IPv6: Internet Protocol version 6


Published on

This presentation aims at explaining what IPv6 has in store and how does it differ from IPv4.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IPv6: Internet Protocol version 6

  1. 1. Introduction to IPv6 Presented By: Ankita Mahajan
  2. 2. Text Representation of Address ● IPv6 add. are 128-bit identifiers for interfaces. ● Colon-Hexadecimal form: 3ffe:0b00:0c18:0001:0000:0000:0000:0010 Compressed Format: 3ffe:b00:c18:1::10 ● IPv4 compatible: 1) 0:0:0:0:0:0: 2) 0:0:0:0:0:FFFF: ● Text Representation Flexibility: Leading Zeros in a 16-Bit Field Zero Compression Uppercase or Lowercase Combining IPv6 add with Port no.
  3. 3. Problems with flexible model Searching Searching Spreadsheets and Text Files (No regex support) Searching with Whois Searching for an Address in a N/w Diagram Parsing and Modifying Logging (Full rep. highly unreadable) Auditing Verification: ex) X.509 certificates IP address abuse Changing platform
  4. 4. Canonical IPv6 rep. RFC:5952 Following representations MUST be followed: 1. Eliminate Leading Zeroes in all 16 bit fields. 2. Shorten the largest Zero sequence using "::" 3.. Handling One 16-Bit 0 Field: 2001:db8:0:1:1:1:1:1 2001:db8::1:1:1:1:1 4. First sequence of zero bits MUST be shortened if all sequences r of equal length. 5. Must be Lowercase 6. [2001:db8::1]:80 is default rep. (RFC: 3986)
  5. 5. Types of IPv6 Addresses 1. Unicast: An identifier for a single interface. Exception: A unicast address or a set of unicast addresses may be assigned to multiple physical interfaces. ex) Load sharing. 2. Anycast: An identifier for a set of interfaces. 3. Multicast: An identifier for a set of interfaces. .'. There are no broadcast addresses in IPv6. Terminology: Subnet prefix: all of the address, starting from the left, up to and including this field.
  6. 6. Prefix rep. is similar to CIDR "ipv6-address/prefix-length" ex) 2001:0DB8:0000:CD30:0000:0000:0000:0000/60 or 2001:0DB8:0:CD30::/60 for a 60 bit prefix=20010DB80000CD3 Address="n bits prefix + (128-n) bits interface id" Ex) Node Address: 2001:0DB8:0:CD30:123:4567: 89AB:CDEF and its subnet number 2001:0DB8:0:CD30::/60 can be abbreviated as 2001:0DB8:0:CD30:123: 4567:89AB:CDEF/60 Addressing Model
  7. 7. Address type Binary prefix: IPv6 notation Unspecified 00...0 (128 bits) ::/128 Loopback 00...1 (128 bits) ::1/128 Multicast 11111111 FF00::/8 Link-Local unicast 1111111010 FE80::/10 IPv4 compatible 000...0 (96 Zero bits) IPv4add IPv4-Mapped 000...0 (80 zeroes) FFFF IPv4add (Mapped: For Nodes that only understand IPv4) Global Unicast (everything else) Anycast addresses are taken from global unicast space.
  8. 8. Global Unicast Addresses Interface identifiers in unicast addresses are required to be unique on a link, ie within a subnet prefix. Interface identifiers may be universally unique when derived from IEEE 802 48-bit MAC n bits | m bits | 128-n-m bits global routing prefix | subnet ID | interface ID Global routing prefix: hierarchically structured value assigned to a site (a cluster of subnets/links), Subnet ID: An identifier of a link within the site
  9. 9. Anycast Addresses For any anycast add, there is a longest prefix P of that add that identifies a topological region. (Useful for aggregating interfaces) Subnet-Router Anycast Address: Anycast address of all Routers on a Subnet. n bits | 128-n bits SubnetPrefix | 000...0
  10. 10. Multicast Address Format | 8 | 4 | 4 | 112 bits | Flags= ORPT | 11111111 | flgs | scop | group ID | O = 0 (reserved) T = 0: Permanently-assigned ("well-known") multicast address. (assigned by IANA) T = 1: Non-permanently-assigned ("dynamically" assigned). Scope: limit the scope of the multicast group. 0,3,F reserved 1 Interface-Local scope 2 Link-Local scope 4 Admin-Local scope 5 Site-Local scope 6,7,9,A,B,C,D unassigned 8 Organization-Local scope E Global scope
  11. 11. A Node’s Required Addresses A host is required to recognize the following addresses to identify itself: 1. Its Link-Local address for each interface. 2. Any additional Unicast and Anycast address. 3. The loopback address. 4. The All-Nodes (well-known) multicast add's. FF01:0:0:0:0:0:0:1 and FF02:0:0:0:0:0:0:1 5. The Solicited-Node multicast address (FF02:0:0: 0:0:1:FFXX:XXXX) for each of its unicast and anycast addresses. 6. Multicast addresses of all its other groups.
  12. 12. Router's required addresses A router is required to recognize all addresses that a host is required, plus the following: 1 The Subnet-Router Anycast addresses for all interfaces for which it acts as a router. 2 All other Anycast addresses configured. 3 The All-Routers multicast addresses: FF01:0:0:0:0:0:0:2 FF02:0:0:0:0:0:0:2 FF05:0:0:0:0:0:0:2
  13. 13. Header Changes: IPv4 to IPv6
  14. 14. IPv6 header
  15. 15. Packet Size Issues IP address= 128 bits (16 Bytes) (4 times IPv4) Min packet size=40B (Double of IPv4) IPv6 requires an MTU >= 1280 octets at all links. (Otherwise link-specific fragmentation and reassembly must be provided at a layer below IPv6)
  16. 16. Traffic class field ● The 8-bit field is used by source and/or routers to identify and distinguish between different classes or priorities of IPv6 packets. General requirements: ● Service interface must provide means for upper- layer protocol to supply the value of traffic class. ● Value of traffic class can be changed by source, forwarder, receiver. ● An upper-layer protocol should not assume the value of traffic class in a packet has not been changed.
  17. 17. Flow Label field (20-bit field) ● Used by source to label sequences of related packets for which it requests special handling by the routers. (QoS) ● Unique flow (source address + destination address + non-zero flow label) ● Flow label of zero => packet not part of any flow. ● A source can re-use a flow label after the maximum_lifetime of the flow-handling state (currently using the flow no) has expired. ● Routers may treat separate flows differently: Buffer sizes, forwarding precedence,QoS, etc ● The option to set the flow label in a forwarding node is disabled by default
  18. 18. Popular Applications: ● RSVP (Stateful) ● General Internet Signaling Transport (stateful) ● Stateless load distribution. Especially accross: Equal Cost Multi-Path (ECMP) and/or Link Aggregation Group (LAG) paths. Security Threats 1. Denial-of-service and Theft of service attacks 2. Cryptoanalysis of Traffic ('.' Flow no. present) 3. May be forged by an on-path attacker '.' unprotected. 4. Covert Channel Risk 5. Security Filtering support is not provided for firewalls. but in IPsec and Tunneling the original label would
  19. 19. Payload Length ● 16-bit unsigned integer. ● Length of the IPv6 payload, i.e., the rest of the packet following this IPv6 header, in octets. (payload includes all extension headers)
  20. 20. IPv6 header Hop-by-Hop Options header Destination Options header(1st & all desti) Routing header Fragment header Authentication header Encapsulating Security Payload header Destination Options header(final desti only) upper-layer header Extension headers in order
  21. 21. ● Extension headers r processed strictly in the order they appear and only at the Destination Address field of the IPv6 header. exception: Hop-by-Hop (next header=0 in IPv6) ● If Next Header is unrecognized by the node, the packet is discarded and an ICMP msg sent to the source. (ICMP Code value = 1)
  22. 22. Options ● Options must be processed strictly in the order they appear ● Highest-order two bits of Option-Type field specify the action to be taken if the processing node does not recognize the Option Type. ● And the 3rd highest-order bit specifies if Option Data can change en-route for that option. Popular options: 1. Pad1: to insert one octet of padding into the Options area of a header 2. Pad N: 2 or more octets padding
  23. 23. Routing Extension Header Format: Complete header is a multiple of 8 octets. | Next Header | Hdr Ext Len | Routing Type | Segments Left | | type-specific data | Routing Types: 1. Type 0: Multicast addresses must not appear. Equivalent to source routing of IPv4.
  24. 24. Routing extension example
  25. 25. Fragmentation | Next Header | Reserved | Fragment Offset | Res | M | | Identification | ● Frag offset, in 8-octet units, of the data following this header, relative to the start of the Fragmentable Part. ● Fragment Offset: 13-bit unsigned integer in 8-octet units. ● M flag 1 = more fragments; 0 = last fragment. ● Identification: 32 bits. combined with the src & dest addr uniquely identifies the original packet. ● Original packet is divided into: 1. Unfragmentable Part: IPv6 header, all headers up to and including the Routing header. 2. The Fragmentable Part: rest of the packet,
  26. 26. Fragments Original packet: Fragment Packets:
  27. 27. Reassembly... The Unfragmentable Part of the reassembled packet consists of all headers up to, but not including, the Fragment header of the first fragment packet (that is, the packet whose Fragment Offset is zero), with the following two changes: 1. The Next Header field of the last header of the Unfragmentable Part is obtained from the Next Header field of the first fragment’s Fragment header. 2. The Payload Length of the reassembled packet is computed from the length of the Unfragmentable Part and the length and offset of the last fragment
  28. 28. Reassembly:
  29. 29. Authentication Header
  30. 30. ESP Header:
  31. 31. ICMPv6 Next Header val=58 1. Report delivery or forwarding errors. 2. Provide simple echo service for troubleshooting. 3. Neighbor Discovery (ND): 5 ICMP msgs 4. Multicast listener Discovery (MLD): 3 ICMP messages
  32. 32. ICMPv6 neighbour discovery mechanism Router discovery Equivalent to ICMPv4 Router Discovery Prefix discovery Equivalent to ICMPv4 Address Mask Req/Reply Parameter discovery Discover additional parameter (ex. link MTU, default hop limit for outgoing packet) Address auto-configuration Configure IP address for interfaces Address resolution:
  33. 33. ...ND continued Next-hop determination Destination address or Address of an on-link default router Neighbor unreachable detection (NUD) Duplicate address detection (DAD) Determine that an address considered for use is not already in use by a neighboring node First-hop Redirect function Inform a host of a better first-hop IPv6 address to reach a destination,
  34. 34. Advantages of IPv6 over IPv4: A) Header Format Simplification: (Redundant fields) 1 Reduced packet handling cost. B) Expanded Addressing Capabilities: 1 Anycast addresses introduced 2 more levels of addressing hierarchy 3 Scalable: greater number of addressable nodes. 4 simpler stateless auto-configuration of addresses. 5 Improved scalability of multicast routing (Scope)
  35. 35. C) Improved Support for Extensions & Options: 1 Efficient options processing & pkt forwarding. 2 Less stringent limits on the length of options. 3 Greater flexibility for introducing new options. 4 Support for Real time services D) Flow Labeling Capability E) Authentication and Privacy Capabilities 1 Extensions to support authentication, data integrity, and (optional) data confidentiality. F) Better Mobility Support (MIPv6)
  36. 36. IPv6 Compared with IPv4...
  37. 37. ...IPv6 Compared with IPv4
  38. 38. References: RFC 5000 RFC 2460 http://www.rfc-editor.org/rfc/rfc2460.txt RFC 5952 http://www.rfc-editor.org/rfc/rfc5952.txt RFC 4291 http://tools.ietf.org/html/rfc4291 RFC 6437 http://www.rfc-editor.org/rfc/rfc6437.txt RFC 6564 http://www.rfc-editor.org/rfc/rfc6564.txt RFC 2402 http://tools.ietf.org/pdf/rfc2402.pdf Wikipedia Peterson and Davie etc