1 / 80

White Paper

White Paper. IPv6. February . 2010 D-Link HQ. Agenda. Agenda. What is IPv6?. IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4").

alvis
Télécharger la présentation

White Paper

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. White Paper IPv6 February. 2010 D-Link HQ

  2. Agenda

  3. Agenda

  4. What is IPv6? • IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4"). • Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet. • IPv6 fixes a number of problems in IPv4, such as the limited number of available IPv4 addresses. • Compared with IPv4,IPv6 has the following features: • Near-limitless address space • Network auto configuration • The built-in security • Better QoS support • Simplified Packet Header • Better mobility • Routing improvement

  5. IPv6 Features • Larger Address Spaces • IPv6 addresses are 128-bits long, which enables a total of 3.4 * 1038 possible addressable nodes • Stateless Address Autoconfiguration • IPv6 hosts use ICMPv6 router discovery message for auto-configuration • Mandatory Network Layer Security • IPSec support is mandatory in IPv6 • Interoperable with IPv4 IPSec • Simplified Packet Header • No fragmentation by default in IPv6 • Time-to-Live (TTL) field replaced by Hop Count • No Checksum field => rely on L4 protocol

  6. Larger Address Spaces • IPv4 • 32 bits • About 4,200,000,000 possible addressable nodes • IPv6 • 128 bits • About 340,282,366,920,938,463,463,374,607,431,768,211,456 nodes IP v4 = 32 Bits IP v6 = 128 Bits

  7. Agenda

  8. Why do we need IPv6? • IPv4 Exhaustion: • IPv4 contains about 4 billion addresses • However, a large block is reserved for special use and not for public • Rapid Internet growth in the 1990s also dramatically used up IP addresses • Mobile devices, broadband connections all use IP now • Current IPv4 addresses are predicted to be exhausted by 2011 • Short-term solutions: • Network Address Translation (NAT) • DHCP in broadband (xDSL, ETTx) applications • Use of classless subnet mask (CIDR) But as everything is based on IP now, we need a long-term solution to address this problem

  9. Drivers for IPv6? • IP Everywhere • Internet-enabled wireless devices • Diversity of Network Devices • Home Application : IP to the home • Peer-to-Peer Application, Gaming • Tender requirement • Government • Education • Military • Investment Protection for future compatibility • Government & Organization Leadership • IPv6 Ready Logo Popularity

  10. Agenda

  11. IPv6 Addressing IPv6 Packet Format ICMPv6 IPv6 Neighbor Discovery IPv6 Address Configuration IPv6 Security How does IPv6 work?

  12. IPv6 Address Format: IPv6 address = Prefix + Interface ID Prefix: Equivalent to the network ID in the V4 address Interface ID: Equivalent to the host ID in the v4 address 128 bits, divided into eight 16-bit groups by using colons. Each part includes 4-bit hex numbers. The length of the network address (prefix) is represented with “/number”. Example: 3ffe:3700:1100:0001:d9e6:0b9d:14c6:45ee/64 IPv6 Addressing

  13. In each 16-bit segment, the starting zero can be omitted One or multiple adjacent all 0’s segments can be represented by two colons :: Two colons can only be used once The following example shows the different ways for representing an address: 0001:0123:0000:0000:0000:ABCD:0000:0001/96 1:123:0:0:0:ABCD:0:1/96 1:123::ABCD:0:1/96 IPv6 Address Abbreviation

  14. Unicast address : Link-local , Site-local, Global Multicast address Anycast address Special address : Not specified, Loopback IPv6 Address Classification

  15. Identifying a single interface IPv6 unicast address classification (One interface has multiple addresses for different intentions): Link-local address e.g. FE80::E0:F726:4E58 Site-local address e.g. FEC0::E0:F726:4E58 Global unicast address e.g. 2001:A304:6101:1::E0:F726:4E58 Unicast Address Global-local Site-local Link-local

  16. Only for communications within one segment of a local network or a point-to-point connection. This addressing is accomplished by stateless address auto-configuration. The packets with link-local source or destination addresses are not sent to other links Link-local address Structure of Link-local address Interface ID 0 1111111010 64 54 10

  17. Used for internal addressing for a single site Packets with site-local source or destination addresses are not forwarded to other sites Equivalent to the private addresses in the IPv4 network (RFC 1918) Site-local Address Structure of Site-local address 64 bits 10 bits 38 bits 16 bits 1111111011 0 Subnet ID Interface ID

  18. Used for unique address globally Packets with global addresses are forwarded to any part of the global network (in the ideal case) Global Unicast Address Structure of a global unicast address 45 bits 16 bits 64 bits Interface ID 001 Global route prefix Subnet ID

  19. The last 64 bits of an IPv6 address Unique to the 64-bit prefix of the IPv6 address Can be obtained in several different ways IEEE adopts MAC-to-EUI*-64 conversion Auto-generated pseudo-random number Assigned via DHCP Manually configured Can be used to create link-local / site-local addresses Can be used to create global addresses with stateless auto configuration Interface Identifier (ID) * Extended Unique Identifier (EUI)

  20. Converting 48-bit MAC addresses into 64-bit interface ID (EUI) Automatically generated by the device MAC is unique, so the interface ID is also unique Steps: Insert the FFFE into the organization ID (higher 24 bits) and node ID (lower 24 bits) in a MAC address Perform complementary operation to the bit (u-bit) before the g-bit in the MAC address (mostly change from 0 to 1)Universally (=0)/Locally (=1) Administered EUI-64 Specification 0xFF 0xFE

  21. Flags First three bits are set to 0 The last bit defines the address type 0 = Fixed or well known 1 = Locally allocated or temporary Scope Scope of the multicast group Group ID Multicast group ID V6 multicast MAC address The leading two Bytes “33-33” following 4 bytes/32bits from the last 32 bits (group ID) of the 128 bit IP Multicast address. Multicast address

  22. Pre-defined Multicast Address

  23. Particular multicast addresses in IPv6 Each node must have a corresponding solicited-node multicast address for each unicast and anycast* address configured, for address resolution (ND*), and repetition detection (DAD*). Solicited-Node multicast address generation process Last 24 bits of interface ID: XX:XXXX Prefix FF02:0:0:0:0:1:FF FF02:0:0:0:0:1:FFXX:XXXX Example: The MAC address of the host is 00-02-b3-1e-83-29. The IPv6 address is FE80::0202:B3FF:FE1E:8329 Solicited-Node multicast address: FF02::1:FF1E:8329 Solicited-Node Multicast Address * Please refer to the following slides

  24. IPv6 New Type that is assigned to more than one interface (typically belonging to different nodes), with the property that a packet sent to an anycast address is routed to the "nearest" interface with that address, according to the routing protocols' measure of distance. Cannot be used as the source address Cannot be assigned to an IPv6 host, that is, it may be assigned to an IPv6 router only. Anycast Address Structure of a anycast address n bits 128-n bits 000………0 Subnet prefix

  25. The data is routed to the "nearest" or "best" destination among all the interfaces allocated with an anycast address Anycast Example Who’s Gateway? I’m nearest one. Packet Flow Anycast packets will be sent to nearest one of “Gateways”

  26. Unspecified address 0:0:0:0:0:0:0:0 = ::/128 Loopback address 0:0:0:0:0:0:0:1 = ::1/128 IPv6 address embedded with IPv4 address Used for connection with traditional networks to implement seamless communication between the IPv4 network and IPv6 network. The IPv4 address used must be a globally unique IPv4 unicast address. IPv4 compatible IPv6 address IPv4 mapped IPv6 address Special Address

  27. IPv6 Addressing IPv6 Packet Format ICMPv6 IPv6 Neighbor Discovery IPv6 Address Configuration IPv6 Security How does IPv6 work?

  28. IPv6 Packet Format IPv4 Packet Header IPv6 Packet Header Ver 4bits Flow Label 20bits Traffic Class 8bits Service Type Ver IHL Total Length Payload Length 16bits Hop Limit 8bits Next Header 8bits Identification Flags Offset TTL Protocol Header Checksum Source Address Source Address 128bits Destination Address Options + Padding 20~60 Bytes Destination Address 128bits 40 Bytes

  29. IPv6 Expanded Header Zero or multiple EH IPv6 Header Extension Header Extension Header Transport-level PDU Next Header Next Header type examples: • 50 Encapsulating Security Payload (ESP) • 51 Authentication Header (AH) • ICMPv6 • 59 No next header • 60 Destination Options • 89 OSPF 0 Hop-by-hop Options 1 ICMPv4 6 TCP 17 UDP 43 Routing 44 Fragment

  30. IPv6 Expanded Header Example IPv6 Header Next Header = 6 Transport-level PDU Fragment HeaderNext Header = 6 (TCP) IPv6 HeaderNext Header = 44 (Fragment) Transport-level PDU Transport-level PDU Authentication HeaderNext Header = 6 (TCP) IPv6 HeaderNext Header = 43 (Routing) Routing HeaderNext Header = 51 (AH) Transport-level PDU

  31. IPv6 Addressing IPv6 Packet Format ICMPv6 IPv6 Neighbor Discovery IPv6 Address Configuration IPv6 Security How does IPv6 work?

  32. The IPv6 Next Header of the ICMPv6 has the value of 58 (0x3a). The ICMPv6 has two types of functions: Network layer fault reporting E. g.: Destination Unreachable Information reporting Network layer troubleshooting, like the basics of ping Implementing some network layer functions: router discovery ICMPv6 Packet Format ICMPv6

  33. 0 -127: error packet (Bit 0 of the Type field is 0) 128-255: information packets (Bit 0 of the Type field is 1) ICMPv6 Message Type

  34. The Ping uses an ICMP Echo to activate the destination to respond with an ICMP Echo Reply. ICMPv6 Ping Implementation ICMP Request 1::1 2::1 ICMP Reply 1::2014:222f:5339:7866 2::210:5cff:fee5:f239 ICMP Request ICMP Reply

  35. The Tracert sends specific ICMP request of Hop Limit to the destination node so that the intermediate node will respond with ICMP Time Exceeded packets ICMPv6 Tracert Implementation PCA PCB RT [PCA]ECHO Request: PCB, Hop=1 [RT]TIME EXCEEDED: PCA [PCA]ECHO Request: PCB, Hop=2 [PCB] Echo Reply: PCA

  36. IPv6 Addressing IPv6 Packet Format ICMPv6 IPv6 Neighbor Discovery IPv6 Address Configuration IPv6 Security How does IPv6 work?

  37. The RFC2461 has defined the neighbor discovery protocol. Neighbor physical address discovery Router discovery Duplicate Address Detection Redirect Auto address configuration IPv6 Neighbor Discovery

  38. Replace the used IPv4 ARP to discover link layer address of IPv6 node Two types of ICMPv6 packets are used for interaction Neighbor solicitation (NS) The MAC address of NS can be set to multicast for address resolution, unicast for node reachability Neighbor advertisement (NA) Response to neighbor solicitation message Also send to inform change of link layer address Neighbor Physical Address Discovery

  39. PC-A send Neighbor solicitation (NS) packet to find PC-B PC-B responses to PC-A with Neighbor advertisement (NA) packet Neighbor Physical Address Discovery I’m here. I want to find B, where is it? NS NA A B • Ethernet header • Destination address: MAC address of solicited-node address of PC-B (a multicast MAC address) • IPv6 header • Source address: PC-A • Destination address: Solicited-node address of B • ICMP type 135 • NS packet header • Destination address: PC-B • NS options • MAC address of PC-A • Ethernet header • Destination address: MAC address of PC-A • IPv6 packet header • Source address: PC-B • Destination address: PC-A • ICMP type 136 • NA packet header • Destination address: PC-B • NA options • MAC address of PC-B

  40. Host send to inquire about presence of a router on the link Two types of ICMPv6 packets are used for interaction Router solicitation (RS) Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces Send to all routers multicast address of FF02::2 (all routers multicast address) Source IP address is either link local address or unspecified IPv6 address (::) Router advertisement (RA) Response to router solicitation message Send to all-node multicast address (FF02::1) at periodical intervals Router Discovery

  41. The router on the link will send RA at periodical intervals. The host receiving the RA will be added into the default router list The router receiving the RA will check the consistency of the RA contents Router Discovery B A RA RA • IPv6 header • Source address: Link-local address • Destination address: all-node multicast addresse(FF02::1) • ICMP type 134 • RA header • Current hop restriction, flag bit, router alive-period, reachability and retransmission timer • RA options • Router link layer address, MTU, prefix

  42. The DAD ensures that there are not any two same unicast addresses in the network. All addresses must be subject to DAD The NS and NA are used for DAD interaction If any duplicate address is found,the address cannot be assigned to the interface. If the address is derived from an interface identifier, a new identifier will need to be assigned to the interface, or all IP addresses for the interface will need to be manually configured. Duplicate Address Detection (DAD)

  43. An address is referred to as a temporary address before assigned to an interface Sending Neighbor Solicitation packets at periodical intervals Source address: Unspecified address Destination address: Requested node solicited-node multicast address (FF02:1:FFXX:XXXX) The neighbor with the same address will send Neighbor Advertisement packets Source address: The same address Destination address: all-nodes multicast address (FF02::1) Duplicate Address Detection (DAD) Process

  44. PC-A has the same IPv6 address as PC-B’s. PC-A and PC-B use NS and NA to perform the DAD interaction process. Duplicate Address Detection (DAD) NA • Ethernet header • Destination address: MAC address for all node multicast address • IPv6 header • Source address: 2000::1 • Destination address: FF02::1 • ICMP type 136 • NA header • Destination address: 2000::1 NS • Ethernet header • Destination address: MAC address of solicited node address of PC-A • IPv6 header • Source address: :: • Destination address: FF02::1:FF00:1 • (Solicited-node multicast address of PC-A) • ICMP type 135 • NS header • Target address: 2000::1 2000::1 A B New configuration address 2000::1

  45. Redirect is used by a router to signal the reroute of a packet to a better router When the gateway knows a better forwarding path, it will notify the host through a redirect packet Redirect

  46. PC-A takes R1 as default gateway through router solicitation process R1 finds R2 has better forwarding path to the network of PC-B R1 sends a redirect packet to PC-A to inform it Redirect PC-A should directly take R2 as the next hop to PC-B B A R1 R2 Redirect • IPv6 header • Source address: R1 • Destination address: PC-A • ICMP type 137 • Redirect header • Next-hop address: R2 • Destination address: PC-B

  47. IPv6 Addressing IPv6 Packet Format ICMPv6 IPv6 Neighbor Discovery IPv6 Address Configuration IPv6 Security How does IPv6 work?

  48. Auto configuration Stateless autoconfiguration Stateful autoconfiguration Manual configuration Recommended for servers and important network devices IPv6 Address Configuration

  49. The auto configuration technology performs the following functions: Assign the address parameter to the host Address prefix Interface ID Assign other related parameters to the host Router address Hops MTU Functions of Autoconfiguration

  50. Interface initialization The interface generates the “temporary” address Perform DAD to the “temporary” address The interface generates the link-local address, having the IP connectivity Determining which autoconfiguration is used -by the Router Advertisement packets and host configuration Stateless autoconfiguration Stateful autoconfiguration Obtaining the global address Autoconfiguration Process

More Related