Why IPv6_anand
advertisement
Top 10 Features that make IPv6 'greater' than IPv4 Introduction It has now been close to 30 years since the current Internet Protocol Version 4 - IPv4 - was implemented as the underlying protocol for the Internet. While it has served its purpose admirably for all these years, with an ever expanding user base and a growing number of IPenabled devices, there are serious concerns about it's limited feature set as well as robustness not to mention the all important factor, scalability. The Internet Protocol Version - IPv6 - is being developed as a critical technology meant to address all those concerns. It is expected to not only provide better services for existing technologies and applications but also meet growing demands of new devices like cellular phones, and IP-based services, such as online gaming and Voice over Internet Protocol (VoIP). #1) IPv6 provides a substantially larger IP address space than IPv4 Every computer or online device that needs to connect to the Internet requires a globally unique IP address. IPv4 uses 32 bits for an IP address that allows about 4 billion unique IP addresses. When IPv4 was introduced in the 1970s and accepted as the protocol for the Internet, they did not foresee this explosion in the popularity of the Internet or the extent to which online technologies would become all pervasive. It was therefore firmly believed that these 4 billion addresses would be sufficient to cover any future growth of the Internet. To give an analogy, consider a mailman having to deliver a letter to the correct person in a community. As long as each one of the residents has a unique identifiable address, the mailman will have no trouble in identifying the address and delivering mail to the right individual. IPv4 address status Unavailable 12% Available 7% Allotted 81% Challenge to IPv4 Carrying our analogy forward a little more, let us now imagine our community to expand so much that it is not possible to give each individual a unique address. One solution could be that one group of individuals is given a unique address, from where the mailman is directed to the address of the specific individual. As a result, tracking a person and delivering information to the right individual becomes that much more complex. Further, what if a person wants a separate address for his home mail and another for his office mail? Today the Earth's population stands at around 6.6 billion while the Internet has a population of just 1.3 billion, which is not even 22% of the entire world's population. Quite clearly there will be more and more people connecting to the Internet in the very near future. Also, with great advances being made in converging communication technologies like data, audio, video and voice, over IP, there is still tremendous scope for the Internet to evolve and expand. People will be increasingly using multiple devices like Personal Digital Assistants (PDAs), laptops, telemetric devices or game consoles, some of them from a home network. It is clear therefore, that the demand for IP addresses will increase, and increase exponentially As in the analogy we presented earlier, approaches like Network Address Translation (NAT) are used to translate between a unique global IP address and multiple private IP addresses. For example, people with dial-up services share one modem between ten subscribers thereby saving about 90% of addresses as compared to the case where each subscriber would have had a unique global IP address. Further, even corporate users employ the same method of letting many computers share a single address thereby conserving addresses. However, this brings in added complexity in both network hardware and software. How does IPv6 provide a solution? IPv6 uses 128 bits for IPv6 addresses which allows for 340 billion billion billion billion (3.4x1038) unique addresses. To get an idea of the scale involved, consider the entire IPv4 space as being contained in an iPod, then the new IPv6 space would be the size of the Earth. From these numbers, it can be seen that with IPv6, it is possible to provide billions of addresses to each person and ensure that any device that has to be connected to the Internet will have a unique IP address. The first advantage of an enhanced address space is that in the absence of NAT, there is less complexity in the network hardware and software, and configuring a network becomes much simpler. Secondly, it makes it possible to truly envisage a networked home wherein the different gadgets and appliances would be on the network which would require that each such device have a unique IP address. Finally, the large availability of IP addresses removes any obstacles that existed previously in the full deployment of wireless and mobile devices. #2) IPv6 provides better end-to-end connectivity than IPv4 The most exciting applications to emerge in recent days are peer-to-peer applications such as multi-player online games, video-conferencing (streaming media), file sharing and VoIP. In peerto-peer networking, a group of computers can communicate directly with each other and do not need a central server. Peer-to-peer applications demand end-to-end connections between unique IP addresses. Challenge to IPv4 As mentioned earlier, the shortage of addresses caused by IPv4 has been overcome to some extent by using NAT, which basically translates one unique global address to multiple private addresses. In the absence of unique IP addresses for each end, NAT creates difficulty in ensuring proper end-to-end services. The present solution is for the application developer to engineer special NAT traversal techniques or to have additional servers to simulate peer-to-peer communication. Consider an EPABX service, which handles many internal numbers. After dialing an EPABX number, a further connection needs to be established to one of the many internal phones. Any interruption in the call will require that the EPABX number be dialed again and the connection reestablished. This is completely avoided in case of dial-ups between two independent telephone numbers. How does IPv6 provide a solution? IPv6 with its large address space no longer requires NAT and can ensure true end-to-end connectivity. This means peer-to-peer applications like VoIP or streaming media can work very effectively and efficiently with IPv6. #3)IPv6 has better ability for autoconfiguring devices than IPv4 Whenever a node plugs in and wants to be part of a network, IP address information and router information is required to properly configure the node and get it running. In the past, when there were fewer devices and computers in a network running IP, almost all of them were statically configured and IP addresses were manually assigned. However, with the rapid proliferation of personal computers (PC) and other IP-enabled devices, for efficient device management and reusing of resources, it became absolutely essential to consider some kind of autoconfiguration. IPv4 uses the stateful address autoconfiguration protocol, Dynamic Host Configuration Protocol (DHCP). In the stateful autoconfiguration model, a host obtains the interface addresses as well as other required information such as the configuration information and parameters from a server. The DHCP server maintains a manually administered list of hosts and keeps track of which addresses have been assigned to which hosts. [Source: Cisco] Challenge to IPv4 With even more computers and devices using IP, there was need for an IP protocol that would ensure easy and automatic configuration of devices and routers. Further, new devices that are using IP now are getting simpler and may be used in environments where particular server dependencies may not be acceptable. How does IPv6 provide a solution? IPv6 offers automatic configuration and more importantly, simple configuration mechanisms. Known as plug-and-play autoconfiguration, these capabilities are way beyond what IPv4 currently offers. IPv6 offers DHCPv6, which is an autoconfiguration similar to IPv4 DHCP and offers stateful address autoconfiguration. In addition, IPv6 also offers stateless or serverless address autoconfiguration. In stateless autoconfiguration, a host can automatically configure its own IPv6 address and does not need any assistance from a stateful address server. Entire IPv6 prefixes rather than just an address are delivered to a device. This particular feature enables routers to easily autoconfigure their interfaces and can be used very effectively in broadband access networks to dynamically provide customer gateways. #4) IPv6 contains simplified Header Structures leading to faster routing as compared to IPv4 The present IP uses a Datagram service to transfer packets of data between point to point using routers. The IPv4 packet header structure contains 20 bytes of data, such that it contains within the header, all possible options thereby forcing intermediate routers to check whether these options exist and if they do, process them before forwarding them. In the IPv4 packet header, these options have a certain maximum permitted size. Challenge to IPv4 The IPv4 header has two main problems that are instrumental in slowing down throughput - each packet must be processed and checksum computed, and each router that processes a packet must process the option field. This can cause a gradual degradation in performance during the forwarding of the IPv4 packets. How does IPv6 provide a solution? When compared to IPv4, IPv6 has a much simpler packet header structure, which is essentially designed to minimize the time and efforts that go in to header processing. This has been achieved by moving the optional fields as well as the nonessential fields to the extension headers that are placed only after the IPv6 header. Consequently, the IPv6 headers are processed more efficiently at the intermediate routers without having to parse through headers or recompute network-layer checksums or even fragment and reassemble packets. This efficiency allows for reduced processing overhead for routers, making hardware less complex and allowing for packets to be processed much faster. Another feature of the IPv6 header structure is that the extension header allows for more flexible protocol inclusions than what IPv4 does. In contrast, IPv6 extension headers have no such restriction on the maximum size. They can be expanded to accommodate whatever extension data is thought necessary for efficient IPv6 communication. In fact, a typical IPv6 packet contains no extension header and only if intermediate routers or the destination require some special handling, will the host sending the packets add one or more extension headers depending on the requirement. This new extension header makes IPv6 fully equipped to support any future need or capabilities. #5) IPv6 provides better security than IPv4 for applications and networks The Internet has functioned for the last three decades with IPv4 as the underlying protocol. However, because of this end-to-end model, IPv4 was designed with almost no security in mind and assumes that the required security will be provided at the end nodes. For example, consider an application such as email that may require encryption services - under IPv4, it is the responsibility of the email client at the end nodes to provide those services. Today, the Internet faces threats such as Denial of Service Attacks, Malicious code distribution, Man-in -the-middle attacks, Fragmentation attacks and Reconnaissance attacks. Challenge to IPv4 Network Address Translation (NAT) and Network Address Port Translation (NAPT) were used to provide some level of protection against some of the threats mentioned above using methods such as firewalls. Also the introduction of the IPSec protocol, allowed some communication to be encrypted but its implementation in IPv4 is optional and the whole responsibility of ensuring secure communication still lies with the end nodes. However, new applications like mobile ecommerce and portals demand end-to-end security. How does IPv6 provide a solution? In IPv6, IPSec is a major protocol requirement and is one of the factors in ensuring that IPv6 provides better security than IPv4. IPSec contains a set of cryptographic protocols for ensuring secure data communication and key exchange. The main protocols used are: 1.Authentication Header (AH) protocol, which enables authentication and integrity of data. 2.Encapsulating Security Payload (ESP) protocol, which enables both authentication and integrity of data as well as privacy of data. 3.Internet Key Exchange (IKE) protocol. This protocol suite helps to initially set up and negotiate the security parameters between two end points. It then also keeps track of this information so that the communication stays secure till the end. Thus, IPv6 ensures that there are end-to-end security mechanisms that will provide authentication and encryption abilities to all applications and thereby eliminates the need for applications themselves to have integrated support for such abilities. The added benefit of using the same security mechanisms for all applications is that setting up and administering security policies becomes a lot simpler. IPv6 allows for complete end-to-end security thereby allowing for a new set of personalized services to be deployed such as mobile e-commerce services that rely on secure transactions. #6) IPv6 gives better Quality of Service (QoS) than IPv4 The present IP uses a Datagram service to transfer packets of data between point to point using routers. The IPv4 packet header structure contains 20 bytes of data, such that it contains within the header, all possible options thereby forcing intermediate routers to check whether these options exist and if they do, process them before forwarding them. In the IPv4 packet header, these options have a certain maximum permitted size. [Source: N3] Challenge to IPv4 In IPv4, the Type of Service field or the Differentiated Services Code Point field in the packet header, has a very specific task of classifying the packet and defining what kind of service is expected by the packet, while being delivered through routers across the network. This is typically done through devices in the network, which will classify the packets based on the needs of the particular application. However, this also means that not all QoS-compliant devices are compatible with one another. How does IPv6 provide a solution? QoS is given a special boost in the IPv6 protocol with the IPv6 header containing a new field, called Flow Label field that defines how particular packets are identified and handled by the routers. The Flow Label field allows packets that belong to a particular flow, in other words, that start from a particular host and head to a particular destination, to be identified and handled quickly and efficiently by the routers. The Flow Label Field thus ensures that there is more efficient delivery of information from one end to another without the possibility of it being modified by intermediate systems. This ensures a high degree of QoS especially for peer-to-peer applications like VoIP and other real-time applications. #7) IPv6 provides better Multicast and Anycast abilities compared to IPv4 In a multicast technique a packet is copied from one stage down to another in a hierarchical treelike structure, instead of sending it from the source directly. This means that there are fewer packets in the network thereby optimizing bandwidth utilization and also reducing the resources required at each network node. This multicast technique is particularly useful when streams of information have to be made available to a wide variety of connected devices and not just one single destination. For example multicast technique is used to relay audio data, video data, news feeds, financial data feeds and so on. [Source: Cisco] Challenge to IPv4 The biggest problem with IPv4 multicast is that it is possible only on subnets and most Internet routers are not configured to support IPv4 multicast. For effective use of multimedia applications it should be possible to address different hosts, which belong in different subnets. How does IPv6 provide a solution? IPv6 extends the multicasting capabilities of IPv4 by offering a large multicast address range. Obviously, this limits the degree to which the information packets have now to be propagated and significantly improves the network efficiency. IPv6 also improves dramatically on the concept of anycast services, which is available, though in a very minimal form in IPv4. In anycast services, packets are not sent to all the nodes in the network but only to the nearest reachable member. A typical application where anycast would be of tremendous use is say, while discovering a server of a given type e.g. a DNS server, among a group of servers. It will also provide redundant paths to other servers so that if for some reason, the route to the primary server becomes unavailable, in the next session, a connection will be provided to the next server in the group. #8) IPv6 offers better mobility features than IPv4 When we consider IP mobility features we are essentially considering features that would be useful for: Mobile devices, which can change their location but would like to retain existing connections. Mobile networks that provide mobility to a group of devices Ad-hoc networking in which some of the devices stay connected to the network or in the vicinity of the network only for the short duration of a communications session When a mobile node is not at home, it conveys information about its present location, also called, care-of-address to the home agent. Now if a node wants to communicate with this mobile mode, it will first send the information packets to the home address. The home agent receives these packets and using a table, sends these packets to the care-of-address of the mobile node. Mobile cellular subscriptions per 100 inhabitants, 2000-2010 120 114.2 Developed World 100 Per 100 inhabitants Developing 80 78.0 70.1 60 40 20 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 The developed/developing country classifications are based on the UN M49, see: http://www.itu.int/ITU-D/ict/definitions/regions/index.html Source: ITU World Telecommunication /ICT Indicators database Challenge to IPv4 Mobile IPv4 requires a special router in the location of the mobile node to properly receive calls. Also, route optimization is available to mobile IPv4 only through an optional set of extensions. There is also an ingress filtering problem in mobile IPv4 since the correspondent node uses the home address as the source address of the packet and there may be confusion on which IP addresses it should be allowed to accept or not. How does IPv6 provide a solution? With IPv6, mobility support is mandatory by the use of Mobile IPv6 (MIPv6). Route optimization is a built-in feature for mobile IPv6. Further, features like Neighbor Discovery and Address Autoconfiguration allow mobile nodes to function in any location without needing the services of any special router. MIPv6 can be used to achieve seamless mobility by allowing handovers between different access technologies say from example from a cellular network to a wireless network, with minimum interruption to ongoing connections. There is no ingress-filtering problem in Mobile IPv6 because the correspondent node uses the care-of address as the source address. These devices increasingly demand delivery of converged voice, video and data, which is made possible through a standard called the IP Multimedia Subsystem (IMS) standard. However IMS requires that each mobile device have a unique IP address, which is a persistent IP address in order to ensure full bi-directional services. IPv6 through its large address space ensures that each mobile device can have its own unique IP address. Further, Mobile IPv6 makes use of the extension headers to add powerful capabilities such as route optimizations between mobile nodes, when roaming between different 3G networks #9) IPv6 offers ease of administration over IPv4 When an existing network is to be expanded or two networks to be merged, or when service providers are changed, a network needs to be renumbered, as a new address scheme will be assigned to it. Challenge to IPv4 With an IPv4 network, all the work of network renumbering and assigning of new address schemes would have had to be done manually. How does IPv6 provide a solution? IPv6 provides capabilities so that network renumbering can happen automatically. Thus, network renumbering with IPv6 will no longer requires manual reconfiguration of each host and router and makes for smoother switchovers or mergers. Another useful administrative feature of IPv6 is its multihoming technique. In this simultaneous connections are established to two ISPS. When service to one ISP is lost, there is a back-up connection to the Internet. This ensures far greater reliability of services, as there is more than one path from the host to the destination. #10) IPv6 follows the key design principles of IPv4, thereby permitting a smooth transition from IPv4. IPv4 has been successfully deployed the world over for many years now and its popularity is a testament to the success of its design. IPv6 follows many of the same design features that made IPv4 so successful. This makes it possible to have a smooth transition from IPv4 to IPv6. There are many commercially attractive applications in the market today that require IPv6 and may tempt many to go in for a rapid transition to IPv6. However, IPv4 applications will be used for some time to come and the process of transition from IPv4 to IPv6 must be a gradual one. A successful IPv4 to IPv6 transition mechanism is one in which IPv6 elements are incorporated into the network while at the same time compatibility is maintained with the pre-existing, large base of IPv4 hosts and routers. Thus, for some time to come, IPv6 hosts and routers must interact and function with the existing IPv4 network infrastructure. A number of such transition mechanisms have been defined that allow for the two networks to co-exist till such a time that a complete migration to IPv6 is not feasible. Using Dual IPv4/IPv6 Stack implementations such as Tunneling, Dual IPstack Using Network Address and Protocol Translators ICMPv6 - Tech Details Advantages What is ICMPv6? The Internet Control Message Protocol Version 6 (ICMPv6) is a new version of the ICM protocol that forms an integral part of the Internet Protocol version 6 (IPv6) architecture. ICMPv6 messages are transported within an IPv6 packet that may include IPv6 extension headers. ICMPv6 offers a comprehensive solution by offering the different functions earlier subdivided among the different protocols such as ICMP, ARP (Address Resolution Protocol), and IGMP (Internet Group Membership Protocol version 3). ICMPv6 further simplifies the communication process by eliminating obsolete messages. ICMPv6 is a multipurpose protocol and is used for a variety of activities including error reporting in packet processing, diagnostic activities, Neighbor Discovery process and IPv6 multicast membership reporting. To perform these activities, ICMPv6 messages are subdivided into two classes: error messages and information messages. 1. Error Messages - The Internet Control Message Protocol Version 6 (ICMPv6) error messages belong to four different categories: Destination Unreachable, Time Exceeded, Packet Too Big, and Parameter Problems. 2. Information Messages - The Internet Control Message Protocol Version 6 (ICMPv6) information messages are subdivided into three groups: diagnostic messages, Neighbor Discovery messages, and messages for the management of multicast groups. Packets Format ICMPv6 packets have the format shown in the figure. The 8-bit Type field indicates the type of the message. If the high-order bit has value zero (values in the range from 0 to 127), it indicates an error message; if the high-order bit has value 1 (values in the range from 128 to 255), it indicates an information message. The 8-bitCodefield content depends on the message type. The Checksum field helps in the detection of errors in the ICMP message and in part of the IPv6 message. ICMPv6 Message Types ICMPv6 is a multipurpose protocol as it is used for a plethora of activities such as reporting errors encountered in processing data packets, reporting multicast memberships, performing Neighbor Discovery, and performing diagnostics. An ICMP message is identified by a value of 58 in the Next Header field of the IPv6 header or of the preceding Header. A list of currently defined message types is shown in the table below. ICMPv6 Advantages If a wrong IP address is used for configuring a client to the DNS server, an ICMP message is sent by the destination device to indicate the error. If a program does not allow fragmentation of its communications but it is required to communicate with a destination device, the router undertaking the fragmentation of the packet sends an ICMP message to the source device to indicate the error. If a client sends all communications to a particular router despite another router offering a best route, the particular router responds with the IP address of the router that provides a better route in the form of an ICMP message. All IP headers contain a Time to Live (TTL) value. This value is decremented as the IP packet is forwarded through each router. If a packet arrives at a router with a Time To Live (TTL) value of 1, the router cannot decrement the value any further and forward it. Instead, the router discards the packet and sends an ICMP message to indicate the expiry of the packet's TTL value. The Internet Control Message Protocol Version 6 (ICMPv6) also provides testing and diagnostics services for many utilities. In order to test the communication process, an ICMP echo is used by the Internet Protocol Packet Internet Gopher (PING) utility. In order to discover the routers on a path, the Trace Route utility uses ICMP echo requests with different TTL values. For example, the Trace Route utility creates and sends an ICMP echo packet with a TTL value of 1. Since the router cannot set the TTL value to 0 and forward the packet, it sends an ICMP message indicating that the destination device is unreachable. This way, the Trace Route utility gets to know the IP address of the first router. The utility then increments the TTL and repeats the process. The second router in the route responds in the same manner and is added to the list of known routers. This process continues until the packet reaches the destination device and it sends an echo reply after receiving the packet. IPv6 Multihoming Introduction When a network is connected to more than one Internet service provider (ISP) - who may be a connectivity provider, transit provider, or upstream provider -the technique is referred to as multihoming. The chief objective is to increase the quality and robustness of the Internet connection for the IP network. It is also possible to extend this concept to devices, especially when each of them has more than one interface, and each of the interfaces is attached to different networks. Multihoming techniques are under serious consideration as the transition to the new IPv6 protocol is underway, specifically with the objective of imparting the desired level of resilience against malfunction of the links, hardware, and protocols within the system. The following additional advantages may also be derived: redundancy, load sharing, traffic engineering, policy constraints, transport-layer survivability, scalability, DNS compatibility, packet filtering capability and legacy compatibility. Requirements for Multihoming While the basic premise of using multihoming is to provide a solution to eliminate scope for the single point of failure (SPOF) in network connectivity, certain important factors have to be satisfied ensure flawless performance: Upstream links and connectivity: Network operations centers must have multiple upstream links to individual service providers. Each of these upstream links should be located at a suitable distance away from one another, to obviate the possibility of simultaneous breakdown of all the connections happening even by accident. Routers: The positioning of routers and switches must be so organized that all network access to a given host should under no circumstances be controlled by a single point of hardware control. Sometimes, multiple Internet uplinks are configured to converge on a single edge router. When this is done, any malfunction of that single router leads to disconnection of the Internet uplink, even where multiple ISPs are connected. Host connectivity: A given host must be connected to the network over multiple network interfaces, each of which is connected to a separate router or switch. Again, the function of the specific host should be duplicated across multiple computers, each of which is connected to a different router or switch, to ensure maximum reliability. Host referencing: A host must not only be accessible, but it should also be "referenced" with a functional name resolution to the particular server. This is important for ensuring high reliability. Suggested approaches for IPv6 Multihoming Five generic forms of architectural approaches towards smooth transition to IPv6 multi-homing have been identified: Routing: The IPv4 multi-homing approach may be extended to IPv6 as well, with transit ISPs specifying the local site's address prefix as a distinct routing entry. Provider Independent (PI) Address Space is offered in IPv6. However some people feel that the resultant increased routing table size is likely to be too high for current router hardware to handle efficiently. One possibility is that new hardware with higher memory can be produced at less cost and will be able to handle this. Mobility: An IPv6-specific mobility approach to be devised New Protocol Element: A new element to be inserted in the protocol stack that manages a determined identity for the session. Modifying a Protocol Element: The transport or IP protocol stack element in the host may be suitably modified, to cope with dynamic changes to the forwarding locator. Modified Site-Exit Router: The site-exit router and local forwarding system can be suitably modified to allow various behaviors including source-based forwarding, site-exit hand-offs, and address rewriting by site-exit routers. (Source: RFC 4177 ftp://ftp.rfc-editor.org/in-notes/rfc4177.txt). Suggested IPv6 Multihoming Solutions GSE/8+8: Global, Site, and End-System Address Elements GMultihoming with Route Aggregation GMultihoming Using Router Renumbering GMultihoming Support at Site Exit Routers GHost-Centric IPv6 Multihoming GGAPI: Geographically Aggregatable PI Addresses GMHAP: Multihoming Aliasing Protocol GProvider-Internal Aggregation Based on Geography to Support Multihoming in IPv6 GAn IPv6 Provider-Independent Global Unicast Address Format http://www.conference.cn/ipv6/2005/image/Jeff_K.pdf The two major methods for ID/Loc separation are Locator Identifier Separation Protocol (LISP) and SIX/One, and their variations were presented. LISP makes multihoming possible by packet capsuling and de-capsuling between tunnel routers with no impact on the hosts. The addresses given to tunnel routers for use for packet capsuling serve as Locator, while the in-site address is used as Identifier. The SIX/One method is based on a host-based multihoming method called the shim6 protocol, and provides for change of the packet address field at the site of the intermediate routers. Presumably, shim6 will likely be adopted for multi-homing of residences and very small organizations. As multihoming in the IPv6 protocol is still in its infancy, the various approaches are still under consideration, and it will be some time to come for a completely standardized solution once all the issues are resolved. IPv6 Header Deconstructed What is an IPv6 Header? An Internet Protocol version 6 (IPv6) data packet comprises of two main parts: the header and the payload. The first 40 bytes/octets (40x8 = 320 bits) of an IPv6 packet comprise of the header (see Figure 1) that contains the following fields: Source address (128 bits) The 128-bit source address field contains the IPv6 address of the originating node of the packet. It is the address of the originator of the IPv6 packet. Destination address (128 bits) The 128-bit contains the destination address of the recipient node of the IPv6 packet. It is the address of the intended recipient of the IPv6 packet. Version/IP version (4-bits) The 4-bit version field contains the number 6. It indicates the version of the IPv6 protocol. This field is the same size as the IPv4 version field that contains the number 4. However, this field has a limited use because IPv4 and IPv6 packets are not distinguished based on the value in the version field but by the protocol type present in the layer 2 envelope. Packet priority/Traffic class (8 bits) The 8-bit Priority field in the IPv6 header can assume different values to enable the source node to differentiate between the packets generated by it by associating different delivery priorities to them. This field is subsequently used by the originating node and the routers to identify the data packets that belong to the same traffic class and distinguish between packets with different priorities. Flow Label/QoS management (20 bits) The 20-bit flow label field in the IPv6 header can be used by a source to label a set of packets belonging to the same flow. A flow is uniquely identified by the combination of the source address and of a non-zero Flow label. Multiple active flows may exist from a source to a destination as well as traffic that are not associated with any flow (Flow label = 0). The IPv6 routers must handle the packets belonging to the same flow in a similar fashion. The information on handling of IPv6 data packets belonging to a given flow may be specified within the data packets themselves or it may be conveyed by a control protocol such as the RSVP (Resource reSerVation Protocol). When routers receive the first packet of a new flow, they can process the information carried by the IPv6 header, Routing header, and Hop-by-Hop extension headers, and store the result (e.g. determining the retransmission of specific IPv6 data packets) in a cache memory and use the result to route all other packets belonging to the same flow (having the same source address and the same Flow Label), by using the data stored in the cache memory. Payload length in bytes(16 bits) The 16-bit payload length field contains the length of the data field in octets/bits following the IPv6 packet header. The 16-bit Payload length field puts an upper limit on the maximum packet payload to 64 kilobytes. In case a higher packet payload is required, a Jumbo payload extension header is provided in the IPv6 protocol. A Jumbo payload (Jumbogram) is indicated by the value zero in the Payload Length field. Jumbograms are frequently used in supercomputer communication using the IPv6 protocol to transmit heavy data payload. Next Header (8 bits) The 8-bit Next Header field identifies the type of header immediately following the IPv6 header and located at the beginning of the data field (payload) of the IPv6 packet. This field usually specifies the transport layer protocol used by a packet's payload. The two most common kinds of Next Headers are TCP (6) and UDP (17), but many other headers are also possible. The format adopted for this field is the one proposed for IPv4 by RFC 1700. In case of IPv6 protocol, the Next Header field is similar to the IPv4 Protocol field. Time To Live (TTL)/Hop Limit (8 bits) The 8-bit Hop Limit field is decremented by one, by each node (typically a router) that forwards a packet. If the Hop Limit field is decremented to zero, the packet is discarded. The main function of this field is to identify and to discard packets that are stuck in an indefinite loop due to any routing information errors. The 8-bit field also puts an upper limit on the maximum number of links between two IPv6 nodes. In this way, an IPv6 data packet is allowed a maximum of 255 hops before it is eventually discarded. An IPv6 data packet can pas through a maximum of 254 routers before being discarded. In case of IPv6 protocol, the fields for handling fragmentation do not form a part of the basic header. They are put into a separate extension header. Moreover, fragmentation is exclusively handled by the sending host. Routers are not employed in the Fragmentation process. For further details, please see RFC 2460 - Internet Protocol, Version 6 (IPv6) Specification. ARP - Address Resolution Protocol Overview Address Resolution Protocol (ARP) is a predominant protocol for finding a host's hardware address when only its network layer address is known. This protocol operates below the network layer as a part of the interface between the OSI network and OSI link layer. It is used when IPv4 is used over Ethernet.Before stepping into the nuances of it lets go through its Frame structure of this protocol. ARP Frame Format and types ARP Packet Format The above fig shows the ARP format used , below is the explanation of each field: Hardware type Each data link layer protocol is assigned a number used in this field. For Ethernet it is 1. Protocol type Each protocol is assigned a number used in this field. For example, IPv4 is 0x0800. Hardware length Length in bytes of a hardware address. Ethernet addresses are 6 bytes long. Protocol length Length in bytes of a logical address. IPv4 addresses are 4 bytes long. Operation Specifies the operation the sender is performing: 1 for request, and 2 for reply. There are actually four types of ARP messages that may be sent by the ARP protocol. These are identified by four values in the "operation" field of an ARP message. The types of message are: 1.ARP request 2.ARP reply 3.RARP request 4.RARP reply Sender hardware address Hardware address of the sender. Sender protocol address Protocol address of the sender. Target hardware address Hardware address of the intended receiver. This field is zero on request. Target protocol address Protocol address of the intended receiver. ARP Function explained ARP is used in four cases when two hosts are communicating: 1.When two hosts are on the same network and one desires to send a packet to the other 2.When two hosts are on the different networks and must use a gateway or router to reach the other host 3.When a router needs to forward a packet for one host through another router 4.When a router needs to forward a packet from one host to the destination host on the same network When an ARP response arrives, the receiver inserts a binding into an ARP cache so that it can be used for further packets. The oldest entry is removed if the table is either full or after an entry has not been updated recently. When an ARP request arrives, the receiver checks if it has the senders protocol address in the cache; if so, then the receiver updates the cache entry with the sender's binding. After a host replies to an ARP request, it adds the sender's binding to the cache - if a message travels from one host to another, then a reply will often travel back. To understand this further lets see how an ARP actually works: ARP works by broadcasting the packet to all hosts attached to an Ethernet network. The packet contains the IP address the sender is interested in communicating with. The target machine, recognizing that the IP address in the packet matches its own, returns an answer. Hosts actually keep a cache of ARP responses Lets take an example here to study this concept by ARP across subnet: From the fig above lets say: computer A needs to send some data to computer B Since host B is not on the same subnet, before sending computer A transmits an ARP request in order to discover the MAC address of port A on the local router. This is done after the A checks its ARP cache and it does not find an entry for the MAC address of port A. Once host A knows the MAC address, it transmits an Ethernet frame to the router. This router C will send an ARP request out of port B in order to discover the MAC address of computer B. Once Computer B replies to this ARP request, the router will strip off the Ethernet frame from the data and create a new one. The router replaces the source MAC address (originally host A address) with the MAC address of port B. It will also replace the destination MAC address (originally port A) with the MAC address of host B.The fig 1 shows the Message format used. The following fig shows the basic strategy and principle used by ARP: ARP Cache concept The ARP cache contains a table containing matched sets of MAC and IP addresses. Each device on the network manages its own ARP cache table. There are two ways in which ARP cache is populated: Static ARP Cache Entries: In this type address resolutions are manually added to the cache table for a device and are kept in the cache on a permanent basis. Dynamic ARP Cache Entries: These are hardware and IP address pairs that are added to the cache by the software itself as a result of successfully completed past ARP resolutions. They are kept in the cache only for a period of time and are then flushed. After a particular entry times out, it is removed from the cache. The next time that address mapping is needed a fresh resolution is performed to update the cache. Note: A devices ARP cache can contain both static and dynamic entries. Reverse ARP and Proxy ARP defined Reverse Address Resolution Protocol (RARP) is a complement of the Address Resolution Protocol. It is a network layer protocol used to obtain an IP address for a given MAC address. The primary limitation of RARP is that each MAC address must be configured manually on a centralised server, and that the protocol only conveys an IP address. Its useful for diskless systems. Proxy ARP a protocol that is used to hide a machine with a public IP on a private network behind a router, and still have the machine appear to be on the public network "in front of" the router. For this example, let's assume that host A is on a network segment connected to Router A's interface A, and host B is on a network segment connected to Router A's interface B. Host A wants to send data directly to host B, but doesn't have host B's MAC address. An ARP Request sent to host B from host A will stop at the router as it is a broadcast - but with Proxy ARP, the router A will actually answer the ARP Request with the MAC address of the router interface that received the ARP Request. In this case, Router A will respond to the ARP Request with the MAC address of it's own interface A. This is transparent to the host A - when host A sends data to host B, the destination IP address will be that of host B, but the destination MAC address will be that of RouterA's A interface. Though ARP is a simple resolution protocol its features and use with regards to network is immense. VPN - Virtual Private Network Overview VPN widely known as Virtual Private Network, is a communications network tunneled through another network, and dedicated for a specific network. In simple terms it can be defined as connecting two private networks through the public or shared network that is internet. VPNs helps to transmit information via publicly shared network infrastructures by establishing secure links with remote private networks through a combination of tunneling, encryption, authentication technologies. Hence VPNs have gained widespread acceptance as preferred security solutions. VPN the types and working Lets go ahead further and study the types and functional specifications of it.VPN are generally grouped into two basic categories: Remote Access VPNs Site-to-Site VPN Remote Access VPNs Fig. Remote Access VPN (Ref.www.ciscohardwaremaintenance.com) Remote Access VPNs are usually used to link private network from various remote locations. One of the important points in its implementation is to create a strong authentication .Mobile users connect to the network using VPN client software which encapsulates and encrypts that traffic before sending it over through the Internet to the VPN gateway. These VPNs are beneficial and economical as they provide mobility and are economical. Site-to-Site VPN Site-to-site VPNs are used to connect a branch office network to a company headquarters network. Here the VPN gateway encapsulates and encrypts the traffic before sending it through a VPN tunnel over the Internet, to a peer VPN gateway. On the remote end at the target site, the peer VPN gateway strips the headers, decrypts the content, and transmits the packet to the target host inside its private network. Fig. Site-to-Site VPN (Ref.www.ciscohardwaremaintenance.com) Site to site VPNs are further classified into Intranet and Extranet VPNs, lets go ahead and checkout what these are. The Intranet VPN is used to facilitate communications within a company's information infrastructure, by connecting one or more or more remote locations to form a private network. The Extranet VPN is used to connect LAN to LAN environment. For e.g. connection of various offices to form a common shared network. Internet Security Protocol (IPSec) is the commonly used as a security standard to the Internet-based VPN. A VPN uses numerous methods for keeping the connection and data safe and secure, some of them are the use of Authentication, Encryption , Internet Security Protocol (IPSec) , Tunneling. Let's check out what these are and how they are used. Fig. Site to Site VPN (Ref.http://www.chicagotech.net) Authentication: Authentication of connection is implemented by using authentication mechanisms like passwords, biometrics and cryptographic methods in firewalls, access gateways, and other devices. Encryption: Encryption is the process of transforming information using an algorithm that makes it unreadable to anyone except the intended recipient usually referred to as a key, which is needed for decryption of data to make it readable. Tunneling: Tunneling is the process of placing an entire packet within another packet and sending it over a network. The protocol of the outer packet is understood by the network and remote ends called tunnel interfaces, where the packet enters and exits the network. Some of the common tunneling protocols used by VPNs are: Point-to-Point Tunneling Protocol (PPTP) PPTP protocol packages data within the PPP packets, further encapsulates the PPP packets within IP packets for transmission through a VPN tunnel. PPTP supports data encryption and compression of these packets. PPTP also uses a form of General Routing Encapsulation (GRE) to get data to and from its final destination. Here VPN tunnels are created via the following two-step process: 1. The PPTP client connects to their ISP using PPP dial-up. 2. PPTP creates a TCP control connection between the VPN client and VPN server to establish a tunnel. These connections are made using TCP port 1723. Once the VPN tunnel is established, PPTP supports two types of information flow: Control messages for managing and eventually tearing down the VPN connection. Data packets that pass through the tunnel, to or from the VPN client Layer Two Tunneling Protocol (L2TP) Fig.Layer Two Tunneling Protocol (L2TP) (Ref.http://www.proprofs.com/) Layer Two Tunneling Protocol (L2TP) is a combination of Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F).L2TP encapsulates PPP frames that are sent over IP network. The L2TP frames include the following: 1.L2TP connection maintenance messages that includes the L2TP header 2.L2TP tunneled data that includes a PPP header and a PPP payload. Here Encryption is provided through the use of the Internet Protocol security (IPSec) Encapsulating Security Payload (ESP) header and trailer. The following fig. explains this process. Internet Protocol Security (IPsec) IPsec is actually a collection of multiple protocols. It is used as a complete VPN protocol solution as well as a strong encryption scheme within L2TP or PPTP.The following Fig. shows IPSec in detail. Fig. IPSEC (Ref.www.interpeak.com) Internet Security Protocol (IPSec) Suite defined Internet Protocol Security Protocol (IPSec) provides enhanced security features such as encryption algorithms and comprehensive authentication. IPSec employs a powerful suite of encryption technologies that make it possible to combat the numerous threats in traditional IP-based networks which includes Authentication Header (AH): AH ties data in each packet to a verifiable signature that allows recipients to verify the identity of the sender well as the ability to ensure the data has not been altered during transit. The IP Authentication Header (AH) is primarily used to provide connectionless integrity and data origin authentication for the IP Datagrams and protection against replay attack. Authentication Header is based on the use of the integrity check value with an algorithm specified in the SA.AH protects the IP payload and all header fields of an IP datagram except for mutable fields, i.e. those that might be altered in transit. The following fig. shows an AH packet diagram: Field meanings: Next header Identifies protocol of the transferred data. Payload length Size of the AH packet. RESERVED Reserved for future use (all zeros). Security parameters index (SPI) Identifies the security parameters, which, in combination with the IP address, identifies the security association implemented in this packet. Sequence number A monotonically increasing number, used to prevent replay attacks. Authentication data Contains integrity check value (ICV) necessary for authenticating the packet. Encapsulating Security Payload (ESP): Using powerful encryption, ESP scrambles up the data, more properly referred to as the payload, of the packet into unreadable format for which only the receiver has the key to read. The encapsulation also conceals sensitive IP addresses of both ends. The Encapsulating Security Payload provides confidentiality protection, authentication, and data integrity. An ESP can be applied alone or in combination with an AH. Unlike AH, the IP packet header is not protected by ESP.ESP operates directly on top of the IP, using the IP protocol number 50. Fig. An ESP Packet Diagram Field Meanings: Security parameters index (SPI) Identifies the security parameters in combination with IP address. Sequence Number A monotonically increasing number, used to prevent replay attacks. Payload Data The data to be transferred. Padding Used with some block ciphers to pad the data to full length of a block. Pad Length Size of the padding in bytes. Next Header Identifies the protocol of the transferred data. Authentication Data Contains the data used to authenticate the packet. Internet Key Exchange (IKE): This is the protocol is used for negotiation between the two communicating hosts on type of encryption algorithms to use, as well as the keys to use, and how long the keys will be valid before changing them. IKE also handles the responsibility required for the exchange of keys used to initiate and maintain the connection between the two hosts. Advantages and the future of VPN VPN has many advantages and benefits but some of the most important ones are: Provides security while accessing mission critical information Saves on long distance charges when remote users are out of the dialing area Requires less hardware, e.g., modems used for dialup connections Reduces the number of telephone lines needed for Internet access VPN Technology is in its early developmental stages, and more research is going on in this field to make it more secure and advanced. But at the same time exploitation of vulnerabilities is also a possibility as VPN is still in its developmental stage. At the same time the research and development of allied security features are accelerating the VPN growth. Further VPN as a technology brings us security, scalability, cost saving which makes it as one of the cost effective solutions available today. IPv6 - Auto Configuration vs DHCPv6 Introduction A growing number of IPv6 experts are apprehensive about the adoption of the auto-configuration feature offered by IPv6 in contrast to the services offered by the existing DHCPv6 protocol in the task of configuration of connected devices over an IP network. There are concerns over the potential disadvantages of autoconfiguration in IPv6 such as its focus on configuration of IP address while overlooking the configuration of other parameters such as the DNS domain, DNS server, time servers, legacy WINS servers etc. Using DHCP to supply this information and using IPv6 auto-configuration in its present form only for IP addressing does not make sense. The enterprises could as well use the DHCPv6 to configure the IP addresses too. Apart from the IP addresses, the additional information supplied by DHCPv6 offers the audit, tracking and management capabilities as required by the business enterprises. Despite its present shortcomings, IPv6 offers the most comprehensive long-term solution for the future networking requirements of the business enterprises. Every network administration policy maker across different business enterprises faces the dilemma of using IPv6 auto-configuration versus DHCPv6. IPv6 Auto-Configuration An important feature of IPv6 is that it allows plug and play option to the network devices by allowing them to configure themselves independently. It is possible to plug a node into an IPv6 network without requiring any human intervention. This feature was critical to allow network connectivity to an increasing number of mobile devices. The proliferation of network enabled mobile devices has introduced the requirements of a mobile device to arbitrarily change locations on an IPv6 network while still maintaining its existing connections. To offer this functionality, a mobile device is assigned a home address where it remains always reachable. When the mobile device is at home, it connects to the home link and makes use of its home address. When the mobile device is away from home, a home agent (router) acts as a conduit and relays messages between the mobile device and other devices on the network to maintain the connection. IPv6 offers two types of auto-configuration: Stateful auto configuration and stateless auto configuration. Stateful auto-configuration: This configuration requires some human intervention as it makes use of the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) for installation and administration of nodes over a network. The DHCPv6 server maintains a list of nodes and the information about their state to know the availability of each IP address from the range specified by the network administrator. Stateless auto-configuration: This type of configuration is suitable for small organizations and individuals. It allows each host to determine its address from the contents of received user advertisements. It makes use of the IEEE EUI-64 standard to define the network ID portion of the address. DHCPv6 The Dynamic Host Configuration Protocol (DHCP) facilitates the addition of new machines in a network. Around October 1993, DHCP began to take shape as a standard network protocol. The protocol allows the network devices to obtain the different parameters that are required by the clients to operate in an Internet Protocol (IP) network. The DHCP protocol significantly reduces the system administration workload as the network devices can be added to the network with little or no change in the device configuration. DHCP also allows network parameter assignment at a single DHCP server or a group of such server located across the network. The dynamic host configuration is made possible with the automatic assignment of IP addresses, default gateway, subnet masks and other IP parameters. On connecting to a network, a DHCP configured node sends a broadcast query to the DHCP server requesting for necessary information. Upon receipt of a valid request, the DHCP server assigns an IP address from its pool of IP addresses and other TCP/IP configuration parameters such as the default gateway and subnet mask. The broadcast query is initiated just after booting and must be completed before the client initiates IP-based communication with other devices over the network. DHCP allocates IP addresses to the network devices in three different modes: dynamic mode, automatic mode and manual mode. In the dynamic mode, the client is allotted an IP address for a specific period of time ranging from a few hours to a few months. At any time before the expiry of the lease, a DHCP client can request a renewal of the current IP address. Expiry of the lease during a session leads to a dynamic renegotiation with the server for the original or a new IP address. In the automatic (also called as DHCP Reservation) mode, an IP address is chosen from the range defined by the network administrator and permanently assigned to the client. In the manual mode, the client manually selects the IP address and uses the DHCP protocol messages to inform the server of the choice of the IP address. Conclusion The IPv6 Auto configuration versus DHCPv6 is a hotly debatable contemporary issue in the networking domain since both the standards are being simultaneously used in conjunction with each other. While DHCPv6 offers dedicated configuration mechanism catering to all the information needs in the form of required parameters to the network devices, IPv6 auto-configuration simplifies the configuration process in a streamlined manner. While DHCPv6 offers a more comprehensible solution to the configuration needs of a device over an IPv6 network, the auto-configuration feature makes the whole process much more simpler, streamlined and future-proof. At present, the auto-configuration feature doesn't offer much beyond IP addressing but the feature is hardwired into the IPv6 protocol and does away with the need of using any other standard leading to streamlining of the configuration process thereby removing any scope for future compatibility issues among different protocols. DHCPv6 is an excellent short-term solution while IPv6 auto-configuration, in an evolved form is in for long haul. While at present we see a majority of network administrators swearing by the benefits of DHCPv6, the auto-configuration feature ingrained in IPv6 feature will soon outweigh the advantages offered by DHCPv6 to become the de facto standard for the configuration of devices over an IPv6 network. Stateless Auto Configuration by Kaushik Das Introduction Stateless Auto Configuration is an important feature offered by the IPv6 protocol. It allows the various devices attached to an IPv6 network to connect to the Internet using the Stateless Auto Configuration without requiring any intermediate IP support in the form of a Dynamic Host Configuration Protocol (DHCP) server. A DHCP server holds a pool of IP addresses that are dynamically assigned for a specified amount of time to the requesting node in a Local Area Network (LAN). Stateless Auto Configuration is a boon for the Network Administrators since it has automated the IP address configuration of individual network devices. Earlier, configuration of the IP addresses was a manual process requiring support of a DHCP server. However, IPv6 allows the network devices to automatically acquire IP addresses and also has provision for renumbering/reallocation of the IP addresses en masse. With a rapid increase in the number of network devices connected to the Internet, this feature was long overdue. It simplifies the process of IP address allocation by doing away with the need of DHCP servers and also allows a more streamlined assignment of network addresses thereby facilitating unique identification of network devices over the Internet. The auto configuration and renumbering features of Internet Protocol version 6 are defined in RFC 2462. The word "stateless" is derived from the fact that this method doesn't require the host to be aware of its present state so as to be assigned an IP address by the DHCP server. The stateless auto configuration process comprises of the following steps undertaken by a network device: Link-Local Address Generation - The device is assigned a link-local address. It comprises of '1111111010' as the first ten bits followed by 54 zeroes and a 64 bit interface identifier. Link-Local Address Uniqueness Test - In this step, the networked device ensures that the link-local address generated by it is not already used by any other device i.e. the address is tested for its uniqueness. Link-Local Address Assignment - Once the uniqueness test is cleared, the IP interface is assigned the link local address. The address becomes usable on the local network but not over the Internet. Router Contact - The networked device makes contact with a local router to determine its next course of action in the auto configuration process. Router Direction - The node receives specific directions from the router on its next course of action in the auto configuration process. Global Address Configuration - The host configures itself with its globally unique Internet address. The address comprises of a network prefix provided by the router together with the device identifier. Neighbor Discovery The Neighbor Discovery Protocol or NDP in the IPv6 is an improvement over the Internet Control Message Protocol (ICMP). It is essentially a messaging protocol that facilitates the discovery of neighboring devices over a network. The NDP uses two kinds of addresses: unicast addresses and multicast addresses. The Neighbor Discovery protocol performs nine specific tasks that are divided into three functional groups: Advantages of Stateless Auto Configuration 1.Doesn't require support of a DHCP server - Stateless Auto Configuration does away with the need of a DHCP server to allocate IP addresses to the individual nodes connected to the Local Area Network (LAN). 2. Allows hot plugging of network devices - The network devices can be 'hotplugged' to the Internet. Since the devices can configure their own IP addresses, there is no need for manual configuration of the network devices. The devices can be simply connected to the network and they automatically configure themselves to be used over an IPv6 network. 3.Suitable for applications requiring secure connection without additional intermediaries in the form of a proxy or a DHCP server - Some of the modern day applications such as teleconferencing require a fast and secure connection sans any intermediary nodes that tend to slow down the communication process. Stateless Auto Configuration helps meet such requirements by removing the intermediary proxy or DHCP servers and thereby facilitating the communication process for such applications requiring high-speed data transfers. 4.Cost effective - By facilitating the networking potential of individual nodes and doing away with the requirement of proxy or DHCP servers, Stateless Auto Configuration offers cost effective means to connect the various network devices to the Internet. 5.Suitable for wireless networks - Stateless auto configuration is most suited to the wireless environment where the physical network resources are spatially scattered within a geographical area. By allowing direct hot plugging to the network, it reduces an additional link in the wireless network. Applications of Stateless Auto Configuration The Stateless Auto Configuration feature was long awaited to facilitate effortless networking of various devices to the Internet. The feature assumes even greater significance for use over the wireless networks. It allows the various devices to access the network from anywhere within a 'hotspot'. Stateless Auto Configuration finds diverse applications in networking electronic devices such as televisions, washing machines, refrigerators, microwaves etc. to the Internet. The ease of network connectivity through 'hot plugging' of such devices will usher in a new era of convergence where majority of the electronic devices will be connected to the Internet.
