1.

INTRODUCTION
Due to recent concerns over the impending depletion of the current pool of Internet
addresses and the desire to provide additional functionality for modern devices, an
upgrade of the current version of the Internet Protocol (IP), called IPv6, has been
standardized. This new version, called IP version 6 (IPv6), resolves unanticipated IPv4
design issues and takes the Internet into the 21st Century. This paper describes the
problems of the IPv4 Internet and how they are addressed by IPv6, IPv6 addressing, the
new IPv6 header and its extensions, the IPv6 replacements for the Internet Control
Message Protocol (ICMP) and Internet Group Management Protocol (IGMP),
neighboring node interaction, IPv6 address autoconfiguration, and IPv6 routing. This
paper provides a foundation of Internet standards-based IPv6 concepts and is intended for
network engineers and support professionals who are already familiar with basic
networking concepts and TCP/IP.
IPv6 has a number of improvements and simplifications when compared to IPv4. The
primary difference is that IPv6 uses 128 bit addresses as compared to the 32 bit addresses
used with IPv4. This means that there are more available IP addresses using IPv6 than are
available with IPv4 alone. For a very clear comparison, in IPv4 there is a total of
4,294,967,296 IP addresses. With IPv6, there is a total of 18,446,744,073,709,551,616 IP
addresses in a single /64 allocation. A significant difference between IPv6 and IPv4 is the
address notation. IPv4 uses a period (.) between each octet, compared to IPv6 which uses
a colon (:). With IPv6, if you have a series of zeroes in a row, the address need not be
written out completely. You can use a double colon (::) to represent that series of zeros.

2. SUBNETTING EXAMPLE

128.10.1.1 H1128.10.1.2H2
Sub-network 128.10.1.0

Internet

All traffic
to 128.10.0.0
128.10.2.1H3128.10.2.2H4

Net
Sub-network 128.10.2.0
mask
Subnet mask 255.255.255.0
255.255.
0.0

Figure 1

A subnetwork, or subnet, is a logical, visible subdivision of an IP network. The

practice of dividing a network into two or more networks is called subnetting.
It has three-level hierarchy: network, subnet, and host.
A network is a group of two or more computer systems linked together. There are
many types of computer networks, including the following: localarea networks (LANs): The computers are geographically close together (that is, in
the same building).

A network host is a computer or other device connected to a computer network. A

network host may offer information resources, services, and applications to users or
other nodes on the network. A network host is a network node that is assigned a
network layer host address.

3. NETMASK
A netmask is a 32-bit mask used to divide an IP address into subnets and specify the
networks available hosts. In a netmask, two bits are always automatically assigned. For
example, in 255.255.225.0, "0" is the assigned network address; and in 255.255.255.255,
"255" is the assigned broadcast address. The 0 and 255 are always assigned and cannot be
used.
Below is an example of a netmask and an example of its binary conversion.

Netmask

255

255

255

255

:
Binary:
Netmask

11111111

11111111
16

11111111
24

11111111
32

length:
Table 1

Counting out the bits in the binary conversion allows you to determine the netmask length.
In the above example, you have an example of a 32-bit address. However, this address is a
broadcast address and does not allow any hosts (computers or other network devices) to be
connected to it.
A commonly used netmask is a 24-bit netmask, as seen below.
Netmask
Binary

255.
11111111

255.
11111111

255.
11111111

0
00000000

Netmask

16

24

-----

length
Table 2

Using a 24-bit netmask, the network would be capable of 2,097,150 networks or 254
different hosts with an IP range of 192.0.1.x - 223.255.254.x. This is commonly plenty of
3

addresses for one network.

A simple formula can be used to determine the capable amount of networks a netmask
can support. With the understanding that the netmask length is 24, subtract three from that
number, e.g. 24-3 = 21. Once this number is determined, take 2 to the x power - 2 (where x
is the number you just determined). Which would be 2^21 - 2 = 2,097,150. You are
subtracting two from this number because of the broadcast and network addresses that are
already being used.
To determine the amount of hosts a netmask is capable of supporting is similar to the
above. As you see by the above chart, we have eight zeros. This number is similar to the 21
we determined earlier. Therefore, 2 to the x power - 2. (where x is the number of zeros in the
netmask). This would be 2^8 - 2 = 254. Again, two is subtracted from this number to account
for the broadcast and network addresses.
Below is a breakdown of each of the commonly used network classes.
Class
Class A
Class B

Netmask length
8
16

# of network
126
16,382

# of host
16,777,214
65,534

Netmask
255.0.0.0
255.255.0.0

Class C

24

2,097,150

254

255.255.255.0

Table 3

4. IPv6: Security Issues

Provision for
Authentication header
Guarantees authenticity and integrity of data
Encryption header
Ensures confidentiality and privacy
Encryption modes:
Transport mode
Tunnel mode
Independent of key management algorithm.
Security implementation is mandatory requirement in IPv6.
Due to IPv6s massive address space, it would take years to scan a single IPv6
block, versus seconds for an IPv4 block. You might think that this would prevent
flooding attacks, but youd be wrong. Thanks to multicast traffic, which allows you
to send a packet to multiple destinations with a single send operation, distributed
denial of service (DDoS) attacks, like smurf, are possible.
The modification of a source IP address, as well as the ports on which they are
communicating, can be done to make it appear as if traffic originated somewhere
else. There are best practice methods for filtering, as in RFC 2827, but this isnt
mandatory, which means many ISPs wont implement it.

5. 128-bit IPv6 Address

3FFE:085B:1F1F:0000:0000:0000:00A9:1234
8 groups of 16-bit hexadecimal numbers separated by :
Leading zeros can be removed.

3FFE:85B:1F1F::A9:1234
:: = all zeros in one or more group of 16-bit hexadecimal numbers.
Because of their long bit lengths, IPv6 addresses tend to contain a lot of zeros. When a
section of an address starts with one or more zeros, those zeros are nothing more than
placeholders. So any leading zeros can be suppressed.
In IPv4, every IP address comes with a corresponding subnet mask. IPv6 also uses subnets,
but the subnet ID is built into the address.

In an IPv6 address, the first 48 bits are the network prefix. The next 16 bits are the subnet ID
and are used for defining subnets. The last 64 bits are the interface identifier (which is also
known as the Interface ID or the Device ID).

If necessary, the bits that are normally reserved for the Device ID can be used for additional
subnet masking. However, this is normally not necessary, as using a 16-bit subnet and a 64bit device ID provides for 65,535 subnets with quintillions of possible device IDs per subnet.
Still, some organizations are already going beyond 16-bit subnet IDs.
Beginning with Windows Vista, Microsoft began installing and enabling IPv6 by default.
Because the Windows implementation of IPv6 is self-configuring, your computers could be
broadcasting IPv6 traffic without your even knowing it. Of course, this doesn't necessarily

mean that you can abandon IPv4. Not all switches and routers support IPv6, just as some
applications contain hard-coded references to IPv4 addresses.
It's kind of ironic, but as hard as Microsoft has been pushing IPv6 adoption, Windows does
not fully support IPv6 in all the ways you might expect. For example, in Windows, it is
possible to include an IP address within a Universal Naming Convention (\\127.0.0.1\C$, for
example). However, you can't do this with IPv6 addresses because when Windows sees a
colon, it assumes you're referencing a drive letter.

To work around this issue, Microsoft has established a special domain for IPv6 address
translation. If you want to include an IPv6 address within a Universal Naming Convention,
you must replace the colons with dashes and append .ipv6.literal.net to the end of the address
-- for example, FE80-AB00--200D-617B.ipv6.literal.net.
In IPv4, Host (A) records are used to map an IP address to a host name. DNS is still used in
IPv6, but Host (A) records are not used by IPv6 addresses. Instead, IPv6 uses AAAA
resource records, which are sometimes referred to as Quad A records. The domain ip6.arpa is
used for reverse hostname resolution.

6. NAT EXAMPLE

Figure 2

Table 4

Network address translation (NAT) is a methodology of remapping one IP address

space into another by modifying network address information in Internet Protocol (IP)
datagram packet.
The original use of network address translation consisted of mapping every address of
one address space to a corresponding address in another space, such as when an
enterprise changed Internet service providers, without having a facility to announce a
public route to the network

7. STATELESS AUTOCONFIGURATION

Figure 3

Stateless Auto Configuration is an important feature offered by the IPv6 protocol. It allows
the various devices attached to an IPv6 network to connect to the Internet using the Stateless
Auto Configuration without requiring any intermediate IP support in the form of a Dynamic
Host Configuration Protocol (DHCP) server. A DHCP server holds a pool of IP addresses that
are dynamically assigned for a specified amount of time to the requesting node in a Local
Area Network (LAN).
Stateless Auto Configuration is a boon for the Network Administrators since it has automated
the IP address configuration of individual network devices. Earlier, configuration of the IP
addresses was a manual process requiring support of a DHCP server. However, IPv6 allows
the network devices to automatically acquire IP addresses and also has provision for
renumbering/reallocation of the IP addresses en masse. With a rapid increase in the number of
network devices connected to the Internet, this feature was long overdue. It simplifies the
process of IP address allocation by doing away with the need of DHCP servers and also
allows a more streamlined assignment of network addresses thereby facilitating unique
identification of network devices over the Internet.
The auto configuration and renumbering features of Internet Protocol version 6 are defined in
RFC 2462. The word "stateless" is derived from the fact that this method doesn't require the
9

host to be aware of its present state so as to be assigned an IP address by the DHCP server.
The stateless auto configuration process comprises of the following steps undertaken by a
network device:

Link-Local Address Generation - The device is assigned a link-local address. It

comprises of '1111111010' as the first ten bits followed by 54 zeroes and a 64 bit

interface identifier.
Link-Local Address Uniqueness Test - In this step, the networked device ensures
that the link-local address generated by it is not already used by any other device i.e.

the address is tested for its uniqueness.

Global Address Configuration - The host configures itself with its globally unique
Internet address. The address comprises of a network prefix provided by the router

together with the device identifier.

Link-Local Address Assignment - Once the uniqueness test is cleared, the IP
interface is assigned the link local address. The address becomes usable on the local

network but not over the Internet.

Router Contact - The networked device makes contact with a local router to

determine its next course of action in the auto configuration process.

Router Direction - The node receives specific directions from the router on its next
course of action in the auto configuration process.

Neighbor Discovery:The Neighbor Discovery Protocol or NDP in the IPv6 is an improvement over the Internet
Control Message Protocol (ICMP). It is essentially a messaging protocol that facilitates the
discovery of neighbouring devices over a network. The NDP uses two kinds of addresses:
unicast addresses and multicast addresses. The Neighbor Discovery protocol performs nine
specific tasks that are divided into three functional groups.
10

Table 5

Advantages of Stateless Auto Configuration:1.Doesn't require support of a DHCP server - Stateless Auto Configuration does away with
the need of a DHCP server to allocate IP addresses to the individual nodes connected to the
Local Area Network (LAN).

2. Allows hot plugging of network devices - The network devices can be 'hot-plugged' to the
Internet. Since the devices can configure their own IP addresses, there is no need for manual
configuration of the network devices. The devices can be simply connected to the network
and they automatically configure themselves to be used over an IPv6 network.

3.Suitable for applications requiring secure connection without additional

intermediaries in the form of a proxy or a DHCP server - Some of the modern day
applications such as teleconferencing require a fast and secure connection sans any
intermediary nodes that tend to slow down the communication process. Stateless Auto
Configuration helps meet such requirements by removing the intermediary proxy or DHCP
servers and thereby facilitating the communication process for such applications requiring
high-speed data transfers.

8. Major Improvements of
IPv6 Header
11

The current Internet has a number of security problems. The Internet lacks effective privacy
and effective authentication mechanisms beneath the application layer. IPv6 remedies these
shortcomings by having two integrated options that provide security services. You can use
these two options either individually or together to provide differing levels of security to
different users. Different user communities have different security needs.
The first option, an extension header that is called the IPv6 Authentication Header (AH),
provides authentication and integrity, without confidentiality, to IPv6 datagrams. The
extension is algorithm independent. The extension supports many different authentication
techniques. The use of AH is proposed to help ensure interoperability within the worldwide
Internet. The use of AH eliminates a significant class of network attacks, including host
masquerading attacks. When using source routing with IPv6, the IPv6 authentication header
becomes important because of the known risks in IP source routing. Upper-layer protocols
and upper-layer services currently lack meaningful protections. However, the placement of
the header at the Internet layer helps provide host origin authentication.
The second option, an extension header that is called the IPv6 Encapsulating Security
Payload (ESP), provides integrity and confidentiality to IPv6 datagrams. Though simpler
than some similar security protocols, ESP remains flexible and is algorithm independent.
Similar security protocols include SP3D and ISO NLSP.

No option field: Replaced by extension header. Result in a fixed length, 40-byte IP

header.

No header checksum: Result in fast processing.

No fragmentation at intermediate nodes: Result in fast IP forwarding.

12

In the early days of TCP/IP, the ARPANET user community was small and close, and security
mechanisms were not of primary concern. As the number of TCP/IP hosts grew, and the user
community became one of strangers (some nefarious) rather than friends, security became
more important. As critical and sensitive data travels on today's Internet, security is of
paramount concern. Although many of today's TCP/IP applications have their own security
mechanisms, many would argue that security should be implemented at the lowest possible
protocol layer. Ipv4 had few, if any, security mechanisms, and authentication and privacy
mechanisms at lower protocol layers is largely absent. Ipv6 builds two security schemes into
the basic protocol.
The first mechanism is the IP authentication Header referred to as AH (RFC 1826), an
extension header that can provide integrity and authentication for IP packets. The Ipv6
Authentication Header (AH) provides integrity and authentication for Ipv6 datagrams by
computing a cryptographic authentication function over the Ipv6 datagram and using a secret
authentication key in this computation. The sender computes the authentication data for static
fields just prior to sending the authenticated Ipv6 packet and the receiver verifies the
correctness of the authentication data upon reception.
Non-repudiation might be provided by some (e.g. asymmetric) authentication algorithms used
with the Authentication Header. The default authentication algorithm is keyed MD5, which
like all symmetric algorithms cannot provide non-repudiation. Confidentiality and traffic
analysis protection are not provided by the AH as the IPV6 datagrams are not encrypted.

9. Mobility Support in IPv6

13

Routing is based on the subnet prefix in a packet's destination IP address. Consequently,

packets that are destined for a mobile node, do not reach the node when the node is not
attached to the node's home link. The home link is the link where the node's home IPv6
subnet prefix exists. In order to continue communication, a mobile node can change its IP
address each time that the node moves to a new link. However, the mobile node does not
maintain transport and higher-layer connections when the node changes location.
Consequently, IPv6 mobility support is particularly important when recognizing that mobile
computers become a significant population of the Internet in the future.
IPv6 mobility support solves this problem. IPv6 mobility enables a mobile node to move
from one link to another link without changing the mobile node's IP address. IPv6 mobility
assigns an IP address to the mobile node within its home subnet prefix on its home link. This
address is known as the node's home address.
Thus, packets that are routed to the mobile node's home address reach their destination. The
mobile node's current point of attachment to the Internet does not matter. The mobile node
can continue to communicate with other nodes, stationary or mobile, after moving to a new
link.
IPv6 mobility solves the problem of transparently routing packets to and from mobile nodes
while away from home. IPv6 mobility does not solve all the problems that are related to the
use of mobile computers or wireless networks. In particular, IPv6 mobility does not attempt
to solve the following problems:

The ability to handle links with partial reachability, such as typical wireless networks.
However, a movement detection procedure addresses some aspects.

Access control on a link that is being visited by a mobile node.

14

10. IPv6 -Addressing Model

Global

Site Local

Local Link

Figure 4

addresses are assigned to interfaces

No change from IPv4 Model

interface expected to have multiple addresses

addresses have scope
Link Local Site Local Global

addresses have lifetime

Valid and Preferred lifetime

15

11. IPv4 vs. IPv6 Header

Figure 5

IPv4 Header14 fields, at least 20 octets

32 bit addresses
fragmented packet processing at every hop
header checksum recalculation at every hop
variable Options field for extra processing information

IPv6 Header8 fields, fixed 40 octet size

128 bit addresses
fragmentation only in srcand dstendpoint, or lower layer
no checksums
new 20 bit flow label field
options in Extension Headers

16

12. Terms used in Mobile IPv6

Mobile Node

Home Address

Node, which can change its access point to the Internet

while still being reachable under its Home Address.

Static IP Address of the Mobile Node valid at its home

network.

C/o-Address

Binding

Temporary IP Address of the Mobile Node valid at the

actually visited network of the Mobile Node (c/o = careof).
Association of the Home Address with the c/o-Address.

Home Agent
Router located at the Mobile Nodes home network used
by the Mobile Node for registering its c/o-Address.

Binding Cache

Cache for received Bindings.

Figure 6

17

13. Features of IPv6

Larger Address Space
End-to-End addressing; no NAT anymore.
Efficient and Extensible IP datagram
Stateless Address Autoconfiguration
Security (IPsec mandatory)
Mobility

18

14. CONCLUSION

IPv6 is NEW
built on the experiences learned from IPv4
new features
large address space
new efficient header
autoconfiguration

and OLD
still IP
build on a solid base
started in 1995, a lot of implementations and tests done

19

REFERENCES
1. www.wikipedia.com
2. https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0CDAQFjAC
&url=https%3A%2F%2Fdocs.oracle.com%2Fcd%2FE19683-01%2F8170573%2Fchapter1-44%2Findex.html&ei=bBVGVcCKJSEuwS3qoHADw&usg=AFQjCNGI9e-VLNI5V8zAxCxxNOStYgsgQ&sig2=vvSZ4NKxgjwIekfsSdTEuA
3. www.ipv6.com
4. www.networksorcery.com

5. www.iana.org/assignments

6.

www.ipv6forum.com

7.

www.computernetworkingnotes.com

8.

support.microsoft.com

20

21

22

23

24

25

26

27

28

29

30

31

32