IPv 6 Protocol&Features

IPv6
08:40-09:00 IPv6 IPv6(Mobile IPv6 ) IPv6 Addressing, IPv4
09:00-10:20
IP
10:20-10:40 10:40-12:00 12:00-13:30 13:30-14:50 14:50-15:10 15:10-16:30 16:30-16:40
IPv6/IPv4 Transition () IPv6 IPv6 service IPv6 Q&A 1 Windows Based IPv6 WEB Server IPv6 IPv6 IPv6 Transition Transition
NICI IPv6 Standard & Interoperability Testing Laboratory
IPv6
NICI IPv6 2007083
NICI IPv6 Steering Committee Standard & Testing Division
IP
IP Transport ProtocolApplication
3 NICI IPv6 Standard & Interoperability Testing Laboratory
IP
IANA (Regional Internet Registries) RIPE NCC
Rseaux IP Europens Network Coordination Centre
ARIN
American Registry for Internet Numbers
APNIC
Asia Pacific Network Information Centre
LACNIC
Latin American and Caribbean Internet Addresses Registry
IP
IPv4
128 16,384 2,097,152
A 8 24 16,777, 214 B 16 16 C 24 8 65,534 254
Class-ful IPv4 Address

bits 01234 8 16 Host Host Host 24 31
1.0.0.0 to 127.255.255.25 128.0.0.0 to 191.255.255.25 192.0.0.0 to 223.255.255.25 224.0.0.0 to 239.255.255.25 240.0.0.0 to 255.255.255.25
Class A 0 Network Class B 1 0 Class C 1 1 0 Class D 1 1 1 0 Class E 1 1 1 1 Network Network
Multicast address Reserved
Problems with IPv4(1/2)

Address depletion/exhaustion and its implications
NAT (Network Address Translation) CIDR
IPv4 address allocation rate

Problems with IPv4(2/2)

Scaling problems with Inter- domain routing
CIDR (Classless Inter-Domain Routing)
Manual configuration required

DHCP (Dynamic Host Configuration Protocol)
Multicast, Security, Quality of Service and Mobility

IP multicast, IPSec, DiffServ and IP mobility
Header and format limitations that limit future flexibility

Potential IPv6 Services

Broadband Access Subscribers
95% FTTH coverage by 2008 6 millions by 2008
3G and WLAN Services

3G services to be launched in 4Q 2003 Public Hotspots deployment plan to make Taiwan a Wireless Island
Home network and IA Services

e-Taiwan Projects will catalyze the development of home & IA 1. More IP addresses will be consumed 1. More IP addresses will be consumed 2. More advanced features (e.g. Mobility, Auto2. More advanced features (e.g. Mobility, Autoconfiguration, QoS, Security) will be required NICI IPv6 Standard & Interoperability Testing Laboratory configuration, QoS, Security) will be required
IPv6 IPv6
10
IPv4 Address
ITU by JPNIC IP Department, July 31,2006.
The ISP Column Internet Protocol Journal IPv4 Address Report IPv4 Address Report (daily update)
July 2003 Sep. 2005 Dec. 2005 July 2007
Geoff Huston Tony Hain (Cisco) Geoff Huston Geoff Huston
IP pool (IANA*)
10
2021
5 2009~2016 10 1200 days predictive model quadratic equation Jan 2013 March, 2010
IANAInternet Assigned Numbers Authority

11
IPv4
Source: http://www.potaroo.net/tools/ipv4/ July 18, 2007 updated
IANA : Internet Assigned Numbers Authority RIR : Regional Internet Registry

12
IPv6(1)
1992IETFIPv4Address 1994 CATNIP (Common Architecture for the Internet) TUBA (TCP/IP with Bigger Addresses)SIPP (Simple Internet Protocol Plus) 1995SIPPIPv6IPv6 RFC1752(The Recommendation for the IP Next Generation Protocol)
IPv6(2)
1998IPv6 RFC2373 (IP Version 6 Addressing Architecture) RFC2460 (Internet Protocol Version 6(IPv6) Specification) 1999(42) IPv6 ForumARIN IPv6 Prefix2001:400::/35ESnet 2002Internet Registry RIR(Regional Internet Registries)IPv6 Address Allocation and Assignment Global Policy
IPv6
IPv6e-Japanu-Japan11 SPIPv6 20086 IPv6(NISTIPv6 ) IPv62008 IPv6 IPv6IT839 KTubiquitous (WiBro Mobile Internet Home network) BTBT 21 Century NetworkBT IPv6 (FT) IP PoPs155Mbps IPv4/IPv6 dual stack 15
Differences between IPv4 and IPv6

Feature Source and destination address IPSec Payload identification for QoS in the header Fragmentation Checksum of header Resolve address to a link layer address IPv4 32 bits Optional No identification Both router and the sending hosts included broadcast ARP request IPv6 128 bits required Using Flow label field Only supported at the sending hosts Not included Multicast Neighbor Solicitation message
Differences between IPv4 and IPv6(Cont.)

Feature Determine the address of the best default gateway Send traffic to all nodes on a subnet Payload identification for QoS in the header Configure address Map hosts name to addresses Manage local subnet group membership IPv4 ICMP Router Discovery(optional) IPv6 ICMPv6 Router Solicitation and Router Advertisement (required) Link-local scope allnodes multicast address Using Flow label field autoconfiguration AAAA Multicast Listener Discovery (MLD)
Broadcast No identification Manually or DHCP A (IGMP)
IPv6 Addressing
18
IPv6 (native)
IPv6128Bit2^128 16(2^4)32 00102 0010 0000 0000 0011 2003 20030000000000B30000000000001234 () >2003:0000:0000:00B3:0000:0000:0000:1234( ) >2003:0:0:B3::1234() : 32Bit4bit0 32Bit00 32Bit0000 :: 19
IPv6(IPv4 Embedded)
IPv6 Address IPv4 32bit : 1. 2003:0:0:B3::192.168.0.1=2003:0:0:B3::C0A8:1 2. 2003:0:0:B3:0:ffff:172.16.0.1 3. 2003:0:0:B3:0:5efe:10.10.0.1 IPv4IPv6
10
Basic Address Types

Unicast () Address of a single interface Delivery to single interface for one-to-one communication Multicast () Address of a set of interfaces Delivery to all interfaces in the set for one-to-many communication Anycast ( ) Address of a set of interfaces Delivery to a single interface in the set for one-to-nearest communication Nearest is defined as being closest in term of routing distance
TWNIC IPv6
21
Unicast Address Scoping

Link Local Scope: Layer2Host Link-Local Addresses Global LinkSite-Local Link-Local SiteUnique-Local Unique-
Unique-Local Scope (IPv4Private Address) : Unique-Local Addresses Global Scope: Internet Global Unicast Addresses IPv4 broadcast addresses
22
11
Link-Local Address
Meaningful only in a single link zone, and may be re-used on other links Link-local addresses for use during auto-configuration and when no routers are present Required for Neighbor Discovery process, always automatically configuration An IPv6 router never forwards link-local traffic beyond the link Prefix= FE80::/64
1111111010
0 54 bits
interface ID 64 bits
TWNIC IPv6
10 bits
Unique-Local Address ()
meaningful only in a single site zone, and can not be re-used in other sites Equivalent to the IPv4 private address space Replace Site-Local Addresses L identifies the assignment policy. Only value 1 (FD00::/8) is currently in use designating a local assignment* Global ID is a 40-bit identifier that ensures the global uniqueness of the address. It is generated pseudo-randomly and must not be sequential. Because ULAs should not be globally routed, they do not need to be aggregated, so sequential global IDs are not necessary * Prefix= FC00::/7
FD00::/8 is currently in use designating a local assignment FC00::/8 reserved L=1 Local L=0
1111110 L
Global ID subnet ID bits 16 bits
interface ID 64 bits
*Deploying IPv6 Network, Cisco Press 2006
7 bits
1 bits40
24
12
Global Unicast Address

Global routing prefix A service provider is assigned a portion of this prefix by the Internet Assigned Numbers Authority (IANA), and it then allocates a subspace to its customers. Its length is 48 bits or shorter based on the RFC 3177 recommendations.* Subnet ID An organization receives a prefix from its service provider where the global routing prefix identifies the service provider (SP) and the organization inside the SP, and the subnet ID identifies the organizational structure of its network.* Interface ID The low-order 64 bits of the address are used to identify the interfaces of nodes on a link. *
001 Global Routing Prefix
public topology (45 bits)
subnet
site topology (16 bits)
interface ID
interface identifier (64 bits)
*Deploying IPv6 Network, Cisco Press 2006
Unicast Address Structure

2003:0:0:B3::1234/64 2003:0:0:B3 Interface : :0:0:0:1234 ::1234 Network InterfaceHost
13
IPv6 Prefix
CIDR-Like notation used to specify prefix length
IPv6 /X IPv4 Subnet mask X 0127 : 1. 2003:1234:3344::34ff:2314/64 Network ID 64bit 2. 2003:1234:3344::34ff:2314/60 Network ID60bit 3. 2003:1234:3344::34ff:2314/127 Network ID127bit
2003:1234:3344::34ff:2314/127: Network ID 2003:1234:3344::34ff:2314 HostIPv4Host 2003:1234:3344::34ff:2314/127 2003:1234:3344::34ff:2315/127 /127Access Server IP ()
Interface ID
Unique to the link Identifies interface on a specific link Can be automatically derived - IEEE addresses use MAC-to-EUI-64 conversion - Other addresses use other automatic means Can be used to form link-local address Can be used to form global address with stateless autoconfiguration
RING LINE Corporation IPv6 Addressing by Leo.T.Chiang
14
Interface ID
1.
2. 3. 4. 5. 6.
modified EUI-64 MAC AddressInterface Tunnel Server (IPv6 IP Sec) DHCPv6(Stateful)
Network ID
1.
2. 3. 4. 5.
Neighbor Discovery (ND)Router Advertisement DHCPv6 Prefix-Delegation Tunnel Server (IPv4) VPN Server (IPv4 and/or IPv6)
15
Global Unicast Address

Prefix 2001::/16 2002::/16 2003::/16 IPv6 Internet, ARIN, RIPE NCC, LACNIC 6to4 Tunnel IPv6 Internet RIPE NCC
2400:0000/19 IPv6 Internet APNIC 2400:2000::/19 2400:4000::/21

http://www.ripe.net/rs/ipv6/stats/index.html
SPECIAL-USE Addresses
Unspecified address(0:0:0:0:0:0:0:0 or ::) Indicate the absence of an address Equivalent to IPv4 0.0.0.0 Never assigned to an interface or used as a destination address Loopback address (0:0:0:0:0:0:0:1 or ::1) IPv4 127.0.0.1 Identify a loopback interface IPv4-compatible address (0:0:0:0:0:0:w.c.x.z or ::w.c.x.z) () Used by dual-stack nodes IPv6 traffic is automatically encapsulated with an IPv4 header and send to the destination using the IPv4 infrastructure IPv4 mapped address (0:0:0:0:0:FFFF:w.c.x.z or ::FFFF:w.c.x.z) Represent an IPv4-only node to an IPv6 node Never used as a source or destination address of IPv6 packet
TWNIC IPv6
16
IPv6 Multicast Addresses

Multicast address can not be used as source or as intermediate destination in a Routing header Flag field 0RPT 4bits The low-order Transient(T) flag indicates permanent (T=0) / transient(T=1) group The P bit is defined in RFC 3306, and it indicates whether the multicast address is built based on a unicast prefix (set to 1) or not (set to 0). The R bit defined in RFC 3956, if set to 1, indicates that the multicast group address contains the unicast address of the RP servicing that group. Scope field 1: node-local 2: link-local 3: Subnet-local scope 4: Admin-local Scope 5: site-local 8: organization-local E: global Others: reserved
FF02::/16 Multicast Flag group IDunicast prefixRP Scopelink-local
11111111 flags scope

group ID 112 bits

33
Unicast Prefix Based Multicast Addresses

The Reserved bits must be set to zero Unicast Prefix Global unicast Address Perfix lengthUnicast Perfix length PIM-SSM Multicast Addresses Unicast Prefix 2001:ed8:32:1::/64 Multicast ScopeGlobal: EGroup ID: 11AA:11BB Group ID Multicast Address FF3E:0040:2001:ed8:32:1:11AA:11BB PIM-SSMFF3X::[Group ID,32bit] 11111111 flags scope Reserved 8 4 4 8 104 bits
FF 3 X 00 Prefix length
Unicast Prefix 64
group ID 32
34
8
17
Solicited-Node Multicast Addresses

Global Unicast Address Link Local Address InterfaceLink-Local Scope IPv6, Layer2-Layer3 Mapping Duplicate Address Detection (DAD) :2001:ed8:32:1:0:0:aabb:ccdd Solicited-Node Multicast Address FF02::1:FFbb:ccdd
Global Unicast Address Network ID Interface ID 64 bits
FF02 0000 0000 0000 0000 0001 FF
Copy
FF02::1:FF00:0000/104
24 bits
35
IPv6 Multicast Address Allocation

IANA http://www.iana.org/assignments/ipv6multicast-addresses Variable-Scope Multicast addresses: NTP Fixed-Scope multicast addresses :DHCPv6
18
IPv6 Anycast Address

Assigned to multiple interface Only used as destination address Only assigned to router anycast addresses are indistinguishable from unicast Subnet-router anycast address is predefined and required IPv6 reserved anycast address for future use Anycast ID: 0-125, 127(00-7D, 7F) Anycast ID:126 (7E)Mobile IPv6 home agents anycast addresses
Unicast Address with EUI-64 Interface ID (Anycast)
Subnet Prefix 64 bits

000000 57 bits
Anycast ID 7 bits
37
IPv6 Interface
IPv6Interface 1. Loopback address () 2. Link-Local address () 3. Unicast or anycast address if configured () 4. Subscribe to the all-nodes multicast address () 5. Multicast address of all the groups it subscribes to () 6. Subscribe to its own solicited-node multicast address ( ) Routersupport (Router ) 1. Subnet-router anycast address 2. All configured anycast addresses 3. The all routers multicast address 38
19
IPv6Layer 2
IPv6Layer 2Layer 3 Interface ID (IPv6 Only) IPv6Layer 3 Multicastmapping Layer 2 multicast (IPv4)
MAC Address Interface ID

First three octets of MAC is Company-ID 2. Last three octets of MAC is Node-ID 3. FFFECompany IDNode-ID 4. Company ID 27Univeral/Local-Bit 1Global Scope : MAC Address 00-C0-3F-BB-93-91 1. Company ID 00-C0-3F, node idBB-93-91 2. 00-C0-3F-FF-FE-BB-93-91 3. Company ID 200000000 11000000 00111111 4. 7bit100000010 11000000 001111111 5. 02-C0-3F 6. Interface ID 2C0:3FFF:FEBB:9391
1.
20
The conversion of a universally administered, unicast IEEE 802 address to an IPv6 interface identifier
IPv6 Multicast
MAC Address 16 bit3333 Layer 3 Multicast IPv6 IPv6 multicast address 32 bit Copy 32bit MAC AddressIPv6 Multicast Layer 2 MAC address
Multicast Address
FF02 0000 0000 0000 0000
64 bits
0001 FF3A F041
32bits Copy Multicast Layer2 Address

3333 FF3A F041
48bits
42
21
Cisco RouterIPv6
config terminal interface F0/1 ipv6 enable ipv6 address 2003:0:0:B3::1/64 (and/or) ipv6 address 2003:0:0:B4::/64 eui-64 (and/or) EUI-64 ipv6 address 2003:0:0:B5::1/64 anycast (and/or) Anycast ipv6 nd prefix 2003:0:0:B6::/64 infinite infinite Router Advertisement Hoststateless autoconfigurationGlobal Unicast IPv6 Address
43
IPv6 Header
44
22
IPv6 vs. IPv4 Packet Data Unit

maximum 65535 octets minimum 20 octets
IPv4 Header
Data Field
IPv4 PDU
maximum 65535 octets Fixed 40 octets 0 or more Extension Header Extension Header
IPv6 Header
Transport-level PDU
IPv6 PDU
IPv6 IPv4 Header

IPv4 Packet Header
Ver 4 IHL 4
IPv6 Packet Header

Ver 4 13
Traffic Class 8
Type 8
Identification 16
TTL
Service
Total Length 16 Flags 3 Offset
Flow Label 20
Next
Header
Payload Length 16
Hop Limit 8
Protocol 8
Header Checksum 16
Source Address 32 Destination Address 32 Destination Address Options + Padding
Source Address 128
32 bits Destination Address 128
TWNIC IPv6
46
23
Summary of Header Changed

Streamlined ()

Fragmentation fields moved out of base header 0 bits 4 8 IP options moved out of base header Ver IHL Service Type Header Checksum eliminated Header Length field eliminated Identifier Length field excludes IPv6 header Time to Live Protocol Alignment changed from 32 to 64 bits Time to Live Hop Limit Protocol Next Header Precedence & TOS Traffic Class Addresses increased 32 bits 128 bits Flow Label field added
Changed 16 24
Removed 31
Total Length Flags Fragment Offset Header Checksum
Revised ()

32 bit Source Address 32 bit Destination Address Options and Padding
Extended ()
*Introduction to IPv6, Cisco 2001
IPv6 extension header

40 octets 0 or more Extension Header Extension Header
IPv6 Header
Transport-level PDU
IPv6 PDU general form
Hop-by-hop options header Routing header Fragment header Authentication header Encapsulating security payload header Destination options header
24
Extension Header Order

Order 1 2 3 4 5 6 7 8 9 Header Type Basic IPv6 Header Hop-by-Hop Options Destination Options (with Routing Options) Routing header Fragment header Authentication header Encapsulation Security Payload header Destination Options Mobility header No Next header Upper layer TCP Upper layer UDP Upper layer ICMP
Next Header Code 0 60 43 44 51 50 60 135 59 6 17 58

49
IPv6
25
IPv6 Core Protocols
51
Dualstack TCP/IP Protocol Suite
TCP/IP Fundamentals for Microsoft Windows Chapter 2

26
IPv6 Core Protocols

IPv6
Core Protocols IPv4 IPv4IPv6 IPv6

Core Protocols
IPv6 ICMPv6 ND MLD
IPv4 ICMP ARP IGMP
IPv6 is a routable protocol that addresses, routes, fragments, and reassembles packets ICMPv6 provides diagnostic functions and reports errors when IPv6 packets cannot be delivered. ND manages interaction between neighboring nodes, including automatically configuring addresses and resolving next-hop IPv6 addresses to MAC addresses. MLD manages IPv6 multicast group membership.
TCP/IP Fundamentals for Microsoft Windows Chapter 2
53
ICMPv6
An integral part of IPv6 and MUST be fully implement by every IPv6 node (RFC 2463 RFC 4443) Internet Control Message Protocol For IPv6 Next Header value= 58 Report delivery or forwarding errors Provide simple echo service for troubleshooting Multicast Listener Discovery (MLD) 3 ICMP messages Neighbor Discovery (ND) 5 ICMP messages
TWNIC IPv6
54
27
ICMPv6 message format
Neighbor Discovery (ND)

RFC 2461(Updated by RFC4311) Nodes (Hosts and Routers) use ND to determinate the link-layer addresses for neighbors known to reside on attached links and quick purge cached valued that become invalid Hosts also use ND to find neighboring router that willing to forward packets on their behalf Nodes use the protocol to actively keep track of which neighbors are reachable and which are not, and to detect changed link-layer addresses Replace ARP, ICMP Router Discovery, and ICMP Redirect used in IPv4
TWNIC IPv6
56
28
Neighbor Discovery (ND)

ICMP message types:
router solicitation router advertisement neighbor solicitation neighbor advertisement redirect router discovery prefix discovery autoconfiguration of address & other parameters duplicate address detection (DAD) neighbor unreachability detection (NUD) link-layer address resolution *Introduction to IPv6, Cisco 2001 first-hop redirect
57
Functions performed:
ND Autoconfiguration, Prefix & Parameter Discovery

1. RS 1. RS: ICMP Type = 133 Src = :: Dst = All-Routers multicast Address query= please send RA 2. RA 2. RA: ICMP Type = 134 Src = Router Link-local Address Dst = All-nodes multicast address Data= options, prefix, lifetime, autoconfig flag 2. RA
Router solicitation are sent by booting nodes to request RAs for configuring the interfaces.
29
ND Address Resolution & Neighbor Unreachability Detection

A B
ICMP type = 135 (NS) Src = A Dst = Solicited-node multicast of B Data = link-layer address of A Query = what is your link address?
ICMP type = 136 (NA) Src = B Dst = A Data = link-layer address of B
A and B can now exchange packets on this link

ND Redirect
A B R2
R1
3FFE:B00:C18:2::/6 4
Src = A Dst IP = 3FFE:B00:C18:2::1 Dst Ethernet = R2 (default router) Redirect: Src = R2 Dst = A Data = good router = R1
Redirect is used by a router to signal the reroute of a packet to an onlink host to a better router or to another host on the link 60
30
Neighbor Cache Entry States

NO ENTRY EXIST
send multicast Neighbor Solicitation multicast Neighbor Solicitation retry exceeded
INCOMPLETE
received unsolicited Neighbor Advertisement received solicited Neighbor Advertisement reachablility confirmed by sending unicast Neighbor Solicitation and receiving unsolicited Neighbor Advertisement
REACHABLE
reachable Time exceeded
reachablility confirmed by upper layer protocol delay time exceeded
STALE
send packet
DELAY
PROBE
unicast Neighbor Solicitation retry exceeded 61 NICI IPv6 Standard & Interoperability Testing Laboratory
Minimum MTU
Link MTU
A links maximum transmission unit (ex: the max IP packet size that can be transmitted over the link)
Path MTU
The minimum MTU of all the links in a path between a source and a destination
Minimum link MTU for IPv6 is 1280 octets vs 68 octets for IPv4 On links with MTU < 1280, link-specific fragmentation and reassembly must be used On links that have a configurable MTU, its recommended a MTU of 1500 bytes
TWNIC IPv6
31
Path MTU Discovery

RFC 1981 Implementations are expected to perform path MTU discovery to send packets bigger than 1280 octets For each destination, start by assuming MTU of first-hop link If a packet reach a link in which it cant fit, will invoke ICMP packet too big message to source, reporting the links MTU; MTU is cached by source for specific destination Occasionally discard cached MTU to detect possible increase Minimal implementation can omit path MTU discovery as long as all packets kept <= 1280 octets Ex: in a boot ROM implementation
TWNIC IPv6
Multicast Listener Discovery (MLD)

MLDv1
RFC 2710, RFC3590
MLDv2
RFC 3376, RFC 3810, RFC4604
ICMP Messages Types

Multicast Listener Query Multicast Listener Report Multicast Listener Done MLDv2 Multicast Listener Report
:
enabling routers to discover the set of IPv6 multicast addresses for which there are listening nodes for each attached interface. Like IGMPv2, MLD discovers only those multicast addresses that include at least one listener, not the list of individual multicast listeners for each multicast address.
Windows Vista MLDv2.

64
32
SCOPE
Multicast Routing DVMRP (Distance Vector Multicast Routing Protocol) MOSPF PIM (Protocol Independent Multicast) BGMP OSPFv3 IPv6 Network PIMv2 (RFC 4601) IPv6 Network (RFC 4601) (Thousands of Nodes)
(Thousands of Nodes)
Link
Router
Link
IGMP (Internet Group Management Protocol) for V4 ICMPv6 for V6
IPv6
66
33
IPv6

IPv4Option IPv6 IPv6 Basic + Extension (s) + Data
IPv6 Checksum
DHCPv6 Stateful Stateless
IPv4
IPsec
(QoS)
67
IPv4 32
4,294,967,296 340,282,366,920,938,463,46 3,374,607,431,768,211,456 (3.4x1038)

68
IPv6
128
34
Why not > 128 bits?

IP 128bits
IPv4 IPv6 20bytes 40bytes MTU 576bytes 1,280bytes 3.5% 3.1%
()
Interface Interface ID Interface ID SIP 2001:e10:201:1::333
FTP 2001:e10:201:1::444 Internet Print 2001:e10:201:1::555 WebServer 2001:e10:201:1:2c0:8fff:fe03:8372
35
()
Interface Network ID (MultiHoming) InterfaceISP Public IPv6 AddressMulti-homing
ISP1 2001:e10:201 Internet ISP2 2040:e32:411 WebServer 2001:e10:201:1:2c0:8fff:fe03:8372
WebServer 2040:e32:411:1:2c0:8fff:fe03:8372
71
IPv6 Security
All implementations required to support authentication and encryption headers (IPsec) Authentication separate from encryption for use in situations where encryption is prohibited or prohibitively expensive Key distribution protocols are under development (independent of IPv4/v6) Support for manual key configuration required
36
IPSec Document Roadmap

Architecture RFC 2406 ESP Protocol AH Protocol RFC 2402
Encryption Algorithm
HMAC-MD5 (RFC 2403) HMAC-SHA-1 (RFC 2404) .
Authentication Algorithm
DES-Detroit (RFC 2451) CBC(RFC 2405) .
DOI RFC 2407 Key Management
ISAKMP, Oakley, .
73
Transport-Mode vs. Tunnel-Mode Encryption

Internal Network External Network
Encrypted TCP Session
(a) Transport-level security

Corporate Network Corporate Network
Encrypted tunnels carrying IP traffic

Corporate Network
Internet
Corporate Network
(b) A virtual private network via Tunnel Mode

74
37
Authentication Header
Destination Address + SPI identifies security association state (key, lifetime, algorithm, etc.) Provides authentication and data integrity for all fields of IPv6 packet that do not change en-route Default algorithm is Keyed MD5
AH Authentication with IPv6

new IP hdr extension headers (if present) TCP Data
Before applying AH
Authenticated except for mutable fields orig IP hdr Hop-by-hop, dest, routing, fragment AH dest TCP Data
Transport mode
Authenticated except for mutable fields in the new header ext ext. orig IP AH TCP headers headers hdr
new IP hdr
Data
Tunnel mode
38
Encapsulating Security Payload (ESP)
ESP with IPv6

Authenticated Encrypted orig IP hdr Hop-by-hop, dest, ESP routing, fragment hdr dest TCP Data ESP ESP trlr auth
Transport mode
Authenticated Encrypted New IP hdr ext headers ESP hdr orig IP hdr ext headers TCP Data ESP ESP trlr auth
Tunnel mode
39

Header
Authentication Header Encapsulating Security Payload HeaderESP Header
IPv6IPSec(Windows Vista ) IPv6IPSec PDA

Mobile IPv6 Mobile IPv4

Home Agent HACisco RouterHA Mobile NodeMNWindowsMN Correspondent NodeCN
MNIPHAIP MNHAMN IP CNHACNMN HAMN MNHACNCN IPMN

40
Comparisons of Mobile IPv4 and Mobile IPv6

Compared Items Foreign Agent Care-of address Obtaining Care-of address Route Optimization Packet tunnel during route optimization HA involves route optimization MIP messages format MIP messages Mobile IPv4 YES FA or CCoA By FA or DHCPv4 Option Require packet tunneling between MN and CN YES ICMP and UDP packets Reg. Req, Bing Update, Mobile IPv6 NO CCoA only IPv6 stateless and stateful mechanisms Mandatory Forward packets with no tunneling NO IP headers and ICMP packets Reduced and allow piggybacked in header Mandatory No ingress filtering problem
Smooth hand-over Option Reverse tunneling Solve ingress filtering
Mobile IPv6
1. 2. 3. 4.
ClientMNWindows AAA CN Triangle Data Path Mobile IP Mobile IPv6IPSec

82
41
QoS
IPv6QoSApplication QoS PolicyIPv6 QoS IETFQoS 1. Integrated Service (int-serv)
fine-grain (per-flow), quantitative promises (e.g., x bits per second), uses RSVP signaling
2. Differentiated Service (diff-serv)

coarse-grain (per-class), qualitative promises (e.g., higher priority), no explicit signaling
*Introductio to IPv6, Cisco 2001
IPv6 Header QoS

Inter-Serv
20-bit Flow Label field to identify specific flows needing special QoS
Diff-Serv
IPv4 8-bit Traffic Class field to identify specific classes of packets needing special QoS
42
IPv6 Routing
85
Routing in IPv6()
As in IPv4, IPv6 supports IGP and EGP routing protocols:
IGP for within an autonomous system are
RIPng (RFC 2080) OSPFv3 (RFC 2740) Integrated IS-ISv6 (draft-ietf-isis-ipv6-06.txt)
EGP for peering between autonomous systems

MP-BGP4 (RFC 4271, RFC 4760 and RFC 2545)
IPv6 still uses the longest-prefix match routing algorithm

43
Routing in IPv6()
RIPng
RIPv2, supports split-horizon with poisoned reverse RFC2080
IS-ISv6
Shared IGP for IPv4 & IPv6 Route from A to B same for IPv4 & IPv6 Separate SPF may provide SIN routing
OSPFv3
Ships in the Night routing Need to run OSPFv2 for IPv4 Route from A to B may differ for IPv4 & IPv6
Routing in IPv6()
BGP4+
Added IPv6 address-family Added IPv6 transport Runs within the same process - only one AS supported All generic BGP functionality works as for IPv4 Added functionality to route-maps and prefix-lists
44
IPv6
89
IPv6 Resources On Internet

Microsoft IPv6 http://www.microsoft.com/technet/itsolutions/network/ipv6/default.mspx Cisco IPv6 http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html Cisco IOS IPv6 Configuration Library http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_book09 186a00801d65f9.html HP IPv6 http://h71000.www7.hp.com/doc/732final/6645/6645pro.html#bottom_main The IPv6 Portal http://www.ipv6tf.org/ IPv6 Style http://www.ipv6style.jp/jp/statistics/ipv6win/index.shtml The Join Project http://www.join.uni-muenster.de/Join/index_join.php?lang=en IPv6 Forum Taiwan http://www.ipv6.org.tw/ Deep Space 6 http://www.deepspace6.net/ Hexago http://www.hexago.com/
45
91
IPv6
NICI IPv6 200783
92
46

IPv 6 Protocol&Features

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IPv 6 Protocol&Features

Uploaded by

Copyright:

Available Formats

IPv6

08:40-09:00 IPv6 IPv6(Mobile IPv6 ) IPv6 Addressing, IPv4

10:20-10:40 10:40-12:00 12:00-13:30 13:30-14:50 14:50-15:10 15:10-16:30 16:30-16:40

NICI IPv6 Standard & Interoperability Testing Laboratory

NICI IPv6 Steering Committee Standard & Testing Division

3 NICI IPv6 Standard & Interoperability Testing Laboratory

5 NICI IPv6 Standard & Interoperability Testing Laboratory

A 8 24 16,777, 214 B 16 16 C 24 8 65,534 254

Class-ful IPv4 Address

Class A 0 Network Class B 1 0 Class C 1 1 0 Class D 1 1 1 0 Class E 1 1 1 1 Network Network

Multicast address Reserved

7 NICI IPv6 Standard & Interoperability Testing Laboratory

Problems with IPv4(1/2)

IPv4 address allocation rate

Problems with IPv4(2/2)

Manual configuration required

Multicast, Security, Quality of Service and Mobility

Header and format limitations that limit future flexibility

Potential IPv6 Services

3G and WLAN Services

Home network and IA Services

July 2003 Sep. 2005 Dec. 2005 July 2007

Geoff Huston Tony Hain (Cisco) Geoff Huston Geoff Huston

IANAInternet Assigned Numbers Authority

IANA : Internet Assigned Numbers Authority RIR : Regional Internet Registry

13 NICI IPv6 Standard & Interoperability Testing Laboratory

Differences between IPv4 and IPv6

Differences between IPv4 and IPv6(Cont.)

Broadcast No identification Manually or DHCP A (IGMP)

NICI IPv6 Steering Committee Standard & Testing Division

20 NICI IPv6 Standard & Interoperability Testing Laboratory

Basic Address Types

NICI IPv6 Standard & Interoperability Testing Laboratory

Unicast Address Scoping

23 NICI IPv6 Standard & Interoperability Testing Laboratory

Global ID subnet ID bits 16 bits

NICI IPv6 Standard & Interoperability Testing Laboratory

Global Unicast Address

25 NICI IPv6 Standard & Interoperability Testing Laboratory

Unicast Address Structure

28 NICI IPv6 Standard & Interoperability Testing Laboratory

modified EUI-64 MAC AddressInterface Tunnel Server (IPv6 IP Sec) DHCPv6(Stateful)

29 NICI IPv6 Standard & Interoperability Testing Laboratory

30 NICI IPv6 Standard & Interoperability Testing Laboratory

Global Unicast Address

2400:0000/19 IPv6 Internet APNIC 2400:2000::/19 2400:4000::/21

32 NICI IPv6 Standard & Interoperability Testing Laboratory

IPv6 Multicast Addresses

FF02::/16 Multicast Flag group IDunicast prefixRP Scopelink-local

11111111 flags scope

group ID 112 bits

Unicast Prefix Based Multicast Addresses

Solicited-Node Multicast Addresses

IPv6 Multicast Address Allocation

36 NICI IPv6 Standard & Interoperability Testing Laboratory

IPv6 Anycast Address

Subnet Prefix 64 bits

39 NICI IPv6 Standard & Interoperability Testing Laboratory

MAC Address Interface ID

41 NICI IPv6 Standard & Interoperability Testing Laboratory

32bits Copy Multicast Layer2 Address

NICI IPv6 Steering Committee Standard & Testing Division

IPv6 vs. IPv4 Packet Data Unit