Beruflich Dokumente
Kultur Dokumente
INTRODUCTION
Due to recent concerns over the impending depletion of the current pool of Internet
addresses and the desire to provide additional functionality for modern devices, an
upgrade of the current version of the Internet Protocol (IP), called IPv6, has been
standardized. This new version, called IP version 6 (IPv6), resolves unanticipated IPv4
design issues and takes the Internet into the 21st Century. This paper describes the
problems of the IPv4 Internet and how they are addressed by IPv6, IPv6 addressing, the
new IPv6 header and its extensions, the IPv6 replacements for the Internet Control
Message Protocol (ICMP) and Internet Group Management Protocol (IGMP),
neighboring node interaction, IPv6 address autoconfiguration, and IPv6 routing. This
paper provides a foundation of Internet standards-based IPv6 concepts and is intended for
network engineers and support professionals who are already familiar with basic
networking concepts and TCP/IP.
IPv6 has a number of improvements and simplifications when compared to IPv4. The
primary difference is that IPv6 uses 128 bit addresses as compared to the 32 bit addresses
used with IPv4. This means that there are more available IP addresses using IPv6 than are
available with IPv4 alone. For a very clear comparison, in IPv4 there is a total of
4,294,967,296 IP addresses. With IPv6, there is a total of 18,446,744,073,709,551,616 IP
addresses in a single /64 allocation. A significant difference between IPv6 and IPv4 is the
address notation. IPv4 uses a period (.) between each octet, compared to IPv6 which uses
a colon (:). With IPv6, if you have a series of zeroes in a row, the address need not be
written out completely. You can use a double colon (::) to represent that series of zeros.
2. SUBNETTING EXAMPLE
128.10.1.1 H1128.10.1.2H2
Sub-network 128.10.1.0
Internet
All traffic
to 128.10.0.0
128.10.2.1H3128.10.2.2H4
Net
Sub-network 128.10.2.0
mask
Subnet mask 255.255.255.0
255.255.
0.0
Figure 1
3. NETMASK
A netmask is a 32-bit mask used to divide an IP address into subnets and specify the
networks available hosts. In a netmask, two bits are always automatically assigned. For
example, in 255.255.225.0, "0" is the assigned network address; and in 255.255.255.255,
"255" is the assigned broadcast address. The 0 and 255 are always assigned and cannot be
used.
Below is an example of a netmask and an example of its binary conversion.
Netmask
255
255
255
255
:
Binary:
Netmask
11111111
11111111
16
11111111
24
11111111
32
length:
Table 1
Counting out the bits in the binary conversion allows you to determine the netmask length.
In the above example, you have an example of a 32-bit address. However, this address is a
broadcast address and does not allow any hosts (computers or other network devices) to be
connected to it.
A commonly used netmask is a 24-bit netmask, as seen below.
Netmask
Binary
255.
11111111
255.
11111111
255.
11111111
0
00000000
Netmask
16
24
-----
length
Table 2
Using a 24-bit netmask, the network would be capable of 2,097,150 networks or 254
different hosts with an IP range of 192.0.1.x - 223.255.254.x. This is commonly plenty of
3
Netmask length
8
16
# of network
126
16,382
# of host
16,777,214
65,534
Netmask
255.0.0.0
255.255.0.0
Class C
24
2,097,150
254
255.255.255.0
Table 3
3FFE:085B:1F1F:0000:0000:0000:00A9:1234
8 groups of 16-bit hexadecimal numbers separated by :
Leading zeros can be removed.
3FFE:85B:1F1F::A9:1234
:: = all zeros in one or more group of 16-bit hexadecimal numbers.
Because of their long bit lengths, IPv6 addresses tend to contain a lot of zeros. When a
section of an address starts with one or more zeros, those zeros are nothing more than
placeholders. So any leading zeros can be suppressed.
In IPv4, every IP address comes with a corresponding subnet mask. IPv6 also uses subnets,
but the subnet ID is built into the address.
In an IPv6 address, the first 48 bits are the network prefix. The next 16 bits are the subnet ID
and are used for defining subnets. The last 64 bits are the interface identifier (which is also
known as the Interface ID or the Device ID).
If necessary, the bits that are normally reserved for the Device ID can be used for additional
subnet masking. However, this is normally not necessary, as using a 16-bit subnet and a 64bit device ID provides for 65,535 subnets with quintillions of possible device IDs per subnet.
Still, some organizations are already going beyond 16-bit subnet IDs.
Beginning with Windows Vista, Microsoft began installing and enabling IPv6 by default.
Because the Windows implementation of IPv6 is self-configuring, your computers could be
broadcasting IPv6 traffic without your even knowing it. Of course, this doesn't necessarily
mean that you can abandon IPv4. Not all switches and routers support IPv6, just as some
applications contain hard-coded references to IPv4 addresses.
It's kind of ironic, but as hard as Microsoft has been pushing IPv6 adoption, Windows does
not fully support IPv6 in all the ways you might expect. For example, in Windows, it is
possible to include an IP address within a Universal Naming Convention (\\127.0.0.1\C$, for
example). However, you can't do this with IPv6 addresses because when Windows sees a
colon, it assumes you're referencing a drive letter.
To work around this issue, Microsoft has established a special domain for IPv6 address
translation. If you want to include an IPv6 address within a Universal Naming Convention,
you must replace the colons with dashes and append .ipv6.literal.net to the end of the address
-- for example, FE80-AB00--200D-617B.ipv6.literal.net.
In IPv4, Host (A) records are used to map an IP address to a host name. DNS is still used in
IPv6, but Host (A) records are not used by IPv6 addresses. Instead, IPv6 uses AAAA
resource records, which are sometimes referred to as Quad A records. The domain ip6.arpa is
used for reverse hostname resolution.
6. NAT EXAMPLE
Figure 2
Table 4
7. STATELESS AUTOCONFIGURATION
Figure 3
Stateless Auto Configuration is an important feature offered by the IPv6 protocol. It allows
the various devices attached to an IPv6 network to connect to the Internet using the Stateless
Auto Configuration without requiring any intermediate IP support in the form of a Dynamic
Host Configuration Protocol (DHCP) server. A DHCP server holds a pool of IP addresses that
are dynamically assigned for a specified amount of time to the requesting node in a Local
Area Network (LAN).
Stateless Auto Configuration is a boon for the Network Administrators since it has automated
the IP address configuration of individual network devices. Earlier, configuration of the IP
addresses was a manual process requiring support of a DHCP server. However, IPv6 allows
the network devices to automatically acquire IP addresses and also has provision for
renumbering/reallocation of the IP addresses en masse. With a rapid increase in the number of
network devices connected to the Internet, this feature was long overdue. It simplifies the
process of IP address allocation by doing away with the need of DHCP servers and also
allows a more streamlined assignment of network addresses thereby facilitating unique
identification of network devices over the Internet.
The auto configuration and renumbering features of Internet Protocol version 6 are defined in
RFC 2462. The word "stateless" is derived from the fact that this method doesn't require the
9
host to be aware of its present state so as to be assigned an IP address by the DHCP server.
The stateless auto configuration process comprises of the following steps undertaken by a
network device:
interface identifier.
Link-Local Address Uniqueness Test - In this step, the networked device ensures
that the link-local address generated by it is not already used by any other device i.e.
Neighbor Discovery:The Neighbor Discovery Protocol or NDP in the IPv6 is an improvement over the Internet
Control Message Protocol (ICMP). It is essentially a messaging protocol that facilitates the
discovery of neighbouring devices over a network. The NDP uses two kinds of addresses:
unicast addresses and multicast addresses. The Neighbor Discovery protocol performs nine
specific tasks that are divided into three functional groups.
10
Table 5
Advantages of Stateless Auto Configuration:1.Doesn't require support of a DHCP server - Stateless Auto Configuration does away with
the need of a DHCP server to allocate IP addresses to the individual nodes connected to the
Local Area Network (LAN).
2. Allows hot plugging of network devices - The network devices can be 'hot-plugged' to the
Internet. Since the devices can configure their own IP addresses, there is no need for manual
configuration of the network devices. The devices can be simply connected to the network
and they automatically configure themselves to be used over an IPv6 network.
8. Major Improvements of
IPv6 Header
11
The current Internet has a number of security problems. The Internet lacks effective privacy
and effective authentication mechanisms beneath the application layer. IPv6 remedies these
shortcomings by having two integrated options that provide security services. You can use
these two options either individually or together to provide differing levels of security to
different users. Different user communities have different security needs.
The first option, an extension header that is called the IPv6 Authentication Header (AH),
provides authentication and integrity, without confidentiality, to IPv6 datagrams. The
extension is algorithm independent. The extension supports many different authentication
techniques. The use of AH is proposed to help ensure interoperability within the worldwide
Internet. The use of AH eliminates a significant class of network attacks, including host
masquerading attacks. When using source routing with IPv6, the IPv6 authentication header
becomes important because of the known risks in IP source routing. Upper-layer protocols
and upper-layer services currently lack meaningful protections. However, the placement of
the header at the Internet layer helps provide host origin authentication.
The second option, an extension header that is called the IPv6 Encapsulating Security
Payload (ESP), provides integrity and confidentiality to IPv6 datagrams. Though simpler
than some similar security protocols, ESP remains flexible and is algorithm independent.
Similar security protocols include SP3D and ISO NLSP.
12
In the early days of TCP/IP, the ARPANET user community was small and close, and security
mechanisms were not of primary concern. As the number of TCP/IP hosts grew, and the user
community became one of strangers (some nefarious) rather than friends, security became
more important. As critical and sensitive data travels on today's Internet, security is of
paramount concern. Although many of today's TCP/IP applications have their own security
mechanisms, many would argue that security should be implemented at the lowest possible
protocol layer. Ipv4 had few, if any, security mechanisms, and authentication and privacy
mechanisms at lower protocol layers is largely absent. Ipv6 builds two security schemes into
the basic protocol.
The first mechanism is the IP authentication Header referred to as AH (RFC 1826), an
extension header that can provide integrity and authentication for IP packets. The Ipv6
Authentication Header (AH) provides integrity and authentication for Ipv6 datagrams by
computing a cryptographic authentication function over the Ipv6 datagram and using a secret
authentication key in this computation. The sender computes the authentication data for static
fields just prior to sending the authenticated Ipv6 packet and the receiver verifies the
correctness of the authentication data upon reception.
Non-repudiation might be provided by some (e.g. asymmetric) authentication algorithms used
with the Authentication Header. The default authentication algorithm is keyed MD5, which
like all symmetric algorithms cannot provide non-repudiation. Confidentiality and traffic
analysis protection are not provided by the AH as the IPV6 datagrams are not encrypted.
The ability to handle links with partial reachability, such as typical wireless networks.
However, a movement detection procedure addresses some aspects.
Global
Site Local
Local Link
Figure 4
15
Figure 5
16
Mobile Node
Home Address
C/o-Address
Binding
Home Agent
Router located at the Mobile Nodes home network used
by the Mobile Node for registering its c/o-Address.
Binding Cache
17
18
14. CONCLUSION
IPv6 is NEW
built on the experiences learned from IPv4
new features
large address space
new efficient header
autoconfiguration
and OLD
still IP
build on a solid base
started in 1995, a lot of implementations and tests done
19
REFERENCES
1. www.wikipedia.com
2. https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0CDAQFjAC
&url=https%3A%2F%2Fdocs.oracle.com%2Fcd%2FE19683-01%2F8170573%2Fchapter1-44%2Findex.html&ei=bBVGVcCKJSEuwS3qoHADw&usg=AFQjCNGI9e-VLNI5V8zAxCxxNOStYgsgQ&sig2=vvSZ4NKxgjwIekfsSdTEuA
3. www.ipv6.com
4. www.networksorcery.com
5. www.iana.org/assignments
6.
www.ipv6forum.com
7.
www.computernetworkingnotes.com
8.
support.microsoft.com
20
21
22
23
24
25
26
27
28
29
30
31
32