890 likes | 1.1k Vues
Internet Protocol Version 6 (IPv6). 國立清華大學資訊工程學系 黃能富教授 E-mail: nfhuang@cs.nthu.edu.tw. 大綱. IPv6 Introduction Routing and Addressing Plug and Play Security/QoS Supports IPv4/Ipv6 Transition Mechanisms. IPv6 Applications. Home Appliance Controllers VoIP /Video Streaming
E N D
Internet Protocol Version 6 (IPv6) 國立清華大學資訊工程學系 黃能富教授 E-mail: nfhuang@cs.nthu.edu.tw
大綱 • IPv6 Introduction • Routing and Addressing • Plug and Play • Security/QoS Supports • IPv4/Ipv6 Transition Mechanisms
IPv6 Applications • Home Appliance Controllers • VoIP/Video Streaming • Remote Controllers • 3G/4G • Games • Home Automation • Others
The Design of IPv6 • The Internet could not have been so successful in the past years if IPv4 had contained any major flaw. • IPv4 was a very good design, and IPv6 should indeed keep most of its characteristics. • It could have been sufficient to simply increase the size of addresses and to keep everything else unchanged. • However, 10 years of experience brought lessons. • IPv6 is built on this additional knowledge. It is not a simple derivation of IPv4, but a definitive improvement.
IPv6Header Format IPv6 Header IPv4 Header
A Comparison of Two Headers • Six fields were suppressed: • Header Length, Type of Service, Identification, Flags, Fragment Offset, Header Checksum. • Three fields were renamed: • Length, Protocol Type, Time to Live • The option mechanism was entirely revised. • Source Routing • Route Recording • Two new fields were added: • Priority and Flow Label (to handle the real-time traffic).
A Comparison of Two Headers • Three major simplifications • Assign a fixed format to all headers (40 bytes) • Remove the header checksum • Remove the hop-by-hop segmentation procedure
From Options to Extension Headers • Hop-by-Hop options header • Routing header • Fragment header • Authentication header • Encrypted security payload • Destination options header IPv6 Header Next Header=TCP TCP Header IPv6 Header Next Header= Routing Routing Header Next Header= TCP TCP Header IPv6 Header Next Header= Routing Routing Header Next Header= Fragment Fragment Header Next Header= TCP Fragment of TCP Header
N e x t R o u t i n g T y p e N u m a d d r e s s N e x t A d d r H e a d e r = 0 < = 2 4 R e s e r v e d S t r i c t / L o o s e b i t m a s k A d d r e s s [ 0 ] ( I P v 6 a d d r e s s , 1 2 8 b i t s ) A d d r e s s [ 1 ] … A d d r e s s [ N u m A d d r s - 1 ] Routing Header
Fragment Header Frame Length = 2800 octets I P v 6 f r a g m e n t F i r s t 1 4 0 0 o c t e t s h e a d e r h e a d e r 1 I P v 6 f r a g m e n t L a s t 1 4 0 0 o c t e t s h e a d e r h e a d e r 2 N e x t H e a d e r R e s e r v e d F r a g m e n t O f f s e t R e s M More I d e n t i f i e r
IPv6 Addressing • Three categories of IPv6 addresses: • Unicast • Multicast • Anycast • Notation of IPv6 Addresses: • Write 128 bits as eight 16-bit integers separated by colons • Example: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 • A set of consecutive null 16-bit numbers can be replaced by two colons • Example: 1080:0:0:0:8:800:200C:417A => 1080::8:800:200C:417A
Addressing H H H • Some Addresses formats • Provider Addresses • Link Local Addresses • Site Local Addresses • Multicast Addresses • Anycast Addresses LAN Link Link R LAN H H LAN Site Link R Site Internet Site (公司或組織)
Global Unicast Addresses 001 • TLA = Top-Level AggregatorNLA* = Next-Level Aggregator(s)SLA* = Site-Level Aggregator(s) • all subfields variable-length, non-self-encoding (like CIDR) • TLAs may be assigned to providers or exchanges TLA NLA* SLA* interface ID public topology (45 bits) site topology (16 bits) interface identifier (64 bits)
1111111010 0 interface ID 1111111011 0 SLA* interface ID Link-Local及Site-Local位址 Link-local addresses for use during auto-configuration and when no routers are present: Site-local addresses for independence from changes of TLA / NLA*:
Interface IDs • Lowest-order 64-bit field of unicast address may be assigned in several different ways: • auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g., Ethernet address) • auto-generated pseudo-random number (to address privacy concerns) • assigned via DHCP • manually configured • possibly other methods in the future
TheEvolutionof ICMP • The ICMP for IPv4 was streamlined, and was made more complete by incorporating the multicast control functions of the IPv4 Group Membership Protocol.
IPv6 Routing • As in IPv4, IPv6 supports IGP and EGP routing protocols: • IGP for within an autonomous system are • RIPng (RFC 2080) • OSPFv3 (RFC 2740) • Integrated IS-ISv6 (draft-ietf-isis-ipv6-02.txt) • EGP for peering between autonomous systems • MP-BGP4 (RFC 2858 and RFC 2545) • BGP4+ • Added IPv6 address-family • Added IPv6 transport • Runs within the same process - only one AS supported • All generic BGP functionality works as for IPv4 • Added functionality to route-maps and prefix-lists
Plug-and-Play -- Auto-configuration • Autoconfiguration means that a computer will automatically discover and register the parameters that it needs to use in order to connect to the Internet. • One should be able to change addresses dynamically as one changes providers. • Addresses would be assigned to interfaces for a limited lifetime. • Two modes for address configuration • Stateless mode • Stateful mode (using an IPv6 version of DHCP)
Link State Addresses • When an interface is initialized, the host can build up a link local addressfor this interface by concatenating the well-knownlink local prefixand a unique token (48-bit Ethernet address). • A typical link local address: FE80:0:0:0:0:XXXX:XXXX:XXXX • Link local address can only be used on the local link.
Stateless Autoconfiguration • IPv6 nodes join the all nodesmulticast group by programming their interfaces to receive all the packets for the address = FF02::1. • Send a solicitation message to the routers on the link, using the all routersaddress, FF02::2. • Routers reply with a router advertisement message. • Does not require any servers • Relatively inefficient use of the address space • Lack of network access control
Plug-and-Play --Address Resolution • The neighbor discovery procedure offers the functions of ARP as well as those of router discovery. Defined as part of IPv6 ICMP. • Host maintains four separate caches: • The destination’s cache. • The neighbor’s cache. • The prefix list. • The router list.
Destination’s Cache • The destination’s cache has an entry for each destination address toward which the host recently sent packets. • It associates the IPv6 address of the destination with that of the neighbor toward which the packets were sent. Destination Neighbor IPv6 Address (To) IPv6 Address (Via)
Neighbor’s Cache • The neighbor’s cache has an entry for the immediately adjacent neighbor to which packets were recently relayed. • It associates the IPv6 address of that neighbor with the corresponding media address (MAC address). Neighbor Neighbor IPv6 Address MAC address
Prefix List and Router List • The prefix list includes the prefixes that have been recently learned from router advertisements. • The router list includes the IPv6 addresses of all routers from which advertisements have recently been received.
Basic Algorithm • To transmit a packet, the host must first find out the next hop for the destination. The next hop should be a neighbor directly connected to the same link as the host. • In most cases, the neighbor address will be found in the destination’s cache. • If not, the host will check whether one of the cached prefixes matches the destination address. • If this is the case, the destination is local, the next hop is the destination itself.
Basic Algorithm • Otherwise, the destination is probably remote. A router should be selected from the router list as the next hop. • Once the next hop has been determined, the corresponding entry is added to the destination’s cache, and the neighbor’s cache is looked up to find the media address (MAC) of that neighbor.
Type =135 Code = 0 Checksum Reserved Target address = Solicited Neighbor Address (IPv6) Options ... (Source link-level address) Neighbor Solicitation and Neighbor Advertisement messages (IPv6 MAC) • IPv6 source address = link local address of the interface. • Hop count = 1. • IPv6 destination address = solicited node multicast address, which is formed by cancatenating a fixed 96-bit prefix, FF02:0:0:0:0:1, and the last 32 bits of the node’s IPv6 address. Neighbor Solicitation Type =136 Code = 0 Checksum R S Reserved Target address Options ... (Source link-level address) Neighbor Advertisement
QoS R1 R2 S R3 R4 Data Real-time Support and Flows • A flow is a sequence of packets sent from a particular source to a particular (unicast or multicast) destination for which the source desires special handling by the intervening routers. • Flow label may be used together with routing header. • Supporting Reservations • Real-time flows • Using RSVP and Flows • Using Hop-by-Hop Options
IPv6 Security • All implementations required to support authentication and encryption headers (“IPsec”) • Authentication separates from encryption for use in situations where encryption is prohibited or prohibitively expensive • Key distribution protocols • Support for manual key configuration required
Next Header Hdr Ext Len Reserved Security Parameters Index (SPI) Sequence Number Authentication Data Authentication Header • Destination Address + SPI identifies security association state (key, lifetime, algorithm, etc.) • Provides authentication and data integrity for all fields of IPv6 packet that do not change en-route • Default algorithm is Keyed MD5
Security Parameters Index (SPI) Sequence Number Payload Padding Padding Length Next Header Authentication Data Encapsulating Security Payload (ESP)
IPv4-IPv6 Transition /Co-Existence • A wide range of techniques have been identified and implemented, basically falling into three categories: • (1)Dual-stack techniques, to allow IPv4 and IPv6 to co-exist in the same devices and networks • (2)Tunneling techniques, to avoid order dependencies when upgrading hosts, routers, or regions • (3)Translation techniques, to allow IPv6-only devices to communicate with IPv4-only devices • Expect all of these to be used, in combination
Next Generation Transition Dual Stack NGTRANS Tunneling Translator
RFC 1933 NGTRANS draft : Draft-ietf-ngtrans-dstm-07.txt Dual Stack IPv6 IPv4/IPv6 IPv4 AIIH (DHCPv6, DNS) Dual Stack Dual Stack Dual Stack
IPv6-enable Application Dual Stack Approach Application • Dual stack node means: • Both IPv4 and IPv6 stacks enabled • Applications can talk to both • Choice of the IP version is based on name lookup and application preference Preferred method on Application’s servers TCP UDP TCP UDP IPv4 IPv6 IPv4 IPv6 Frame Protocol ID 0x0800 0x86dd 0x0800 0x86dd Data Link (Ethernet) Data Link (Ethernet)
Dual Stack Mechanisms • Simple dual stack • Both IPv4 and IPv6 are directly supported • Dual Stack Transition Mechanism (DSTM) • Temporary IPv4 addresses are assigned when communicating with an IPv4-only host. • Cooperation between DNS and DHCPv6 • Dynamic Tunnel Interface encapsulates the IPv4 packets
Dual Stack RFC 1933 -- Transition Mechanisms for IPv6 Hosts and Routers NGTRANS draft : Draft-ietf-ngtrans-dstm-07.txt
Applications TCP/UDP IPV4 IPV6 DeviceDriver RFC 1933 Routing protocols TCP/UDP IPV4 IPV6 Device Driver V6 network V4/V6 network V4 network
Draft–ietf–ngtrans–dstm-07 Dual Stack Transition Mechanism (DSTM)
Dual Stack Transition Mechanism • What is it for? • DSTM assures communication between IPv4 applications in IPv6 only networks and the rest of the Internet. ? IPv4 only IPv6 only IPv4 Applications
DSTM: Principles • Assumes IPv4 and IPv6 stacks are available on host • IPv4 stack is configured only when one or more applications need it • A temporal IPv4 address is given to the host • All IPv4 traffic coming from the host is tunneled towards the DSTM gateway (IPv4 over IPv6). • DSTM gw encapsulates/decapsulates packets • Maintains an @v6 @v4 mapping table
DSTM: How it works (v6 v4) DSTM DNS DNS C B A DSTM GW • In A, the v4 address of C is used by the application, which sends v4 packet to the kernel • The interface asks DSTM Server for a v4 source address • DSTM server returns : - A temporal IPv4 address for A • - IPv6 address of DSTM gateway
DSTM: How it works (v6 v4) DSTM DNS DNS C B A DSTM GW • A creates the IPv4 packet (A4 C4) • A tunnels the v4 packet to B using IPv6 (A6 B6) • B decapsulates the v4 packet and send it to C4 • B keeps the mapping between A4 A6 in the routing table
DSTM: Address Allocation • Manual • host lifetime (no DSTM server) • Dynamic • application lifetime • 2 methods • use DHCPv6 • DHCPv6 will not be ready soon ! • use RPC • Easier, RPCv6 ready • Works fine in v6 v4 case. • Can be secure* • Security Concerns • Request for IPv4 address needs authentification • Automatic @6 @4mapping at gw, or configured by server?
DSTM: Application IPv4 Internet tunnel to 6bone 6to4 tunnels IPv6 sites NFS v6 v6 routers pop web v6 ALG client client v6 v6 routers client DSTM v6 IPv6 site