IPv6

advertisement
The Disadvantages of IPv4
Limited address space The most visible and urgent
problem with using IPv4 on the modern Internet is the
rapid depletion of public addresses. Due to the initial
address class allocation practices of the early Internet,
public IPv4 addresses are becoming scarce.
Organizations in the United States hold most public
IPv4 address space worldwide. This limited address
space has forced the wide deployment of network
address translators (NATs)
Flat routing infrastructure
In the early Internet, address prefixes were not
allocated to create a summarizable, hierarchical
routing infrastructure. Instead, individual address
prefixes were assigned and each address prefix
became a new route in the routing tables of the
Internet backbone routers. Today’s Internet is a
mixture of flat and hierarchical routing, but there are
still more than 85,000 routes in the routing tables of
Internet backbone routers.
Configuration
IPv4 must be configured, either manually or through
the Dynamic Host Configuration Protocol (DHCP).
DHCP allows IPv4 configuration administration to
scale to large networks, but you must also configure
and manage a DHCP infrastructure.
Security Security for IPv4 is specified by the use
of Internet Protocol security (IPsec). However, IPsec
is optional for IPv4 implementations. Because an
application cannot rely on IPsec being present to
secure traffic, an application might resort to other
security standards or a proprietary security scheme.
The need for built-in security is even more
important today, when we face an increasingly
hostile environment on the Internet.
Prioritized delivery Prioritized packet delivery, such
as special handling parameters for low delay and low
variance in delay for voice or video traffic, is possible
with IPv4. However, it relies on a new interpretation of
the IPv4 Type Of Service (TOS) field, which is not
supported for all the devices on the network.
Additionally, identification of the packet flow must be
done using an upper layer protocol identifier such as a
TCP or User Datagram Protocol (UDP) port. This
additional processing of the packet by intermediate
routers makes forwarding less efficient.
Mobility
Mobility is a new requirement for Internet-connected
devices, in which a node can change its address as it
changes its physical attachment to the Internet and
still maintain existing connections. Although there is a
specification for IPv4 mobility, due to a lack of
infrastructure, communications with an IPv4 mobile
node are inefficient.
The replacement for IPv4 is IPv6.
Huge address space IPv6 addresses are 128 bits
long, creating an address space with 3.4 × 1038
possible addresses. This is plenty of address space
for the foreseeable future and allows all manner of
devices to connect to the Internet without the use
of NATs. Address space can also be allocated
internationally in a more equitable manner.
Hierarchical routing infrastructure IPv6 addresses
that are reachable on the IPv6 portion of the Internet,
known as global addresses, have enough address space
for the hierarchy of Internet service providers (ISPs)
that typically exist between an organization or home
and the backbone of the Internet. Global addresses are
designed to be summarizable and hierarchical, resulting
in relatively few routing entries in the routing tables of
Internet backbone routers.
Automatic configuration
IPv6 hosts can automatically configure their
own IPv6 addresses and other configuration
parameters, even in the absence of an address
configuration infrastructure such as DHCP.
Required support for IPsec headers
Unlike IPv4, IPv6 support for IPsec protocol headers is
required. Applications can always rely on industry
standard security services for data sent and received.
However, the requirement to process IPsec headers
does not make IPv6 inherently more secure. IPv6
packets are not required to be protected with
Authentication Header (AH) or Encapsulating Security
Payload (ESP). For more information about IPsec, AH,
and ESP, see Chapter 18, “Internet Protocol Security
(IPsec).”
Better support for prioritized delivery
IPv6 has an equivalent to the IPv4 TOS field that has
a single interpretation for nonstandard delivery.
Additionally, a Flow Label field in the IPv6 header
indicates the packet flow, making the determination
of forwarding for nondefault delivery services more
efficient at intermediate routers.
Support for mobility
Rather than attempting to add mobility to an
established protocol with an established
infrastructure (as with IPv4), IPv6 can support
mobility more efficiently.
IPv6 Addressing
The IPv6 address is 128 bits long, creating an address
space of almost inconceivable size. With 128 bits you
can express more than 3.4 × 1038 combinations.
Unlike IPv4 unicast addresses, the structure of an
IPv6 unicast address is very simple: The first 64 bits
are for a subnet prefix and the last 64 bits are for an
interface identifier. Although you can perform
variable- length subnetting within the 64 bits of the
subnet prefix, the host ID equivalent for IPv6 is
always the same size.
Basics of IPv6 Address Syntax
With such a large address space, expressing an
individual IPv6 address became problematic.
The designers of IPv6 settled on colon-hexadecimal
notation, which divides the 128-bit address into eight
16-bit blocks separated by colons. Each 16-bit block
is expressed in hexadecimal format (rather than
decimal format for IPv4). The result is the IPv6
address.
The following are some examples of IPv6 unicast
addresses:
2001:DB8:2A:41CD:2AA:FF:FE5F:47D1
FE80:0:0:0:2AA:FF:FE5F:47D1
FD47:2AD1:494E:41CD:2AA:FF:FE5F:47D1
For example:
FE80:0:0:0:2AA:FF:FE5F:47D1 becomes
FE80::2AA:FF:FE5F:47D1
FF02:0:0:0:0:0:0:1 (a multicast address)
becomes FF02::1
To express a subnet prefix, a route, or an address range,
IPv6 uses the network prefix length notation (also used
for Classless Inter-Domain Routing [CIDR] for IPv4).
There are no subnet masks in IPv6. For example,
2001:DB8:2A:41CD::/64 is a subnet prefix;
2001:DB8:2A::/48 is a summarized route; and FF00::/8 is
an address range (the range of all IPv6 multicast
addresses).
Types of Addresses
IPv6 defines three types of addresses: unicast,
multicast, and anycast. Unicast and multicast
addresses work in the same way as they do for IPv4.
An anycast address, however, is a strange mixture of
unicast and multicast. Whereas a unicast address is
used for one-to-one delivery and a multicast address
is used for one-to-many delivery, an anycast address
is used for one-to one- of-many delivery.
Types of Unicast Addresses
Just as there are different types of IPv4
unicast addresses (such as public and
private), there are different types of IPv6
unicast addresses.
- Global address
- Link-Local Addresses
- Unique Local Addresses
Global
Global addresses are the equivalent of IPv4 public
addresses. Global addresses are globally reachable
on the IPv6 Internet. Unlike public IPv4 address
prefixes, which are a combination of flat and
summarizable address spaces, IPv6 global addresses
are easier to aggregate and summarize at address
space boundaries. This results in fewer routes in the
various routing domains of the Internet.
Link-Local Addresses
Link-local addresses, which are used on the same link,
are equivalent to Automatic Private IP Addressing
(APIPA) IPv4 addresses used by current Microsoft
desktop and server operating systems. Link-local
addresses are automatically configured and can be
used to provide automatic addressing for nodes
connected to the same network segment when there
is no router present. Link-local addresses always
begin with “FE80”.
Unique Local Addresses
Unique local addresses are defined to be used within
the sites of an organization but not on the IPv6
Internet. Unique local addresses are roughly
equivalent to private IPv4 addresses except that part
of a unique local address prefix is randomly generated
to prevent address duplication between sites of an
organization and between organizations. Unique local
addresses begin with “FD” or “FC”.
IPv6 Interface Identifiers
The interface identifier, the last 64 bits of an IPv6 unicast
address, can be determined in the following ways:
• Randomly generated to prevent address scans on a link
• Derived from the MAC address of the network adapter
to which the address is assigned
• Randomly generated to provide IPv4-equivalent
anonymity for client-initiated traffic
• Assigned during a Point-to-Point Protocol (PPP)
connection
• Assigned during DHCP for IPv6 (DHCPv6)
configuration
DNS Support
To resolve domain names to IPv6 addresses, RFC 1886
defines the use of the AAAA (or quad-A) Domain
Name System (DNS) resource record to resolve a
DNS name to an IPv6 address. The AAAA record is
analogous to the address (A) record that exists for
resolving a DNS name to an IPv4 address. To obtain an
AAAA record in a DNS query response, a querying
host must specify either AAAA records or all records
in its DNS query.
For example, for the IPv6 address
2001:DB8:0:41CD:2AA:FF:FE5F:47D1
(fully expressed as
2001:0DB8:0000:41CD:02AA:00FF:FE5F:47D1),
the name in the reverse domain namespace Is
1.D.7.4.F.5.E.F.F.F.0.0.A.A.2.0.D.C.1.4.0.0.0.0.8.B
.D.0.1.0.0.2.IP6.ARPA.
Core Protocols of IPv6
The core protocols of the IPv6 protocol suite
consist of the following:
• IPv6
• Internet Control Message Protocol for IPv6
(ICMPv6)
• Neighbor Discovery (ND)
• Multicast Listener Discovery (MLD)
IPv6
The IPv6 header is described in RFC 2460. It has a
new, streamlined design that removes unneeded fields
and moves seldom-used fields to extension headers.
Even with addresses that are four times larger than
IPv4 addresses, the size of the IPv6 header is only
twice as large as the IPv4 header, with a 40-byte fixed
size. Although larger, the IPv6 header contains fewer
fields and is more efficiently processed by routers.
Like IPv4, IPv6 is connectionless and provides a besteffort delivery to the destination.
ICMPv6
ICMPv6, defined in RFC 4443, provides error reporting
and diagnostic functions for IPv6. Additionally, ICMPv6
provides a common packet structure for the messages
of ND and MLD. Analogous to ICMP for IPv4, ICMPv6
provides the following types of messages:
• Echo Request
• Echo Reply
• Destination Unreachable
• Time Exceeded
• Parameter Problem
Neighbor Discovery
ND, defined in RFC 4861, consists of a set of
ICMPv6 messages, message options, and defined
processes that allow neighboring nodes to
discover each other, discover the routers on the
link, and provide support for host redirection.
ND replaces the following facilities in IPv4:
•Address Resolution Protocol (ARP)
•ICMP Router Discovery
•ICMP Redirect
ND defines the following processes:
•
•
•
•
•
Address resolution
Duplicate address detection
Router discovery
Redirect
Neighbor unreachability detection
Multicast Listener Discovery
MLD, defined in RFC 2710, is the IPv6 equivalent
to Internet Group Management Protocol
(IGMP) version 2 for IPv4. MLD defines ICMPv6
messages that are used by hosts to register
group membership, by hosts to leave a group,
and by routers to query the subnet for group
membership.
Differences Between IPv4 and IPv6
The IPv6 suite of protocols is a revision of the Internet
Layer protocols of the current TCP/IP protocol suite
and replaces IP, ICMP, IGMP, and ARP. IPv6 attempts to
solve the problems of IPv4 with efficient and plentiful
addressing, a streamlined Internet Layer header that is
easier for routers to process, and more efficient
neighboring node interaction.
Download