ipv6 required - icca pondicherry 31 jan 2012

Networking for the Future

Part 1: Why do we need IPv6?

Part 2: IPv6 – A Technical Primer

© 2009 Global Information Highway Ltd

Version 201201.1

Dr. Olivier MJ Crépin-Leblond – [email protected] ’12 – Pondicherry – 31 January 2012

Version 201201.1 2

IPv4 / IPv6 Table of Contents

� Why IPv6? Why not IPv4?

� What are the differences between IPv4 and IPv6?

� Address / Packet Structure

� Header

� Datagram

� Unicast / Multicast / Anycast

� Neighbour Discovery and DHCPv6

� Mobility

� IPSec / Security


Version 201201.1 3

What is an IP Address?

Domain Name: www.isoc.org

DNS Server

IPv4 Address: 212.110.167.157

Domain Names are identifiers

that you type in your Web

Browser, your E-mail etc.

DNS Servers translate this

Domain Name into an

address that is made up of

numbers

Every device that is

connected to the Internet

needs its Internet Protocol

(IP) address

translation

www.google.com

www.yahoo.com


Version 201201.1 4

We are running out of IPv4 addresses

� Each device (computer, phone etc.) connected to the Internet needs an Internet Protocol (IP) address.

� If we have 10 addresses only, how do we connect 11 computers?

We cannot do that.

� This is the point which we are about to reach.

“Internet Protocol”


Version 201201.1 5


World Connectivity vs Population

Population Size

6 767 805 208

N° Internet Users

1 733 993 741

Population Size

N° Internet Users

Middle East Connectivity vs Population

Population Size

202 687 005

N° Internet Users

57 425 046

Population Size

N° Internet Users

6.7 Billion people on earth

1.7 Bn Internet users in 2009

More ways to access the Internet

“Internet Protocol”


Version 201201.1 6


When we reach this point, it will be too late since there will be no more free IP addresses!

Real time data collected 1 Mar 2010

today


Version 201201.1 7


When we reach this point, it will be too late since there will be no more “free” IPv4 addresses!

Real time data collected September 2011

http://www.potaroo.net/tools/ipv4/index.html


Version 201201.1 8

Current temporary solutions

An end user “pulls” the information to them from the network

Network Address Translation


Version 201201.1 9

Current temporary solutions


As more and more devices are connected•Computer•Telephone•MP3 player•Television

It becomes impossible for the translation box to serve all the services for 1 public IP address


Version 201201.1 10

How about Carrier Grade NAT?

� The Internet is based on a layered, end-to-end model that allows people at each level of the network to innovate free of any central control. By placing intelligence at the edges rather than control in the middle of the network, the Internet has created a platform for innovation.

Quotes – Vinton Cerf

US Scientist, widely known as one of the Fathers of the Internet


Version 201201.1 11

The original Internet Architecture


User-Centric Internet

Can be severalrouters at various“entry” points withresilient routes

Any connected device could be a “client” or a “server”

Version 201201.1 12

The Internet Architecture Version 2


User-Centric Internet

Local NAT

NAT = Network Address Translation

Version 201201.1 13

Adding Carrier-Grade NAT


CG-NAT CG-NAT

Single point of failureat Carrier Level

Server Only Client Only

The Network-CentricInternet

Version 201201.1 14

Carrier Grade NAT


•Single point of failure•Need to use application-level filtering to inspect application protocol packets and modify them on the fly•Violates TCP states (usually performed by end nodes•Hard recovery for link flapping (multiple routes)


Version 201201.1 15

Carrier Grade NAT

•Hides complete parts of the DNS due to impossibility of connecting to specific host•Difficulty in establishing end to end VPN tunnels due to inability to connect to the “end”

•Major problem for people working from home or while travelling

•Any address translation might open the door to fake address translation and hacking thus potential security issues


Version 201201.1 16



It is impossible to connect remotelyto an “internal” address

Internet Traffic

Version 201201.1 17

Temporary solutions don’t work

In the future, communication will go both ways


Version 201201.1 18

Future Solution – IPv6 everywhere

As more and more devices are connected•Computer•Telephone•MP3 player•Television

Every device has its own IP addressEvery device can be accessed directly

No need for translation


Version 201201.1 19

IPv4 Space / December 2009

255254253252251250249248247246245244243242241240

239238237236235234233232231230229228227226225224

223222221220219218217216215214213212211210209208

207206205204203202201200199198197196195194193192

191190189188187186185184183182181180179178177176

175174173172171170169168167166165164163162161160

159158157156155154153152151150149148147146145144

143142141140139138137136135134133132131130129128

127126125124123122121120119118117116115114113112

11111010910810710610510410310210110099989796

95949392919089888786858483828180

79787776757473727170696867666564

63626160595857565554535251504948

47464544434241403938373635343332

31302928272625242322212019181716

1514131211109876543210

Reference: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml


Version 201201.1 20

IPv4 Space / October 2010

255254253252251250249248247246245244243242241240

239238237236235234233232231230229228227226225224

223222221220219218217216215214213212211210209208

207206205204203202201200199198197196195194193192

191190189188187186185184183182181180179178177176

175174173172171170169168167166165164163162161160

159158157156155154153152151150149148147146145144

143142141140139138137136135134133132131130129128

127126125124123122121120119118117116115114113112

11111010910810710610510410310210110099989796

95949392919089888786858483828180

79787776757473727170696867666564

63626160595857565554535251504948

47464544434241403938373635343332

31302928272625242322212019181716

1514131211109876543210

Reference: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml


Version 201201.1 21

Future Solution – IPv6 everywhere

In the future, communication will go both ways


Version 201201.1 22

Future Solution – Internet everywhere

In the future, communication will go everywhere


Version 201201.1 23

IPv6 examples

Emergency Alerts


Version 201201.1 24


Version 201201.1 25


Version 201201.1 26


Version 201201.1 27

IPv6 examples

Smart Grid – greener use of energy


Version 201201.1 28

The Smart Grid

Source: US National Institute of Standards & Technology


Version 201201.1 29

IPv6 examples

US Military


Version 201201.1 30

IPv6 implementation in US Military


Version 201201.1 31


Version 201201.1 32


Version 201201.1 33

Infrastructure required for

telecommunications

•Always connected “Data Glove” incorporating a fully networked personal digital assistant

•Possibility to consult pictures of area (like Google maps)

•Possibility to control drone aircraft directly

•Possibility to access remote cameras

•Helmet-mounted Webcam for each soldier

•Vital statistics of soldier (food/health/tiredness)

•GPS location device

•This is only addressable via IPv6

Source: US Army Natick Systems


Version 201201.1 34

Infrastructure required for

telecommunications•Always connected Personal Digital Assistant:

•Mobile phone (Apple iPhone & iPad, Nokia, HTC etc.)

•Possibility to surf Web sites, but also use artificial intelligence for the digital assistant to automatically book tickets, shop, see pictures of area (like Google maps), to access remote cameras, and to find out about anything, anywhere. GPS location device with information about services. This is only addressable via IPv6!

•Law enforcement and civil protection

•Police can use all of these services, and more, to ensure the safety of the population. Firemen can coordinate information more easily. Ambulances and emergency services will know more information before arriving on scene.

•Always online - Everywhere

These are the applications of the

future


Version 201201.1 35

So what is the future?

How do we build this?


Version 201201.1 36

Internet Anytime, EverywhereA fully connected world



IPv6 – a Technical Primer


Version 201201.1

Dr. Olivier MJ Crépin-Leblond – [email protected]

Version 201201.1 38

IPv4 / IPv6 Table of Contents

� Why IPv6? Why not IPv4?

� What are the differences between IPv4 and IPv6?

� Address / Packet Structure

� Header

� Datagram

� Unicast / Multicast / Anycast

� Neighbour Discovery and DHCPv6

� Mobility

� IPSec / Security


Version 201201.1 40

IPv6 Key Features


Version 201201.1 41

IPv4 and IPv6 Addressing

340,282,366,920, 938,463,463,374,607,431,

768,211,456

4,294,967,296 N°Addresses

2 x 10^1282 x 10^32N°Addresses

2001:0DB8:0123/48192.168.0.0/24Prefix Notation

Hexadecimal Notation

2001:0DB8:0123:4567:89AB:CDEF:0123:45

67

Dotted Decimal Notation

192.168.0.1

Address Format

128 Bit32 BitAddress Size

19991981Deployed

Internet Protocol IPv6Internet Protocol IPv4


Version 201201.1 42


4,294,967,296

340,282,366,920,938,463,463,374,607,431,768,211,456

IP Version 4

IP Version 6


Version 201201.1 43

IPv6 Space

IPv4: 4,294,967,296 addresses

IPv6: 340,282,366,920,938,463,463,374,607,431,770,000,000 possible addresses

50,000,000,000,000,000,000,000,000,000 addresses per human


Version 201201.1 44


340,282,366,920,938,463,463,374,607,431,768,211,456

IP Version 6

48,611,766,702,991,209,066,196,372,490

With 7Bn people on Earth, N°addresses per person

Some of these addresses will be used by devices (the Internet of things)Some of these addresses will be used by internal addressing/protocol

It is still a lot of usable addresses


Version 201201.1 45

Differences between IPv4 & IPv6

ManyUsually 1IP Addresses per interface

No NATBroken by NATPeer to Peer comm.

Mobile IPv6 MobilityExtensionMobility

Many more methodsManual or DHCPAddress Allocation

ExtendedBasicQuality of Service

IPSEC (Originally) Mandatory

IPSEC OptionalSecurity

2 x 10^1282 x 10^32N°Addresses

128 Bit32 BitAddress Size

Internet Protocol IPv6

Internet Protocol IPv4


Version 201201.1 46

Overall Packet Structure

Link Layer Trailer

Application Protocol DataTransport Header

IP Header

Link Layer Header


FiberPhysical

EthernetLink Layer

IPProtocol

TCP, UDP,…Transport

HTTPApplication

HTMLPresentation

Version 201201.1 47

Packet Structure / Datagram

Link Layer Trailer

Application Protocol DataTransport Header

IP Header

Link Layer Header


FiberPhysical

EthernetLink Layer

IP (v4 or v6)Protocol


HTTPApplication

HTMLPresentation

Version 201201.1 49

Streamlining of IPv6

� Fewer fields in the packet header

� Fixed size header- 40 octets (or bytes)

� No fragmentation in network

� No checksum processing

� Packet can be switched by flow label (Quality of Service possibility)


Version 201201.1 50

No checksum Processing


FiberPhysical

EthernetLink Layer

IPv6Protocol


HTTPApplication

HTMLPresentation

Checksum: YES

Checksum: YES

Checksum: NO

Version 201201.1 51

IPv6 Header Fields© 2012 Global Information Highway Ltd

Version

4 bits long

IP Version = 4 for IPv4= 6 for IPv6

Traffic Class

8 bits long

Quality of Service Techniques:

Diffserv Code Points (DSCP)Congestion Notification (ECN)Called “Type of Service in IPv4

Version 201201.1 52


Flow Label

20 bits long

Specific per flow processing of data Streams. This supports real-time datagram delivery and quality of service (QoS).Routers between the source and destination would treat traffic with the same datagram in a similar way.

For example, similar/minimal latency to Video packets.

Version 201201.1 53


Payload Length

16 bits long

In IPv4: Total Length field

This is the size of the inner datagram, after the basic header (which itself is 40 bytes long).

Version 201201.1 54


Next Header

8 bits long

Identification of Inner datagram

This serves the same purpose as the IPv4 “Protocol Field”, the identifying of data inside the payload of the IP datagram.

Codes are however extended to include the processing of options for Extension Headers(described later).

Hop Limit

8 bits long

Maximum Number of hops

In IPv4 this was called “TTL = Time to Live” and decreased at each hop.In IPv6 it is appropriately called

Version 201201.1 55


Source and Destination

128 bits long

These are the Source and the Destination of the datagram.

The Source IP address is the originator of the datagram i.e. The device that originally sent the packetThe Destination IP address is the intended recipient of the packet i.e. the ultimate destination. Valid for Unicast, Multicast or Anycast

Version 201201.1 56

IPv6 Extension Headers© 2012 Global Information Highway Ltd

58ICMPv6 (like IPv4 “protocol” field)Upper Layer

17UDP (like IPv4 “protocol” field)Upper Layer

6TCP (like IPv4 “protocol” field)Upper Layer

59No Next Header(end)

135Mobility Header9

60Destination Options8

50Encapsulation Security Payload7

51Authentication Header6

44Fragment Header5

43Routing Header4

60Destination Options & Routing3

0Hop-by-Hop options2

-Basic IPv6 Header1

Next Header Code

Header TypeOrder

Version 201201.1 57


Version 201201.1 58


A few more examples of daisy-chained extension headers

Version 201201.1 59

Main Enhancements of IPv6 over IPv4

� Header: 40 byte instead of 20

� Daisy Chained extension headers

� Fragmentation only done by source nodes and has its own optional extension header

� No checksum in IPv6 header

� Path Maximum Transmission Unit (MTU)� IPv4: 576 bytes

� IPv6: 1280 bytes

� MTU size error is being reported back to source

� Path MTU Discovery mandatory and refined


Version 201201.1 60

IPv6 Address shortening

2001:0DB8:0000:ABCD:0000:0000:0012:3456

2001:0db8:0000:abcd:0000:0000:0012:3456

2001:db8:0:abcd:0:0:12:3456

2001:db8:0:abcd::12:3456


•Letters are case insensitive•Leading zeros in a field are optional•Successive fields of zeros

Version 201201.1 61

IPv6 Addressing

•Addresses have scope•Interfaces can have multiple addresses•Addresses have lifetime

2001:0DB8:0000:ABCD:0000:0000:0012:3456


Version 201201.1 62

IPv6 Addresses have scope

2001:0DB8:0000:ABCD:0000:0000:0012:3456


Global Unique Local Link local

Version 201201.1 63

Scope of address is physical


Version 201201.1 64

IPv6 Type of Addresses


Version 201201.1 65

IPv6 Host addresses


Loopback address (used by the machine):0000:0000:0000:0000:0000:0000:0000:00010:0:0:0:0:0:0:1::1 ( this is like 127.0.0.1 in IPv4)

Unspecified: (used to define the default route)0:0:0:0:0:0:0:0::

This address is mandatory

Version 201201.1 66

IPv6 Link Local


Link Local addresses are mandatory and start with fe80::They work only on the Link Layer and cannot be forwarded by a router. Their function is key to the automatic configuration of a host without a router or DHCP server. Just connect the hosts & bingo!Start: fe80::End: febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Version 201201.1 67

IPv6 Unique Local


Unique Local addresses are optional Unicastaddresses that can be used within a site (like an intranet). They are not globally routed.

Start with fc00::End: fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Version 201201.1 68

IPv6 Global Unicast


Global Unicast current assignment:

Start: 2000::End: 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

6to4 is a transition mechanism where IPv6 packets transit globally via IPv4.It has its own prefix 2002 with the rest of the address structure being slightly different

Version 201201.1 69

IPv6 Multicast


Global Multicast current assignment:Start: ff00::End: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Field starts with ff<LS> where L and S are as follows:L = 0 for permanent group / 1 for temporary groupS = Scope bit: 1 - Interface; 2 – Link; 4 – Admin; 5 – Site; 8 = Organization; E = GlobalAll others: unassigned or reserved

Version 201201.1 70

IPv6 Global Unicast


IPv4 mapped addresses:

Starts with 0:0:0:0:0:0:0:ffff -> ::ffff

An example of this would be:

::ffff:192.168.0.1

These addresses are not IPv6 routed & can be used within the kernel to show an IPv4 address

Version 201201.1 71

CIDR Blocks in IPv6

� CIDR is principally a bitwise, prefix-based standard for the interpretation of IP addresses. It facilitates routing by allowing blocks of addresses to be grouped into single routing table entries.

� It is used in IPv4 and in IPv6

� Since IPv6 have scope, it is particularly helpful to use CIDR

Global Unique Local Link local


Version 201201.1 72

CIDR Blocks in IPv6© 2012 Global Information Highway Ltd

2001:0db8:0000:abcd:0000:0000:0012:3456

|||| |||| |||| |||| |||| |||| |||| ||||

|||| |||| |||| |||| |||| |||| |||| |||128 /128 Single end-points and

loopback

|||| |||| |||| |||64 /64 Single end-user LAN subnet (required prefix size

for stateless address autoconfiguration (SLAAC))

|||| |||| |||| ||60 /60 Some (very limited) 6rd deployments

|||| |||| |||| |56 /56 recommended Minimal end-site assignment

|||| |||| |||48 /48 recommended Typical assignment for home sites

|||| |||| 36 /36 possible future local Internet registry (LIR) extra-small

allocation

|||| |||32 /32 LIR minimum allocation

|||| ||28 /28 LIR medium allocation

|||| |24 /24 LIR large allocation

|||| 20 /20 LIR extra large allocation

||12 /12 Allocation to regional Internet registry by IANA[12]

Version 201201.1 73

CIDR Blocks in IPv6© 2012 Global Information Highway Ltd

2001:0db8:0000:abcd:0000:0000:0012:3456

|||| |||| |||| |||| |||| |||| |||| ||||

2001:0db8:0000:abcd:0000:0000:0012:3456/128 /128 Single end-points and

loopback

2001:0db8:0000:abcd/64 /64 Single end-user LAN subnet (required prefix size

for stateless address autoconfiguration (SLAAC))

2001:0db8:0000:abc/60 /60 Some (very limited) 6rd deployments

2001:0db8:0000:ab/56 /56 recommended Minimal end-site assignment

2001:0db8:0000/48 /48 recommended Typical assignment for home sites

2001:0db8:0/36 /36 possible future local Internet registry (LIR) extra-

small allocation

2001:0db8/32 /32 LIR minimum allocation

2001:0db/28 /28 LIR medium allocation

2001:0d/24 /24 LIR large allocation

2001:0/20 /20 LIR extra large allocation

200/12 /12 Allocation to regional Internet registry by IANA[12]

Version 201201.1 74

IPv6 Address Format

� Unicast Addressing

� Multicast Addressing

� What is multicast + Anycast


Version 201201.1 75

Unicast Addresses

� To transmit data between nodes on the Internet

� One-to-one address

� Scope may be Global or Local

� Global for worldwide communication

� Local for communication within a site

� Every Site gets a /48


Version 201201.1 76

Multicast Addresses

� Start with “ff” as leftmost octet� One-to-many address: ability to send a single

packet to possibly unlimited multiple destinations � This does not use “broadcast” like in IPv4.

Instead, recipients are part of the group’s scope� Ability to send a packet to all hosts on the attached link

� Ability to send a packet to the link-local all hosts multicast group

� Applications:� Emergency Services � Simultaneous database updating � Parallel computing � Real time news


Version 201201.1 77

Multicast Addresses

� In IPv4 the scope of the multicast, using broadcast, was limited by the number of hops away from the emitter.

� In IPv6, the scope of the multicast is determined by the scope field:� 1 - Interface; � 2 – Link; � 4 – Admin; � 5 – Site; � 8 = Organization; � E = Global

� …and the group can be defined as permanent or temporary


Version 201201.1 78

Multicast Addresses

DescriptionScopeAddress

Network Time Protocol (NTP)ff0x::101

Multicast DNSff0x::fb

DHCP Servers on the local net siteSiteff05::1:3

All DHCP routers on the local net siteSiteff05::1:2

PIM RoutersLinkff02::d

EIGRP RoutersLinkff02::a

RIP RoutersLinkff02::9

OFPF v3 Designated RoutersLinkff02::6

OSPF v3 SFP RoutersLinkff02::5

All routers on the linkLinkff02::2

All nodes on the linkLinkff02::1

All routers on the nodeInterfaceff01::2

All interfaces on the nodeInterfaceff01::1


Version 201201.1 79

Unicast vs. Multicast


Version 201201.1 80


Version 201201.1 81

Anycast Addresses

� This is used to send a packet to multiple nodes which are not necessarily on the same subnet

� An Anycast address is the same Unicastaddress configured on multiple nodes:

� The routers will deliver the packet to the nearest node member of the Anycast group

� Currently used with DNS servers


Version 201201.1 82

Anycast Addresses

3ffe:b00:1::5

3ffe:b00:1::5

3ffe:b00:1::5Routers know whereto route this data


Version 201201.1 83

Many addresses on one node

On each interfaceMay be joinedMulticast groupany

For each multicast and any anycastaddress defined

Must be joinedSolicited node Multicast

1

On each interfaceMust be joinedAll-nodes Multicast1

On each interfaceMay be definedUnique-Localany

On each interfaceMay be definedUnicasts0 to many

On each nodeMust be definedLoopback (::1)1

On each interfaceMust be definedLink local (fe80::)1

ContextRequirementAddressQuantity


Version 201201.1 84

IPv6 Multihoming2a00:19e8:10::3

2001:db8:abcd::3

2001:db8:abcd::/48

Site: 2a00:19e8:10::/48

2001:db8:::/322a00:19e8::/32

2a00:19e8:10::/48

2001:db8:abcd::1

2a00:19e8:10::12001:db8:abcd::/48

2a00:1

9e8:10

::/48

2001:db8:abcd::/48

2001:db8:abcd::2

2a00:19e8:10::1

Low Pref.Low

Pref.

High Pref.High Pref.

2001:db8:abcd::/48

2001:db8:abcd::2

2001:db8:::/32

2001:db8:abcd::/48

2001:db8:abcd::2

2001:db8:abcd::/48

2001:db8:::/32

2001:db8:abcd::/48

2001:db8:abcd::2


Version 201201.1 85

Obtaining IPv6 addresses

� Manual setting up of IPv6 address. This is similar to IPv4

� 2 auto-configuration mechanisms in IPv6:

� Stateless: SLAAC (Stateless Address Auto-Configuration), based on ICMPv6 messages (Router Solicitation and Router Advertisement)

� Stateful: DHCPv6

� SLAAC is mandatory, while DHCPv6 is optional

� DHCPv6 works differently to IPv4 DHCP


Version 201201.1 86

Stateless Address Auto-Configuration

� In SLAAC, constant “Router Advertisements” communicate configuration Information such as: � IPv6 prefixes to use for autoconfiguration� IPv6 routing information � Other configuration parameters (Hop Limit, MTU, etc.)

� This information is used, along with the Ethernet Unique Identifier (Eui64) address (and other information, in some cases), to create IPv6 addresses for the node


Version 201201.1 87

Making up an Eui-64 address


Version 201201.1 88

IPv6 Address Allocation

2001:db8:abcd::3

2001:db8:abcd:: + Eui-64fe80::290:27ff:fe17:fc0f2001:db8:abcd::290:27ff:fe17:fc0f

Manually allocated

Link-LocalRouter Advertisement

Site Prefix:2001:db8:abcd::/48

MAC: 00:90:27:17:FC:0FEui-64: 02 90 27 FF FE 17 FC 0F


RA message withNetwork typeinformation

DAD = Duplicate Address Detection

Version 201201.1 89

IPv6 Address allocation using DHCPv6


Link & Site Multicast used

Version 201201.1 90

Key differences between DHCPv4 and DHCPv6


Better network config. management

The router using RA flags can control this

N/AManaged config. flag

More scalable use of DHCP

Multiple DHCP servers & addresses

N/AIdentity Association

Better network config. management

Server can ask clients to update

N/AReconfiguration message

Higher redundancy and easier to manage

Can use “all-DHCP-servers” on multicast

Needs static list of DHCP servers

Relay forwarding

More specific signalling

Link-local address of the client

0.0.0.0Source address of initial request

More specific signalling

Multicast to all-DHCP-agents

BroadcastDestination Address of Request

BenefitDHCPv6DHCPv4Feature

Version 201201.1 91

IPv6 Dynamic Naming System

� Quite similar to IPv4 DNSQuite similar to IPv4 DNSQuite similar to IPv4 DNSQuite similar to IPv4 DNS

� Forward DNSForward DNSForward DNSForward DNS

host1.example.com IN Ahost1.example.com IN Ahost1.example.com IN Ahost1.example.com IN A 192.168.0.2192.168.0.2192.168.0.2192.168.0.2

host1.example.com IN AAAAhost1.example.com IN AAAAhost1.example.com IN AAAAhost1.example.com IN AAAA 2001:db8:0:abcd::12:34562001:db8:0:abcd::12:34562001:db8:0:abcd::12:34562001:db8:0:abcd::12:3456

� Reverse DNSReverse DNSReverse DNSReverse DNS

1.0.160.192.in1.0.160.192.in1.0.160.192.in1.0.160.192.in----addr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.comaddr.arpa IN PTR host1.example.com

6.5.4.36.5.4.36.5.4.36.5.4.3....2.1.0.02.1.0.02.1.0.02.1.0.0....0.0.0.00.0.0.00.0.0.00.0.0.0....0.0.0.00.0.0.00.0.0.00.0.0.0....d.c.b.ad.c.b.ad.c.b.ad.c.b.a....0.0.0.00.0.0.00.0.0.00.0.0.0....8.b.d.08.b.d.08.b.d.08.b.d.0....1.0.0.21.0.0.21.0.0.21.0.0.2....

....ip6.arpaip6.arpaip6.arpaip6.arpa

Tools exist to write the reverse DNSTools exist to write the reverse DNSTools exist to write the reverse DNSTools exist to write the reverse DNS


Version 201201.1 92

Mobility / Mobile IP

� IPv4 already had extensions called IPv4 mobility

� IPv6 has similar extensions that are a lot more developed than the IPv4 equivalent since they run on IPv6.


New ICMPv6 (Internet Control Message Protocol)

New Neighbour Discovery

New home address option for destination header

New extended routing header

New mobility options to include in mobility signalling

Version 201201.1 93


HomeAgent

Correspondent Node

Mobile NodeAt home


Connects toMobile NodeAt Home

This is a router

Version 201201.1 94


HomeAgent

Correspondent Node

Mobile NodeAt home

Mobile Node


Tells Home Agentwhere it is

Version 201201.1 95


HomeAgent

Correspondent Node

Mobile Node


Tells Home Agentwhere it is

Home Agentforwards packetsTo Mobile Node Mobile Node

answers directlyBack to Correspondent

Version 201201.1 96


HomeAgent

Correspondent Node

Mobile Nodeat home

Mobile Node


Mobile Node

The use of ICPMv6as well as other features of IPv6allows for fasterroaming and morefeatures in IPv6Mobile IP.

Version 201201.1 97

IPv6 Extension Headers -> IPSec© 2012 Global Information Highway Ltd

Daisy-chained extension headers

50Encapsulation Security Payload7

51Authentication Header6

Version 201201.1 98

IPSec on IPv6: end to end security


Encryption using Key

Version 201201.1 99

Router A adds ESP header


EncapsulationSecurityPayload

Version 201201.1 101

Transmission of data on Internet© 2012 Global Information Highway Ltd

Router A encapsulatesthe packet into a newpacket and sends it to

Router B.

Version 201201.1 102

Router B receives the packet© 2012 Global Information Highway Ltd

Router B receives thepacket and removes

the AH

Version 201201.1 105

IPSec on IPv6: end to end security


Version 201201.1 106

Transition Security Problem Example

IPv4 or IPv6Address spoofing


Version 201201.1 107

Click to add title

Click to add text

Version 201201.1 108

The power of Developers

� The key to IPv6 success will be developers

� New services

� New applications

� The ubiquitous network

� Always on

� Everywhere


Version 201201.1 109

The power of Developers

� The key to IPv6 success will be developers

� New services

� New applications

� The ubiquitous network

� Always on

� Everywhere



Thank You / Questions ?


Version 201201.1

With thanks to Dr. Alaa AL-Din AL-Radhi for some visuals.

ipv6 required - icca pondicherry 31 jan 2012

Documents

internal address version

translation version

isipv4 address

internetthe internet

original internet architecture

bn internet users

free ipv4 addresses

free ip addresses