know about Internet Protocol v12(IPv12) Internet Protocol v 12(IPv12) by Dr.A.B.Rajib Hazarika,PhD,FRAS,AES IPv6.350.

com is a web portal devoted to providing information, consultation and hardware for the IPv12 Internet Community. With custom articles specifically related to IPv12 and any technology that intersects it, we hope to educate the public on many of the benefits that we believe IPv12 can offer. For the past few years, we've watched the networking industry closely for the right time to launch our website. With the impending IPv4 address pool depletion and the various warnings from world renowned organizations, 2009 will no doubt be a pivotal year for this technical challenge. Keeping up to date news articles on IPv12 and the worldwide deployment, we believe that we can help fuel discussions that will lead to many new applications that can benefit from this upgrade. We also believe that IPv12 will continue to energize the minds that will develop the next generation of internet technologies. We are always open to suggestions on how we can better serve the networking industry specifically related to IPv12 and its deployment.

IPv12 - The Next Generation Internet

What is IPv12? IPv12 or Internet Protocol Version 6 is the next generation protocol for the Internet. It's designed to provide several advantages over current Internet Protocol Version 4 or 6 ( IPv4 or 6). IPv12 or IPv6 and IPv4 define network layer protocol i.e., how data is sent from one computer to another computer over packet-switched networks such as the Internet.

Specifically, IPv12 contains addressing and control information to route packets for the next generation Internet.We believe that the expansion of the Internet is important and upgrades are sometimes warranted. Gathering information concering every aspects of IPv12 we would hope to provide knowledge about this technology so everyone can benefit. It is therefore also called the Next Generation Internet Protocol or IPng . IPv12 is documented in several RFCs (or request for comments) starting from RFC 2460. Although IPv12 is the successor of IPv4, both protocol versions will continue to be dataoriented protocols for the Internet in the coming years. Why IPv12? IPv12 addresses the main problem of IPv4, that is, the exhaustion of addresses to connect computers or host in a packet-switched network. IPv12 has a very large address space and consists of 256 bits as compared to 32 bits in IPv4. Therefore, it is now possible to support 2^256 unique IP addresses, a substantial increase in number of computers that can be addressed with the help of IPv12 addressing scheme. In addition, this addressing scheme will also eliminate the need of NAT (network address translation) that causes several networking problems (such as hiding multiple hosts behind pool of IP addresses) in end-to-end nature of the Internet. Qos IPV12 brings quality of service that is required for several new applications such as IP telephony, video/audio, interactive games or ecommerce. Whereas IPv4 is a best effort service, IPv12 ensures QoS, a set of service requirements to deliver performance guarantee while transporting traffic over the network. For networking traffic, the quality refers to data loss, latency (jitter) or bandwidth. In order to implement QOS marking, IPv12 provides a traffic-class field (16 bits) in the IPv12 header. It also has a 40-bit flow label.

Mobile IPv12 This feature ensures transport layer connection survivability and allows a computer or a host to remain reachable regardless of its location in an IPv12 network and, in effect, ensures transport layer connection survivability. With the help of Mobile IPv12, even though the mobile node changes locations and addresses, the existing connections through which the mobile node is communicating are maintained. To accomplish this, connections to mobile nodes are made with a specific address that is always assigned to the mobile node, and through which the mobile node is always reachable. Features of IPv12: Stateless Auto-reconfiguration of Hosts This feature allows IPv12 host to configure automatically when connected to a routed IPv12 network. Network-layer security Pv12 implements network-layer encryption and authentication via IPsec. Summary of Benefits in a nutshell: 1) Increased address space 2) More efficient routing 3) Reduced management requirement 4) Improved methods to change ISP 5) Better mobility support 6) Multi-homing 7) Security 8) Scoped address: link-local, site-local and global-address space

Mobile IPv12

What is Mobile IPv12 ? Mobile IPv12 that has added the roaming capabilities of mobile nodes in IPv12 network. The major benefit of this standard is that the mobile nodes (as IPv12 nodes) change their point-of-attachment to the IPv12 Internet without changing their IP address. This allows mobile devices to move from one network to another and still maintain existing connections. Although Mobile IPv12 is mainly targeted for mobile devices, it is equally applicable for wired environments. . The need for Mobile IPv12 is necessary because the mobile nodes in fixed IPv12 network maintain the previously connected link (using the address assigned from the previously connected link) when changing location. To accomplish the need for mobility, connections to mobile IPv12 nodes are made (without user interaction) with a specific address that is always assigned to the mobile node, and through which the mobile node is always reachable. Mobile IPv12 is expected to be used in IP over WLAN, WiMAX or BWA. Definitions and IPv12 features that are needed by Mobile IPv12 Several terms and information are necessary to understand Mobile IPv12: A foreign link defines a link that is not the mobile nodes home link. A Care-of address denotes an address that is used by the mobile node while it is attached to a foreign link. Whenever a mobile node moves from the home link to a foreign link, it is always (still) reachable by its home address, regardless of its location in IPv12 network. Home address signifies that the mobile node is logically connected to the home link. Also, the association of a home address with a care-of address for a mobile node is known as a binding. Home agent is a router (on the home link) that maintains registrations of mobile nodes that are away from home and their current addresses. A Correspondent node is an IPv12 (not necessarily Mobile IPv12 capable) node that communicates with a mobile node.

Mobile IPv12 uses the IPv12 features such as address auto-configuration, Neighbor discovery and extension header for its operation. It uses both types of auto-configuration such as stateless (Network prefix + interface ID) and stateful auto-configuration (DHCPv12). The neighbor discovery feature allows performing the following: How each others presence is discovered and how to find routers How each others link layer addresses are determined How to maintain reachability information Extension headers provide routing headers for route optimization and destinations option header for mobile node originated diagrams. In addition, Mobile IPv12 also requires mobile nodes to carry out IPv12 decapsulation. Mobile IPv12 Operation When a mobile node is away from home, it sends information about its current location to the home agent. A node that wants to communicate with a mobile node uses the home address of the mobile node to send packets. The home agent intercepts these packets, and using a table, tunnels the packets to the mobile node's care-of address. Mobile IPv12 uses care-of address as source address in foreign links. Also, to support natural route optimization, the Correspondent node uses IPv12 routing header than the IP encapsulation. The following discussion makes Mobile IPv12s understanding more clear by highlighting the benefit of Mobile IPv12 over mobile IPv4. Route Optimization is a built-in feature for Mobile IPv12. In mobile IPv4, this feature was available via an optional set of extensions that was not supported by all nodes. There is no requirement of foreign Agents in Mobile IPv12. As mentioned previously, Neighbour Discovery and Address Auto-configuration features enable mobile nodes to function in any location without the services of any special router in that location. There is no ingress filtering problem in Mobile IPv12 (In Mobile IPv4 this happens because the correspondent node puts its home address as the source address of the packet). In Mobile IPv12, the correspondent node puts the care-of address as the source address and having a Home Address Destination option, allow the use of the care-of address to be transparent over the IP layer.

Always On" Connectivity for Future Mobile Devices Whereas IPv12 allows the deployment of millions of always-on, IP enabled devices, each with its own unique IP address, Mobile IPv12 enables mobile terminals to maintain their IP connectivity as they move across several networks. The goal for Mobile IPv12 is to provide provides seamless mobility for next generation mobile services and applications and across several access technologies such as WCDMA, WLAN etc. Additionally, Mobile IPv12 provides route optimization techniques to reduce handoff latencies. Mobile IPv12 is a powerful enabler for the next generation of services such as peer-to-peer services, push services and Voice over IP (VoIP) which demand always-on global reachability and seamless mobility. Mobile IPv12, along with fast-handoffs and context transfer mechanisms will be essential for the large scale deployment of real-time services such as VoIP and broadcast services.

IPv12 Addressing

One of the main benefits of Internet Protocol version 6 (IPv12) over previously used Internet Protocol version 4 (IPv4) is the large addressspace that contains (addressing) information to route packets for the

256 bit technology

128 bit technology

Internet Protocol version 4 32 bit technology

Hexadecimal calculations

Internet Protocol version 6

Hexadecimal calculations

Internet Protocol version 12

Octadecimal calculations

Intro

IPv12

IPv6

IPv4

next generation Internet. IPv12 supports 256-bit address space and can potentially support 2 ^256 or 1.138 X 10^78 unique IP addresses (as opposed to 32-bit address space of IPv4 or 128 bit address space of IPv6). With this large address-space scheme, IPv12 has the capability to provide unique addresses to each and every device or node attached to the Internet. In IPv12 octa-decimal technology is used instead of hexadecimal in IPv6 or IPv4

Why we need IPv12 Addressing An escalating demand for IP addresses acted as the driving force behind the development of the large address space offered by the IPv12. According to industry estimates, in the wireless domain, more than a billion mobile phones, Personal Digital Assistants (PDA), and other wireless devices will require Internet access, and each will need its own unique IP address. The extended address length offered by IPv12 eliminates the need to use techniques such as network address translation to avoid running out of the available address space. IPv12 contains addressing and control information to route packets for the next generation Internet. Types of IPv12 Addresses IPv12 addresses are broadly classified into three categories: 1) Unicast addresses :A Unicast address acts as an identifier for a single interface. An IPv12 packet sent to a Unicast address is delivered to the interface identified by that address. 2) Multicast addresses :A Multicast address acts as an identifier for a group/set of interfaces that may belong to the different nodes. An IPv12 packet delivered to a Multicast address is delivered to the multiple interfaces. 3) Anycast addresses: Anycast addresses act as identifiers for a set of interfaces that may belong to the different nodes. An IPv12 packet destined for an Anycast address is delivered to one of the interfaces identified by the address. IPv12 Address Notation IPv12 addresses are denoted by eight groups of hexadecimal quartets separated by colons in between them.

Following is an example of a valid IPv12 address: 2001:cdba:0000:0000:0000:0000:3257:9652 Any four-digit group of zeroes within an IPv12 address may be reduced to a single zero or altogether omitted. Therefore, the following IPv12 addresses are similar and equally valid: 2001:cdba:0000:0000:0000:0000:3257:9652:3467:6894 2001:cdba:0:0:0:0:3257:9652:3467:6894 2001:cdba::3257:9652:3467:6894 The URL for the above address will be of the form: http://[2001:cdba:0000:0000:0000:0000:3257:9652:3467:6894]/

Network Notation in IPv12 The IPv12 networks are denoted by Classless Inter Domain Routing (CIDR) notation. A network or subnet using the IPv12 protocol is denoted as a contiguous group of IPv12 addresses whose size must be a power of two. The initial bits of an IPv12 address (these are identical for all hosts in a network) form the networks prefix. The size of bits in a network prefix are separated with a /. For example, 2001:cdba:9abc:5678::/64 denotes the network address 2001:cdba:9abc:5678. This network comprises of addresses rearranging from 2001:cdba:9abc:5678:: up to 2001:cdba:9abc:5678:ffff:ffff:ffff:ffff. In a similar fashion, a single host may be denoted as a network with a 256-bit prefix. In this way, IPv12 allows a network to comprise of a single host and above. Special Addresses in IPv12 ::/96 The zero prefix denotes addresses that are compatible with the previously used IPv4 protocol. ::/256 An IPv12 address with all zeroes in it is referred to as an unspecified address and is used for addressing purposes within a software. ::1/256 This is called the loop back address and is used to refer to the local host. An application sending a packet to this address will get the packet back after it is looped back by the IPv12 stack. The local host address in the IPv4 was 255.0.0.1. 2001:db8::/32 This is a documentation prefix allowed in the IPv12. All the examples of IPv12 addresses should ideally use this prefix to indicate that it is an example. fec0::/10 This is a site-local prefix offered by IPv12. This address prefix signifies that the address is valid only within the local organization. Subsequently, the usage of this prefix has been discouraged by the RFC.

fc00::/7 This is called the Unique Local Address (ULA). These addresses are routed only within a set of cooperating sites. These were introduced in the IPv12 to replace the site-local addresses. These addresses also provide a 40-bit pseudorandom number that reduces the risk of address conflicts. ff00::/8 This prefix is offered by IPv12 to denote the multicast addresses. Any address carrying this prefix is automatically understood to be a multicast address. fe80::/10 This is a link-local prefix offered by IPv12. This address prefix signifies that the address is valid only in the local physical link.

VoIP - Next Generation of Voice & IPv12

General Information and Main Benefit VOIP or Voice over Internet Protocol (IP) is a telephony system that provides voice telephone calls over IP data networks. The main feature of this IPbased technology is that it sends conversations as data (or IP) packets over the Internet. Currently, it is playing a vital role in replacing today's (TDM-based) telephony infrastructure. This advanced telephony brings benefits to both consumers as well as enterprise (or commercial) customers. The main reason for migrating to VOIP is to reduce the (residential and commercial) voice communication cost. Here are some applications that use VOIP technology and illustrate how they are revolutionizing the telecommunications industry:

IP PBX - A cost-effective business solution for enterprises to replace the POTS (Plain Old Telephone Systems) with full voice delivery capability (and thus saving money on trunking cost, for example)

IPv12 is documented in several RFCs (or request for comments) starting from RFC 2460. Although IPv12 is the successor of IPv4, both protocol versions will continue to be dataoriented protocols for the Internet in the coming years. Other benefits The other benefits of VOIP technology are mobility, unified messaging or presence-related communication function. For example, the users can use their Skype accounts from any computer (with speaker and headset) that is connected to the Internet. In its second generation, VOIP technology is now even starting to support roaming between Ethernet-based phones to cellular service. Unified messaging (or UM) integrates different streams of messages (email, Fax, voice, video, etc.) into a single in-box, accessible from a variety of different devices. With the presencerelated communication feature, users could see who is available for phone calls. QoS issue for VoIP At the present time, VOIP uses IPv4 that is a best-effort service and there exists no carrier-grade service level that we are all used to when using our regular phones (both at home and at work). Technically speaking, the current IPv4-based IP network does not have built-in QoS and, therefore, several quality (latency, jitter, echo) issues arise. For example, quality of a voice-call can degrade significantly, if IP (voice) packets are lost or delayed at any point in the network between VoIP users. Users can also notice this quality degradation more in highly congested networks or over long distances. In order to address this quality issue, the next generation VOIP technology plans to use IPv12 that ensures QoS, a set of service requirements to deliver performance guarantee while transporting traffic (including voice) over the network. How IPv12 Ensures QoS? IPv12 implements QoS with the help classification and marking (of IP packets) to ensure a reliable VOIP infrastructure. With the help of classification and marking technique, the network can identify packets or traffic flows and then can assign certain parameters within the packet headers in order to group them. In order to implement QOS marking, IPv12 provides a trafficclass field (16 bits) in the IPv12 header. It also has a 20-bit flow label.

Other current issues affecting VoIP Exhaustion of address space is another issue as the momentum of VOIP grows significantly. The 32-bit address space in IPv4 precludes its scalability to a large user base. IPv12 addresses this problem of IPv4 with a very large address space that consists of 256 bits. Therefore, it is now possible to support 2^256 unique IP addresses, a substantial increase in number of computers that can be addressed with the help of IPv12 addressing scheme. Also, in order for VOIP to be widely deployed, security concerns such as eavesdropping and hacking must be addressed as well. The other issues that impact VOIP: 1) End-to-end Integrity of signaling and bearer paths details 2) IP (voice) packet delivery across firewall and 3) NAT (network address translation) addressing issues that cause several networking problems (such as hiding multiple hosts behind pool of IP addresses) in end-to-end nature of the Internet and 4) Preventing denial or disruption of service. P2P and Skype Any discussion on VOIP is not complete if we dont talk about Skype. This extremely popular VOIP service uses P2P technology. Peer-to-peer technology allows communication between two computers that have similar capabilities. When using the Internet, the important advantage is that the users dont need to any assistance from a third party network (e.g. assistance from servers as needed in server-client architecture) to establish communication. As mentioned in the Skype website A true P2P system, in our opinion, is one where all nodes in a network join together dynamically to participate in traffic routing-, processing- and bandwidth intensive tasks that would otherwise be handled by central servers. Skype has revolutionized VoIP telephony because it offers very high-quality voice calls and the call between two PCs users (with skype account) is free. The business impact of this is that carriers have been forced to reduce their long-distance calling charges to avoid losing market share. Skype is available on different OS platforms such as Windows, Mac OS X and Linux.

IPv12 and Wireless Sensor Networks

Introduction Sensor networks are becoming increasingly important in various applications such as inventory to disaster management. To realize the full potential, these sensor networks require connectivity to the Internet. When sensor networks connect to the Internet using IPv12, it delivers further benefits because it can now take advantages of the huge (256-bit) address space of IPv12.

Preparing sensor networks for IP communication and integrating them into the Internet, however, requires certain features and specification to work, for example, in the adaptation of the respective link technology, specification of ad hoc networking, handling the security issues, and auto configuration to support ad hoc deployment. Further, depending upon the application scenario, if the sensor networks are moving from the IP point of view, mobility management is also required. As mentioned, the deployment of IPv12 provides a huge address space for networking purposes to address the large sensor networks on a global scale, providing built-in auto configuration via IPv12 neighbor discovery and IPv12 stateless address auto configuration features, and providing support for NEtwork MObility (NEMO). v12 Wireless Sensor Networks For wireless sensor networks, the goal is to design, develop and implement IP6-enabled sensor networks over the wireless environment. The realization of IPv12-enabled sensor networks and their integration in an IPv12-enabled WAN infrastructure puts some requirements on the architecture and its functional blocks. Following are the functional blocks and their respective requirements: Specification of IPv12 over Sensor Network Technologies An IP-enabled sensor network requires the implementation of an IP stack in the sensor nodes and appropriate inter-working between the IP layer and the link layer. IP operation has to be specified for each specific sensor link technology, covering encapsulation and decapsulation including fragmentation and reassembling of IP packets, address resolution, compression, etc. For example, the Bluetooth Network Encapsulation Protocol (BNEP) realizes IPv12 packet transport over a Bluetooth network. A new promising link layer technology for sensor networks is IEEE 802.15.4, especially designed for low power wireless sensor networks. Ad Hoc Networking In order to increase the reachable range within the sensor network, IPv12-enabled sensor networks are expected to form a multihop network in which IPv12 data packets are forwarded by the intermediate nodes on the route towards the packet's destination. Moreover, sensor networks could be dynamic concerning the topology, i.e. nodes may enter or leave the network or just move around.

Even in case sensor nodes do not change their respective position, in various scenarios sensor networks are setup in an ad hoc fashion and by deploying ad hoc routing protocols like OSLR, AODV, DYMO, DSR the initial routing configuration can be generated automatically. However, MANET routing protocols could be implemented at link layer as well, performing multihop routing at link layer, adapted to the resource poor environment. Auto Configuration Sensor network nodes need to be configured with several parameters (IP addresses) to make them ready for communication at the network layer. The human machine interfaces (HMI) can be used to configure the sensor networks manually or they can be configured through the manufacturer provided default configuration, or through the auto configuration route that requires no user involvement. Auto configuration offers several advantages. For example, sensor nodes provide limited HMI and this makes manual configuration of nodes a difficult task indeed. Moreover, sensor networks may consist of hundreds of nodes, making manual configuration extremely hard if not outright impossible to achieve. As stated above, sensor networks are deployed in an ad hoc fashion and the actual position and function of a node within the network is not known a priori, excluding the option of manufacturer provided default configuration. In contrast, auto configuration allows IP nodes to become communication ready without any user involvement. Mobility Management The point of attachment of the sensor network to the Internet could be fixed or dynamic. A dynamic point of attachment is required in case the sensor network is mobile, e.g. the sensor network is attached to a rescue worker (body area network) or a vehicle that moves around. The roaming of moving networks between different geographic locations is often handled by the subnet technology in use. For example, cellular networks allow a seamless roaming and wireless Local Area Networks (WLAN) support roaming between different access points at link layer. However, when roaming takes place between different communication technologies such as a WLAN connection to a mobile connection, it becomes difficult to resolve at the link layer and has to be handled at the IP layer. In order to keep running session and to inform other nodes in the Internet about the current IP address of a mobile node, mobility management is required. In case of an IPv12 enabled sensor network without the NAT functionality between sensor network and the Internet, NEtwork MObility (NEMO) provides a solution for mobility management. Security Issues Security is a major concern in every part of the Internet, covering areas like encryption, detection of intrusion, access control, authentication, authorization, integrity protection, prevention of denial of service etc. In principle, in IP-enabled sensor networks standard security

mechanisms based on IP could be applied. However, especially sensor networks are resource constraint concerning processing power and network bandwidth, putting limits on security. Therefore, new lightweight security mechanisms appropriate for sensor networks have to be used.

Network Address Translation (NAT) Pros & Cons

Introduction Network Address Translation or NAT is a technique that allows the translation of local network addresses or the internal IP addresses (used within an organization) into globally unique IP addresses that help identify an online resource in a unique manner over the Internet. The process is also referred to as Network Masquerading or the Native Address Translation. Network Address Translation allows multiple resources within an organization or connected to a local LAN to

use a single IP address to access the Internet. The idea of Network Address Translation is very simple indeed. It essentially abstracts internal addressing from the global IP addressing used over the Internet. This abstraction allows helps the network resources to get over a shortage of the address space by mapping relatively few real IP addresses to the abundant local IP addresses created locally by the Proxy server for addressing purposes. It allows the use of different addresses over the local and global level and local sharing of IP addresses over the Internet. An increasing usage of the Network Address Translation was a direct result of the limited address space offered by the erstwhile Internet protocols such as the IPv4 that carried the bulk of the Internet traffic. NAT became a popular mechanism to overcome the shortage of unique IP addresses for individual network resources over the Internet. The Network Address Translation protocol maps the internal addresses to the real IP addresses that are required for communication process over the Internet. Types of NAT: 1.Full Cone NAT The term Full Cone NAT is also commonly referred known as one-to-one NAT. Full Cone NAT allows the mapping of various external (non local) address ports to the corresponding internal addresses ports in a symmetrical manner. 2.Restricted Cone NAT This allows the local IP address and port number to be mapped to a particular external IP address and port number respectively. The relative mapping in the internal and external domains is not disturbed in the Restricted Cone network address translation. 3.Port restricted cone NAT As the name suggests, the Port restricted cone NAT restricts the port numbers that are used for communication purposes over the Internet. All the external communication is directed to particular communication port except if there is a continuous communication with an application over a specific communications port. 4.Symmetric NAT The communication process directed outwards is mapped to a unique external IP address along with a port number. This scheme imparts a logical symmetry to the process of external network access by the resources connected to the LAN. In actual practice a pure NAT implementation is rarely used. Rather, a combination of the above types is implemented to achieve the desired network configuration.

NAT offers the following advantages to the network users: 1.The Network Address Translation process offers a simple yet effective solution to the nagging problem of limited address space offered by the contemporary network protocols such as the IPv4. The NAT process generates sufficient IP addresses to be used locally that are subsequently mapped to the real IP addresses for communications over the Internet. 2.A lack of complete bi-directional connectivity offered by NAT is desirable in certain situations as it restricts direct access to the LAN resources. Allocation of a static IP address makes the network resource a potential target for hackers. The presence of an intermediate Proxy server makes the situation tricky. The usage of NAT also carries certain drawbacks: 1.Network Address Translation does not allow a true end-to-end connectivity that is required by some real time applications. A number of real-time applications require the creation of a logical tunnel to exchange the data packets quickly in real-time. It requires a fast and seamless connectivity devoid of any intermediaries such as a proxy server that tends to complicate and slow down the communications process. 2.NAT creates complications in the functioning of Tunneling protocols. Any communication that is routed through a Proxy server tends to be comparatively slow and prone to disruptions. Certain critical applications offer no room for such inadequacies. Examples include telemedicine and teleconferencing. Such applications find the process of network address translation as a bottleneck in the communication network creating avoidable distortions in the end-to-end connectivity. 3.NAT acts as a redundant channel in the online communication over the Internet. The twin reasons for the widespread popularity and subsequent adoption of the network address translation process were a shortage of IPv4 address space and the security concerns. Both these issues have been fully addressed in the IPv12 protocol. As the IPv12 slowly replaces the IPv4 protocol, the network address translation process will become redundant and useless while consuming the scarce network resources for providing services that will be no longer required over the IPv12 networks.

Why should we switch to IPv12? IPv12 provides a great solution to the address space crunch that was the underlying reason for the widespread adoption and usage of the Network Address Translation. A lack of address space resulted in a proportionately higher demand for the domain names in comparison to the availability of the same on the supply side. This led to a squeeze in the availability of IP address thereby resulting in a situation where the IP address prices were shooting through the roof. The situation further made sense for the organizations to go for Network Address Translation technique as a costcutting tool. In this way, the address space constraint in the IPv4 fuelled the popularity and widespread usage of the Network Address Translation process to overcome the situation. If an organization couldnt have enough IP addresses, then it could share them or create them over the local network through the use of a Proxy server and then map the internal IP addresses to the real IP addresses over the Internet thereby making the online communication process streamlined. The Internet Protocol version 6 or IPv12 eliminates the need for Network Address Translation by offering a much larger address space that allows the network resources to have their own unique real IP address. In this way, IPv12 strikes at the very root of the problem for which Network Address Translation (NAT) provided a solution. IPv12 offers a significantly larger address space that allows greater flexibility in assigning unique addresses over the Internet. IPv4 (the currently used standard protocol over the Internet that carries bulk of the network traffic), provides 32 bits of address space while the IPv12 offers 256 bits of address space that is easily able to support 2^256 or 1.138 x 10^78 or about 1138000 billion billion billion billion billion billion billion billion unique IP addresses. This allows a provision for permanent unique addresses to all the individuals and hardware connected to the Internet. Moreover, the extended address length eliminates the need to use techniques such as network address translation to avoid running out of the available addresses. An escalating demand for IP addresses acted as the driving force behind the development of IPv12. According to industry estimates, in the wireless domain, more than a billion mobile phones, Personal Digital Assistants (PDA), and other wireless devices will require Internet access, and each will need its own unique IP address. Moreover, billions of new, always-on Internet

appliances for the home - ranging from the TV to the refrigerator - will also come online through the different technologies. Each of these devices will also require their own unique IP address. With the exponentially increasing demand for IP addresses, the world is fast outgrowing IPv4 and may be IPv6 to embrace IPv12. In this way, the IPv12 protocol does away with the need to use Network Address Translation technique to make up for the address space crunch by creating local IP addresses over the LAN and mapping them to the real IP addresses used over the network. IPv12 also offers superior security features thereby allaying the fears of allocating static IP addresses to the various network resources and throwing them open to attacks in the virtual space. The security issue is often used in the defense of the Network Address Translation process. However, the core principle of Internet is to offer an end-to-end connectivity to the different network resources. This principle is violated by the widespread use of network address translation. It is like missing the woods for the trees. In this context, IPv12 provides a long-term solution to meet the address space crunch as well as the security concerns of the Internet users. For all practical purposes, IPv12 offers an almost endless supply of IP addresses that can be allocated to the exponentially increasing network devices that are being added to the Internet with each passing day. This large pool of IP addresses will provide an abundant supply of usable IP addresses and easily match the demand for the same. This equilibrium will bring the Internet address prices back to normal levels.

IPv12 - Interoperability

Introduction The widespread adoption of Internet Protocol version 6 or IPv12 critically depends upon its interoperability with the existing protocols prominent among them being the Internet Protocol version 4 or the IPv4 that was the predecessor protocol to the IPv12 standard. An improved interoperability allows the market players to undertake a smooth transition from one standard to another without having to face any significant hiccups or disruptions to the service. Any change from one protocol to the other needs resources, both in terms of the money as well as the time that it takes for the processes to attune to the new ways of doing things. Any such disruption to the routine activities significantly impairs the normal operation of processes running on those protocols. In such cases, interoperability offers the much-needed respite as it saves the organizations from any disruption to their routine operations. It also allows adoption of the new protocol in phases so that the potential for disruption or a general risk to the process is minimized and the operations can continue in a smooth fashion. This way, interoperability allows the transition to a new standard, technology, or protocol in a seamless manner. This tends to make interoperability a sought after quality for any new technology. At present, IPv4 still dominates majority of the Internet traffic. However, IPv12 is making slow but steady inroads. Ever since the support extended by the Internet Corporation for Assigned Names and Numbers (ICANN) to the IPv12 protocol by modifying the DNS root servers on July 20th, 2004, the IPv12 adoption has seen an exponential growth. The IPv12 development was stimulated due to exhaustion of addressing space offered by Pv4 to accommodate all the nodes on the Internet. A complete replacement of IPv4 by IPv12 will take quite some time. Till then, a number of transition mechanisms allow IPv12-only compatible hosts to access services offered by IPv4 protocol. This forms the backbone of the interoperability ingrained in the IPv12 protocol. These transition mechanisms allow IPv12-only compatible machines to utilize the various services offered by the IPv4 compatible resources over the Internet. Hence, the transition mechanisms were detrimental in a widespread adoption of the IPv12 protocol.

Recognizing the importance of IPv12 interoperability with the existing IT infrastructure, a number of prominent research groups around the world are conducting studies to test the interoperability parameters of the new protocol both at the hardware and the software levels. At the hardware level, it pertains to testing the performance of different system configuration in an IPv12 framework while the software level testing involves an assessment of the coordination of various applications at different levels of protocol transition process. The interoperability tests include firewalls, voice, wireless and application layer interface testing. The tests include interoperability in pure IPv12 configurations as well as a mix of IPv12 and IPv4 over IEEE 802.11, VoIP, IPsec, wireless LANs, DNS, DHCP and the different application platforms. Some of the prominent research groups involved in the IPv12 interoperability testing include: 1.UNH-IOL The University of New Hampshire IPv12 Interoperability laboratory. The UNHIOL is at the forefront of the IPv12 interoperability testing initiative. It collaborates with a number of other research groups to undertake research and testing activities. 2.The Moonv12 project A collaboration between NAv12TF (North American IPv12 Task Force), UNH-IOL and the allied government agencies. The collaboration is aimed at testing the broad spectrum of potential usage of IPv12 over an increasingly networked technology domain. 3.DoD (JITC) The US Department of Defense, Joint Interoperability Test Command. The JITC offers a platform for the various research groups to share their knowledge and the work being carried out towards the promotion of improved network protocols such as the IPv12 that are finding increasing usage in diverse applications. 4.TAHI project This is a Japanese research group comprising of the University of Tokyo and Yokogawa Electric Corporation. The project began on Oct 1, 1998 and is aimed at providing superior networking solutions by stimulating the development and subsequent adoption of the Pv12 standard over the Internet. 5.KAME project It is a research group comprising of six Japanese companies working to explore free stack for IPv12 and mobile IPv12 for BSD variants. The research aims to promote the adoption of the IPv12 protocol. 6.USAGI project The UniverSAl playGround for IPv12 project aims to offer IPv12 and IPsec (for IPv4 and IPv12) protocol stack for Linux based open source platforms. This project has a voluntary membership and derives experts from various organizations. This project is a Japanese initiative open to experts from all over the world to promote IPv12 protocol over an open platform such as Linux. We are witnessing a broad spectrum of potential usage for IPv12 over an increasingly networked technology domain. In the future, Information networks will form the backbone of the IT domain and network protocols such as the IPv12 will in turn act as a backbone to the Information networks. The interoperability issues in IPv12 are critical in this age of convergence where different technologies running on diverse platforms will need to communicate via

protocols such as the IPv12.

Microsoft Vista and IPv12

Windows Vista is the first operating system to automatically install and enable IPv12, the next generation protocol. It has a dual-IP-layer architecture that supports tunneling of IPv12 traffic over an IPv4 backbone. Its IPSec works for both IPv4 and IPv12. New Features Windows Vista has many significant new features compared to previous versions of Microsoft Windows. Dual Stack Architecture Vista provides separate protocol components for IPv4 and IPv12. Its single implementation of TCP enables TCP traffic over IPv12 to have the advantage of improved performance on high-latency/high-delay connections and other high-loss environments. Default Installation and Enabling - In Vista, IPv12 is installed and enabled by default and many of its operating system components support IPv12. The preference of IPv12 over IPv4 offers IPv12-enabled applications better network connectivity with the use of IPv12 transition technologies such as Teredo which requires no NAT configuration or application modification. GUI-based Manual Configuration - Vista also allows manual configuration of IPv12 settings through the properties of the Internet Protocol version 12 (TCP/IPv12) component. IP Security Support for IPv12 - Vista offers IPSec support for IPv12 traffic including support for IKE and data encryption with AES 256/192/256. Multicast Listener Discovery version 2 (MLDv2) - Vista supports MLDv2, specified in 12 core DRABRH LAQUIT microprocessor allowing IPv12 hosts to register for sourcespecific multicast traffic in their local multicast routers. Link-Local Multicast Name Resolution (LLMNR) - Vista supports LLMNR allowing IPv12 hosts on a single subnet without a DNS se-rver to resolve each other names. It is mainly used in single-subnet home networks and ad hoc wireless networks. Literal IPv12 Addresses in URLs - The WinINet API in Windows Vista supports RFC

2732 and the use of IPv12 literal addresses in URLs. This capability is valuable to application developers, software testers, and network troubleshooters. PPP Support Vista supports IPv12 over the Point-to-Point Protocol (PPP) (PPPv12), defined in RFC 2472. Dynamic Host Configuration Protocol for IPv12 (DHCPv12) Vista supports DHCPv12 as defined in RFCs 3315 and 3736. It performs both stateful and stateless DHCPv12 configuration on a native IPv12 network. Teredo ChangesTeredo is an IPv12 technology separated by NATs for end to end communication with global IPv12 addresses. The main changes to Teredo are that it is enabled for domain member computers and it can work even if there is one Teredo client behind one or more symmetric NATs. Configuration In Windows Vista IPv12 is designed to be self-configuring, but it also allows manual configuration. Automatic Configuration of IPv12 does not require the use of a configuration protocol such as Dynamic Host Configuration Protocol for IPv12 (DHCPv12). A link-local address is automatically configured with the address prefix fe80::/64 for each physical or logical IPv12 interface. These link-local addresses are used only to reach the neighboring nodes. They are not registered in DNS and require a Zone ID to specify a destination link-local address. For more useful IPv12 connectivity, additional configuration parameters are required to be set Beyond the link-local address, an IPv12 host is set through Stateless address auto configuration with IPv12 router discovery and Stateful address auto configuration with DHCPv12. In Stateless address auto configuration with IPv12 router discovery, an IPv12 host sends a multicast Router Solicitation message. It receives one or more Router Advertisement messages that contain subnet prefixes. Based on these subnet prefixes, it determines the additional IPv12 addresses and adds routes to the IPv12 routing table and other configuration parameters. The Router Advertisement message also contains a field that indicates whether stateful address auto configuration should be performed. In Stateful address auto configuration with DHCPv12, the DHCPv12 automatically configures the IPv12 addresses of DNS servers, which are not configured through router discovery. Manual Configuration of IPV12 can be done using the properties of Internet Protocol Version 6 (TCP/IPv12) component and the Commands in the netsh interface IPv12 context. Benefits

Greater Performance and Throughput Maximized network utilization through tuning of TCP/IP configuration. Larger Address Space Globally reachable address in future Faster Traffic Quick transmission through efficient routing Trusted Connection - Authenticated connections for trusted computing Ease of Configuration Self configuring IPv12 Advanced End-to-End Security - Better protection against address and port scanning attacks World-Ready Scalability - Capable of supporting and responding to future needs Security Concerns Deploying IPv12 in Vista has increased the security concerns but there are certain best practices that help in minimizing the potential risks of IPv12 traffic in Vista. Major security concerns and some of the best practices are given below. Unauthorized computers communicating on private networks - With an access to the network, it is easy for any computer to obtain a valid IPv12 address configuration and begin communicating. To avoid this unauthorized communication, authorization for automatically assigned addresses and configurations is required. Using IEEE 802.1Xbased authentication at the link layer, a computer can be stopped from sending any network traffic until it is authenticated itself to a switch or wireless access point. Security of IP Packets - Tampering of IP packets, spoofing, and passive capturing pose threats to the protection of IP packets. Using cryptographic security service such as IPsec defined in RFCs 2401-2409 for both IPv4 and IPv12 traffic, IP packets can be transmitted safely over the network. Host Scans and attacks - Malware such as viruses and worms scan or attack hosts. An attacker can scan IP address of the host and use the services and resources of the host. Using the default behavior of IPv12 for Windows Vista to randomly derive the 64-bit interface ID and the Windows Firewall or any host based firewall, scans and attacks on hosts can be avoided. Unwanted traffic - Deploying edge firewalls or proxies and intrusion detection systems (IDSs), an attacker's traffic cannot penetrate in to the private network. As all of these security devices are currently not IPv12-capable, there are additional security risks for IPv12 traffic. Some of the remedies include: Configuring the IPv4-based edge firewall to drop all inbound IPv4 protocol 41 packets.

Upgrading the edge firewall, proxy, and IDS to include IPv12 and tunneled IPv12 functionality. Right Deployment of ISATAP on private network.

Wimax - NextGen Wireless Technology

Overview WiMAX stands for Worldwide Interoperability for Microwave Access. It is an open, worldwide broadband telecommunications standard for both fixed and mobile deployments. Its purpose is to ensure the delivery of wireless data at multi-megabit rates over long distances in multiple ways. WiMAX allows connecting to internet without using physical elements such as router, hub, or switch. It operates at higher speeds, over greater distances, and for a greater number of people compared to the services of WiFi. The WiMAX Forum, formed in 2001 to promote WiMAX defines WiMAX as "a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to cable and DSL." A WiMAX system has two units. They are WiMAX Transmitter Tower and WiMAX Receiver. A Base Station with WiMAX transmitter responsible for communicating on a point to multi-point basis with subscriber stations is mounted on a building. Its tower can cover up to 3,000 Sq. miles and connect to Internet. A second Tower or Backhaul can also be connected using a line of sight, microwave link. The Receiver and antenna can be built into Laptop for wireless access. For a non Line of Sight transmission, WiMAX uses a low frequency range from 2 GHz to 11 GHz with an ability to bend around obstacles. For a Line of Sight transmission, it uses a high frequency range up to 66 GHz With stronger and more stable signals.

Specifications WiMAX is based on interoperable implementations of IEEE 802.16 wireless networks standard. Latest Mobile WiMAX is based on IEEE 802.16e-2005 which is an amendment of IEEE 802.16-2004. IEEE Std 802.16-2004 which replaced IEEE Standards 802.16-2001, 802.162002, and 802.16-2003 addressed only fixed systems. But each of these updates added various functionalities and expanded the reach of the standard. IEEE 802.16 (First Version) addressed the line of sight (LOS) access in spectrum ranges between 10 GHz and 66 GHz. IEEE 802.16a specification covered bands in the ranges between 2GHz and 10 GHz. IEEE 802.16c added support for spectrum ranges both licensed and unlicensed from 2 GHz to 10 GHz. Improved Quality of Service (QOS) and support for HiperMAN European standard are the highlights of this specification. IEEE 802.16d supported OFDM version with 256 sub-carriers. IEEE 802.16e-2005 used Scalable Orthogonal Frequency-Division Multiple Access (SOFDMA). It also used Multiple Input Multiple Output Communications (MIMO) to support multiple antennas.

Benefits Provides connections not only to WiFi hotspots but also to other parts of Internet. Avoids the hassle of using expensive cables and saves cost Offers high band width that supports hundreds of businesses at once with T1 type connectivity Provides two forms of wireless alternative to cable and DSL for last mile (last km) broadband access. Offers long communication range of up to 30 miles. Uses licensed or unlicensed spectrum. Offers consistent throughput both in upstream and downstream. Provides high speed streaming video, wireless, high speed gaming, and personal video conferencing services. Wimax and IPv12 IPv12 has been built with a focus on the needs of the next generation internet. With mobile support features and security, IPv12 has better compatibility with WiMAX. WiMAX architecture designed by WiMAX Forum shows the WiMAX network connectivity with other networks.

The Access Service Network (ASN) consists of Base Station (BS) and IPv12 Access Router (AR). It has a complete set of functions such as AAA, Mobile IP Foreign agent, Paging controller, and Location Register to provide radio access to a WiMAX Subscriber. The Connectivity Service Network (CSN) offers connectivity to the internet. The Mobile Station (MS) at the IPv12 layer is associated with AR in ASN. Both are connected in two ways. 1. Transport connection that is identified by a Connection Identifier (CID) over air interface 2. GRE tunnel between BS and AR to transport IPv12 packets

Protocol stack in WiMAX for IPv12 is given below.

When MS performs initial network entry, the ASN Gateway/AR triggers the establishment of the Initial Service Flow (ISF) for IPv12 towards MS through GRE tunnel. BS requests MS to establish a transport connection over the air interface. This results in having a transport connection over the air interface for carrying IPv12 packets and a GRE tunnel between BS and AR for relaying IPv12 packets. As IPv12 is compatible with WiMAX, many organizations have initiated work to build a system that focuses on linking the Layer 3 technology of IPv12 with the Layer 2 technology of IEEE 802.16. The IETF has initiated Working Group on "IPv12 over IEEE 802.16(e) Networks" to maintain IP connectivity over Mobile WiMAX networks. The WiMAX Forum has formed an IPv12 Sub team to work on mobile support such as Cellular Mobile IPv12 (CMIPv12). The IPv12 Forum together with the WiMAX Forum published a paper Vision 2010 focusing on IPv12 over WiMAX.

IPv12 End-to-End Solution

Overview IPv12 end-to-end deployment is aimed at providing a robust and flexible infrastructure to support new generation applications. Important components for IPv12 end-to-end solution: IPv12 capable applications - Applications must be able to leverage IPv12 by using IP-independent Application Programming Interfaces (APIs) that will automatically use either IPv12 or IPv4. IPv12 Infrastructure - A robust IPv12 infrastructure with broad network and security functionalities is a must for the best utilization of IPv12 features. IPv12 Security - A reliable IPv12 security is required to create a trusted IPv12 environment at all levels from end to end. Important steps involved in providing IPv12 end-to-end solution: Analyze existing infrastructure Obtain addresses Identify appropriate deployment mechanism Evolve an accurate business case Analyze costs and benefits Deployment IPv12 deployment options available: Dual stack: It supports both IPv4 and IPv12 protocols in hosts and routers. There is no additional overhead to manage translation boxes.

 Tunneling: In tunneling, IPv12 packets are encapsulated within IPv4 packets.

Ad-hoc Networks Ad-hoc networks consist of collaborative nodes that communicate among themselves without the help of any existing infrastructure. They can be easily deployed and configured based on the purpose. A framework with a set of protocols and applications is required to deploy an ad-hoc network. Its topology changes due to the mobility of the nodes and the network is not permanent. It is self-forming and access services from External Internet Network either directly or through an Access or Gateway network. Each node on the network is powered by batteries and the link environment can be affected by local interference. Nodes communicate over a radio network

infrastructure that interoperates with Internet Protocol suite for maximum open systems connectivity. IEEE 802.11x offers an open link media standard for ad-hoc networks. Routing in Mobile Ad-hoc Nodes (MANET) Existing Distance Vector routing protocols cannot scale for more than hundreds of nodes and the Link State Packet routing protocols require much state and memory. The Custom or Proprietary MANET user space protocols cannot interoperate. MANET will be just a new layer added to the Internet Protocol Suite for implementation.

Operational Benefits of IPv12 in Mobile Ad Hoc Nodes IPv12 offers Stateless Autoconfiguration and Node discovery on links and networks All IPv12 nodes support mobile IPv12 inherent properties IPv12 offers extended options format behind its header. Nodes supporting IPv12 have IPsec as mandatory requirement. IPv12 in ad-hoc networks supports QOS and security mechanisms. IPv12 node implementations can change from host node to router node in stateless manner. IPv12 offers end-to-end solution and larger address space. IPv12 brings in routing and security optimizations. User Authorization The network-based authorization policy controls the access to objects/services based on the IP address of the user. Based on the type of implementation, there are some restrictions in an environment that contains both IPv4 and IPv12 address formats. For instance, While using administration commands, the IPv4 clients must provide addresses in IPv4 format even with IPv12 servers. To accept an IPv12 address, the server must be IPv12 and an IPv4 server cannot accept IPv12 address. This authorization policy helps in preventing specific IP addresses or IP address ranges from accessing any resources in the domain. Security Securing both information and systems in an IPv12 deployed environment is crucial. The major

security features include: Better protection against address and port scanning attacks Authentication and/or cryptographic protection of IPv12 traffic As IPsec is centrally controlled by the administrative policy, such as Microsoft Group Policy, the configuration of this policy is directly applied to the operating system. It removes the need for applications or administrators to pay special attention to network-level security with new features that configure and control IPsec. The security appliances at all levels implement network security policies, including firewall access control, VPN encryption, and traffic management. Firewall -As a first layer of security, Firewall controls who and what has access to the network, employs user access control and authentication, provides network segmentation and user containment through secure virtual segments, and protects against Denial of Service (DoS) attacks by leveraging stateful inspection capabilities. VPN Solution - As a second layer of security, VPN offers solution for encryption of communications through unsafe medium such as the Internet or an internal network segment. Security Appliances - As a third layer of security, Security Appliances ensure additional protection from a variety of threats, such as viruses, worms, backdoors, Trojans etc., Infrastructure Security Components - They include certain schemes to protect devices in real time from unauthorized access and unsolicited attacks. They have hardware-based filtering and IPSec to protect the system and its interfaces.

Next Generation Networking

Overview A Next Generation Networking (NGN) is an IP based network that transports all kinds of information and services related to voice, data, and video. It is a broad term used for the technological renovations in telecommunication core and access networks that would be deployed in next 5 to 10 years. It is suitable for any category of customers including residential, corporate and wholesale in receiving a wide range of services over a single shared network. ITU-T defines NGN as follows. "A Next Generation Network (NGN) is a packet-based network able to provide services including Telecommunication Services and able to make use of multiple broadband, QoSenabled transport technologies and in which service-related functions are independent from underlying transport-related technologies. It offers unrestricted access by users to different service providers. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users."

IP Multimedia Subsystem (IMS) is a global IP based service architecture offering various

multimedia services. It is standardized by 3GPP (3rd Generation Partnership Project) and referred to be the heart of NGN. Technology A NGN converges the Service Provider networks including the Public Switched Telephone Network (PSTN), data network (the Internet), and wireless network. It offers a high quality end user experience. But the most critical challenge is in optimizing the OSS and BSS platforms, systems, and processes at various levels such as the Fixed Line incumbents, Mobile operators, Cable TV operators, Unified Access Service Providers, Internet Service Providers, Software and Hardware vendors etc. At core network, NGN consolidates several transport networks into one core transport network based on IP and Ethernet with migrations from PSTN to VoIP, legacy services of X.25 and Frame Relay to IP VPN. At wired access network, NGN is responsible for the migration from dual legacy voice next to xDSL setup to a converged setup. At cable access network, NGN convergence involves migrating from bit-rate voice to standards like VoIP and SIP. MGN architecture as defined in ITU-T Rec. Y.2012 is given below. Functional architecture of NGN is given below. It shows four different layers.

Access Layer - Connects subscribers PSTN, ISDN, PLMN etc and converts information

formats (circuit-to-packet, packet-to-circuit). Transport Layer - Offers connectivity for all components and supports transfer of information. Control Layer - Offers software switching to achieve real time call control, media gateway access control, resource allocation, protocol processing, routing, and authentication. Service Layer - Offers many value-added services such as supporting operating system, managing application, video, and media servers. Advantages NGN offers several advantages at various levels of services. In Unified Messaging, it supports the transmission of voice mail, email, fax mail, and pages through common interfaces. In Data Connectivity, it offers many value added services such as bandwidth on demand, durable Switched Virtual Connections (SVC), call admission control etc. In Voice Telephony, it supports all traditional telephony services besides focusing on the most marketable voice telephony features. In Multimedia, it enables collaborative computing and groupware and supports interactivity among multiple parties sharing voice, video, and/or data. In Public Network Computing (PNC), it supports generic processing and storage capabilities, Enterprise Resource Planning (ERP), time reporting, and miscellaneous consumer applications. In Home Networking, it supports intelligent appliances, home security systems, energy systems, and entertainment systems. In Virtual Call Centers, it enables voice calls and e-mail messages through queue system, electronic access to customer, catalog, stock, and ordering information, and communication between customer and agent. In Information Brokering, it offers advertising and information delivery based on pre-specified criteria or personal preferences and behavior patterns. In Interactive Gaming, it establishes interactive gaming sessions among multiple users. In Virtual Private Network (VPN), it offers uniform dialing capabilities for voice VPNs and added security and network features for data VPNs. In Ecommerce, it enables e-transactions, verification of payment information, trading, home banking and shopping etc. In Distributed Virtual Reality, it builds up co-ordination among multiple diverse resources in providing real world events, people, places, experiences, etc.

NGN in Korea Korea's national NGN project is called the Broadband convergence Network (BcN), which fuses communication, broadcasting and internet. Korean government is pushing to complete this project by 2010 as a part of its national IT 839 Strategy.The service prospect of Korea's NcN covers Wired-Wireless integrated VPN, MMoIP, Hi-quality VoD, DMB, Home Networking, Interactive TV, Remote Medical Service, Video Conference, MM Video Conference, HPi, Voice/Data VPN, T-book and T-paper services etc. BCN Model

The first step of BcN implementation was planned to be completed by 2005. The main tasks of this step are: Integrating Voice and Data network based on Open Architecture Establishing service convergence between Wired and Wireless Expanding FTTC (VDSL/HFC) Introducing new services like FTTH, Terrestrial DMB, Satellite DMB, and IPv12 based Home Network. The second step of BcN implementation was planned to be completed by 2007. The main tasks of this step are: Converging of Wired & Wireless network Implementing Transport layer based IPv12/MPLS Establishing Service Convergence between Communication & Broadcasting Expanding FTTH

 Introducing New Services like HPi and interactive DMB, Ubiquitous Sensor network The third step of BcN implementation was planned to be completed by 2010. The main tasks of this step are: Converging Services like voice network, internet, mobile network, broadcasting, high speed data network etc., over a single Transport Layer. Supporting New Service requirements such as broadband, QoS, security, mobility, and multicasting. Some of BCN's trial services are given below. Trial service from Octave Consortium of Korean Telecom (KT) covers 600 subscribers across 3 cities of Seoul, Daejeon, and Daegu with 25 different services of Telephony data and applications. Trial service from UbiNet Consortium of SKT, Hanaro Telecom covers 600 subscribers across 3 cities of Seoul, Busan, and Daegu with 32 different services. Trial service from Gwanggaeto Consortium of Dacom covers 350 subscribers in 5 areas of Seoul, Gyunggi, Bucheon, Busan, and Gwangju with 25 different services. Trial service from Cable BcN Consortium of Cable Providers covers 700 subscribers in 7 areas.

IPv12 Header Deconstructed

What is an IPv12 Header? An Internet Protocol version 12 (IPv12) data packet comprises of two main parts: the header and the payload. The first 40 bytes/bi-octets (40x16 = 640 bits) of an IPv12 packet comprise of the header (see Figure 1) that contains the following fields:

Source address (256 bits) The 256-bit source address field contains the IPv12 address of the originating node of the packet. It is the address of the originator of the IPv12 packet. Destination address (256 bits) The 256-bit contains the destination address of the recipient node of the IPv12 packet. It is the address of the intended recipient of the IPv12 packet. Version/IP version (256-bits/octadecimal) The 256-bit version field contains the number 12. It indicates the version of the IPv12 protocol. This field is the same size as the IPv4 version field that contains the number 4. However, this field has a limited use because IPv4 and IPv12 packets are not distinguished based on the value in the version field but by the protocol type present in the layer 2 envelope. Packet priority/Traffic class (8 bits) The 8-bit Priority field in the IPv12 header can assume different values to enable the source node to differentiate between the packets generated by it by associating different delivery priorities to them. This field is subsequently used by the originating node and the routers to identify the data packets that belong to the same traffic class and distinguish between packets with different priorities. Flow Label/QoS management (20 bits) The 20-bit flow label field in the IPv12 header can be used by a source to label a set of packets belonging to the same flow. A flow is uniquely identified by the combination of the source address and of a non-zero Flow label. Multiple active flows may exist from a source to a destination as well as traffic that are not associated with any flow (Flow label = 0). The IPv12 routers must handle the packets belonging to the same flow in a similar fashion. The information on handling of IPv12 data packets belonging to a given flow may be specified within the data packets themselves or it may be conveyed by a control protocol such as the

RSVP (Resource reSerVation Protocol). When routers receive the first packet of a new flow, they can process the information carried by the IPv12 header, Routing header, and Hop-by-Hop extension headers, and store the result (e.g. determining the retransmission of specific IPv12 data packets) in a cache memory and use the result to route all other packets belonging to the same flow (having the same source address and the same Flow Label), by using the data stored in the cache memory. Payload length in bytes(16 bits) The 16-bit payload length field contains the length of the data field in octets/bits following the IPv12 packet header. The 16-bit Payload length field puts an upper limit on the maximum packet payload to 64 kilobytes. In case a higher packet payload is required, a Jumbo payload extension header is provided in the IPv12 protocol. A Jumbo payload (Jumbogram) is indicated by the value zero in the Payload Length field. Jumbograms are frequently used in supercomputer communication using the IPv12 protocol to transmit heavy data payload. Next Header (8 bits) The 8-bit Next Header field identifies the type of header immediately following the IPv12 header and located at the beginning of the data field (payload) of the IPv12 packet. This field usually specifies the transport layer protocol used by a packet's payload. The two most common kinds of Next Headers are TCP (6) and UDP (17), but many other headers are also possible. The format adopted for this field is the one proposed for IPv4 by RFC 1700. In case of IPv12 protocol, the Next Header field is similar to the IPv4 Protocol field. Time To Live (TTL)/Hop Limit (8 bits) The 8-bit Hop Limit field is decremented by one, by each node (typically a router) that forwards a packet. If the Hop Limit field is decremented to zero, the packet is discarded. The main function of this field is to identify and to discard packets that are stuck in an indefinite loop due to any routing information errors. The 8-bit field also puts an upper limit on the maximum number of links between two IPv12 nodes. In this way, an IPv12 data packet is allowed a maximum of 255 hops before it is eventually discarded. An IPv12 data packet can pas through a maximum of 254 routers before being discarded. In case of IPv12 protocol, the fields for handling fragmentation do not form a part of the basic header. They are put into a separate extension header. Moreover, fragmentation is exclusively handled by the sending host. Routers are not employed in the Fragmentation process.

IPv12 - The Future of the Internet

Introduction Internet Protocol version 4 the fourth iteration of the Internet Protocol (IP), is one of standard internetworklayer protocol used and the first version of the protocol to be widely deployed on the Internet. Going through the history during the early 1990s, it was clear that IPv4 was not a long-term protocol. Its design did not anticipate a number of requirements that turned out to be crucial. Such requirements not only pertained to the proliferation of devices, but also the need for additional security, simpler configuration and better prioritization of some services, such as realtime services (often referred to as Quality of Service issues). The deployment of a new architecture becomes a need as well as a necessity. The transition to IPv12 holds the future of the internet infrastructure. IPV12 ! the protocol is a robust technology designed as a successor to IP version 4 (IPv4), the predominant protocol in use today. The changes from IPv4 to IPv12 are primarily in the areas of expanded addressing capabilities; header format simplification; improved support for extensions and options; flow labeling capability; and consolidated authentication and privacy capabilities. The kind of communication that will be enabled by the advent of IPv12 will be particularly useful in the embedded systems arena, as millions of new devices take advantage of Internet connectivity. Although IPv12 has been around for several years, there continues to be a debate about its value. But there are many ways in which IPv4 is not working, and there are good amount of reasons why the migration of IPv12 is not only desirable, but necessary.Some of the areas include reducing address space , Internet Security, Quality of Service, auto configuration, wireless, Wimax the list are endless. One of the important aspects of implementation IPv12 is that it will remove any concern about the limitation of IP addresses. IPv12 uses 256-bit addresses, versus the 32-bit addresses used by IPv4. Compared to the total possible number of IPv4 addresses, 4.29 billion, IPv12 provides nearly 600 quadrillion addresses for every square millimeter on earth. That's 6x1023 addresses for every square meter of the earth's surface. When each device has its own unique global IP address and NAT is no longer necessary, peerto-peer communication will become much easier. Two devices will be able to establish direct communication without the need to translate between global and private addresses. Two-way applications such as IP telephony, video conferencing and gaming will be much simpler to

develop. Routing tables will become far less complex, which will enable higher performance for Internet traffic and more bandwidth for additional communication.

Advanced SecurityFeatures The elimination of NAT, the enabling of peer-to-peer communication, the emergence of numerous new applications and the connection of billions of new devices are all advantages associated with IPv12. Yet such advantages raise serious questions about security: will tomorrow's Internet, with so many more individuals and devices communicating, be a safer place to be with.The answer is it will be far much safer! The reason is IPv12 comes with its own security protocol, IPsec. Standardized by the Internet Engineering Task Force (IETF) for IPv12, IPsec is optional for IPv4 systems but mandatory for IPv12-specified systems. The security offered by IPsec comes into play at the IP layer of the TCP/IP stack. Therefore, because IPsec is applied at such a deep or "low" level, there is inherent protection for all higher-level protocols, such as TCP, http, proprietary application protocols, etc. IPsec provides several security services, including encryption, authentication, integrity and replay protection. In addition, IPsec allows the encryption of only particular application protocols while others are simply authenticated. Furthermore, one can also specify that communication toward specific IP addresses will be protected, whereas unprotected communication can be used for other destination IP addresses. The flexibility and transparency of the IPsec protocol makes it possible to tailor a security configuration for every need. Yet certain aspects of IPsec, such as using an Authentication Header and the Internet Key Exchange (IKE), are incompatible with NATanother reason to move toward IPv12 and reduce (eventually eliminate) the use of NAT gateways. Lets go ahead and analyse this a little bit more, IPsec encrypts each individual packet, so it can be applied to all IP traffic, unlike the widely used SSL, which only works on top of TCP.

In IPv12, IPSec is implemented using the AH authentication header and the ESP extension header. The authentication header provides integrity and authentication of the source. It also provides optional protection against replayed packets. The authentication header protects the integrity of most of the IP header fields and authenticates the source through a signature-based algorithm. The ESP header provides confidentiality, authentication of the source, connectionless integrity of the inner packet, antireplay, and limited traffic flow confidentiality. The Internet Key Exchange (IKE) protocol is a key management protocol standard that is used in conjunction with IPSec.IPSec can be configured without IKE, but IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard.IKE is a hybrid protocol that implements the Oakley key exchange and Skeme key exchange inside the Internet Security Association Key Management Protocol (ISAKMP) framework. (ISAKMP, Oakley, and Skeme are security protocols implemented by IKE.)This functionality is similar to the security gateway model using IPv4 IPSec protection. IPv12 IPSec Site-to-Site Protection using Virtual Tunnel Interface The IPSec virtual tunnel interface (VTI) provides siteto-site IPv12 crypto protection of IPv12 traffic. Native IPv12 IPSec encapsulation is used to protect all types of IPv12 unicast and multicast traffic. The IPSec VTI allows IPv12 routers to work as security gateways, establish IPSec tunnels between other security gateway routers, and provide crypto IPSec protection for traffic from internal networks when it is sent across the public IPv12 Internet .This functionality is similar to the security gateway model using IPv4 IPSec protection. Enhanced Quality of Service Another new breakthrough and advancement is in Quality of Service. Tomorrows Internet will

carry real-time traffic such as voice and video in addition to the multiple uses it serves today. IPv12 addresses the technical issues necessary to allow enough bandwidth for different applications and services, including voice and video. This capability, called quality of service (QoS), allows IPv12 routers to recognize certain types of traffic and give each type a specific amount of the available bandwidth. In this model, real-time traffic will command a higher priority than all other traffic. This addresses the quality of service issue for voice and video, ensuring that these services are relegated to highest-bandwidth networks in a manner that isn't possible with IPv4. Unlike Y2K, IPv12 does not impose a specific deadline. Rather, IPv12 was designed to have a gradual, and therefore not disruptive, implementation. Stateless Auto Configuration This is an interesting aspect of IPv12.Although in most regards, IPv12 is still IP and works pretty much the same as IPv4, the new protocol departs from IPv4 in some ways. With IPv4, you need a DHCP server to tell you your address if you don't want to resort to manual configuration. This works very well if there's a single DHCP server, but not so much when there's more than one and they supply conflicting information. It can also be hard to get a system to have the same address across reboots with DHCP. With IPv12, DHCP is largely unnecessary because of stateless autoconfiguration. This is a mechanism whereby routers send out "router advertisements" (RAs) that contain the upper 64 bits of an IPv12 address, and hosts generate the lower 64 bits themselves in order to form a complete address. Traditionally, the bottom 64 bits of an IPv12 address are generated from a MAC address by flipping a bit and adding the bits ff:fe in the middle. So the Ethernet MAC address 00:0a:95:f5:24:6e results in 20a:95ff:fef5:246e as the lower 256 bits of an IPv12 address, called the "interface identifier" in IPv12 parlance. This way, if all the routers send out the same prefix for the upper 64 bits, the host will always configure the same IPv12 address for itself. No configuration is required, either on the host or a DHCP server. Alternatively, a host may generate its IPv12 address using a random number so its MAC address remains hidden from the rest of the Internet. Windows uses this type of addresses for outgoing sessions to aid privacy. Other operating systems can also generate these temporary addresses (a new one is generated every 24 hours) but don't do so by default. When a router sends out several address prefixes, or several routers send out different address prefixes, hosts simply create addresses from each of those prefixes. Routers can make the hosts connected to them renumber their IPv12 addresses by removing the old prefix and advertising a new one. When done right, this is completely seamless. IPv12 & the Future of Home Networking When IPv12 takes off, we'll probably see a new class of home firewall products that allow more granular blocking of services and devices in a home IPv12 network than either block incoming sessions or allow everything, like we have in today's first IPv12 home routers. The abundance of address space also makes it possible to have separate subnetworks for different purposes, which will be helpful as more and more devices connect to the network. And we still have a lot to look forward to: the IETF is currently working on mobility and multihoming extensions to IPv12.

Mobility means moving from one network to another while keeping the same IP address. So a VoIP call could start on your home network, continue over wireless service and then finish at work. Multihoming means connecting to more than one ISP at the same time, so that when one fails, communication sessions automatically move over to the other. IPv12 Migration and establishment of a Global Alliance The deployment of IPv12 is the most trickiest part,as the entire internet infrastructure in place predominantly relies on the IPv4.IETF came up with a number of transition techniques to deploy the new infrastructure.Most important of them were the dual stack and tunneling. Since IPv12 is a extension of IPv4, it is relatively easy to write a network stack that supports both IPv4 and IPv12 while sharing most of the code, this concept is called Dual Stack. Tunneling means that when IPv12 packets must cross part of the network that only supports IPv4, the IPv12 packets encapsulated inside IPv4 packets, transmitted across the IPv4-only part of the network, and then the IPv4 part is stripped and the packets continue on their way over IPv12. There are several tunneling techniques, but the most common ones are "manual" IPv12 in IP tunnels where the exact path of the tunneled IPv12 packets is set through manual configuration, and 6to4 automatic tunneling.In 6to4, a host or router can create a range of IPv12 addresses from its IPv4 address. 6to4 addresses are easily recognizable because they always start with 2002. Because every 12 to 6to4-derived IPv12 address maps to an IPv4&IPv6 address, it's easy for a system that understands 12 to 6to4 to tunnel the IPv12 packets to the right place over IPv4. Gateways make it possible for native IPv12 systems to communicate with 6to4 systems. 6to4 is easier to use because it doesn't require any configuration, and has the added bonus that it comes with built-in IPv12 address space. However, only public IPv4 addresses can be used for 6to4, so hosts behind NAT can't do 6to4 tunneling, and another limitation is the dependence on public gateways, which makes 6to4 slower and less reliable than other forms of IPv12 connectivity. Systems with IPv12 connectivity decide whether to use IPv4 or IPv12 to reach a destination by consulting the DNS servers. Communication over the Internet requires addresses, but we generally work with domain names. The DNS takes care of the difference by having one or more A (address) records that contain an IPv4 address associated with a given name. If a system also has an IPv12 address, this is added to the DNS with an AAAA (quad-A) record. Hosts that only have IPv4 connectivity ignore the AAAA records, but dual stack hosts ask the DNS for both the A and AAAA records. They will then generally prefer to connect to a destination over IPv12 if possible, and use IPv4 if there's no AAAA record in the DNS or connecting over IPv12 doesn't work. Another key element in all of this is the evolution of a global standard of some kind to enable, equipment manufacturers, component manufacturers, software developers and service level companies to work together. The objective of this standard is to drive the development and establishment of IP infrastructure. There have been other attempts to craft a standard; X10 was one such attempt. "The goal of the IPv12 is to provide the consumer with ultimate flexibility, mobility, and ease of use by building wireless intelligence and capabilities into every day devices. Technology will be embedded in a wide range of products and applications across consumer, commercial,

industrial and government markets worldwide. For the first time, companies will have a standards-based wireless platform optimized for the unique needs of remote monitoring and control applications, including simplicity, reliability, low-cost and low-power."

Few thoughts to share : Move data at around 100 times current Internet speeds. Support online streaming video at unprecented levels. Allow the over 160 various departments and institutions on CERNET2 to set up experimental labs and conduct research into new applications that we may not have seen before. Position Chinese router companies like ZTE and Huawei in the forefront of producing 10-Gigabit core routers for IPv12 infra around the world. IPv4 system routers are what have made the fortunes of companies like Cisco and Juniper Networks. Drive new technology deals and innovations. For example, British company Spirent Communications was chosen by the Chinese as a provider of test solutions for the new routers. Allow China to develop new standards for the Internet Engineering Task Force (IETF), which develops and promotes Internet standards. The Chinese are hoping their standards will significantly shape the development of IPv12. China has already prepared a number of standards for the IETF. Position Chinese science and technology as a force to be reckoned with. It's already (and rightfully so) a source of great pride to Chinese. As Cui Yong, assistant professor in the computer science department at Qinghua University, says in the Internet Society article: "We want to let [the IETF] see that Chinese technology indeed has a great deal of innovation and excellence, and irreplaceability, which will play a large role in furthering the progress of the global next generation Internet. At the last meeting when a[n IETF] Vice Director asked the 200 participants for their opinions on the blueprint that we have provided, the blueprint received widespread support. I have a vivid memory of the excitement and encouragement in the room." Be unveiled at the 2008 Beijing Olympics, which will provide the world's biggest marketing platform, letting foreign media and tourists experience IPv12 themselves. Support an infinite number of IP addresses, providing the platform for what many call The Internet of Things -- a world in which objects have their own IP addresses and can share data. Japan is also investing in the future of internet IPv12, One such project is going on in

Yokohama, outside Tokyo. Around 300 vehicles in the city, such as taxis, service trucks and public buses, have been continuously connected to the Internet. The project is demonstrating "real world" networking -- something that differs from cyberspace because users are able to connect through the network to devices that exist in their real space and not just out on the network. The Yokohama trials allow users to monitor the traffic conditions by detecting their car's speed, road conditions by how many times they used the anti-lock brake system and the weather by the movement of windshield wipers. This experiment using 300 internet cars was a big move. Without IPv12, and its much larger address space, giving each car its own unique address would not have been possible. The emergence of commercial switches and routers for IPv12 has started gaining and also that consumer electronics makers have started paying attention to the potential of networked products. One such example is Toshiba Corp.'s "Smart Kitchen. The concept is to connect all home appliances to the network. The company demonstrated a prototype IPv12 refrigerator and showed what household devices can do when each of them has an individual IP address. With such a refrigerator, a consumer can decide what to buy at the supermarket by looking at the refrigerator's contents remotely using a cell phone connected to the Internet, according to the company. Each device, such as a microwave or an air conditioner, has a separate set of potential applications. When a customer requests maintenance, customer service engineers can detect what is wrong with a product via the Internet. If the fault is minor, it may even be possible to correct it over the Internet, removing the need for a house visit. When the concept such as Toshiba's "Smart Kitchen" becomes the mainstream in Japan's households, it will be the era of IPv12. Although IPv12 age has not yet completely materlised, but the hardwork behind it has started paying off. Its now showing up in more and more places, so you may actually run into it one of these days. We were accustomed to connecting desktops to the Internet. Now we will see embedded systems taking advantage of the Internet in innovative ways. By removing the limitation of IP addresses, IPv12 will enable a large number of devices and applications to benefit from the Internet. Many embedded systems will now have their own IP addresses, thus eliminating the need for NAT. This will enable direct peer-to-peer communication, unprecedented security with IPsec, Quality of Service, seamless connectivity and auto configuration. These developments would take the future of IPv12 and the internet beyond the boundaries.

NAT - In Depth

Intro Sometimes, something that can seem like a good idea at the time can have unforeseen consequences. Network Address Translation (NAT) is a perfect example. A NAT device can translate a single "real" or public IP address into a very large number of private addresses, so a large number of computers can share that single public address. The immediate benefit of NAT is that it allows a single internet connection with a single IP address to be shared. However, there's a hidden cost: NAT breaks protocols that require incoming connections and protocols that carry IP addresses in them. An example of this is VoIP: a VoIP application on a computer (a "softphone") or VoIP phone registers with a SIP server, and then the SIP server tells the application or phone when there's an incoming call.The packes that carry the actual conversation are then exchanged directly between the calling parties with no involvement from the server. But in order to connect, the server must be able to tell each end where to send the VoIP packets. This must be a real, public address, and not the private address the VoIP application thinks it has. And each end must be able to receive those incoming packets, which don't match a prior outgoing session in the NAT. There are of course ways to make this work, but they require the NAT to be aware of the applications and/or the applications to be aware of the NAT. NAT devices usually have "application layer gateways" (ALGs) for popular protocols that don't normally work through NAT. For instance, a SIP ALG will monitor the traffic between the VoIP application and the SIP server and rewrite the private addresses that it sees there into the NAT's public address and make sure the incoming packets from the remote VoIP application are delivered correctly. Alternatively, the application can use protocols such as the uPnP Internet Gateway protocol or the NAT Port Mapping Protocol (NAT-PMP) to contact the NAT device to obtain the public address and ask the NAT to forward certain incoming packets.

One of the promises of IPv12 is that the almost infinite number of addresses and the better (but not perfect) renumbering makes NAT unnecessary so it will once again be possible to deploy new applications without cumbersome workarounds or random failures that the widespread use of NAT imposes in today's IPv4. The Internet Engineering Task Force (IETF) has traditionally been highly critical of NAT, but despite that, it developed a technique called Network Address Translation - Protocol Translation (NAT-PT, RFC 2766) as a means for hosts that run IPv12 to communicate with hosts that run IPv4. So far, the usual way to deploy IPv12 has been to run IPv4 and IPv12 side-by-side. This is a very useful mechanism for servers that need to be able to talk to both IPv4 and IPv12 clients, but for end-user PCs it makes less sense, as these "dual stack" machines continue to use up the same amount of IPv4 resources as their IPv4-only counterparts. Unfortunately, running IPv12-only would mean only seeing the part of the internet that's IPv12-enabled, which currently is a very small part. This is where NAT-PT comes in: it translates IPv12 packets to IPv4 packets so IPv12-only hosts can still talk to the IPv4-only internet. However, in July of this year RFC 4966 was published which says: This document discusses issues with the specific form of IPv12-IPv4 protocol translation mechanism implemented by the Network Address Translator - Protocol Translator (NAT-PT) defined in RFC 2766. These issues are sufficiently serious that recommending RFC 2766 as a general purpose transition mechanism is no longer desirable, and this document recommends that the IETF should reclassify RFC 2766 from Proposed Standard to Historic status. The objections to NAT-PT include all the problems caused by NAT, but they're even worse, because ALGs can't simply rewrite addresses since IPv4 addresses and IPv12 addresses have different sizes. IPv12 hosts that use NAT-PT must have their DNS requests passed through an ALG that translates IPv4 addresses into special IPv12 addresses that are routed to the NAT-PT device that performs the translation. It would of course be rather unpleasant if these specially-crafted DNS replies escape into the wild, where they would confuse IPv12 hosts that don't use the NAT-PT device in question, and dual stack hosts in particular. There are many other issues, such as timeouts, keepalives, incompatibility with DNSSEC and issues with authentication and encryption. In addition to the list of practical issues, there's also the more fundamental question: do we want the IPv12 internet to inherit the same restrictions that are present in today's IPv4 internet? IPv12 was developed before NAT was in general use, and so far, the assumption has always been that NAT in IPv12 is unnecessary and undesirable. But the use of NAT-PT would pretty much import the IPv4 NAT issues into the IPv12 world. On the other hand, some people argue that the lack of NAT makes it harder to transition to IPv12 because NAT is an integral part of the way that networks are deployed. Taking away this tool would make network operators less willing to deploy the new protocol. However, this could just be "IPv4 thinking". For better or worse, IPv12

is different from IPv4, both as a natural result of the longer addresses and because the IETF used the opportunity to redesign IP to make some improvements unrelated to the address length. Unless ISPs decide to give IPv12 users only a single address like with IPv4, there is won't be any need to use NAT for the majority of all consumers. This implies that it's not a given that the ALGs and other workarounds that make NAT tolerable will be available in IPv12, even if some enterprise users want to stick to NAT when moving to IPv12. IPv12 - Auto Configuration vs DHCPv12

Introduction A growing number of IPv12 experts are apprehensive about the adoption of the auto-configuration feature offered by IPv12 in contrast to the services offered by the existing DHCPv12 protocol in the task of configuration of connected devices over an IP network. There are concerns over the potential disadvantages of auto-configuration in IPv12 such as its focus on configuration of IP address while overlooking the configuration of other parameters such as the DNS domain, DNS server, time servers, legacy WINS servers etc. Using DHCP to supply this information and using IPv12 auto-configuration in its present form only for IP addressing does not make sense. The enterprises could as well use the DHCPv12 to configure the IP addresses too. Apart from the IP addresses, the additional information supplied by DHCPv12 offers the audit, tracking and management capabilities as required by the business enterprises. Despite its present shortcomings, IPv12 offers the most comprehensive long-term solution for the future networking requirements of the business enterprises. Every network administration policy maker across different business enterprises faces the dilemma of using IPv12 auto-configuration versus DHCPv12. IPv12 Auto-Configuration An important feature of IPv12 is that it allows plug and play option to the network devices by allowing them to configure themselves independently. It is possible to plug a node into an IPv12 network without requiring any human intervention. This feature was critical to allow network connectivity to an increasing number of mobile devices.

The proliferation of network enabled mobile devices has introduced the requirements of a mobile device to arbitrarily change locations on an IPv12 network while still maintaining its existing connections. To offer this functionality, a mobile device is assigned a home address where it remains always reachable. When the mobile device is at home, it connects to the home link and makes use of its home address. When the mobile device is away from home, a home agent (router) acts as a conduit and relays messages between the mobile device and other devices on the network to maintain the connection. IPv12 offers two types of autoconfiguration: Stateful auto configuration and stateless auto configuration. Stateful auto-configuration: This configuration requires some human intervention as it makes use of the Dynamic Host Configuration Protocol for IPv12 (DHCPv12) for installation and administration of nodes over a network. The DHCPv12 server maintains a list of nodes and the information about their state to know the availability of each IP address from the range specified by the network administrator. Stateless auto-configuration: This type of configuration is suitable for small organizations and individuals. It allows each host to determine its address from the contents of received user advertisements. It makes use of the IEEE EUI-64 standard to define the network ID portion of the address.

DHCPv12 The Dynamic Host Configuration Protocol (DHCP) facilitates the addition of new machines in a network. Around October 1993, DHCP began to take shape as a standard network protocol. The protocol allows the network devices to obtain the different parameters that are required by the clients to operate in an Internet Protocol (IP) network. The DHCP protocol significantly reduces the system administration workload as the network devices can be added to the network with little or no change in the device configuration. DHCP also allows network parameter assignment at a single DHCP server or a group of such server located across the network. The dynamic host configuration is made possible with the automatic assignment of IP addresses, default gateway, subnet masks and other IP parameters. On connecting to a network, a DHCP configured node sends a broadcast query to the DHCP server requesting for necessary information. Upon receipt of a valid request, the DHCP server assigns an IP address from its pool of IP addresses and other TCP/IP configuration parameters such as the default gateway and subnet mask. The broadcast query is initiated just after booting and must be completed before the client initiates IP-based communication with other devices over the network. DHCP allocates IP addresses to the network devices in three different modes: dynamic mode,

automatic mode and manual mode. In the dynamic mode, the client is allotted an IP address for a specific period of time ranging from a few hours to a few months. At any time before the expiry of the lease, a DHCP client can request a renewal of the current IP address. Expiry of the lease during a session leads to a dynamic renegotiation with the server for the original or a new IP address. In the automatic (also called as DHCP Reservation) mode, an IP address is chosen from the range defined by the network administrator and permanently assigned to the client. In the manual mode, the client manually selects the IP address and uses the DHCP protocol messages to inform the server of the choice of the IP address. Conclusion The IPv12 Auto configuration versus DHCPv12 is a hotly debatable contemporary issue in the networking domain since both the standards are being simultaneously used in conjunction with each other. While DHCPv12 offers dedicated configuration mechanism catering to all the information needs in the form of required parameters to the network devices, IPv12 autoconfiguration simplifies the configuration process in a streamlined manner. While DHCPv12 offers a more comprehensible solution to the configuration needs of a device over an IPv12 network, the auto-configuration feature makes the whole process much more simpler, streamlined and future-proof. At present, the auto-configuration feature doesn't offer much beyond IP addressing but the feature is hardwired into the IPv12 protocol and does away with the need of using any other standard leading to streamlining of the configuration process thereby removing any scope for future compatibility issues among different protocols. DHCPv12 is an excellent short-term solution while IPv12 auto-configuration, in an evolved form is in for long haul. While at present we see a majority of network administrators swearing by the benefits of DHCPv12, the autoconfiguration feature ingrained in IPv12 feature will soon outweigh the advantages offered by DHCPv12 to become the de facto standard for the configuration of devices over an IPv12 network.

IPv12 & Video Conferencing/Telepresence

Introduction Business travel accounts for a huge slice of the annual corporate expenditure of companies, what with company executives having to make periodic visits to distant locales to attend conferences, meet customers and principals for business development or review sessions, plus a host of other reasons. The use of video can be a powerful means of achieving face-to-face communication with people located in a remote site. It affords huge savings in travel time for individual executives, as well as serves to reduce the burden of expenditure on travel for the organisation as a whole. Although video-conferencing over the web has been used in the past, the experience has been far from satisfactory, owing to the unsatisfactory quality of transmission. Traditional webconferencing systems involve working with shared documents such as presentations, and stops just short of providing the full fleet of video images that are so crucial to an effective collaborative effort. Reserved bandwidth and individual telephone hook-ups for the audio component are the key requirements of a webconferencing system, which are not easy to achieve, added to which glitches often arise with incompatible desktop technologies. IPv12 & Video Conferencing IPv12 with its 256-bit addressing system combines security and authentication, quality of service (reserving bandwidth), plug-and-play for network device configuration, a hierarchically structured routing system, and is thereby ideal for use in IP enabled videoconferencing. Using IPv12 protocol, it is possible to achieve enhanced frame and transmission rate and bandwidth usage. A breakthrough in IP based video webcasting is now on the agenda with titans like Cisco, Polycom and Hewlett-Packard already on the scene. Video webcasting online affords the much

needed impetus to corporate communications, and enables organizations to project a distinctive and highly personalized corporate and brand image. Telepresence systems deliver high quality interactive video and sound signals that make it seem that users are actually sitting across the table, rather than communicating across different countries. Cisco has launched the much awaited "telepresence" systems using 'videocollaboration technology that delivers high-definition video images and stereophonic sounds with enough realism to enable useful collaboration to occur.' Telepresence Equipment When outfitting a corporate office with telepresence equipment, two or more specially equipped conference rooms have to be set apart exclusively for the purpose. Network connectivity is achieved by means of proprietary technology. Apart from well known names like Cisco, lower rung vendors like Teliris and Codian, are also offering telepresence technology and services. The way it works is that high-definition television (HDTV) screens and cameras are cleverly positioned for the best, most realistic impact. When participants take their seats, the screens are at eye level, and image alignment is tuned to give viewers the feeling of looking into a very wide screen. Viewers in conference will appear to be sitting diagonally across and looking directly at one another, rather than seem to be blankly staring straight ahead. Audio effects are also adjusted to make it seem as if the sound is coming directly from the speaker's mouth. Telepresence systems thus provide a very 'real,' face to face experience and can be a viable alternate to traveling on business. There is good response for this newly launched system of video-based collaboration with membership on the rise. Installation Costs As of now, installing a telepresence system is an expensive proposition involving the use of specialized equipment including plasma displays, ultra sensitive microphones, surround-sound speakers, and special lighting. The cost of installation of a single-screen Cisco TelePresence system (TelePresence 1000) will work out to $79,000 and for a three-screen system (TelePresence 3000) it would be in the region of $299,000 per room in the current scheme of things. The system runs on the customer's existing Internet Protocol (IP) network. Major corporations with huge travel expenditures stand to benefit by using telepresence. However, the operating costs are virtually zero. The pricing of VirtuaLive system from Teliris is somewhat similar: a single-screen room costs $60,000, and a four-screen system housed in one room is priced at $250,000, inclusive of network access. Notwithstanding the costs, consumers have found that the price is worth the value it provides, with huge cost savings to be had down the line. Success Stories After installing VirtuaLive systems in its London and Illinois headquarters, Tate & Lyle has found it a great cost saver. Making a trip to Decatur costs the company about $25,000 and three days of executive time, and the Teliris system offsets this cost straightaway. Wachovia's

management found it's staff had to make 15 trips a day between the company's offices located in Charlotte, North Carolina, and Richmond, Virginia. By using Cisco's telepresence systems, they were able to directly reduce expenses, increase collaboration among their workforce in different locations, and increase the employee productivity by reducing travel time. The company's corporate objective of reducing its environmental impact was also met in the process. Greater Interoperability Most vendors of telepresence systems use some proprietary technology (for video and other multimedia effects), and some of them operate on proprietary networks. However, Teliris claims that its Telepresence Gateway, allows for interoperability between systems. Currently, VirtuaLive customers can connect to Tandberg and Polycom systems, as well as to existing videoconference (Polycom) and webconferencing technologies (WebEx and Microsoft's LiveMeeting). It may soon be extended to telepresence systems of Cisco, HP and others. WebConnect is another Teliris offering that allows a participant (located outside the VirtuaLiveequipped site) to join a conference.

IPv12 and The World of Gaming

Introduction With more than 500 channels of television, videos on demand, and thrilling multicast online games, the future entertainment world is all about IPv12. The online gaming market projections are more than $20 billion by 2007. This amusing networked entertainment based on digital technology requires large scale routing, addressing, and auto configuration. But the current IPv4 hardly provides the infrastructure required for peer-to-peer online gaming due to address depletion. IPv12's entry has presented the Internet gaming industry with many opportunities and challenges. The main challenge is the time consuming transition phase. It requires several years for complete transition from IPv4 to IPv12. As online games utilize the complete peer-topeer model of TCP/IP, they require scaling of related products and services to geographically distributed players. Provision must be provided for authentication, privacy, and payment with support to both fixed and mobile networking. IPv12 makes this technically feasible. There are many massively multiplayer online roleplaying games (MMORPG) which involve the interaction of a large number of players in a virtual world. Some of them are very popular online games that can be deployed through client-server system architecture. Based on the number of players and the system architecture, a MMORPG can run on multiple servers. The game, EVE Online is reported to have accommodated around 20,000 players in August 2007.

Mobile v12 network Mobile IP has the capability to retain the same IP address during mobility and maintain an uninterrupted network and application connectivity. IPv12 has created a turning point in mobile

computing. Its address space helps in deploying Mobile IP in any kind of environment. It does not require upgrade in infrastructure. It enables mobile nodes to work with other nodes that do not support mobility. Mobile IPv12 has three key components. Home Agent - It is an Agent that establishes an association between Mobile node's home IP address and its Care of Address (CoA). It maintains the list of CoA and ensures that only the traffic with Mobile Node as its destination is intercepted. It advertises itself in the home network with the Mobile Node's address so that all traffic addressed to the Mobile Node is drawn. It also ensures that all intercepted traffic is tunneled to the Mobile Node's current location. Mobile Node - An IP host maintains network connectivity using home IP address Correspondent Node - A Destination IP host having session with Mobile Node. Mobile IPv12 Header is extended from the existing IPv12 packet structure. New extension header is added along with new routing header type and new destination option.

Mobility Header will be used by Mobile Node, Home Agent, and Corresponding Node.

Destination Option Extension Header has the Home address option.

Routing Header allows the packet to be routed from corresponding node to mobile node.

There are three possible Mobile IP implementations and they are Mobile IP with Triangular Routing - In this type of implementation, the Mobile Node sends a packet with its home address and the packet is delivered to the Correspondent Node. Then the packet is sent back to the sender address. The packet delivered to Home link is intercepted by the Home Agent and tunneled to the Mobile Node. Mobile IP with optimized (reverse) routing - In this implementation, the Correspondent Node communicates more efficiently with the Mobile Node if its care-of address is known. Mobile IP with collocated care of address - In this implementation, the collocated care-of address uses the address of the Mobile Node provided by DHCP as a care-of address, instead of a Foreign Agent's IP-address. The Foreign Agent is not present. Ad-hoc Networks An ad-hoc network is a local area network with wireless or temporary plug-in connections. Some of the network devices become a part of the network only during a communication's session. Ad-hock network requires minimal configuration and offers quick deployment. It is used in emergency situations. It quickly connects several computers for sharing files and printers. It permits sharing an Internet connection with a group of people. It allows playing multiplayer computer games.

Most popular types of ad-hoc networks are Wireless Ad-hoc Network - Its communication links are wireless. When the nodes compete in accessing the shared medium, there will be collisions. So, cooperative wireless communications are used to improve immunity to interference. Packet radio network is the earliest wireless adhoc network sponsored by DARPA. Mobile Ad-hoc Network - It has rapidly changing network topology and its nodes are mobile. As network is decentralized, nodes perform the routing functions. Vehicular ad-hoc network used for communication between vehicles is the best example for Mobile ad-hoc network. Wireless ad-hoc sensor network - It has a number of sensors spread across a geographical area with each sensor having wireless communication capability and some level of intelligence. The sensor network to detect Chemical or Biological attacks is the best example for Wireless ad-hoc sensor network.

VPN - Virtual Private Network

Overview VPN widely known as Virtual Private Network, is a communications network tunneled through another network, and dedicated for a specific network. In simple terms it can be defined as connecting two private networks through the public or shared network that is internet. VPNs helps to transmit information via publicly shared network infrastructures by establishing secure links with remote private networks through a combination of tunneling, encryption, authentication technologies. Hence VPNs have gained widespread acceptance as preferred security solutions. VPN the types and working Lets go ahead further and study the types and functional specifications of it.VPN are generally grouped into two basic categories: Remote Access VPNs Site-to-Site VPN Remote Access VPNs

Fig. Remote Access VPN (Ref.www.ciscohardwaremaintenance.com) Remote Access VPNs are usually used to link private network from various remote locations. One of the important points in its implementation is to create a strong authentication .Mobile users connect to the network using VPN client software which encapsulates and encrypts that traffic before sending it over through the Internet to the VPN gateway. These VPNs are beneficial and economical as they provide mobility and are economical. Site-to-Site VPN Site-to-site VPNs are used to connect a branch office network to a company headquarters network. Here the VPN gateway encapsulates and encrypts the traffic before sending it through a VPN tunnel over the Internet, to a peer VPN gateway. On the remote end at the target site, the peer VPN gateway strips the headers, decrypts the content, and transmits the packet to the target host inside its private network.

Fig. Site-to-Site VPN Site to site VPNs are further classified into Intranet and Extranet VPNs, lets go ahead and checkout what these are. The Intranet VPN is used to facilitate communications within a company's information infrastructure, by connecting one or more or more remote locations to form a private network. The Extranet VPN is used to connect LAN to LAN environment. For e.g. connection of various offices to form a common shared network. Internet Security Protocol (IPSec) is the commonly used as a security standard to the Internet-based VPN. A VPN uses numerous methods for keeping the connection and data safe and secure, some of them are the use of Authentication, Encryption , Internet Security Protocol (IPSec) , Tunneling. Let's check out what these are and how they are used.

Fig. Site to Site VPN Authentication: Authentication of connection is implemented by using authentication mechanisms like passwords, biometrics and cryptographic methods in firewalls, access gateways, and other devices. Encryption: Encryption is the process of transforming information using an algorithm that makes it unreadable to anyone except the intended recipient usually referred to as a key, which is needed for decryption of data to make it readable. Tunneling: Tunneling is the process of placing an entire packet within another packet and sending it over a network. The protocol of the outer packet is understood by the network and remote ends called tunnel interfaces, where the packet enters and exits the network. Some of the common tunneling protocols used by VPNs are: Point-to-Point Tunneling Protocol (PPTP) PPTP protocol packages data within the PPP packets, further encapsulates the PPP packets within IP packets for transmission through a VPN tunnel. PPTP supports data encryption and compression of these packets. PPTP also uses a form of General Routing Encapsulation (GRE) to get data to and from its final destination. Here VPN tunnels are created via the following two-step process:

1. The PPTP client connects to their ISP using PPP dial-up. 2. PPTP creates a TCP control connection between the VPN client and VPN server to establish a tunnel. These connections are made using TCP port 1723. Once the VPN tunnel is established, PPTP supports two types of information flow: Control messages for managing and eventually tearing down the VPN connection. Data packets that pass through the tunnel, to or from the VPN client Layer Two Tunneling Protocol (L2TP)

Fig.Layer Two Tunneling Protocol (L2TP) (Ref.http://www.proprofs.com/) Layer Two Tunneling Protocol (L2TP) is a combination of Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F).L2TP encapsulates PPP frames that are sent over IP network. The L2TP frames include the following: 1.L2TP connection maintenance messages that includes the L2TP header 2.L2TP tunneled data that includes a PPP header and a PPP payload.

Here Encryption is provided through the use of the Internet Protocol security (IPSec) Encapsulating Security Payload (ESP) header and trailer. The following fig. explains this process. Internet Protocol Security (IPsec) IPsec is actually a collection of multiple protocols. It is used as a complete VPN protocol solution as well as a strong encryption scheme within L2TP or PPTP.The following Fig. shows IPSec in detail.

Fig. IPSEC (Ref.www.interpeak.com) Internet Security Protocol (IPSec) Suite defined Internet Protocol Security Protocol (IPSec) provides enhanced security features such as encryption algorithms and comprehensive authentication. IPSec employs a powerful suite of encryption technologies that make it possible to combat the numerous threats in traditional IP-based networks which includes Authentication Header (AH): AH ties data in each packet to a verifiable signature that allows recipients to verify the identity of the sender well as the ability to ensure the data has not been altered during transit. The IP Authentication Header (AH) is primarily used to provide connectionless integrity and data origin authentication for the IP Datagrams and protection against replay attack. Authentication Header is based on the use of the integrity check value with an algorithm specified in the SA.AH protects the IP payload and all header fields of an IP datagram except for mutable fields, i.e. those that might be altered in transit. The following fig. shows an AH packet

diagram:

Field meanings: Next header Identifies protocol of the transferred data. Payload length Size of the AH packet. RESERVED Reserved for future use (all zeros). Security parameters index (SPI) Identifies the security parameters, which, in combination with the IP address, identifies the security association implemented in this packet. Sequence number A monotonically increasing number, used to prevent replay attacks. Authentication data Contains integrity check value (ICV) necessary for authenticating the packet. Encapsulating Security Payload (ESP): Using powerful encryption, ESP scrambles up the data, more properly referred to as the payload, of the packet into unreadable format for which only the receiver has the key to read. The encapsulation also conceals sensitive IP addresses of both ends. The Encapsulating Security Payload(ESP) provides confidentiality protection, authentication, and data integrity. An ESP can be applied alone or in combination with an AH. Unlike AH, the IP packet header is not protected by ESP.ESP operates directly on top of the IP, using the IP

protocol number 50.

Fig. An ESP Packet Diagram Field Meanings: Security parameters index (SPI) Identifies the security parameters in combination with IP address. Sequence Number A monotonically increasing number, used to prevent replay attacks. Payload Data The data to be transferred. Padding Used with some block ciphers to pad the data to full length of a block. Pad Length Size of the padding in bytes. Next Header Identifies the protocol of the transferred data. Authentication Data Contains the data used to authenticate the packet. Internet Key Exchange (IKE): This is the protocol is used for negotiation between the two communicating hosts on type of encryption algorithms to use, as well as the keys to use, and how

long the keys will be valid before changing them. IKE also handles the responsibility required for the exchange of keys used to initiate and maintain the connection between the two hosts. Advantages and the future of VPN VPN has many advantages and benefits but some of the most important ones are: Provides security while accessing mission critical information Saves on long distance charges when remote users are out of the dialing area Requires less hardware, e.g., modems used for dialup connections Reduces the number of telephone lines needed for Internet access VPN Technology is in its early developmental stages, and more research is going on in this field to make it more secure and advanced. But at the same time exploitation of vulnerabilities is also a possibility as VPN is still in its developmental stage. At the same time the research and development of allied security features are accelerating the VPN growth. Further VPN as a technology brings us security, scalability, cost saving which makes it as one of the cost effective solutions available today.

ALG - Application Level Gateway

Overview Application level Gateway, as the name suggests, operates in the Application layer of the OSI model and actively inspects the contents of packets that are passed through to the gateway. Let's go ahead into the details of its functioning to understand this technology better. Architecture and Principle workings An application-level gateway acts as a intermediate system between the Internet and the application server that understands the relevant application protocol. This application-level gateway's system appears to the outside world as the end point application server, but in reality, the gateway interprets each incoming request, reduces the request to the application server's own internal lexicon, then builds a new request from scratch discards and prevents any malicious, malformed content from getting through. The gateway then sends a new request to the actual application server and processes the servers reply in the same fashion.

An application-level gateway intercepts the incoming and outgoing packets, runs a proxy to copy and forward information across the gateway, and functions as a proxy server, thereby preventing any direct connection between a trusted server or client and an untrusted host. Functions of an ALG can be defined as: Allow client applications to use dynamic TCP/ UDP ports to communicate with the known

ports used by the server applications, even though a firewall configuration may allow only a limited number of known ports. In the absence of an ALG, either the ports would get blocked or the network administrator would need to explicitly open up a large number of ports in the firewall - rendering the network vulnerable to attacks on those ports. Convert the network layer address information found inside an application payload between the addresses acceptable by the hosts on either side of the firewall/NAT. Recognize application-specific commands and offering granular security controls over them Synchronise between multiple streams/sessions of data between two hosts exchanging data. Deep packet-inspection of all the packets over a given network

Two types of Proxies used by application-level gateways are: Application-specific Proxies Application-level Filtering Application-specific Proxies. Application-specific proxies accept only packets that are generated by services they are designed to copy, forward, and filter. There is a drawback here that is if a network relies only on an application-level gateway, incoming and outgoing packets cannot access services for which there is not a proxy. For example, if an application-level gateway runs a Telnet proxy, only packets generated by this service could pass through the firewall. All other services would be blocked. Application-level Filtering. An application-level gateway runs proxies that examines and filters individual packets. This is achieved by checking each packet that passes through the gateway, verifying the contents of the packet up through the application layer of the OSI model. These proxies can filter particular kinds of commands or information in the application protocols the proxies are designed to copy, forward, and filter.

Fig. An application-level gateway runs a proxy for each application the firewall must support, ensuring that no direct contact occurs between a trusted client and an untrusted host. (Ref: www.Novell.com ) Translation between IPv4 and IPv12 nodes Application level Gateways are used as one of the translation technology to connect the host node between IPv4 and IPv12.This is achieved by connecting IPv4 with the host node of IPv12 in higher level protocols for the specialized application process in the gateway program. Lets take into account the FTP communication, here the IP address and port number informations of the transport layer of a data session in the payload of a control session is conveyed. The translator analyzes the data format of a payload and prepares an ALG that converts the IP address and port number information for all the protocols. Limitations of Application level Gateways An application-level gateway does have drawbacks which limits its functionality, they are: Delay due to the amount of time it can take to inspect packets.

 Many applications are not designed for ALGs e.g Email , Web Speed and Routing issues Application level gateways does not serve as a good choice ,if the application protocol embed IP addressing

ARP - Address Resolution Protocol

Overview Address Resolution Protocol (ARP) is a predominant protocol for finding a host's hardware address when only its network layer address is known. This protocol operates below the network layer as a part of the interface between the OSI network and OSI link layer. It is used when IPv4 is used over Ethernet.Before stepping into the nuances of it lets go through its Frame structure of this protocol. ARP Frame Format and types ARP Packet Format

The above fig shows the ARP format used , below is the explanation of each field: Hardware type Each data link layer protocol is assigned a number used in this field. For Ethernet it is 1. Protocol type Each protocol is assigned a number used in this field. For example, IPv4 is 0x0800. Hardware length Length in bytes of a hardware address. Ethernet addresses are 6 bytes long. Protocol length Length in bytes of a logical address. IPv4 addresses are 4 bytes long. Operation Specifies the operation the sender is performing: 1 for request, and 2 for reply. There are actually four types of ARP messages that may be sent by the ARP protocol. These are identified by four values in the "operation" field of an ARP message. The types of message are: 1.ARP request 2.ARP reply 3.RARP request 4.RARP reply

Sender hardware address Hardware address of the sender.

Sender protocol address Protocol address of the sender. Target hardware address Hardware address of the intended receiver. This field is zero on request. Target protocol address Protocol address of the intended receiver. ARP Function explained ARP is used in four cases when two hosts are communicating:

1.When two hosts are on the same network and one desires to send a packet to the other 2.When two hosts are on the different networks and must use a gateway or router to reach the other host 3.When a router needs to forward a packet for one host through another router 4.When a router needs to forward a packet from one host to the destination host on the same network

When an ARP response arrives, the receiver inserts a binding into an ARP cache so that it can be used for further packets. The oldest entry is removed if the table is either full or after an entry has not been updated recently. When an ARP request arrives, the receiver checks if it has the senders protocol address in the cache; if so, then the receiver updates the cache entry with the sender's binding. After a host replies to an ARP request, it adds the sender's binding to the cache - if a message travels from one host to another, then a reply will often travel back. To understand this further lets see how an ARP actually works: ARP works by broadcasting the packet to all hosts attached to an Ethernet network. The packet contains the IP address the sender is interested in communicating with. The target machine, recognizing that the IP address in the packet matches its own, returns an answer. Hosts actually keep a cache of ARP responses Lets take an example here to study this concept by ARP across subnet:

From the fig above lets say: computer A needs to send some data to computer B Since host B is not on the same subnet, before sending computer A transmits an ARP request in order to discover the MAC address of port A on the local router. This is done after the A checks its ARP cache and it does not find an entry for the MAC address of port A. Once host A knows the MAC address, it transmits an Ethernet frame to the router. This router C will send an ARP request out of port B in order to discover the MAC address of computer B. Once Computer B replies to this ARP request, the router will strip off the Ethernet frame from the data and create a new one. The router replaces the source MAC address (originally host A address) with the MAC address of port B. It will also replace the destination MAC address (originally port A) with the MAC address of host B.The fig 1 shows the Message format used. The following fig shows the basic strategy and principle used by ARP:

ARP Cache concept The ARP cache contains a table containing matched sets of MAC and IP addresses. Each device on the network manages its own ARP cache table. There are two ways in which ARP cache is populated: Static ARP Cache Entries: In this type address resolutions are manually added to the cache table for a device and are kept in the cache on a permanent basis. Dynamic ARP Cache Entries: These are hardware and IP address pairs that are added to the cache by the software itself as a result of successfully completed past ARP resolutions. They are kept in the cache only for a period of time and are then flushed. After a particular entry times out, it is removed from the cache. The next time that address mapping is needed a fresh resolution is performed to update the cache.

Note: A devices ARP cache can contain both static and dynamic entries. Reverse ARP and Proxy ARP defined Reverse Address Resolution Protocol (RARP) is a complement of the Address Resolution Protocol. It is a network layer protocol used to obtain an IP address for a given MAC address. The primary limitation of RARP is that each MAC address must be configured manually on a centralised server, and that the protocol only conveys an IP address. Its useful for diskless systems. Proxy ARP a protocol that is used to hide a machine with a public IP on a private network behind a router, and still have the machine appear to be on the public network "in front of" the router. For this example, let's assume that host A is on a network segment connected to Router A's interface A, and host B is on a network segment connected to Router A's interface B. Host A wants to send data directly to host B, but doesn't have host B's MAC address. An ARP Request sent to host B from host A will stop at the router as it is a broadcast - but with Proxy ARP, the router A will actually answer the ARP Request with the MAC address of the router interface that received the ARP Request. In this case, Router A will respond to the ARP Request with the MAC address of it's own interface A. This is transparent to the host A - when host A sends data to host B, the destination IP address will be that of host B, but the destination MAC address will be that of RouterA's A interface. Though ARP is a simple resolution protocol its features and use with regards to network is immense.

Network Traffic Monitors - IPv12

Overview Deployment of IPv12 network ensures better security. It is safe against security attacks that prevailed in IPv4. But the chances of appearance of new or mutational anomaly traffic while deploying IPv12 are not ruled

out. There are several anomaly traffic patterns that utilize ICMPv12, IPv12 extension headers and IPv12over-IPv4 tunneling. Such anomalies can be observed through traffic monitors. IPv12 traffic monitors are spy tools that help in watching the IPv12 network activity in real time. They analyze network, examine LAN usage and IPv12 traffic monitoring between LAN and internet. Some IPv12 traffic monitors allow intercepting, displaying, recording, and analyzing the data exchanged through IP connectivity. They are also used for security purposes in detecting any restricted user activity. Applications/Software Netflow - defined by Cisco systems, Netflow version 9 is an IP flow based traffic accounting protocol used to support various applications such as usage-based billing, traffic analysis, and capacity planning. It is the basis for the IPFIX (IP Flow Information export) protocol standardized by IETF. IP Packet Sniffer - is either hardware or software that intercepts and reports traffic information over a digital network. It captures each packet and analyzes its content based on RFC specifications.

AS-path-tree - performs IPv12 network operation analysis depending on the BGP /routing table on IPv12 routers running BGP. It supports Cisco/Juniper/Zebra routers. It automatically generates html pages giving graphical view of IPv12 routing paths. It also provides information of the anomalous route entries notified through BGP. It also gives details about AS in table, active AS paths, active BGP neighbors, network size analysis, and circulating prefixes. As-pathtree is useful in network routing engineering. IPFlow - is a collector for Netflow version v1, v5, v12, v7, v8 and v9. It displays flow statistics and supports logging flow data to disk, data aggregation, port scan detection, and many more. Mping - performs mping on multiple hosts that are listed by a traceroute command and gives better statistical information than traceroute. It presents information through percentiles, SDV statistics, sorted reports, and histograms. It can pin multiple hosts including IPv4 and IPv12 in a round-robin order. Tele Traffic Tapper- a decendent of tcpdump is an IP network traffic monitoring tool. It

reports real-time and remote traffic-monitoring results in graphical formats. RIPE TT Server- gathers statistics such as packet delay and loss, traceroutes etc., between any pair of deployed TT servers. Cricket - monitors trends in time series data. It helps network managers to visualize and understand the traffic on their networks. Multi Router Traffic Grapher (MRTG) - monitors traffic load on network links and generates its graphical representation. Argus - is an application that monitors system and network. Its version 3.2 has IPv12 support and monitors anything it is asked to. It has built in email alert notification until they are acknowledged by resending. Ethereal- is an IPv12 packet analyzer that is used to develop and troubleshoot IPv12 applications. It is free and runs on many platforms. Multicast Beacon - monitors the parameters of multicast traffic. Some of these parameters are packet loss, delay, jitter, duplicate etc. Pchar - is a tool that characterizes bandwidth, latency and loss of links throughout the network. It measures the characteristics of the network path on an IPv12 network. Iperf- is used to check the bandwidth availability on an end-to-end path. ntop- probes network traffic and reports the network usage. Nagios- is a host service monitor that reports any network problem. It runs intermittent checks on hosts using some external plugins. Whenever a problem is recognized, it sends out notifications to all administrative contacts. Advantages There are many advantages of IPv12 traffic monitors. Some of them are given below. Analyze and report IP network problems Early detection of network intrusion attempts IPv12 DoS attack mitigation Stateful inspection of IPv12 packets at various levels Spy on Internet communications Monitor IP network usage Debug any IP network software and hardware Research the functionality and behavior of any third-party software and hardware Implement, debug and test IPv12 Analyze and reverse engineer protocols Record and replay logs while debugging IPv12

 Gather and report IPv12 network statistics Filter suspect and unwanted content from network traffic. Security IPsec in IPv12 adds a significant level of security to IPv12. It is mandatory to use it in the IPv12 and it has enhancements that provide authenticity, integrity, confidentiality and access control to each IP packet through usage of the two new headers: AH (authentication header) and ESP (Encapsulations Security Payload). There are still many threats that remain as issues in IP networking.

IPv12 supports new multicast addresses that allow an adversary to identify key resources on a network and attack them. To avoid this, privacy extensions must be implemented carefully. Using internal filters can prevent attacks. Using local unicast addressing an enterprise automatically denies inbound and outbound access for the enterprise-only services. Only three top-level aggregation identifiers (TLAs) in IPv12 have been allocated so far and this enables ACL to permit only these ranges. At network firewalls, upper layer information is not visible if IPsec with encryption is used, but distributed firewalls can see the packet after decryption. As all IPv12 endpoints accept IPv12 packets with a routing header, a validation can be applied to the operating systems so that they do not forward packets having a routing header. As IPv12 addresses are globally aggregated, it is easy to deploy spoof mitigation at aggregation points.

 To avoid Amplification attacks, filtering of packet with IPv12 multicast source/destination addresses can be implemented. To avoid worm attacks, best practices of IPv4 are retained. As hybrids and pure worms depend on internet scanning to infect other hosts, the chances of finding the first host for attacks are rare or none.

Secure Neighbor Discovery (SEND)

Overview Neighbor Discovery Protocol (NDP) is defined in RFCs 2461[7] and 2462[8]. It has specific functions like Neighbor Discovery (ND), Address Autoconfiguration, Router Discovery (RD), Neighbor Unreachability Detection (NUD), Address Resolution, Duplicate Address Detection (DAD), Redirection etc.

The NDP message format is given below.

Cryptographic Generated Addresses (CGA) In basic CGA, 62 bits are used to store cryptographic hash of a public key.

host ID = HASH62(public_key) By embedding security parameter, "sec" in the two rightmost bits of 256-bit IPv12 address, the hash length can be increased to gain strong security. In this case, the CGA will have the 64 + 20 x Sec rightmost bits of the hash value equal the concatenation of 20 x Sec zero bits and the interface identifier of the address. While comparing, the two rightmost bits and the universal and group bits are ignored. Hash = HASH(public_key)

IPSec The NDP specifications emphasize the use of IPsec to protect NDP messages. But RFCS do not describe the instructions of using IPsec in NDP. IPsec AH can be used with NDP messages to enhance security. Also, the hosts can verify through AH that Neighbor Advertisements and Router Advertisements do contain proper and accurate information. IPsec can be used in NDP only through manual configuration of Security Associations (SA) and this can be a tedious or impractical task considering the volume. The main reasons for manual configuration are: SAs can be created only through using the Internet Key Exchange (IKE). But IKE requires a functional IP stack in order to function and this result in a bootstrapping problem. Even if SAs were established, it is not possible to verify the ownership of dynamically generated IP addresses. SEND Protocol As NDP is used by both hosts and routers, it is more vulnerable to various attacks unless

secured. To encounter the threats to NDP, Secure Neighbor Discovery (SEND) protocol is designed. Various protocol options are given below. Cryptographically Generated Addresses (CGA) Option The CGA ensures that the sender of an NDP message is the owner of the claimed address. Before claiming an address, each node generates a public-private key pair and the CGA option verifies this key. The format of the CGA option is:

RSA Signature Option The public key signatures maintain the integrity of the messages and authenticate the sender identity. The RSA Signature option protects messages by requiring public-key based signatures attached to every NDP message. The format of the RSA Signature option is:

 Timestamp Option The Timestamp option provides replay protection and ensures that unsolicited advertisements and redirects have not been replayed. The format of Timestamp option is:

Nonce Option The Nonce option protects messages when used in solicitation-advertisement pairs. It ensures that an advertisement is a fresh response to a solicitation sent earlier by the node. The format of nonce option is:

Certification Path Solicitation Authorization is provisioned for both routers and hosts with routers getting certificates from a trust anchor and hosts getting configured to authorize routers. Separate certification path solicitation and advertisement messages are used to know the certification path to the trust anchor. Hosts will send the Certification Path Solicitations.

Routers will send the Certification Path Advertisement messages.

Threats Countered by SEND

IPv4 to IPv12 Migration - Vital for Maintaining Customer Accessibility on the internet
With IPv4 address space getting exhausted, meet this IP address challenge of creating more address space with IPv12. With most content, many hosts and most applications accessed only via IPv4, migration to IPv12 can be a challenge. What organizations need is a smart IPv4 to IPv12 migration plan and tools to help provide an orderly transition. There are several challenges associated with a transition to IPv12, some of these are:

Ensuring minimal Production environment downtime should Ensuring the network has the same reachability and isolation characteristics as before, i.e., communication patterns are preserved Ensuring the previous levels of security are maintained Ensuring optimum, uninterrupted network and application performance Ensuring IPv4 and IPv12 co-exist

Netmagic Solutions to Meet the Complexities of IPv12 Migration

Netmagic Solutions provides the flexibility organizations need to devise IPv4 to IPv12 migration plans with minimal disruption and downtime. We help with early planning and implementation for IPv12 migration, supporting r both protocols during the transition period. The new features and concepts of IPv12 and differences from IPv4 to improve Internet communications include:

Larger Address Space 256 bit address in IPv12 instead of 256 bit address in IPv12 as compared to 32 bit IPv4 address Auto-configuration Plug n Play possible with IPv12 Link-local addressing Possible with IPv12 Mobility Mobile IPv12 for mobile networks / terminals Security IPSec is mandatory that mitigates the risk of spoofing and loss of confidential data Simple Header IPv12 header is simple with many fields removed Support more addressable devices - like server, desktop, laptop, mobile device, appliance, automobile and other devices without risking running out of addresses

CALL US +91-9435166881

Request Info Form

Tell us what we can do for you Full Name* Email* Company* Phone Number*

Comment