Archive for June 2011
IPv6
1. Introduction
This overview presents IP next generation (IPng), also popularly known as IPv6. The current version of IP protocol, IPv4, was designed in 1984. Though robust, IPv4 is not able to handle the current growth of the Internet. Specifically, the 32-bit address is not sufficient to uniquely address all the IP devices in the world. IPv4's features are inadequate for Quality of Service (QoS), and security. IPv6 is developed to mainly address these issues.
The following diagram shows an IPv6 timeline.
2. IPv4 Limitations
IPv4 address is a 32-bit number. This means, there can be about 4.3 billion (2 32 -1) unique IP addresses. Out of this a big chunk of 0.5 billion (2 29 -1) addresses are reserved for multicast/broadcast. That leaves 3.8 billion unique addresses for unicast addressing. Each person on earth needs at least 3 IP addresses, one for desktop at work, one for personal computer, and one for hand held device (phone or palm). There are labs and server forms that need large allocation of IP addresses. We would like to have unique IP addresses for appliances, automobiles, and entertainment devices (Audio & Video), so that we can manage them remotely. If you take these factors into account, pretty soon we will run out of IPv4 addresses.
Individual organizations are already running out of their IPv4 address allocation. In order to circumvent scarcity, they use Network Address Translator (NAT). NAT maps multiple private addresses to a single public IP address. Though this solves IP allocation problem, it introduces constraints on the applications that is exchanging information across NAT.
3. IPv6 History
In response to solving this issue, the Internet Engineering Task Force issued an RFC 1752 in January 1992. This RFC outlines the requirements for IP next generation (IPng), its PDU formats, addressing, routing, and security. Subsequently several other RFCs were added to this subject. - RFC 2460 presents the overall IPv6 specification, and RFC 2373 presents the addressing structure of IPv6. The following is the list of IPv6 enhancements over IPv4:
IPv6 uses 128 bit addresses instead of 32 bit addresses of IPv4.
Improved option mechanism. IPv6 options are placed in separate optional header
Capability to dynamically configure the IPv6 address.
Capability to address one of many nodes (anycast).
IPv6 uses 128 bit addresses instead of 32 bit addresses of IPv4.
Capability to include data encryption and authentication.
4. IPv6 Message Format
The following figure illustrates the format of an IPv6 protocol data unit (PDU):
The mandatory header is referred to as IPv6 header. This is of size 40 bytes compared to 20 bytes of IPv4. The following extension headers have been identified:
Hop-by-hop options header: Defines special options that require hop-by-hop processing.
Destination Options header: Contains optional information to be examined by the destination header
Routing header: Provides extended routing, similar to IPv4 source routing.
Fragmentation header: Provides fragmentation and reassembly information.
Authentication header: Provides packet integrity and authentication information.
Encapsulating Security and Payload header: Provides privacy.
This list also represents the order in which these headers should appear in the PDU. The Destination PDU can also appear at the end if it contains options to be processed only by the final destination of the packet.
5. IPv6 Header
1.Version (4 bits): IP Version, the value is 6
2.DiffServ/Traffic Class (8 bits): Available for use by originating nodes and/or forwarding routers to identify and distinguish between different classes or priorities of IPv6 packets.
3.Flow Label (20 bits): May be used by a host to label those packets for which it is requesting special handling by routers within a network.
4.Payload Length (16 bits): Length of the remainder of the IPv6 packet following the header in bytes.
5.Next Header (8 bits): Identifies the type of header immediately following this header. .
6.Hop Limit (8 bits): The remaining number of allowable hops for this packet.
7.Payload Length (16 bits): Length of the remainder of the IPv6 packet following the header in bytes.
8.Payload Length (16 bits): Length of the remainder of the IPv6 packet following the header in bytes.
Although the IPv6 header is longer than the mandatory portion of IPv4 header by 20 bytes, it contains fewer fields (8 versus 12). This reduces the complexity of the routers.
6. IPv6 Addresses
An IPv6 address is written as hexadecimal values (0-F) in groups of four separated by colons. Writing out the octets in the standard dotted-decimal notation of IPv4 would result in long, complicated network addresses. An IPv6 network address would look something like:
A223:BB34:0000:0000:000:0099:DA78:5679
Strings of zeros can be dropped and leading zeros in a number group can be dropped, so the example above would shorten to A223:BB34::99:DA78:5679. IPv4 addresses can be expressed in IPv6 form as follows:
0000:0000:0000:0000:0000:0000:192.168.10.10
--which can be shortened to ::192.168.10.10
IP addresses, both IPv4 and IPv6, are assigned to individual interfaces on nodes. Unlike IPv4, a single interface may have multiple unique unicast addresses in IPv6. The combination of long addresses and multiple addresses per interface enables improved routing efficiency over IPv4. Longer Internet addresses allow for aggregating addresses by hierarchies of network, access provider, geography, corporation, and so on. Such aggregation should make for smaller routing tables and faster table lookups. Multiple addresses per interface allow a subscriber to have two different addresses on the same interface so that the addresses meet the required addressing patterns of the service provider.
IPv6 allows three types of addresses
Unicast: A unique identifier for a single interface. A packet sent to that address is delivered to that interface
Anycast: An identifier for a set of interfaces. A packet sent to an anycast address is delivered to one of those interfaces identified by that address.
Multicast: An identifier for a set of interfaces. A packet sent to a multicast address is delivered to all interfaces with that address
7. IPv6 Routing
During an extended IPv4-to-IPv6 transition period, IPv6-based systems must coexist with the installed base of IPv4 systems. In such a dual internetworking protocol environment, both IPv4 and IPv6 routing infrastructure will be present. Initially, deployed IPv6-capable domains might not be globally interconnected via IPv6-capable Internet infrastructure and therefore may need to communicate across IPv4-only routing regions (Fig 4). In order to achieve dynamic routing in such a mixed environment, there need to be mechanisms to globally distribute IPv6 network layer reachability information between dispersed IPv6 routing regions. The same techniques can be used in later stages of IPv4-to-IPv6 transition to route IPv4 packets between isolated IPv4-only routing regions over IPv6 infrastructure. Routing in this environment includes:
Fig 4. IPv6 & IPv4 Coexistence
Payload Length (16 bits): Length of the remainder of the IPv6 packet following the header in bytes.
Routing for IPv6 packets o IPv6 packets with IPv6-native addresses o IPv6 packets with IPv4-compatible addresses .
Manually configured static tunnels: Uses IPv4 encapsulation to carry IPv6 packets between different IPv6 systems.
Automatic Dynamic Tunnels: Used when both the end nodes have IPv4-compatible addresses
8. IPv6 Quality of Services
A host can use the flow label and the traffic class field in the IPv6 header to avail Quality of Service. A host uses these fields to identify those packets for which the host requests special handling by IPv6 routers. This important capability enables the support of applications that require some degree of consistent throughput, delay, or jitter. These types of applications are known as multi media or real-time applications.
A flow is a sequence of packets that are sent from a particular source to a particular, unicast or multicast, destination. The source also requires special handling by the intervening routers. The nature of the special handling might be conveyed to the routers by a control protocol. The control protocol can be a resource reservation protocol. The special handling also might be conveyed by information within the flow's packets, for example, in a hop-by-hop option. In IPv6, a source can use the 20-bit flow label field to identify a flow.
The nodes that originate a packet must identify different classes or different priorities of IPv6 packets. The nodes use the Traffic Class field in the IPv6 header to make this identification. The routers that forward the packets also use the Traffic Class field for the same purpose
9. IPv6 Security
The current Internet has a number of security problems. The Internet lacks effective privacy and effective authentication mechanisms beneath the application layer. IPv6 remedies these shortcomings by having two integrated options that provide security services. You can use these two options either individually or together to provide differing levels of security to different users. Different user communities have different security needs.
The first option, an extension header that is called the IPv6 Authentication Header (AH), provides authentication and integrity, without confidentiality, to IPv6 datagrams. The extension is algorithm independent. The extension supports many different authentication techniques. The use of AH is proposed to help ensure interoperability within the worldwide Internet. The use of AH eliminates a significant class of network attacks, including host masquerading attacks. When using source routing with IPv6, the IPv6 authentication header becomes important because of the known risks in IP source routing. Upper-layer protocols and upper-layer services currently lack meaningful protections. However, the placement of the header at the Internet layer helps provide host origin authentication.
The second option, an extension header that is called the IPv6 Encapsulating Security Payload (ESP), provides integrity and confidentiality to IPv6 datagrams. Though simpler than some similar security protocols, ESP remains flexible and is algorithm independent. Similar security protocols include SP3D and ISO NLSP.
IPv6 Authentication Header and IPv6 Encapsulating Security Payload are features of the new Internet Protocol Security (IPsec).
10. Conclusion
IPv4 is a robust scalable networking solution that has served (still serving) us well over a period of about two decades. IPv6 addresses IPv4 issues. Thus, it improves on a good technology. IPv6 offers larger and better address space. The hierarchical addressing of IPv6 enables automatic address assignment and smaller routing tables. The header format allows for faster processing and more powerful networking nodes. The quality of service is addressed using Flow id and traffic class fields address the requirements of Quality of Service (QoS). Features taken from IPSec offer data integrity and confidentiality coupled with authentication feature.
Fig 5. IPv6 in Wireless Environment
11. References
A complete overview of IP Next Generation. http://playground.sun.com/pub/ipng/html/INET-IPng-Paper.html
NAT Problems are presented here. An interesting paper to understand the limitations of NAT. http://www.ietf.org/rfc/rfc3027.txt
Data and Computer Communication, 6 th Edition, William Stallings, Prentice Hall.
IPv6 and IPv4 coexistence and transition to IPv6 from IPv4 are presented here. http://www.faqs.org/rfcs/rfc2893.html
Routing Aspects of IPv6 Transition RFC 2185 http://www.faqs.org/rfcs/rfc2185.html
This overview presents IP next generation (IPng), also popularly known as IPv6. The current version of IP protocol, IPv4, was designed in 1984. Though robust, IPv4 is not able to handle the current growth of the Internet. Specifically, the 32-bit address is not sufficient to uniquely address all the IP devices in the world. IPv4's features are inadequate for Quality of Service (QoS), and security. IPv6 is developed to mainly address these issues.
The following diagram shows an IPv6 timeline.
2. IPv4 Limitations
IPv4 address is a 32-bit number. This means, there can be about 4.3 billion (2 32 -1) unique IP addresses. Out of this a big chunk of 0.5 billion (2 29 -1) addresses are reserved for multicast/broadcast. That leaves 3.8 billion unique addresses for unicast addressing. Each person on earth needs at least 3 IP addresses, one for desktop at work, one for personal computer, and one for hand held device (phone or palm). There are labs and server forms that need large allocation of IP addresses. We would like to have unique IP addresses for appliances, automobiles, and entertainment devices (Audio & Video), so that we can manage them remotely. If you take these factors into account, pretty soon we will run out of IPv4 addresses.
Individual organizations are already running out of their IPv4 address allocation. In order to circumvent scarcity, they use Network Address Translator (NAT). NAT maps multiple private addresses to a single public IP address. Though this solves IP allocation problem, it introduces constraints on the applications that is exchanging information across NAT.
3. IPv6 History
In response to solving this issue, the Internet Engineering Task Force issued an RFC 1752 in January 1992. This RFC outlines the requirements for IP next generation (IPng), its PDU formats, addressing, routing, and security. Subsequently several other RFCs were added to this subject. - RFC 2460 presents the overall IPv6 specification, and RFC 2373 presents the addressing structure of IPv6. The following is the list of IPv6 enhancements over IPv4:
IPv6 uses 128 bit addresses instead of 32 bit addresses of IPv4.
Improved option mechanism. IPv6 options are placed in separate optional header
Capability to dynamically configure the IPv6 address.
Capability to address one of many nodes (anycast).
IPv6 uses 128 bit addresses instead of 32 bit addresses of IPv4.
Capability to include data encryption and authentication.
4. IPv6 Message Format
The following figure illustrates the format of an IPv6 protocol data unit (PDU):
The mandatory header is referred to as IPv6 header. This is of size 40 bytes compared to 20 bytes of IPv4. The following extension headers have been identified:
Hop-by-hop options header: Defines special options that require hop-by-hop processing.
Destination Options header: Contains optional information to be examined by the destination header
Routing header: Provides extended routing, similar to IPv4 source routing.
Fragmentation header: Provides fragmentation and reassembly information.
Authentication header: Provides packet integrity and authentication information.
Encapsulating Security and Payload header: Provides privacy.
This list also represents the order in which these headers should appear in the PDU. The Destination PDU can also appear at the end if it contains options to be processed only by the final destination of the packet.
5. IPv6 Header
1.Version (4 bits): IP Version, the value is 6
2.DiffServ/Traffic Class (8 bits): Available for use by originating nodes and/or forwarding routers to identify and distinguish between different classes or priorities of IPv6 packets.
3.Flow Label (20 bits): May be used by a host to label those packets for which it is requesting special handling by routers within a network.
4.Payload Length (16 bits): Length of the remainder of the IPv6 packet following the header in bytes.
5.Next Header (8 bits): Identifies the type of header immediately following this header. .
6.Hop Limit (8 bits): The remaining number of allowable hops for this packet.
7.Payload Length (16 bits): Length of the remainder of the IPv6 packet following the header in bytes.
8.Payload Length (16 bits): Length of the remainder of the IPv6 packet following the header in bytes.
Although the IPv6 header is longer than the mandatory portion of IPv4 header by 20 bytes, it contains fewer fields (8 versus 12). This reduces the complexity of the routers.
6. IPv6 Addresses
An IPv6 address is written as hexadecimal values (0-F) in groups of four separated by colons. Writing out the octets in the standard dotted-decimal notation of IPv4 would result in long, complicated network addresses. An IPv6 network address would look something like:
A223:BB34:0000:0000:000:0099:DA78:5679
Strings of zeros can be dropped and leading zeros in a number group can be dropped, so the example above would shorten to A223:BB34::99:DA78:5679. IPv4 addresses can be expressed in IPv6 form as follows:
0000:0000:0000:0000:0000:0000:192.168.10.10
--which can be shortened to ::192.168.10.10
IP addresses, both IPv4 and IPv6, are assigned to individual interfaces on nodes. Unlike IPv4, a single interface may have multiple unique unicast addresses in IPv6. The combination of long addresses and multiple addresses per interface enables improved routing efficiency over IPv4. Longer Internet addresses allow for aggregating addresses by hierarchies of network, access provider, geography, corporation, and so on. Such aggregation should make for smaller routing tables and faster table lookups. Multiple addresses per interface allow a subscriber to have two different addresses on the same interface so that the addresses meet the required addressing patterns of the service provider.
IPv6 allows three types of addresses
Unicast: A unique identifier for a single interface. A packet sent to that address is delivered to that interface
Anycast: An identifier for a set of interfaces. A packet sent to an anycast address is delivered to one of those interfaces identified by that address.
Multicast: An identifier for a set of interfaces. A packet sent to a multicast address is delivered to all interfaces with that address
7. IPv6 Routing
During an extended IPv4-to-IPv6 transition period, IPv6-based systems must coexist with the installed base of IPv4 systems. In such a dual internetworking protocol environment, both IPv4 and IPv6 routing infrastructure will be present. Initially, deployed IPv6-capable domains might not be globally interconnected via IPv6-capable Internet infrastructure and therefore may need to communicate across IPv4-only routing regions (Fig 4). In order to achieve dynamic routing in such a mixed environment, there need to be mechanisms to globally distribute IPv6 network layer reachability information between dispersed IPv6 routing regions. The same techniques can be used in later stages of IPv4-to-IPv6 transition to route IPv4 packets between isolated IPv4-only routing regions over IPv6 infrastructure. Routing in this environment includes:
Fig 4. IPv6 & IPv4 Coexistence
Payload Length (16 bits): Length of the remainder of the IPv6 packet following the header in bytes.
Routing for IPv6 packets o IPv6 packets with IPv6-native addresses o IPv6 packets with IPv4-compatible addresses .
Manually configured static tunnels: Uses IPv4 encapsulation to carry IPv6 packets between different IPv6 systems.
Automatic Dynamic Tunnels: Used when both the end nodes have IPv4-compatible addresses
8. IPv6 Quality of Services
A host can use the flow label and the traffic class field in the IPv6 header to avail Quality of Service. A host uses these fields to identify those packets for which the host requests special handling by IPv6 routers. This important capability enables the support of applications that require some degree of consistent throughput, delay, or jitter. These types of applications are known as multi media or real-time applications.
A flow is a sequence of packets that are sent from a particular source to a particular, unicast or multicast, destination. The source also requires special handling by the intervening routers. The nature of the special handling might be conveyed to the routers by a control protocol. The control protocol can be a resource reservation protocol. The special handling also might be conveyed by information within the flow's packets, for example, in a hop-by-hop option. In IPv6, a source can use the 20-bit flow label field to identify a flow.
The nodes that originate a packet must identify different classes or different priorities of IPv6 packets. The nodes use the Traffic Class field in the IPv6 header to make this identification. The routers that forward the packets also use the Traffic Class field for the same purpose
9. IPv6 Security
The current Internet has a number of security problems. The Internet lacks effective privacy and effective authentication mechanisms beneath the application layer. IPv6 remedies these shortcomings by having two integrated options that provide security services. You can use these two options either individually or together to provide differing levels of security to different users. Different user communities have different security needs.
The first option, an extension header that is called the IPv6 Authentication Header (AH), provides authentication and integrity, without confidentiality, to IPv6 datagrams. The extension is algorithm independent. The extension supports many different authentication techniques. The use of AH is proposed to help ensure interoperability within the worldwide Internet. The use of AH eliminates a significant class of network attacks, including host masquerading attacks. When using source routing with IPv6, the IPv6 authentication header becomes important because of the known risks in IP source routing. Upper-layer protocols and upper-layer services currently lack meaningful protections. However, the placement of the header at the Internet layer helps provide host origin authentication.
The second option, an extension header that is called the IPv6 Encapsulating Security Payload (ESP), provides integrity and confidentiality to IPv6 datagrams. Though simpler than some similar security protocols, ESP remains flexible and is algorithm independent. Similar security protocols include SP3D and ISO NLSP.
IPv6 Authentication Header and IPv6 Encapsulating Security Payload are features of the new Internet Protocol Security (IPsec).
10. Conclusion
IPv4 is a robust scalable networking solution that has served (still serving) us well over a period of about two decades. IPv6 addresses IPv4 issues. Thus, it improves on a good technology. IPv6 offers larger and better address space. The hierarchical addressing of IPv6 enables automatic address assignment and smaller routing tables. The header format allows for faster processing and more powerful networking nodes. The quality of service is addressed using Flow id and traffic class fields address the requirements of Quality of Service (QoS). Features taken from IPSec offer data integrity and confidentiality coupled with authentication feature.
Fig 5. IPv6 in Wireless Environment
11. References
A complete overview of IP Next Generation. http://playground.sun.com/pub/ipng/html/INET-IPng-Paper.html
NAT Problems are presented here. An interesting paper to understand the limitations of NAT. http://www.ietf.org/rfc/rfc3027.txt
Data and Computer Communication, 6 th Edition, William Stallings, Prentice Hall.
IPv6 and IPv4 coexistence and transition to IPv6 from IPv4 are presented here. http://www.faqs.org/rfcs/rfc2893.html
Routing Aspects of IPv6 Transition RFC 2185 http://www.faqs.org/rfcs/rfc2185.html