IP Version 6 (IPv6)
IPv4 Limitations Address space limitations Performance IPv4 uses 32-bit addresses (enough to address over 4 billion nodes in theory) Impossible to achieve 100% address utilization even with subnetting and CIDR Address space will be exhausted well before reaching the four billion mark Bigger address space will eventually be needed Performance IPv4 is efficient and robust, Still there is room for improvement. IPv6 handles many issues like MTU, checksum, IP headers, IP options more efficiently
IPv4 Limitations (cont’d) Security IPv4 does not provide any security Application layer can provide security (Ex: HTTPS). But sniffers can still find out processes and systems involved. Transport layer can provide security (SSL operates along with transport layer). Better than application layer security, but it requires applications be rewritten to support SSL. VPN software and hardware products Take one stream of IP datagrams and encrypt Each encrypted IP datagram becomes the payload of another IP datagram with different addressing information on it Known as tunneling Moderately well security, but hampered by lack of standard Extra overhead
IPv4 Limitations (cont’d) Autoconfiguration (ability of hosts to automatically configure themselves) Under IPv4, DHCP allows systems to rely on servers for IP configuration. Hosts depend on a single point of connection to the network IPv6 can allow hosts to detect the nearest gateway for connection and configure automatically
IPv6 Header Fields Simplification of Header Quality of Service Version (6) Traffic Class (related to QoS) Flow Label (related to Qos) Payload Length Next Header 8-bit selector. Identifies the type of header immediately following the IPv6 header. Uses the same values as the IPv4 Protocol field Hop Limit Source Address Destination Address Simplification of Header Some IPv4 header fields have been dropped or made optional Quality of Service New capability added to label packets for special handling Enhanced support for options Flexible header options allow more efficient forwarding
IPv6 Header Format Version 4 bits TrafficClass 4 bits Flow Label Payload Length 16 bits Next Header 8 bits Hop Limit 8 bits Source address 128 bits Destination address 128 bits
IPv6 Extension Headers Accommodate some of the occasionally needed missing fields Provide extra information for security, authentication, routing, etc. Hop-by-Hop Options Header Routing Header Fragment Header Authentication Header Encapsulation Security Payload Header Destination Options Header
IPv6 Extension Headers (cont’d) Hop-by-Hop option header Identified by a Next Header value of 0 in the IPv6 header Must be examined by every node along a packet's delivery path Used for resource reservation (RSVP, QOS, etc) Routing header identified by a Next Header value of 43 in the immediately preceding header used by an IPv6 source to list one or more intermediate nodes to be "visited" on the way to a packet's destination Very similar to IPv4's Source Route options Fragment header identified by a Next Header value of 44 in the immediately preceding header used by an IPv6 source to send packets larger than would fit in the path MTU to their destinations unlike IPv4, fragmentation in IPv6 is performed only by source nodes, not by routers along a packet's delivery path
IPv6 Extension Headers (cont’d) Authentication header Identified by a Next Header value of 51 in the immediately preceding header Encapsulation Security Payload Header (payload type 50) Destination Options Header identified by a Next Header value of 60 in the immediately preceding header Used to carry optional information that need be examined only by a packet's destination node(s) No Next header Value 59 in the Next Header field of an IPv6 header or any extension header indicates that there is no header following that header
IPv6 Fragmentation Extension Header Next Header 8 bits Reserved 8 bits Offset 13 bits RES 2 bits M 1 bit Ident Similar to IPv4 fragmentation fields Fragmentation/reassembly executed only by source/destination hosts
Authentication Header in IPv6 Hosts establish a standards-based security association that is based on the exchange of secret keys Before each packet is sent, IPv6 authentication creates a checksum based on the key and the entire packet content (using SHA or MD5) Receiving side does the same for verification SPI is an arbitrary 32-bit value that, in combination with the destination IP address and security protocol (AH), uniquely identifies the Security Association for this datagram. Next Header Length Reserved Security Parameters Index (SPI) Sequence Number Authentication Data (variable number of 32-bit words)
Encapsulating Security Payload Protocol Used to encrypt and encapsulate the transport layer payload or the entire IP packet Sender side does encryption and receiver side does decryption Extra padding can hide actual data size Precise format of payload depends on encryption algorithm Security Parameters Index (SPI) Initialization Vector Payload Area Padding Pad Length Payload Type
Comments on Security Authentication header protocol provides data origin authentication services and connectionless data integrity services Encapsulating security payload protocol provides data confidentiality services and partial traffic flow confidentiality services IPSec protocols suite is mandatory for IPv6 Will have widespread use Currently used by VPNs Encryption and authentication work together to create a flexible , yet powerful security solution
IPv6 Addresses 128 bits long Addresses are assigned to individual interfaces on nodes Three categories Unicast Anycast: An identifier for a set of interfaces a packet sent to an anycast address is delivered to one of the interfaces identified by that address (possibly nearest one) Used to deliver a packet to any node in a group of nodes via a single address Example: anycast address could refer to the group of routers associated with a particular provider or subnet Multicast: An identifier for a set of interfaces packet sent to a multicast address is delivered to all interfaces identified by that address
IPv6 Address Representation Basic form X:X:X:X:X:X:X:X Where X is a four-digit hexadecimal number (or 16-bit binary number) Examples of valid IPv6 addresses 47CD:1234:4422:AC02:0022:1234:A456:0124 1030:0:0:0:C9B4:FF12:48AA:1A2B 2000:0:0:0:0:0:0:1 Contiguous 0s can be omitted: 47CD:0000:0000:0000:0000:0000:A456:0124 is same as 47CD::A456:0124 Embedded IPv4 address 128.96.33.81 (special form) ::FFFF:128.96.33.81
IPv6 Addressing Model IP addresses are assigned to network interfaces rather than nodes A unicast address is associated with only one network interface But a network interface can be associated with more than one unicast address In IPv4, all network interfaces, including point-to-point links that connect a node with a router requires a dedicated IP address In IPv6, specific addresses are unnecessary for the endpoints of point-to-point links if the nodes at either end of the link are not originating or receiving In IPv6, multiple network interfaces can share a single IPv6 address if the hardware is able to appropriately share the network load across those multiple interfaces.
IPv6 Address Space Prefix Use 0000 0000 Reserved 0000 0001 Unassigned 0000 001 NSAP allocation 0000 010 IPX allocation 0000 011 0000 1 0001 001 Aggregatable Global Unicast Addresses Prefix Use 010 011 100 101 110 1110 1111 0 1111 10 1111 110 1111 1110 0 Unassigned 1111 1110 10 Link local use addresses 1111 1110 11 Site local use addresses 1111 1111 Multicast addresses
Address Space Allocation IPv6 addresses do not have classes, but leading bits specify different uses of the IPv6 address Aggregatable Global Unicast addresses (001 prefix) Important chunk of address space Like classless IPv4 addresses, only much longer 1/8th of the total address space Large chunks of address space have been left unassigned for future growth and new features Support for two other encoding of address schemes NSAP (Network Service Access Point) addresses (used by ISO protocols) IPX addresses (used by Novell’s network layer protocol “Link local use” addresses Used for addressing on a single link or network Cannot be integrated into global addressing scheme Example use includes auto address configuration and neighbor discovery
Address Space Allocation (cont’d) “Site local use” addresses Designed for local use but formatted in such a way that can be integrated into the global address scheme later Multicast addresses Similar to IPv4 Allow discovery of routers and hosts in a multicast group Reserved address space For some special types of addresses One example: loopback address 0:0:0:0:0:0:0:1 Can be used to accommodate IPv4 addresses
Aggregatable Global Unicast Addresses 001 RegistryID ProviderID SubscriberID SubnetID InterfaceID Registry ID Identifies the registration authority, which assigns the provider portion of the address Provider ID An Internet service provider, which assigns the subscriber portion of the address Subscriber ID Distinguishes among multiple subscribers in the provider’s address space Subnet ID Identifies a topologically connected group of nodes within the subscriber network Interface ID Identifies a single node interface among group of interfaces identified by the subnet prefix Note: At present, there is no fixed length assigned to any field yet.
Autoconfiguration Plug-and-play feature Autoconfiguration is possible for IPv4 through a DHCP server which provides IP config. info. to DHCP clients Longer address format in IPv6 provides a new form of autoconfiguration Called stateless autoconfiguration Does not require a server Makes use of the hierarchical address scheme of IPv6 unicast addresses Two parts Interface ID and Prefix Interface ID can be a physical address (ethernet address, for example) making it a unique link-level address Prefix for the subnet (padded with enough zeros to make the entire address 128 bits long) A router serving the link broadcast network prefix periodically