Download 22-IPv6-BF - EECS People Web Server

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Computer network wikipedia , lookup

Airborne Networking wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Wireless security wikipedia , lookup

AppleTalk wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

Wake-on-LAN wikipedia , lookup

I²C wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
IPv6 Overview
Brent Frye
EECS710
Overview
•
•
•
•
Google Drive
Microsoft Cloud Drive
Dropbox
Paid-for alternatives
2
Larger Address Space
• IPv4 has 4.3 billion unique addresses
• IPv6 has 340 trillion trillion trillion
(undecillion) addresses or 3.4 x 10^38.
• That is enough for a billion billion IP addresses
for every person in the world for every second
of their life.
• No Network Address Translation (NAT)
required.
3
New Header Format
• Header overhead is minimized, even though address is 4
times as long as IPv4 the header is only twice as long.
• Not backward compatible with IPv4
• Header information contains Source Address, Destination
Address, and Hop Limit.
4
Hierarchical Addressing and Routing
Infrastructure
•
•
•
•
•
•
•
IPv6 uses unicast address routing topology to make a simple hierarchical
infrastructure that is more efficient and requires smaller routing tables on
backbone routers.
Aggregatable global unicast addresses (highest level, public facing)
Link-local addresses (Communicate with neighboring nodes on same link, FP 1111
1110 10, auto configured)
Site-local addresses (similar to IPv4 private addresses, assigned through stateless
or stateful configuration.)
Special addresses (Unspecified address 0:0:0:0:0:0:0:0 or ::, Loopback address
0:0:0:0:0:0:0:1 or ::1)
Compatibility Addresses (6to4 addresses, IPv4-mapped address)
NSAP addresses (Network Service Access Point)
5
Stateless and stateful address
configuration
• Stateful address configuration is with a DHCP
server
• Stateless configuration is without a DHCP
server. Link-local auto configuration.
• Combined: configuration based on Router
Advertisement messages. Stateless prefixes
that host stateful address protocol.
6
Built-in security
• Confidentiality – IPSec encryption of all traffic
• Authentication – IPSec traffic digitally signed for sender
verification
• Data integrity – IPSec traffic includes crypto checksum to
validate integrity.
• IPSec is not enabled by default but requires configuration by
the network administrator
7
Built-in security cont.
• Optional security feature Moving Target IPv6 Defense (MT6D)
allows dynamic obscuring of the sender and reciever
addresses
• MT6D is possible because of the large address space allowed
in IPv6 can provide and because of stateless address
configuration (SLAAC)
• Packets are encrypted and tunneled end-to-end so that
source and destination address can be changed without
breaking the session.
8
Better Quality of Service (QoS)
• IPv6 can use “flows” to provide special
handling to a packet.
• New IPv6 header Flow Label field in the
header means that QoS works even when the
payload of the packet is encrypted.
9
Neighboring node interaction
• IPv6 Neighbor Discovery (ND) replaces ARP and ICMP
• Hosts use ND to discover neighboring routers and to discover
addresses, address prefixes, and other parameters.
• Routers use ND to advertise their presence, configure host
parameters, inform hosts of next-hop address and on-link
prefixes.
• Nodes use ND to resolve link-layer address of a neighboring
node to see if it has changed and to determine if IPv6 packets
can be sent to or received from the neighbor.
10
Extensability
• Added support for extension headers not
limited to size of packet instead of 40 bytes
like IPv4
• Current defined extension headers for: Hop-by
Hop option, routing, fragmentation,
authentication, encapsulation, destination
options.
11
Threats
• Many new operating systems have IPv6 enabled but
uncontrolled by default when using IPv4
• IPSec is not mandatory and requires configuration
• IPv6 using ND is vulnerable to man-in-the-middle attacks
(route advertisement can expose all local assets to the global
IPv6 network)
12
Conclusions
• IPv6 is more than just extended address
space.
• Potential for more security challenges as well
as improved security features.
13
Links
• Microsoft overview - http://technet.microsoft.com/enus/library/cc738636(v=ws.10).aspx
• IPv6 white paper http://140.116.82.38/members/html/ms03/dclin/technique_
paper/IPv6/IPv6%20Features%20and%20Benefiits.pdf
• IPv6 Security Fallacies http://www.networkcomputing.com/ipv6/4-ipv6-securityfallacies/240159771
14
Related documents
Title: ISPs ignore IP timebomb
Title: ISPs ignore IP timebomb
IPv6 Site Renumbering Gap Analysis
IPv6 Site Renumbering Gap Analysis
Document
Document
IPv6
IPv6
View File - University of Engineering and Technology, Taxila
View File - University of Engineering and Technology, Taxila
IPv4 to IPv6 Migration strategies
IPv4 to IPv6 Migration strategies
Security on IPv6
Security on IPv6
homenet_feb2013
homenet_feb2013
Document
Document
The Road to IPv6
The Road to IPv6
Network forensics is the capture, recording, and analysis of
Network forensics is the capture, recording, and analysis of
Chapter 9b IPv6 Subnetting
Chapter 9b IPv6 Subnetting