IPv6
advertisement
The Disadvantages of IPv4 Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the initial address class allocation practices of the early Internet, public IPv4 addresses are becoming scarce. Organizations in the United States hold most public IPv4 address space worldwide. This limited address space has forced the wide deployment of network address translators (NATs) Flat routing infrastructure In the early Internet, address prefixes were not allocated to create a summarizable, hierarchical routing infrastructure. Instead, individual address prefixes were assigned and each address prefix became a new route in the routing tables of the Internet backbone routers. Today’s Internet is a mixture of flat and hierarchical routing, but there are still more than 85,000 routes in the routing tables of Internet backbone routers. Configuration IPv4 must be configured, either manually or through the Dynamic Host Configuration Protocol (DHCP). DHCP allows IPv4 configuration administration to scale to large networks, but you must also configure and manage a DHCP infrastructure. Security Security for IPv4 is specified by the use of Internet Protocol security (IPsec). However, IPsec is optional for IPv4 implementations. Because an application cannot rely on IPsec being present to secure traffic, an application might resort to other security standards or a proprietary security scheme. The need for built-in security is even more important today, when we face an increasingly hostile environment on the Internet. Prioritized delivery Prioritized packet delivery, such as special handling parameters for low delay and low variance in delay for voice or video traffic, is possible with IPv4. However, it relies on a new interpretation of the IPv4 Type Of Service (TOS) field, which is not supported for all the devices on the network. Additionally, identification of the packet flow must be done using an upper layer protocol identifier such as a TCP or User Datagram Protocol (UDP) port. This additional processing of the packet by intermediate routers makes forwarding less efficient. Mobility Mobility is a new requirement for Internet-connected devices, in which a node can change its address as it changes its physical attachment to the Internet and still maintain existing connections. Although there is a specification for IPv4 mobility, due to a lack of infrastructure, communications with an IPv4 mobile node are inefficient. The replacement for IPv4 is IPv6. Huge address space IPv6 addresses are 128 bits long, creating an address space with 3.4 × 1038 possible addresses. This is plenty of address space for the foreseeable future and allows all manner of devices to connect to the Internet without the use of NATs. Address space can also be allocated internationally in a more equitable manner. Hierarchical routing infrastructure IPv6 addresses that are reachable on the IPv6 portion of the Internet, known as global addresses, have enough address space for the hierarchy of Internet service providers (ISPs) that typically exist between an organization or home and the backbone of the Internet. Global addresses are designed to be summarizable and hierarchical, resulting in relatively few routing entries in the routing tables of Internet backbone routers. Automatic configuration IPv6 hosts can automatically configure their own IPv6 addresses and other configuration parameters, even in the absence of an address configuration infrastructure such as DHCP. Required support for IPsec headers Unlike IPv4, IPv6 support for IPsec protocol headers is required. Applications can always rely on industry standard security services for data sent and received. However, the requirement to process IPsec headers does not make IPv6 inherently more secure. IPv6 packets are not required to be protected with Authentication Header (AH) or Encapsulating Security Payload (ESP). For more information about IPsec, AH, and ESP, see Chapter 18, “Internet Protocol Security (IPsec).” Better support for prioritized delivery IPv6 has an equivalent to the IPv4 TOS field that has a single interpretation for nonstandard delivery. Additionally, a Flow Label field in the IPv6 header indicates the packet flow, making the determination of forwarding for nondefault delivery services more efficient at intermediate routers. Support for mobility Rather than attempting to add mobility to an established protocol with an established infrastructure (as with IPv4), IPv6 can support mobility more efficiently. IPv6 Addressing The IPv6 address is 128 bits long, creating an address space of almost inconceivable size. With 128 bits you can express more than 3.4 × 1038 combinations. Unlike IPv4 unicast addresses, the structure of an IPv6 unicast address is very simple: The first 64 bits are for a subnet prefix and the last 64 bits are for an interface identifier. Although you can perform variable- length subnetting within the 64 bits of the subnet prefix, the host ID equivalent for IPv6 is always the same size. Basics of IPv6 Address Syntax With such a large address space, expressing an individual IPv6 address became problematic. The designers of IPv6 settled on colon-hexadecimal notation, which divides the 128-bit address into eight 16-bit blocks separated by colons. Each 16-bit block is expressed in hexadecimal format (rather than decimal format for IPv4). The result is the IPv6 address. The following are some examples of IPv6 unicast addresses: 2001:DB8:2A:41CD:2AA:FF:FE5F:47D1 FE80:0:0:0:2AA:FF:FE5F:47D1 FD47:2AD1:494E:41CD:2AA:FF:FE5F:47D1 For example: FE80:0:0:0:2AA:FF:FE5F:47D1 becomes FE80::2AA:FF:FE5F:47D1 FF02:0:0:0:0:0:0:1 (a multicast address) becomes FF02::1 To express a subnet prefix, a route, or an address range, IPv6 uses the network prefix length notation (also used for Classless Inter-Domain Routing [CIDR] for IPv4). There are no subnet masks in IPv6. For example, 2001:DB8:2A:41CD::/64 is a subnet prefix; 2001:DB8:2A::/48 is a summarized route; and FF00::/8 is an address range (the range of all IPv6 multicast addresses). Types of Addresses IPv6 defines three types of addresses: unicast, multicast, and anycast. Unicast and multicast addresses work in the same way as they do for IPv4. An anycast address, however, is a strange mixture of unicast and multicast. Whereas a unicast address is used for one-to-one delivery and a multicast address is used for one-to-many delivery, an anycast address is used for one-to one- of-many delivery. Types of Unicast Addresses Just as there are different types of IPv4 unicast addresses (such as public and private), there are different types of IPv6 unicast addresses. - Global address - Link-Local Addresses - Unique Local Addresses Global Global addresses are the equivalent of IPv4 public addresses. Global addresses are globally reachable on the IPv6 Internet. Unlike public IPv4 address prefixes, which are a combination of flat and summarizable address spaces, IPv6 global addresses are easier to aggregate and summarize at address space boundaries. This results in fewer routes in the various routing domains of the Internet. Link-Local Addresses Link-local addresses, which are used on the same link, are equivalent to Automatic Private IP Addressing (APIPA) IPv4 addresses used by current Microsoft desktop and server operating systems. Link-local addresses are automatically configured and can be used to provide automatic addressing for nodes connected to the same network segment when there is no router present. Link-local addresses always begin with “FE80”. Unique Local Addresses Unique local addresses are defined to be used within the sites of an organization but not on the IPv6 Internet. Unique local addresses are roughly equivalent to private IPv4 addresses except that part of a unique local address prefix is randomly generated to prevent address duplication between sites of an organization and between organizations. Unique local addresses begin with “FD” or “FC”. IPv6 Interface Identifiers The interface identifier, the last 64 bits of an IPv6 unicast address, can be determined in the following ways: • Randomly generated to prevent address scans on a link • Derived from the MAC address of the network adapter to which the address is assigned • Randomly generated to provide IPv4-equivalent anonymity for client-initiated traffic • Assigned during a Point-to-Point Protocol (PPP) connection • Assigned during DHCP for IPv6 (DHCPv6) configuration DNS Support To resolve domain names to IPv6 addresses, RFC 1886 defines the use of the AAAA (or quad-A) Domain Name System (DNS) resource record to resolve a DNS name to an IPv6 address. The AAAA record is analogous to the address (A) record that exists for resolving a DNS name to an IPv4 address. To obtain an AAAA record in a DNS query response, a querying host must specify either AAAA records or all records in its DNS query. For example, for the IPv6 address 2001:DB8:0:41CD:2AA:FF:FE5F:47D1 (fully expressed as 2001:0DB8:0000:41CD:02AA:00FF:FE5F:47D1), the name in the reverse domain namespace Is 1.D.7.4.F.5.E.F.F.F.0.0.A.A.2.0.D.C.1.4.0.0.0.0.8.B .D.0.1.0.0.2.IP6.ARPA. Core Protocols of IPv6 The core protocols of the IPv6 protocol suite consist of the following: • IPv6 • Internet Control Message Protocol for IPv6 (ICMPv6) • Neighbor Discovery (ND) • Multicast Listener Discovery (MLD) IPv6 The IPv6 header is described in RFC 2460. It has a new, streamlined design that removes unneeded fields and moves seldom-used fields to extension headers. Even with addresses that are four times larger than IPv4 addresses, the size of the IPv6 header is only twice as large as the IPv4 header, with a 40-byte fixed size. Although larger, the IPv6 header contains fewer fields and is more efficiently processed by routers. Like IPv4, IPv6 is connectionless and provides a besteffort delivery to the destination. ICMPv6 ICMPv6, defined in RFC 4443, provides error reporting and diagnostic functions for IPv6. Additionally, ICMPv6 provides a common packet structure for the messages of ND and MLD. Analogous to ICMP for IPv4, ICMPv6 provides the following types of messages: • Echo Request • Echo Reply • Destination Unreachable • Time Exceeded • Parameter Problem Neighbor Discovery ND, defined in RFC 4861, consists of a set of ICMPv6 messages, message options, and defined processes that allow neighboring nodes to discover each other, discover the routers on the link, and provide support for host redirection. ND replaces the following facilities in IPv4: •Address Resolution Protocol (ARP) •ICMP Router Discovery •ICMP Redirect ND defines the following processes: • • • • • Address resolution Duplicate address detection Router discovery Redirect Neighbor unreachability detection Multicast Listener Discovery MLD, defined in RFC 2710, is the IPv6 equivalent to Internet Group Management Protocol (IGMP) version 2 for IPv4. MLD defines ICMPv6 messages that are used by hosts to register group membership, by hosts to leave a group, and by routers to query the subnet for group membership. Differences Between IPv4 and IPv6 The IPv6 suite of protocols is a revision of the Internet Layer protocols of the current TCP/IP protocol suite and replaces IP, ICMP, IGMP, and ARP. IPv6 attempts to solve the problems of IPv4 with efficient and plentiful addressing, a streamlined Internet Layer header that is easier for routers to process, and more efficient neighboring node interaction.
