighbour Discovery (ND) Protocol Functions : n Next-Hop Determination : – n Neighbour Unreachability Detection : – n IIT © IITelecom, 2004 Determines if an auto-configured address is already used by another node Redirect : – 72 Determines if a neighbour node is still reachable Duplicate Address Detection : – n Determines if packets destined for a given address can be sent directly to the destination node through layer 2 or must go through the default gateway. The router informs a node of the first node to use to reach its destination

Neighbour Discovery Messages NDP defines 5 types of ICMP version 6 packets to perform Neighbour Discovery Messages NDP defines 5 types of ICMP version 6 packets to perform the functions listed before: 1 - Neighbour Solicitation n Sent by a node to discover the layer 2 address of a neighbour node Equivalent to the ARP request in IPv 4. Packet description: – – Source address = link-local address Destination address = solicited-node multicast address The data portion also contains the searched-for link-local address ICMP type 135 2 - Neighbour Advertisement n n n 73 IIT © IITelecom, 2004 Answer to a Neighbour Solicitation. Equivalent to the ARP response in IPv 4. Packet description: – – Source address = link-local address Destination address = Requestor address (Neighbour Solicitation) The data portion also contains the searched-for link-local address ICMP type 136

Neighbour Discovery Messages 3 - Router Solicitation : n n When a node starts, Neighbour Discovery Messages 3 - Router Solicitation : n n When a node starts, it does not want to wait for the next Router Advertisement. The node asks the router to send a router advertisement immediately. Packet description : – – – Source address = link-local address Destination address = All-routers multicast address (FF 02: : 2) ICMP type 133 4 - Router Advertisement : n n n 74 IIT © IITelecom, 2004 Routers send periodic advertisement messages (between 4 and 1800 seconds). The advertisement has a limited lifetime (=0 if not the default gateway) Contains one or more prefixes Specifies the address auto-configuration mode: stateful (DHCP) or stateless. Used when an entire site is renumbered Packet description : – – Source address = Router link-local address on the link Destination address = All-nodes multicast address (FF 02: : 1) Data = Network prefix, lifetime, default gateway, options ICMP type 134

Neighbour Discovery Messages 5 - Route change, Redirect n n n The router indicates Neighbour Discovery Messages 5 - Route change, Redirect n n n The router indicates the best path to follow to reach a destination by specifying the best next hop Similar to ICMP version 4 Redirect Packet description : – – 75 IIT © IITelecom, 2004 Source address = Router link-local address on the link Destination address = Host address for which the packets need to be rerouted Data = Next hop (router) address to use ICMP type 137

Auto-configuration - Stateful or Stateless Host Router solicitation message Router advertisement message n No Auto-configuration - Stateful or Stateless Host Router solicitation message Router advertisement message n No manual configuration required, the routers specifies the network prefix to use and the default gateway, but not the default DNS server Host Stateful DHCP Servers Multicast IPv 6 DHCP Server Unicast n 76 IIT © IITelecom, 2004 The host system contacts a DHCP or similar address assignment server. The server returns a valid address from a pre-configured list.

Stateless Link-Local Address Auto-configuration All-routers multicast FF 02 : : 2 Router solicitation Host Stateless Link-Local Address Auto-configuration All-routers multicast FF 02 : : 2 Router solicitation Host RFC 2462 n n n A host node forms a Link-Local Address as soon as it becomes active The host node sends a router solicitation message using the all-routers Multicast address (FF 02: : 2) and the Ethernet Multicast (33 -33 -00 -00 -00 -02) No reply will be received if no router is present on the link – The host node will then use a Link-Local address (FF 80 : : “Interface ID”) n 77 IIT © IITelecom, 2004 The host node uses the Duplicate Address Detection (DAD) method to verify that his auto-configured address is unique.

Stateless Site-Local or Global Address Auto-configuration (Step 1) All-routers Multicast FF 02 : : Stateless Site-Local or Global Address Auto-configuration (Step 1) All-routers Multicast FF 02 : : 2 Router solicitation message Router Host n n 78 IIT © IITelecom, 2004 A host node forms a Link-Local Address as soon as it becomes active The host node sends a router solicitation message using the all-routers Multicast address (FF 02: : 2) using the Ethernet Multicast (33 -33 -00 -00 -00 -02)

Stateless Site-Local or Global Address Auto-configuration (Step 2) Router advertisement, containing the address prefix Stateless Site-Local or Global Address Auto-configuration (Step 2) Router advertisement, containing the address prefix to use and the path MTU Host Router All-nodes Multicast FF 02 : : 1 n n n 79 IIT © IITelecom, 2004 Router returns a router advertisement message, containing the network prefix to use (site-local or global Unicast) : – Sends the advertisement to the all-nodes multicast address FF 02 : : 1, using the Ethernet Multicast (33 -33 -00 -00 -00 -01) The host node forms a site-local or global Unicast address: – Site-local = FEC 0 : : : – Global = : : The host node uses the Duplicate Address Detection (DAD) method to verify that his configured address is unique.

Address Resolution - Step 1 Solicited-node Multicast address FF 02 : : 1 : Address Resolution - Step 1 Solicited-node Multicast address FF 02 : : 1 : FFXX : XXXX Neighbour solicitation message Host Target node 3 FFE : 0 B 00 : 0 C 18 : 0001 : 0290 : 27 FF : FE 17 : FC 0 E n n The IPv 6 address of the target node is known (we are looking for it) The requesting host looks in his neighbour cache to verify is the layer 2 address is already available If not available, the requesting host initiates the address resolution process by sending a solicited-node multicast message asking the target node to return its layer 2 address The neighbour solicitation message is sent in solicited-node Multicast mode to the target node: – FF 02 : : 1 : FF 17 : FC 0 E (using MAC address 33 -33 -FF-17 -FC-0 E) 80 IIT © IITelecom, 2004

Address Resolution - Step 2 Neighbour Advertisement message, containing the MAC address Host Unicast Address Resolution - Step 2 Neighbour Advertisement message, containing the MAC address Host Unicast n 81 IIT © IITelecom, 2004 Target node 3 FFE : 0 B 00 : 0 C 18 : 0001 : 0290 : 27 FF : FE 17 : FC 0 E The target node returns a Neighbour Advertisement Message containing its MAC address, using the requestor’s Unicast address

Source Address Selection A node on a network has multiple IPv 6 addresses. Which Source Address Selection A node on a network has multiple IPv 6 addresses. Which one of these will it choose as the source address when sending packets? RFC 3484 n Rule 1 : Prefer same addresses (as the destination) n Rule 2 : Prefer matching scope (the smallest possible scope) n Rule 3 : Avoid deprecated addresses (lifetime exceeded) n Rule 4 : Prefer home addresses (over Care-of Addresses Co. A) n Rule 5 : Prefer outgoing interface (to reach the destination) n Rule 6 : Prefer matching label – IPv 6 native source -> IPv 6 native destination – 6 to 4 source -> 6 to 4 destination – IPv 4 -compatible source -> IPv 4 -compatible destination – IPv 4 -mapped source -> IPv 4 -mapped destination n Rule 7 : Prefer public addresses (over temporary ones) n Rule 8 : Use longest matching prefix (as source address) Some local policies may prevail! 82 IIT © IITelecom, 2004

Destination Address Selection n Rule 1 : Avoid unreachable destination (using Neighbour Unreachability Detection) Destination Address Selection n Rule 1 : Avoid unreachable destination (using Neighbour Unreachability Detection) n Rule 2 : Prefer matching scope (the smallest possible scope) n Rule 3 : Avoid deprecated addresses n Rule 4 : Prefer home addresses n Rule 5 : Prefer matching label – IPv 6 native source > IPv 6 native destination – 6 to 4 source > 6 to 4 destination – IPv 4 -compatible source > IPv 4 -compatible destination – IPv 4 -mapped source> IPv 4 -mapped destination n Rule 6 : Prefer higher precedence n Rule 7 : Prefer native transport n Rule 8 : Prefer smaller scope n Rule 9 : Use longest matching prefix n Rule 10: Otherwise, leave the order unchanged Some local policies may prevail! 83 IIT © IITelecom, 2004

Duplicate Address Detection Solicited-node Multicast address FF 02 : : 1 : FFXX : Duplicate Address Detection Solicited-node Multicast address FF 02 : : 1 : FFXX : XXXX Neighbour Solicitation message Host FE 80 : : 0290 : 27 FF : FE 17 : FCCD RFC 2462 n n The host node initiates an Address Resolution process, asking the solicited neighbour to return its layer 2 (MAC) address. Difference from normal address resolution: the neighbour solicitation message is sent as a solicited-node Multicast using: – Its own solicited-node multicast address (FF 02 : : 1 : FF 17 : FCCD) – Its own multicast MAC address (33 -33 -FF-17 -FC-CD) n 84 IIT © IITelecom, 2004 If no reply comes, the address is unique n Otherwise, the node’s interface is disabled and requires manual attention

MTU discovery process ICMP Packet Too Big FDDI MTU = 4500 MTU Discovery Message MTU discovery process ICMP Packet Too Big FDDI MTU = 4500 MTU Discovery Message Ethernet MTU = 1500 FDDI MTU = 4500 RFC 1981 n In IPv 6, routers do not fragment packets. n If fragmentation is necessary, it is done by the source node. n Nodes transmit packets as big as the local-link can support (link MTU) n 85 IIT n © IITelecom, 2004 If the MTU is too big for certain links along the route, a Packet Too Big ICMP datagram will be returned to the source. The source adjusts the MTU and fragments the packet. Minimum MTU is 1280.

Temporary addresses RFC 3041 n An IPv 6 address contains the MAC address of Temporary addresses RFC 3041 n An IPv 6 address contains the MAC address of a node’s interface n This leads to potential security problems and risks n 86 IIT © IITelecom, 2004 RFC 3041 discusses: – Random generated interface identifiers (64 least significant bits of the IPv 6 address) – The definition of these addresses as temporary – Recycling of these addresses as required

Host node renumbering RFC 2894 It is possible with IPv 6 to modify an Host node renumbering RFC 2894 It is possible with IPv 6 to modify an entire site addressing plan n n 87 IIT © IITelecom, 2004 In the Router Advertisement message, the network prefix lifetime is modified – Preferred lifetime = 0 (this prefix must not be used to open new connections) – Valid lifetime is decremented towards 0 A new network prefix is announced Host nodes configure a new address based on the new prefix and use it for new connections There is no lost connection! Host nodes always listen to Router Advertisement messages, even after the address auto-configuration process is completed

Router renumbering RFC 2894 n 88 IIT © IITelecom, 2004 Protocol defined to renumber Router renumbering RFC 2894 n 88 IIT © IITelecom, 2004 Protocol defined to renumber routers in a site – New ICMPv 6 message type: Type 138 – IPSec is used for authentication – Very few implementations to date

IP version 6 DNS RFC 1886, 2874 Changes to records: n AAAA (RFC 1886 IP version 6 DNS RFC 1886, 2874 Changes to records: n AAAA (RFC 1886 new record type) : – n Equivalent to the A record type for IPv 4 A 6 (RFC 2874 new record type) : – – © IITelecom, 2004 Will eventually replace the “AAAA” record type – IIT Refers a domain name to an IPv 6 address – 89 Covers renumbering scenarios The first bits in an IPv 6 address refer to the provider’s network prefix, which is the same for every host node in a network. Since IPv 6 addresses are longer, it is preferable not to register their prefix in the local DNS. The A 6 record allows the creation of a reference to the provider’s DNS for that portion of the address. This in turn allows better flexibility in the provider’s and customer’s respective DNS. For example, if a customer changes provider, no change to the local DNS is required, only the reference record pointing to the new provider’s DNS.

IP version 6 DNS PTR n n 90 IIT © IITelecom, 2004 Equivalent to IP version 6 DNS PTR n n 90 IIT © IITelecom, 2004 Equivalent to the previous PTR record The upper level DNS domain used for ipv 6 was ipv 6. int. This level is now ip 6. arpa

IP version 6 DNS n BIND (Berkeley Internet Name Domain) is one of the IP version 6 DNS n BIND (Berkeley Internet Name Domain) is one of the Domain Name Service (DNS) implementations – – – n Root Servers: – – 91 IIT © IITelecom, 2004 Bind 4. 9. 3 supports AAAA records (only on IPv 4 transport) Bind 8. X supports AAAA and IPv 4 -IPv 6 transport (avec patch 8. 1. 2) Bind 9. X is 100% compatible with IPv 6 (supports A 6 records) Not currently configured for IPv 6 requests However, the AAAA records can be used

Routing protocols must also evolve n n 92 IIT © IITelecom, 2004 RIP OSPF Routing protocols must also evolve n n 92 IIT © IITelecom, 2004 RIP OSPF BGP 4+ IS-IS

RIP (Routing Information Protocol) for IPv 6 (or RIPng) RFC 2080 n Based on RIP (Routing Information Protocol) for IPv 6 (or RIPng) RFC 2080 n Based on RIPv 2, same concept : distance-vector, maximum 15 hops n Processes IPv 6 prefixes and next-hop addresses n Uses Multicast (FF 02: : 9 = all-rip-routers as destination address for the RIP updates) n Uses IPv 6 transport n New UDP port: 521 n Version reset to 1 n 93 IIT © IITelecom, 2004 A vast majority (if not all) the IPv 6 router implementations support RIP IPv 6. The same goes for Unix and Windows XP.

OSPF (Open Shortest Path First) pour IPv 6 RFC 2740 n n Also known OSPF (Open Shortest Path First) pour IPv 6 RFC 2740 n n Also known as OSPFv 3 Major rewriting to remove all dependencies to IPv 4 to obtain a totally protocol independent version n Link-local addresses are used n IPv 6 transport is added n 94 IIT © IITelecom, 2004 The rewriting process caused some availability delays. Solutions are now available from most major equipment vendors

BGP RFC 2283, 2545 n BGP 4+ – Includes multi-protocol extensions to BGP, for BGP RFC 2283, 2545 n BGP 4+ – Includes multi-protocol extensions to BGP, for new address family types (IPv 6 but also VPN, etc. ) n IPv 6 addresses : – Address scope can be used in the NEXT_HOP – NEXT_HOP et NLRI are expressed in terms of IPv 6 address and prefix n 95 IIT © IITelecom, 2004 A majority of equipment vendors support BGP for IPv 6. It is used on 6 Bone since 1996

Questions? ? 96 IIT © IITelecom, 2004 Questions? ? 96 IIT © IITelecom, 2004

IPv 6 Concepts Burt Crépeault : : burt. crepeault@iitelecom. com www. iitelecom. com 97 IPv 6 Concepts Burt Crépeault : : burt. [email protected] com www. iitelecom. com 97 IIT © IITelecom, 2004 © Institut international des télécommunications inc. , 2004