Download IPv6 - DePaul University

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
Document related concepts

RapidIO wikipedia , lookup

Server Message Block wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

IEEE 1355 wikipedia , lookup

Computer network wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Point-to-Point Protocol over Ethernet wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

AppleTalk wikipedia , lookup

I²C wikipedia , lookup

TCP congestion control wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Internet protocol suite wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
Chapter 27
Next Generation:
IPv6 and ICMPv6
Objectives
Upon completion you will be able to:
• Understand the shortcomings of IPv4
• Know the IPv6 address format, address types, and abbreviations
• Be familiar with the IPv6 header format
• Know the extension header types
• Know the differences between ICMPv4 and ICMPv6
• Know the strategies for transitioning from IPv4 to IPv6
TCP/IP Protocol Suite
1
27.1 IPv6
IPv6 has these advantages over IPv4:
1. larger address space
2. better header format (options separated from base header, makes
router faster since options don’t need to be checked)
3. new options (as we will see)
4. allowance for extension (protocol can be extended if necessary)
5. support for resource allocation (new field flow label can be used to
designate real time traffic)
6. support for more security (encryption and authentication options
provide confidentiality)
TCP/IP Protocol Suite
2
Figure 27.1
IPv6 address
How many addresses is 2128?
3.4 x 1038
How big is that?
You can give out 1 million addresses
every picosecond (10-12 seconds) …
TCP/IP Protocol Suite
1.078x1012
3
Figure 27.2
TCP/IP Protocol Suite
Abbreviated address
4
Figure 27.3
Abbreviated address with consecutive zeros
Note: can only use this more abbreviated form once per
address. Just align the unabbreviated forms and then insert
zeros.
TCP/IP Protocol Suite
5
Figure 27.4
TCP/IP Protocol Suite
CIDR address
6
Figure 27.5
Address structure
Three types of address: unicast, anycast, and multicast.
We already know the unicast and multicast addresses.
Anycast defines a group of computers with addresses that
have the same prefix address. Just need to deliver to one of
those in that address range. (This could be used to send an
HTTP GET to the nearest of a number of mirror sites that contain
the document.)
The first part of an IPv6 address is the Type Prefix. This
defines the purpose of the IP address.
TCP/IP Protocol Suite
7
Table 27.1 Type prefixes for IPv6 addresses
Fraction of
all
addresses
TCP/IP Protocol Suite
8
INTERNET PROTOCOL VERSION 6 ADDRESS SPACE
[last updated 05 October 2005]
IPv6 Prefix Allocation Reference Note
0000::/8 Reserved by IETF [RFC3513] [1] [5]
0100::/8 Reserved by IETF [RFC3513]
0200::/7 Reserved by IETF [RFC4048] [2]
0400::/6 Reserved by IETF [RFC3513]
0800::/5 Reserved by IETF [RFC3513]
1000::/4 Reserved by IETF [RFC3513]
2000::/3 Global Unicast [RFC3513] [3]
4000::/3 Reserved by IETF [RFC3513]
6000::/3 Reserved by IETF [RFC3513]
8000::/3 Reserved by IETF [RFC3513]
A000::/3 Reserved by IETF [RFC3513]
C000::/3 Reserved by IETF [RFC3513]
E000::/4 Reserved by IETF [RFC3513]
F000::/5 Reserved by IETF [RFC3513]
F800::/6 Reserved by IETF [RFC3513]
FC00::/7 Unique Local Unicast [RFC4193]
FE00::/9 Reserved by IETF [RFC3513]
FE80::/10 Link Local Unicast [RFC3513]
FEC0::/10 Reserved by IETF [RFC3879] [4]
FF00::/8 Multicast [RFC3513]
TCP/IP Protocol Suite
9
Notes:
[0] The IPv6 address management function was formally delegated to
IANA in December 1995 [RFC1881].
[1] The "unspecified address", the "loopback address", and the IPv6
Addresses with Embedded IPv4
Addresses are assigned out of the 0000::/8 address block.
[2] 0200::/7 was previously defined as an OSI NSAP-mapped prefix set
[RFC1888]. This definition has
been deprecated as of December 2004 [RFC4048].
[3] The IPv6 Unicast space encompasses the entire IPv6 address range
with the exception of
FF00::/8. [RFC3513] IANA unicast address assignments are currently
limited to the IPv6 unicast
address range of 2000::/3. IANA assignments from this block are
registered in the IANA
registry: iana-ipv6-unicast-address-assignments.
[4] FEC0::/10 was previously defined as a Site-Local scoped address
prefix. This definition has been
deprecated as of September 2004 [RFC3879].
[5] 0000::/96 was previously defined as the "IPv4-compatible IPv6
address" prefix. This definition
has been deprecated by [RFC-ietf-ipv6-addr-arch-v4-04.txt].
TCP/IP Protocol Suite
10
Figure 27.6
Provider-based unicast addresses
A provider-based unicast address is generally used by a normal host as a
unicast address. (Also known as aggregatable global unicast addresses.)
Provider identifier - who provides the Internet access, such
as an ISP (variable length field but 16 bits recommended).
Subscriber identifier - when an org subscribes to the Internet
through a provider, it is assigned a subscriber ID (24 bits recommended).
Subnet identifier - identifies a subnet for the subscriber (32 bits recom.).
Node identifier - 48 bits recommended, same as NIC address
Defines the agency that has registered
the address. INTERNIC for North America;
RIPNIC for Europe; APNIC for Asian and
Pacific countries.
TCP/IP Protocol Suite
11
Figure 27.7
Address hierarchy
This is just one big hierarchy!
TCP/IP Protocol Suite
12
Figure 27.8
Unspecified address
All addresses that start with 8 0s are reserved and have
special meanings. Here are a few of them:
Unspecified address
When a host does not know its own address. So it uses 128 0s.
Loopback address
This address can be used for loopback testing - from application
layer to network layer and then back to application layer.
TCP/IP Protocol Suite
13
Figure 27.10
Compatible address
If you want to simply convert an IPv4 address to an IPv6 address,
you can imbed the 32-bit address into the 128 bit address space
as below.
But this form is not used much anymore, so use …
TCP/IP Protocol Suite
14
Figure 27.11 Mapped address
You can also do it this way (as a mapped address).
TCP/IP Protocol Suite
15
Figure 27.12
Link local address and site local address
These address are used if a LAN uses the Internet protocols but
is not connected to the Internet for security reasons.
Nobody outside an isolated network can send a message to the
computers attached to a network using these addresses.
These addresses are used if a site with several networks uses the
Internet protocols but is not connected to the Internet (also for
security reasons).
TCP/IP Protocol Suite
16
Figure 27.14
Multicast address
Permanent addresses are defined by the Internet authority and can
be accessed at all times.
Transient addresses are temporary, such as used in a teleconference.
TCP/IP Protocol Suite
17
Table 27.5 Comparison between IPv4 and IPv6 packet header
TCP/IP Protocol Suite
18
Figure 27.15
TCP/IP Protocol Suite
IPv6 Packet Format
19
Figure 27.16
Format of an IPv6 datagram
Version - four bits, has the value 6
PRI - Priority field defines the priority of the packet with respect to
traffic congestion (also called Traffic Class)
Flow label - 24-bit field to provide special handling for a particular
data flow (more on this later)
Next header - defines the header that follows the base header. Each
extension header also contains this field (more on this later)
TCP/IP Protocol Suite
20
Table 27.3 Priorities for congestion-controlled
traffic
If a source can adapt itself to traffic slowdown when there is
congestion, the traffic is referred to as congestion-controlled
traffic.
TCP/IP Protocol Suite
21
Table 27.4 Priorities for noncongestion-controlled
traffic
These priorities are assigned to those types of traffic that
do not adapt well to congestion control techniques.
For example, real-time traffic would be assigned these values.
Lower priorities for data with more redundancy, such as highfidelity audio or video. Higher priorities for data with less
redundancy, such as low-fidelity audio or video.
TCP/IP Protocol Suite
22
Flow Label
A flow of packets is a sequence of packets sent from a source
to a destination and requires special handling by routers.
The combination of source address and flow label value uniquely
identifies a flow of packets.
Kind of like creating a virtual circuit - router looks in table for
flow label to see if it needs to be treated specially.
Faster than consulting a routing table, so these packets should
move faster. For example, real-time data should benefit from
this (will need other protocols such as Real-Time Protocol or
Resource Reservation Protocol).
Sounds like MPLS, but MPLS is designed for MPLS-based edge
routers, whereas flow label is end to end.
TCP/IP Protocol Suite
23
Flow Label
The flow label is assigned to a packet by the source host.
It is a random 24-bit value.
A source must not reuse a flow label for a new flow while
the existing low is still alive.
If a host does not support the flow label, it sets this field
to zero.
If a router does not support the flow label, it ignores it.
All packets belonging to the same flow label have the same
source, destination, priority, and options.
TCP/IP Protocol Suite
24
Figure 27.17
TCP/IP Protocol Suite
Extension header format
25
Table 27.2 Next header codes
Note how NextHeader cleverly replaces both the IP options and the
Protocol field of IPv4. If there are no extension headers, then next
header value tells you what the higher layer protocol is (2,6,17).
TCP/IP Protocol Suite
26
Figure 27.18
Extension header types
Six different types of extension headers:
Let’s take a brief look at each of these.
TCP/IP Protocol Suite
27
Figure 27.19
Hop-by-hop extension header option
Used when a source needs to pass information (such as
management, debugging, or control functions) to all
routers visited by the datagram.
TCP/IP Protocol Suite
28
Figure 27.20
TCP/IP Protocol Suite
The format of options in a hop-by-hop option header
Note: Only 3 types defined thus far. Pad1
and PadN are used for alignment (some
options need to start on 32-bit word
boundaries).
Jumbo payload informs routers that the
payload in this packet is greater than max
of 65,535 bytes.
29
Figure 27.24
Source routing extension header
Combines the concepts of the strict source router and the loose
source route options of IPv4.
Type field defines loose or strict routing.
TCP/IP Protocol Suite
30
Figure 27.25
TCP/IP Protocol Suite
Source routing example
31
Figure 27.26
Fragmentation
Similar concept to IPv4, except where IPv4 the source OR a
router can fragment, in IPv6 ONLY the source can fragment.
TCP/IP Protocol Suite
32
Figure 27.27
Authentication
Can be used to validate the message sender and ensure
the integrity of the data.
The Security parameter index field defines the algorithm used
for authentication. The Authentication data field contains the
actual data generated by the algorithm. Many different algorithms
can be used for authentication.
TCP/IP Protocol Suite
33
Figure 27.29
Encrypted security payload
Can be used to encrypt the payload.
Security parameter index field defines the type of encryption/
decryption used.
Encryption can be implemented in two ways: transport mode
and tunnel mode.
TCP/IP Protocol Suite
34
Figure 27.30
Transport mode encryption
In the transport mode the datagram is first encrypted
then encapsulated in an IPv6 packet.
Used to encrypt data from host to host.
Note that the Base and other headers is not encrypted.
TCP/IP Protocol Suite
35
Figure 27.31
Tunnel-mode encryption
In the tunnel-mode, the entire IP datagram with its base
header and extension headers is encrypted and then
encapsulated in a new IP packet using the ESP extension
header.
Used mostly by security gateways to encrypt data.
TCP/IP Protocol Suite
36
Table 27.6 Summary: Comparison between IPv4 options and
IPv6 extension headers
TCP/IP Protocol Suite
37
27.2 ICMPv6
ICMPv6, while similar in strategy to ICMPv4, has changes that makes it
more suitable for IPv6. ICMPv6 has absorbed some protocols that were
independent in version 4.
The topics discussed in this section include:
Error Reporting
Query
TCP/IP Protocol Suite
38
Figure 27.32
Comparison of network layers in version 4 and version 6
Note how ICMPv6 incorporates IGMP, ICMP, ARP, and RARP!
TCP/IP Protocol Suite
39
Figure 27.33
Categories of ICMPv6 messages
Same as version 4
TCP/IP Protocol Suite
40
Figure 27.34
General format of ICMP messages
Type field tells which kind of ICMP message;
Code field defines further the kind of the type
TCP/IP Protocol Suite
41
Figure 27.35
TCP/IP Protocol Suite
Error-reporting messages
42
Table 27.7 Comparison of error-reporting messages in ICMPv4
and ICMPv6
TCP/IP Protocol Suite
43
Figures 27.36 to 27.39
Destination unreachable
Code
0: no path
1: comm. prohibited
2: strict source routing
impossible
3: dest unreachable
4: port not available
Packet too big
Time exceeded
Parameter problems
TCP/IP Protocol Suite
0: hop limit zero
1: fragments did
not arrive
0:error in header
1: error in ext head
2: error in option
44
Figure 27.40
Redirection message format
new
field
TCP/IP Protocol Suite
45
Figure 27.41
TCP/IP Protocol Suite
Query messages
46
Table 27.8 Comparison of query messages in ICMPv4
and ICMPv6
Timestamp request and reply not needed here since TCP does it
(and it is rarely used anyway).
Address mask request and reply not needed since IPv6 address
format allows for 2^32 - 1 different subnets.
TCP/IP Protocol Suite
47
Figure 27.42
Echo request and reply messages
Recall this is designed for diagnostic purposes.
Network managers use this pair to identify network problems.
With these they can determine whether two systems can
communicate with each other.
TCP/IP Protocol Suite
48
Figure 27.43
Router-solicitation and advertisement message formats
Recall: router
solicitation is used
to ask other routers
who is out there;
router advertisement
is returned from a
router saying “Here
I am”.
TCP/IP Protocol Suite
49
Figure 27.44
Neighbor-solicitation and advertisement message formats
This pair essentially
replaces ARP in IPv6.
TCP/IP Protocol Suite
50
Figure 27.46
Group-membership message formats
These messages replace
IGMP in IPv4 (we did
not cover IGMP).
TCP/IP Protocol Suite
51
Figure 27.47
TCP/IP Protocol Suite
Four situations of group-membership operation
52
27.3 TRANSITION FROM IPv4
TO IPv6
Three strategies have been devised by the IETF to provide for a smooth
transition from IPv4 to IPv6.
The topics discussed in this section include:
Dual Stack
Tunneling
Header Translation
TCP/IP Protocol Suite
53
Figure 27.48
TCP/IP Protocol Suite
Three transition strategies
54
Figure 27.48
Three transition strategies
A station should run IPv4 and IPv6 simultaneously
until all of the Internet uses IPv6.
To determine which version to send, the source host
queries the DNS. If the DNS returns an IPv4 address,
the source host sends an IPv4. If DNS returns an IPv6
address…
TCP/IP Protocol Suite
55
Figure 27.49
TCP/IP Protocol Suite
1: Dual stack
56
Figure 27.50
2a: Automatic tunneling
When an IPv6 address has to pass thru an IPv4 region before
reaching an IPv6 destination.
Simply layer an IPv4 packet over the IPv6 packet.
IPv4 Protocol field set to 41 to denote this layering.
Receiving host is running a dual IPv6/IPv4 stack.
TCP/IP Protocol Suite
57
Figure 27.51
2b: Configured tunneling
Receiving host cannot handle an IPv6-compatible address
(one that has been converted from IPv6 to IPv4), so the
last IPv4 router removes the IPv4 header.
TCP/IP Protocol Suite
58
Figure 27.52
3: Header translation
This is what happens when the receiver only understands
IPv4. IPv6 header has to be completely converted to IPv4.
See next slide for details on this conversion.
TCP/IP Protocol Suite
59
Table 27.9 Header translation
TCP/IP Protocol Suite
60
Who is using IPv6?
Microsoft
Windows XP SP2 (disabled by default)
Vista
Server 2008 (in beta)
Cisco
Nokia
U.S. government (June 2008)
NATO
and …
TCP/IP Protocol Suite
61
IPV6 at DePaul
Bin Zhang
Greg Brewster
McGraw-Hill
©The McGraw-Hill Companies, Inc., 2000
Why IPv6?




The recent exponential growth of the Internet
and the impending exhaustion of the IPv4
address space.
The growth of the Internet and the ability of
Internet backbone routers to maintain large
routing tables.
The need for simpler configuration.
The need for better support for multiple data
delivery service levels (i.e., high-priority, lowdelay, real-time) – also called Quality of
Service (QoS).
TCP/IP Protocol Suite
63
IPv6 Features






New header format
Large address space
Efficient and hierarchical addressing and
routing infrastructure
Stateless and stateful address
configuration
Built-in security
Better support for QoS
TCP/IP Protocol Suite
64
Differences - IPv4 and IPv6
IPv4
IPv6
Source and destination addresses are 32 bits
Source and destination addresses are 128 bits
No identification of packet flow for QoS
QoS handling by routers is indicated using
Flow Label field in the IPv6 header
Fragmentation is done by both routers and the
sending host.
Fragmentation is not done by routers, only by
the sending host.
Header includes a checksum.
Header does not include a checksum.
Must be configured either manually or through
DHCP
Does not require manual configuration or
DHCP.
TCP/IP Protocol Suite
65
IPv6 Flow Label for QoS

Flow Label field in IPv6 header indicates whether a packet
belongs to a sequence of packets requiring special handling by
IPv6 routers – such as:





Route table synchronization packets needed to clear up routing
problems – requiring highest priority
Streaming audio or video packets – requiring low delay variability
Voice over IP packets – requiring priority over other data packets
In IPv4, this packet flow classification has been done based on
the 5-tuple of <IP addresses, ports, transport protocol type>.
However, some of these fields may be unavailable due to
fragmentation or encryption.
In IPv6, a packet is classified to a certain flow by the <Flow
Label, Source Address, Destination Address> triplet. This
guarantees that special handling requirements can be met
regardless of fragmentation or encryption.
TCP/IP Protocol Suite
66
IPv6 Addressing

IPv6 Address Syntax


128-bit address is divided along 16-bit boundaries, and each
16-bit block is converted to a 4-digit hexadecimal number
and separated by colons.
Example:

0010000111011010
0000000000000000
0000001010101010
1111111000101000


0000000011010011
0010111100111011
0000000011111111
1001110001011010
21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A
Zero Compression


Can substitute ‘::’ for any single string of zeros in address
For example, FE80:0:0:0:2AA:FF:FE9A:4CA2 becomes
FE80::2AA:FF:FE9A:4CA2
TCP/IP Protocol Suite
67
IPv6 at DePaul



IPv6 services are now activated on all
CTI routers and DePaul backbone
routers.
DePaul has been assigned its own
unique IPv6 Global Routing Index to
identify us on the global Internet.
IPv6 services can be easily activated on
any CTI workstation or server.
TCP/IP Protocol Suite
68
IPv6 at DePaul

DePaul has been assigned the global
IPv6 address group
2001:468:1202::0/48 (analogous to our
140.192.0.0/16 network prefix in IPv4),
which provides the university with
about 1.2 septillion addresses (2^80).
TCP/IP Protocol Suite
69
Unicast IPv6 Address


Equivalent to public IPv4 address.
Same 3-way split as IPv4:



Network ID (called Global Routing Prefix in IPv6) is allocated
through ICAAN / IANA to assure global uniqueness.
Subnet IDs assigned to local subnets by network administrators.
Host ID (called Interface ID in IPv6) identifies device interface.
TCP/IP Protocol Suite
70
WinXP Example
Ipconfig output
$ ipconfig /all
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . : cstcis.cti.depaul.edu
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-10-18-0B-2A-DB
IP Address. . . . . . . . . . . . : 140.192.35.133
Subnet Mask . . . . . . . . . . . : 255.255.255.128
IP Address. . . . . . . . . . . . : 2001:468:1202:207:210:18ff:fe0b:2adb
IP Address. . . . . . . . . . . . : fe80::210:18ff:fe0b:2adb
Default Gateway . . . . . . . . . : 140.192.35.248
fe80::210:f6ff:fedc:381c
DHCP Server . . . . . . . . . . . : 140.192.36.236
DNS Servers . . . . . . . . . . . : 140.192.36.3
140.192.36.4
fec0:0:0:ffff::1
Lease Obtained. . . . . . . . . . : Monday, August 29, 2005 3:52:10 PM
Lease Expires . . . . . . . . . . : Monday, September 05, 2005 3:52:10 PM
TCP/IP Protocol Suite
71
IPv6 Address Example

2001:468:1202:207:210:18ff:fe0b:2adb
Global Routing Prefix



Subnet
Interface ID
DePaul Global Routing Prefix = 2001:468:1202
Subnet 207 is a CTI subnet within DePaul
Interface ID is 210:18ff:fe0b:2adb
TCP/IP Protocol Suite
72
IPv6 Interface ID


64-bit Interface ID is derived from the 48bit Physical address (also called MAC
address or Ethernet address).
From our example:


Physical address = 00-10-18-0B-2A-DB
Interface ID = 02-10-18-FF-FE-0B-2A-DB
TCP/IP Protocol Suite
73
The Algorithm
MAC Address  IPv6 Interface ID
TCP/IP Protocol Suite
74
IPv6 Link-Local Address



Used to communicate with neighboring nodes
on the same subnet.
IPv4 has same idea (substitute 0-bits into
Network/Subnet fields), but seldom used.
Starts with FE80. From our ipconfig example:
fe80::210:18ff:fe0b:2adb
TCP/IP Protocol Suite
75
IPv6 Site-Local Address


Equivalent to IPv4 private address spaces
(10.0.0.0/8, 172.16.0.0/12, and
192.168.0.0/16)
Starts with FEC0. From our ipconfig example,
IPv6-capable DNS server address is:
fec0:0:0:ffff::1
TCP/IP Protocol Suite
76
References




http://www.ipv6.org/
http://www.ipv6forum.com/
http://www.bieringer.de/linux/IPv6/IPv6HOWTO/IPv6-HOWTO.html
http://www.microsoft.com/technet/prodtec
hnol/winxppro/plan/faqipv6.mspx
TCP/IP Protocol Suite
77
Related documents
TCP/IP Configuration
TCP/IP Configuration
Software Engineering Syllabus
Software Engineering Syllabus
CLIENT SERVER ARCHITECTURE
CLIENT SERVER ARCHITECTURE
IPv4
IPv4
Searching Extracting and Archiving Data
Searching Extracting and Archiving Data
Networking - Institute of Mathematics and Informatics
Networking - Institute of Mathematics and Informatics
How the Internet Works
How the Internet Works
IPv6 Site Renumbering Gap Analysis
IPv6 Site Renumbering Gap Analysis
Title: ISPs ignore IP timebomb
Title: ISPs ignore IP timebomb
Proposed Differentiated Services on the Internet
Proposed Differentiated Services on the Internet