ipv6 required - icca pondicherry 31 jan 2012
DESCRIPTION
This presentation looks at many of the main features of IPv6 and how IPv6 differs with IPv4. It is a good starter for people not knowing about IPv6 and was presented at ICCA 2012 in Pondicherry, India on 31st January 2012.Many thanks to Dr. Alaa Al Din Al Radhi for many of the visuals used in this slide deck.TRANSCRIPT
Networking for the Future
Part 1: Why do we need IPv6?
Part 2: IPv6 – A Technical Primer
© 2009 Global Information Highway Ltd
Version 201201.1
Dr. Olivier MJ Crépin-Leblond – [email protected] ’12 – Pondicherry – 31 January 2012
Version 201201.1 2
IPv4 / IPv6 Table of Contents
� Why IPv6? Why not IPv4?
� What are the differences between IPv4 and IPv6?
� Address / Packet Structure
� Header
� Datagram
� Unicast / Multicast / Anycast
� Neighbour Discovery and DHCPv6
� Mobility
� IPSec / Security
© 2012 Global Information Highway Ltd
Version 201201.1 3
What is an IP Address?
Domain Name: www.isoc.org
DNS Server
IPv4 Address: 212.110.167.157
Domain Names are identifiers
that you type in your Web
Browser, your E-mail etc.
DNS Servers translate this
Domain Name into an
address that is made up of
numbers
Every device that is
connected to the Internet
needs its Internet Protocol
(IP) address
translation
www.google.com
www.yahoo.com
© 2012 Global Information Highway Ltd
Version 201201.1 4
We are running out of IPv4 addresses
� Each device (computer, phone etc.) connected to the Internet needs an Internet Protocol (IP) address.
� If we have 10 addresses only, how do we connect 11 computers?
We cannot do that.
� This is the point which we are about to reach.
“Internet Protocol”
© 2012 Global Information Highway Ltd
Version 201201.1 5
We are running out of IPv4 addresses
World Connectivity vs Population
Population Size
6 767 805 208
N° Internet Users
1 733 993 741
Population Size
N° Internet Users
Middle East Connectivity vs Population
Population Size
202 687 005
N° Internet Users
57 425 046
Population Size
N° Internet Users
6.7 Billion people on earth
1.7 Bn Internet users in 2009
More ways to access the Internet
“Internet Protocol”
© 2012 Global Information Highway Ltd
Version 201201.1 6
We are running out of IPv4 addresses
When we reach this point, it will be too late since there will be no more free IP addresses!
Real time data collected 1 Mar 2010
today
© 2012 Global Information Highway Ltd
Version 201201.1 7
We are running out of IPv4 addresses
When we reach this point, it will be too late since there will be no more “free” IPv4 addresses!
Real time data collected September 2011
http://www.potaroo.net/tools/ipv4/index.html
© 2012 Global Information Highway Ltd
Version 201201.1 8
Current temporary solutions
An end user “pulls” the information to them from the network
Network Address Translation
© 2012 Global Information Highway Ltd
Version 201201.1 9
Current temporary solutions
Network Address Translation
As more and more devices are connected•Computer•Telephone•MP3 player•Television
It becomes impossible for the translation box to serve all the services for 1 public IP address
© 2012 Global Information Highway Ltd
Version 201201.1 10
How about Carrier Grade NAT?
� The Internet is based on a layered, end-to-end model that allows people at each level of the network to innovate free of any central control. By placing intelligence at the edges rather than control in the middle of the network, the Internet has created a platform for innovation.
Quotes – Vinton Cerf
US Scientist, widely known as one of the Fathers of the Internet
© 2012 Global Information Highway Ltd
Version 201201.1 11
The original Internet Architecture
© 2012 Global Information Highway Ltd
User-Centric Internet
Can be severalrouters at various“entry” points withresilient routes
Any connected device could be a “client” or a “server”
Version 201201.1 12
The Internet Architecture Version 2
© 2012 Global Information Highway Ltd
User-Centric Internet
Local NAT
NAT = Network Address Translation
Version 201201.1 13
Adding Carrier-Grade NAT
© 2012 Global Information Highway Ltd
CG-NAT CG-NAT
Single point of failureat Carrier Level
Server Only Client Only
The Network-CentricInternet
Version 201201.1 14
Carrier Grade NAT
Network Address Translation
•Single point of failure•Need to use application-level filtering to inspect application protocol packets and modify them on the fly•Violates TCP states (usually performed by end nodes•Hard recovery for link flapping (multiple routes)
© 2012 Global Information Highway Ltd
Version 201201.1 15
Carrier Grade NAT
•Hides complete parts of the DNS due to impossibility of connecting to specific host•Difficulty in establishing end to end VPN tunnels due to inability to connect to the “end”
•Major problem for people working from home or while travelling
•Any address translation might open the door to fake address translation and hacking thus potential security issues
© 2012 Global Information Highway Ltd
Version 201201.1 16
Network Address Translation
© 2012 Global Information Highway Ltd
It is impossible to connect remotelyto an “internal” address
Internet Traffic
Version 201201.1 17
Temporary solutions don’t work
In the future, communication will go both ways
© 2012 Global Information Highway Ltd
Version 201201.1 18
Future Solution – IPv6 everywhere
As more and more devices are connected•Computer•Telephone•MP3 player•Television
Every device has its own IP addressEvery device can be accessed directly
No need for translation
© 2012 Global Information Highway Ltd
Version 201201.1 19
IPv4 Space / December 2009
255254253252251250249248247246245244243242241240
239238237236235234233232231230229228227226225224
223222221220219218217216215214213212211210209208
207206205204203202201200199198197196195194193192
191190189188187186185184183182181180179178177176
175174173172171170169168167166165164163162161160
159158157156155154153152151150149148147146145144
143142141140139138137136135134133132131130129128
127126125124123122121120119118117116115114113112
11111010910810710610510410310210110099989796
95949392919089888786858483828180
79787776757473727170696867666564
63626160595857565554535251504948
47464544434241403938373635343332
31302928272625242322212019181716
1514131211109876543210
Reference: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
© 2012 Global Information Highway Ltd
Version 201201.1 20
IPv4 Space / October 2010
255254253252251250249248247246245244243242241240
239238237236235234233232231230229228227226225224
223222221220219218217216215214213212211210209208
207206205204203202201200199198197196195194193192
191190189188187186185184183182181180179178177176
175174173172171170169168167166165164163162161160
159158157156155154153152151150149148147146145144
143142141140139138137136135134133132131130129128
127126125124123122121120119118117116115114113112
11111010910810710610510410310210110099989796
95949392919089888786858483828180
79787776757473727170696867666564
63626160595857565554535251504948
47464544434241403938373635343332
31302928272625242322212019181716
1514131211109876543210
Reference: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
© 2012 Global Information Highway Ltd
Version 201201.1 21
Future Solution – IPv6 everywhere
In the future, communication will go both ways
© 2012 Global Information Highway Ltd
Version 201201.1 22
Future Solution – Internet everywhere
In the future, communication will go everywhere
© 2012 Global Information Highway Ltd
Version 201201.1 23
IPv6 examples
Emergency Alerts
© 2012 Global Information Highway Ltd
Version 201201.1 24
© 2012 Global Information Highway Ltd
Version 201201.1 25
© 2012 Global Information Highway Ltd
Version 201201.1 26
© 2012 Global Information Highway Ltd
Version 201201.1 27
IPv6 examples
Smart Grid – greener use of energy
© 2012 Global Information Highway Ltd
Version 201201.1 28
The Smart Grid
Source: US National Institute of Standards & Technology
© 2012 Global Information Highway Ltd
Version 201201.1 29
IPv6 examples
US Military
© 2012 Global Information Highway Ltd
Version 201201.1 30
IPv6 implementation in US Military
© 2012 Global Information Highway Ltd
Version 201201.1 31
© 2012 Global Information Highway Ltd
Version 201201.1 32
© 2012 Global Information Highway Ltd
Version 201201.1 33
Infrastructure required for
telecommunications
•Always connected “Data Glove” incorporating a fully networked personal digital assistant
•Possibility to consult pictures of area (like Google maps)
•Possibility to control drone aircraft directly
•Possibility to access remote cameras
•Helmet-mounted Webcam for each soldier
•Vital statistics of soldier (food/health/tiredness)
•GPS location device
•This is only addressable via IPv6
Source: US Army Natick Systems
© 2012 Global Information Highway Ltd
Version 201201.1 34
Infrastructure required for
telecommunications•Always connected Personal Digital Assistant:
•Mobile phone (Apple iPhone & iPad, Nokia, HTC etc.)
•Possibility to surf Web sites, but also use artificial intelligence for the digital assistant to automatically book tickets, shop, see pictures of area (like Google maps), to access remote cameras, and to find out about anything, anywhere. GPS location device with information about services. This is only addressable via IPv6!
•Law enforcement and civil protection
•Police can use all of these services, and more, to ensure the safety of the population. Firemen can coordinate information more easily. Ambulances and emergency services will know more information before arriving on scene.
•Always online - Everywhere
These are the applications of the
future
© 2012 Global Information Highway Ltd
Version 201201.1 35
So what is the future?
How do we build this?
© 2012 Global Information Highway Ltd
Version 201201.1 36
Internet Anytime, EverywhereA fully connected world
© 2012 Global Information Highway Ltd
Networking for the Future
IPv6 – a Technical Primer
© 2009 Global Information Highway Ltd
Version 201201.1
Dr. Olivier MJ Crépin-Leblond – [email protected]
Version 201201.1 38
IPv4 / IPv6 Table of Contents
� Why IPv6? Why not IPv4?
� What are the differences between IPv4 and IPv6?
� Address / Packet Structure
� Header
� Datagram
� Unicast / Multicast / Anycast
� Neighbour Discovery and DHCPv6
� Mobility
� IPSec / Security
© 2012 Global Information Highway Ltd
Version 201201.1 39
Differences between V.4 and V.6© 2012 Global Information Highway Ltd
Version 201201.1 40
IPv6 Key Features
© 2012 Global Information Highway Ltd
Version 201201.1 41
IPv4 and IPv6 Addressing
340,282,366,920, 938,463,463,374,607,431,
768,211,456
4,294,967,296 N°Addresses
2 x 10^1282 x 10^32N°Addresses
2001:0DB8:0123/48192.168.0.0/24Prefix Notation
Hexadecimal Notation
2001:0DB8:0123:4567:89AB:CDEF:0123:45
67
Dotted Decimal Notation
192.168.0.1
Address Format
128 Bit32 BitAddress Size
19991981Deployed
Internet Protocol IPv6Internet Protocol IPv4
© 2012 Global Information Highway Ltd
Version 201201.1 42
IPv4 and IPv6 Addressing
4,294,967,296
340,282,366,920,938,463,463,374,607,431,768,211,456
IP Version 4
IP Version 6
© 2012 Global Information Highway Ltd
Version 201201.1 43
IPv6 Space
IPv4: 4,294,967,296 addresses
IPv6: 340,282,366,920,938,463,463,374,607,431,770,000,000 possible addresses
50,000,000,000,000,000,000,000,000,000 addresses per human
© 2012 Global Information Highway Ltd
Version 201201.1 44
IPv4 and IPv6 Addressing
340,282,366,920,938,463,463,374,607,431,768,211,456
IP Version 6
48,611,766,702,991,209,066,196,372,490
With 7Bn people on Earth, N°addresses per person
Some of these addresses will be used by devices (the Internet of things)Some of these addresses will be used by internal addressing/protocol
It is still a lot of usable addresses
© 2012 Global Information Highway Ltd
Version 201201.1 45
Differences between IPv4 & IPv6
ManyUsually 1IP Addresses per interface
No NATBroken by NATPeer to Peer comm.
Mobile IPv6 MobilityExtensionMobility
Many more methodsManual or DHCPAddress Allocation
ExtendedBasicQuality of Service
IPSEC (Originally) Mandatory
IPSEC OptionalSecurity
2 x 10^1282 x 10^32N°Addresses
128 Bit32 BitAddress Size
Internet Protocol IPv6
Internet Protocol IPv4
© 2012 Global Information Highway Ltd
Version 201201.1 46
Overall Packet Structure
Link Layer Trailer
Application Protocol DataTransport Header
IP Header
Link Layer Header
© 2012 Global Information Highway Ltd
FiberPhysical
EthernetLink Layer
IPProtocol
TCP, UDP,…Transport
HTTPApplication
HTMLPresentation
Version 201201.1 47
Packet Structure / Datagram
Link Layer Trailer
Application Protocol DataTransport Header
IP Header
Link Layer Header
© 2012 Global Information Highway Ltd
FiberPhysical
EthernetLink Layer
IP (v4 or v6)Protocol
TCP, UDP,…Transport
HTTPApplication
HTMLPresentation
Version 201201.1 48
IPv4 and IPv6 Addressing© 2012 Global Information Highway Ltd
Version 201201.1 49
Streamlining of IPv6
� Fewer fields in the packet header
� Fixed size header- 40 octets (or bytes)
� No fragmentation in network
� No checksum processing
� Packet can be switched by flow label (Quality of Service possibility)
© 2012 Global Information Highway Ltd
Version 201201.1 50
No checksum Processing
© 2012 Global Information Highway Ltd
FiberPhysical
EthernetLink Layer
IPv6Protocol
TCP, UDP,…Transport
HTTPApplication
HTMLPresentation
Checksum: YES
Checksum: YES
Checksum: NO
Version 201201.1 51
IPv6 Header Fields© 2012 Global Information Highway Ltd
Version
4 bits long
IP Version = 4 for IPv4= 6 for IPv6
Traffic Class
8 bits long
Quality of Service Techniques:
Diffserv Code Points (DSCP)Congestion Notification (ECN)Called “Type of Service in IPv4
Version 201201.1 52
IPv6 Header Fields© 2012 Global Information Highway Ltd
Flow Label
20 bits long
Specific per flow processing of data Streams. This supports real-time datagram delivery and quality of service (QoS).Routers between the source and destination would treat traffic with the same datagram in a similar way.
For example, similar/minimal latency to Video packets.
Version 201201.1 53
IPv6 Header Fields© 2012 Global Information Highway Ltd
Payload Length
16 bits long
In IPv4: Total Length field
This is the size of the inner datagram, after the basic header (which itself is 40 bytes long).
Version 201201.1 54
IPv6 Header Fields© 2012 Global Information Highway Ltd
Next Header
8 bits long
Identification of Inner datagram
This serves the same purpose as the IPv4 “Protocol Field”, the identifying of data inside the payload of the IP datagram.
Codes are however extended to include the processing of options for Extension Headers(described later).
Hop Limit
8 bits long
Maximum Number of hops
In IPv4 this was called “TTL = Time to Live” and decreased at each hop.In IPv6 it is appropriately called
Version 201201.1 55
IPv6 Header Fields© 2012 Global Information Highway Ltd
Source and Destination
128 bits long
These are the Source and the Destination of the datagram.
The Source IP address is the originator of the datagram i.e. The device that originally sent the packetThe Destination IP address is the intended recipient of the packet i.e. the ultimate destination. Valid for Unicast, Multicast or Anycast
Version 201201.1 56
IPv6 Extension Headers© 2012 Global Information Highway Ltd
58ICMPv6 (like IPv4 “protocol” field)Upper Layer
17UDP (like IPv4 “protocol” field)Upper Layer
6TCP (like IPv4 “protocol” field)Upper Layer
59No Next Header(end)
135Mobility Header9
60Destination Options8
50Encapsulation Security Payload7
51Authentication Header6
44Fragment Header5
43Routing Header4
60Destination Options & Routing3
0Hop-by-Hop options2
-Basic IPv6 Header1
Next Header Code
Header TypeOrder
Version 201201.1 57
IPv6 Extension Headers© 2012 Global Information Highway Ltd
Version 201201.1 58
IPv6 Extension Headers© 2012 Global Information Highway Ltd
A few more examples of daisy-chained extension headers
Version 201201.1 59
Main Enhancements of IPv6 over IPv4
� Header: 40 byte instead of 20
� Daisy Chained extension headers
� Fragmentation only done by source nodes and has its own optional extension header
� No checksum in IPv6 header
� Path Maximum Transmission Unit (MTU)� IPv4: 576 bytes
� IPv6: 1280 bytes
� MTU size error is being reported back to source
� Path MTU Discovery mandatory and refined
© 2012 Global Information Highway Ltd
Version 201201.1 60
IPv6 Address shortening
2001:0DB8:0000:ABCD:0000:0000:0012:3456
2001:0db8:0000:abcd:0000:0000:0012:3456
2001:db8:0:abcd:0:0:12:3456
2001:db8:0:abcd::12:3456
© 2012 Global Information Highway Ltd
•Letters are case insensitive•Leading zeros in a field are optional•Successive fields of zeros
Version 201201.1 61
IPv6 Addressing
•Addresses have scope•Interfaces can have multiple addresses•Addresses have lifetime
2001:0DB8:0000:ABCD:0000:0000:0012:3456
© 2012 Global Information Highway Ltd
Version 201201.1 62
IPv6 Addresses have scope
2001:0DB8:0000:ABCD:0000:0000:0012:3456
© 2012 Global Information Highway Ltd
Global Unique Local Link local
Version 201201.1 63
Scope of address is physical
© 2012 Global Information Highway Ltd
Version 201201.1 64
IPv6 Type of Addresses
© 2012 Global Information Highway Ltd
Version 201201.1 65
IPv6 Host addresses
© 2012 Global Information Highway Ltd
Loopback address (used by the machine):0000:0000:0000:0000:0000:0000:0000:00010:0:0:0:0:0:0:1::1 ( this is like 127.0.0.1 in IPv4)
Unspecified: (used to define the default route)0:0:0:0:0:0:0:0::
This address is mandatory
Version 201201.1 66
IPv6 Link Local
© 2012 Global Information Highway Ltd
Link Local addresses are mandatory and start with fe80::They work only on the Link Layer and cannot be forwarded by a router. Their function is key to the automatic configuration of a host without a router or DHCP server. Just connect the hosts & bingo!Start: fe80::End: febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Version 201201.1 67
IPv6 Unique Local
© 2012 Global Information Highway Ltd
Unique Local addresses are optional Unicastaddresses that can be used within a site (like an intranet). They are not globally routed.
Start with fc00::End: fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Version 201201.1 68
IPv6 Global Unicast
© 2012 Global Information Highway Ltd
Global Unicast current assignment:
Start: 2000::End: 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
6to4 is a transition mechanism where IPv6 packets transit globally via IPv4.It has its own prefix 2002 with the rest of the address structure being slightly different
Version 201201.1 69
IPv6 Multicast
© 2012 Global Information Highway Ltd
Global Multicast current assignment:Start: ff00::End: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Field starts with ff<LS> where L and S are as follows:L = 0 for permanent group / 1 for temporary groupS = Scope bit: 1 - Interface; 2 – Link; 4 – Admin; 5 – Site; 8 = Organization; E = GlobalAll others: unassigned or reserved
Version 201201.1 70
IPv6 Global Unicast
© 2012 Global Information Highway Ltd
IPv4 mapped addresses:
Starts with 0:0:0:0:0:0:0:ffff -> ::ffff
An example of this would be:
::ffff:192.168.0.1
These addresses are not IPv6 routed & can be used within the kernel to show an IPv4 address
Version 201201.1 71
CIDR Blocks in IPv6
� CIDR is principally a bitwise, prefix-based standard for the interpretation of IP addresses. It facilitates routing by allowing blocks of addresses to be grouped into single routing table entries.
� It is used in IPv4 and in IPv6
� Since IPv6 have scope, it is particularly helpful to use CIDR
Global Unique Local Link local
© 2012 Global Information Highway Ltd
Version 201201.1 72
CIDR Blocks in IPv6© 2012 Global Information Highway Ltd
2001:0db8:0000:abcd:0000:0000:0012:3456
|||| |||| |||| |||| |||| |||| |||| ||||
|||| |||| |||| |||| |||| |||| |||| |||128 /128 Single end-points and
loopback
|||| |||| |||| |||64 /64 Single end-user LAN subnet (required prefix size
for stateless address autoconfiguration (SLAAC))
|||| |||| |||| ||60 /60 Some (very limited) 6rd deployments
|||| |||| |||| |56 /56 recommended Minimal end-site assignment
|||| |||| |||48 /48 recommended Typical assignment for home sites
|||| |||| 36 /36 possible future local Internet registry (LIR) extra-small
allocation
|||| |||32 /32 LIR minimum allocation
|||| ||28 /28 LIR medium allocation
|||| |24 /24 LIR large allocation
|||| 20 /20 LIR extra large allocation
||12 /12 Allocation to regional Internet registry by IANA[12]
Version 201201.1 73
CIDR Blocks in IPv6© 2012 Global Information Highway Ltd
2001:0db8:0000:abcd:0000:0000:0012:3456
|||| |||| |||| |||| |||| |||| |||| ||||
2001:0db8:0000:abcd:0000:0000:0012:3456/128 /128 Single end-points and
loopback
2001:0db8:0000:abcd/64 /64 Single end-user LAN subnet (required prefix size
for stateless address autoconfiguration (SLAAC))
2001:0db8:0000:abc/60 /60 Some (very limited) 6rd deployments
2001:0db8:0000:ab/56 /56 recommended Minimal end-site assignment
2001:0db8:0000/48 /48 recommended Typical assignment for home sites
2001:0db8:0/36 /36 possible future local Internet registry (LIR) extra-
small allocation
2001:0db8/32 /32 LIR minimum allocation
2001:0db/28 /28 LIR medium allocation
2001:0d/24 /24 LIR large allocation
2001:0/20 /20 LIR extra large allocation
200/12 /12 Allocation to regional Internet registry by IANA[12]
Version 201201.1 74
IPv6 Address Format
� Unicast Addressing
� Multicast Addressing
� What is multicast + Anycast
© 2012 Global Information Highway Ltd
Version 201201.1 75
Unicast Addresses
� To transmit data between nodes on the Internet
� One-to-one address
� Scope may be Global or Local
� Global for worldwide communication
� Local for communication within a site
� Every Site gets a /48
© 2012 Global Information Highway Ltd
Version 201201.1 76
Multicast Addresses
� Start with “ff” as leftmost octet� One-to-many address: ability to send a single
packet to possibly unlimited multiple destinations � This does not use “broadcast” like in IPv4.
Instead, recipients are part of the group’s scope� Ability to send a packet to all hosts on the attached link
� Ability to send a packet to the link-local all hosts multicast group
� Applications:� Emergency Services � Simultaneous database updating � Parallel computing � Real time news
© 2012 Global Information Highway Ltd
Version 201201.1 77
Multicast Addresses
� In IPv4 the scope of the multicast, using broadcast, was limited by the number of hops away from the emitter.
� In IPv6, the scope of the multicast is determined by the scope field:� 1 - Interface; � 2 – Link; � 4 – Admin; � 5 – Site; � 8 = Organization; � E = Global
� …and the group can be defined as permanent or temporary
© 2012 Global Information Highway Ltd
Version 201201.1 78
Multicast Addresses
DescriptionScopeAddress
Network Time Protocol (NTP)ff0x::101
Multicast DNSff0x::fb
DHCP Servers on the local net siteSiteff05::1:3
All DHCP routers on the local net siteSiteff05::1:2
PIM RoutersLinkff02::d
EIGRP RoutersLinkff02::a
RIP RoutersLinkff02::9
OFPF v3 Designated RoutersLinkff02::6
OSPF v3 SFP RoutersLinkff02::5
All routers on the linkLinkff02::2
All nodes on the linkLinkff02::1
All routers on the nodeInterfaceff01::2
All interfaces on the nodeInterfaceff01::1
© 2012 Global Information Highway Ltd
Version 201201.1 79
Unicast vs. Multicast
© 2012 Global Information Highway Ltd
Version 201201.1 80
© 2012 Global Information Highway Ltd
Version 201201.1 81
Anycast Addresses
� This is used to send a packet to multiple nodes which are not necessarily on the same subnet
� An Anycast address is the same Unicastaddress configured on multiple nodes:
� The routers will deliver the packet to the nearest node member of the Anycast group
� Currently used with DNS servers
© 2012 Global Information Highway Ltd
Version 201201.1 82
Anycast Addresses
3ffe:b00:1::5
3ffe:b00:1::5
3ffe:b00:1::5Routers know whereto route this data
© 2012 Global Information Highway Ltd
Version 201201.1 83
Many addresses on one node
On each interfaceMay be joinedMulticast groupany
For each multicast and any anycastaddress defined
Must be joinedSolicited node Multicast
1
On each interfaceMust be joinedAll-nodes Multicast1
On each interfaceMay be definedUnique-Localany
On each interfaceMay be definedUnicasts0 to many
On each nodeMust be definedLoopback (::1)1
On each interfaceMust be definedLink local (fe80::)1
ContextRequirementAddressQuantity
© 2012 Global Information Highway Ltd
Version 201201.1 84
IPv6 Multihoming2a00:19e8:10::3
2001:db8:abcd::3
2001:db8:abcd::/48
Site: 2a00:19e8:10::/48
2001:db8:::/322a00:19e8::/32
2a00:19e8:10::/48
2001:db8:abcd::1
2a00:19e8:10::12001:db8:abcd::/48
2a00:1
9e8:10
::/48
2001:db8:abcd::/48
2001:db8:abcd::2
2a00:19e8:10::1
Low Pref.Low
Pref.
High Pref.High Pref.
2001:db8:abcd::/48
2001:db8:abcd::2
2001:db8:::/32
2001:db8:abcd::/48
2001:db8:abcd::2
2001:db8:abcd::/48
2001:db8:::/32
2001:db8:abcd::/48
2001:db8:abcd::2
© 2012 Global Information Highway Ltd
Version 201201.1 85
Obtaining IPv6 addresses
� Manual setting up of IPv6 address. This is similar to IPv4
� 2 auto-configuration mechanisms in IPv6:
� Stateless: SLAAC (Stateless Address Auto-Configuration), based on ICMPv6 messages (Router Solicitation and Router Advertisement)
� Stateful: DHCPv6
� SLAAC is mandatory, while DHCPv6 is optional
� DHCPv6 works differently to IPv4 DHCP
© 2012 Global Information Highway Ltd
Version 201201.1 86
Stateless Address Auto-Configuration
� In SLAAC, constant “Router Advertisements” communicate configuration Information such as: � IPv6 prefixes to use for autoconfiguration� IPv6 routing information � Other configuration parameters (Hop Limit, MTU, etc.)
� This information is used, along with the Ethernet Unique Identifier (Eui64) address (and other information, in some cases), to create IPv6 addresses for the node
© 2012 Global Information Highway Ltd
Version 201201.1 87
Making up an Eui-64 address
© 2012 Global Information Highway Ltd
Version 201201.1 88
IPv6 Address Allocation
2001:db8:abcd::3
2001:db8:abcd:: + Eui-64fe80::290:27ff:fe17:fc0f2001:db8:abcd::290:27ff:fe17:fc0f
Manually allocated
Link-LocalRouter Advertisement
Site Prefix:2001:db8:abcd::/48
MAC: 00:90:27:17:FC:0FEui-64: 02 90 27 FF FE 17 FC 0F
© 2012 Global Information Highway Ltd
RA message withNetwork typeinformation
DAD = Duplicate Address Detection
Version 201201.1 89
IPv6 Address allocation using DHCPv6
© 2012 Global Information Highway Ltd
Link & Site Multicast used
Version 201201.1 90
Key differences between DHCPv4 and DHCPv6
© 2012 Global Information Highway Ltd
Better network config. management
The router using RA flags can control this
N/AManaged config. flag
More scalable use of DHCP
Multiple DHCP servers & addresses
N/AIdentity Association
Better network config. management
Server can ask clients to update
N/AReconfiguration message
Higher redundancy and easier to manage
Can use “all-DHCP-servers” on multicast
Needs static list of DHCP servers
Relay forwarding
More specific signalling
Link-local address of the client
0.0.0.0Source address of initial request
More specific signalling
Multicast to all-DHCP-agents
BroadcastDestination Address of Request
BenefitDHCPv6DHCPv4Feature
Version 201201.1 91
IPv6 Dynamic Naming System
� Quite similar to IPv4 DNSQuite similar to IPv4 DNSQuite similar to IPv4 DNSQuite similar to IPv4 DNS
� Forward DNSForward DNSForward DNSForward DNS
host1.example.com IN Ahost1.example.com IN Ahost1.example.com IN Ahost1.example.com IN A 192.168.0.2192.168.0.2192.168.0.2192.168.0.2
host1.example.com IN AAAAhost1.example.com IN AAAAhost1.example.com IN AAAAhost1.example.com IN AAAA 2001:db8:0:abcd::12:34562001:db8:0:abcd::12:34562001:db8:0:abcd::12:34562001:db8:0:abcd::12:3456
� Reverse DNSReverse DNSReverse DNSReverse DNS
1.0.160.192.in1.0.160.192.in1.0.160.192.in1.0.160.192.in----addr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.com
6.5.4.36.5.4.36.5.4.36.5.4.3....2.1.0.02.1.0.02.1.0.02.1.0.0....0.0.0.00.0.0.00.0.0.00.0.0.0....0.0.0.00.0.0.00.0.0.00.0.0.0....d.c.b.ad.c.b.ad.c.b.ad.c.b.a....0.0.0.00.0.0.00.0.0.00.0.0.0....8.b.d.08.b.d.08.b.d.08.b.d.0....1.0.0.21.0.0.21.0.0.21.0.0.2....
....ip6.arpaip6.arpaip6.arpaip6.arpa
Tools exist to write the reverse DNSTools exist to write the reverse DNSTools exist to write the reverse DNSTools exist to write the reverse DNS
© 2012 Global Information Highway Ltd
Version 201201.1 92
Mobility / Mobile IP
� IPv4 already had extensions called IPv4 mobility
� IPv6 has similar extensions that are a lot more developed than the IPv4 equivalent since they run on IPv6.
© 2012 Global Information Highway Ltd
New ICMPv6 (Internet Control Message Protocol)
New Neighbour Discovery
New home address option for destination header
New extended routing header
New mobility options to include in mobility signalling
Version 201201.1 93
Mobility / Mobile IP
HomeAgent
Correspondent Node
Mobile NodeAt home
© 2012 Global Information Highway Ltd
Connects toMobile NodeAt Home
This is a router
Version 201201.1 94
Mobility / Mobile IP
HomeAgent
Correspondent Node
Mobile NodeAt home
Mobile Node
© 2012 Global Information Highway Ltd
Tells Home Agentwhere it is
Version 201201.1 95
Mobility / Mobile IP
HomeAgent
Correspondent Node
Mobile Node
© 2012 Global Information Highway Ltd
Tells Home Agentwhere it is
Home Agentforwards packetsTo Mobile Node Mobile Node
answers directlyBack to Correspondent
Version 201201.1 96
Mobility / Mobile IP
HomeAgent
Correspondent Node
Mobile Nodeat home
Mobile Node
© 2012 Global Information Highway Ltd
Mobile Node
The use of ICPMv6as well as other features of IPv6allows for fasterroaming and morefeatures in IPv6Mobile IP.
Version 201201.1 97
IPv6 Extension Headers -> IPSec© 2012 Global Information Highway Ltd
Daisy-chained extension headers
50Encapsulation Security Payload7
51Authentication Header6
Version 201201.1 98
IPSec on IPv6: end to end security
© 2012 Global Information Highway Ltd
Encryption using Key
Version 201201.1 99
Router A adds ESP header
© 2012 Global Information Highway Ltd
EncapsulationSecurityPayload
Version 201201.1 100
Router A adds AH header© 2012 Global Information Highway Ltd
AuthenticationHeader
Version 201201.1 101
Transmission of data on Internet© 2012 Global Information Highway Ltd
Router A encapsulatesthe packet into a newpacket and sends it to
Router B.
Version 201201.1 102
Router B receives the packet© 2012 Global Information Highway Ltd
Router B receives thepacket and removes
the AH
Version 201201.1 103
Router B removes the ESP© 2012 Global Information Highway Ltd
EncapsulationSecurityPayload
Version 201201.1 104
Host B receives original information© 2012 Global Information Highway Ltd
Version 201201.1 105
IPSec on IPv6: end to end security
© 2012 Global Information Highway Ltd
Version 201201.1 106
Transition Security Problem Example
IPv4 or IPv6Address spoofing
© 2012 Global Information Highway Ltd
Version 201201.1 107
Click to add title
Click to add text
Version 201201.1 108
The power of Developers
� The key to IPv6 success will be developers
� New services
� New applications
� The ubiquitous network
� Always on
� Everywhere
© 2012 Global Information Highway Ltd
Version 201201.1 109
The power of Developers
� The key to IPv6 success will be developers
� New services
� New applications
� The ubiquitous network
� Always on
� Everywhere
© 2012 Global Information Highway Ltd
Networking for the Future
Thank You / Questions ?
© 2009 Global Information Highway Ltd
Version 201201.1
With thanks to Dr. Alaa AL-Din AL-Radhi for some visuals.