lecture21
advertisement
The Future of TCP/IP • Always evolving: – New computer and communication technologies • More powerful PCs, portables, PDAs • ATM, packet-radio, fiber optic, satellite, cable – New applications • WWW, electronic commerce, internet broadcasting, chat – Increased size and load – New policies • New industries, new countries • Move away from centralized core architecture The Future of IP • IP version 4 (IPv4) has been in use since the 1970’s • IPv4 is being replaced: – Address space exhaustion • Running out of 32-bit IP addresses – Support new applications • Electronic commerce - authentication • Audio/video - Quality of Service (QoS) guarantees – Decentralization The Next Version of IP • Work on an open standard has been underway for years – Add functionality to IPv4 – Modify OSI CLNS – Simple IP Plus (SIPP) - simple extensions to IPv4 • IP - The Next Generation (Ipng) • IPv6 IPv6 • Details available at: http://playground.sun.com/pub/ipng/html/ipng-main.html • Major similarities with IPv4: – Connectionless datagram delivery – TTL, IP options, fragmentation • Major differences from IPv4: – Larger address space • 128-bit IPv6 IP addresses – New datagram format IPv6 (cont) • IPv4 - fixed-size header, variable-length options field, variable length data field: VERS (4) HLEN SERVICE TYPE TOTAL LENGTH IDENTIFICATION TIME TO LIVE FLAGS PROTOCOL FRAGMENT OFFSET HEADER CHECKSUM SOURCE IP ADDRESS DESTINATION IP ADDRESS IP OPTIONS (IF ANY) PADDING DATA • IPv6 - a set of variable-length (optional) headers: VERS (6) TRAFFIC CLASS PAYLOAD LENGTH NEXT HEADER SOURCE IP ADDRESS DESTINATION IP ADDRESS FLOW LABEL HOP LIMIT IPv6 Extension Headers • IPv6 datagram format: – Fixed-size base header – Zero or more variable-length extension headers – Variable-length data (or payload) segment BASE EXTENSION HEADER HEADER 1 …. EXTENSION HEADER N DATA IPv6 Extension Headers (cont) • Zero extension headers Base Header Next=TCP TCP Segment • One Extension header Base Header Next=Route Route Header Next=TCP TCP Segment • Two extension headers Base Header Next=Route Route Header Next=Auth Auth Header Next=TCP TCP Segment Security in IPv6 • Based on two mechanisms: – Authentication Header (AH) • Proof of the sender’s identity • Protection of the integrity of the data – Encapsulating Security Payload (ESP) • Protection of the confidentiality of the data Authentication Header - Example Base Header Next=Auth Auth Header Next=TCP TCP Segment Authentication Header • Security parameters index field – specifies which specific authentication scheme is being used • Authentication data field – contains data that can be used to establish the datagrams: – Authenticity – Integrity Encapsulating Security Payload • Encryption of the datagram or part of the datagram • 2 modes: – Transport mode – encryption of datagram payload – Tunneling mode • Encryption of entire datagram • Encapsulation of datagram ESP Transport Mode • Encryption of payload for privacy: Base Header Next=ESP ESP Header Next=TCP Encrypted TCP Segment ESP Trailer Padding Pad Len Next Header Security Parameter Index ESP Auth Data (Var) Sequence Number ESP Tunnel Mode • Encryption of entire datagram for privacy Base Header Next=ESP ESP Header Next=IP Encrypted Datagram AH and ESP • Protect authenticity, integrity, and privacy: IPv6 (cont) • Major differences from IPv4: – Improved Options • More flexibility and new options – Support for resource allocation • Packets labeled as belonging to particular traffic flow • Sender requests special handling (e.g. Qos, real-time, etc.) – Authentication, data integrity, and data confidentiality supported – Provision for protocol extension IPv6 Fragmentation • IPv4 – Intermediate router fragments datagram when necessary – Ultimate destination reassembles • IPv6 - end-to-end fragmentation – Before sending a datagram, source must determine the path’s MTU – Source fragments the datagram – Ultimate destination reassembles IPv6 Fragmentation (cont) • End-to-end fragmentation – Advantages – Disadvantages Representing IPv6 Addresses • 128-bits – Binary: 00000000 00000001 10000010 00000011 11111111 11000101 00001110 00000000 00001000 01111111 00110000 10000011 00000000 00000000 00000000 – Dotted decimal: 0.1.130.3.255.197.14.0.8.127.48.131.0.0.0.0 – Hex-colon: 1:8203:FFC5:E00:807F:3083:0:0 00000000 Representing IPv6 Addresses (cont) • 128-bits – Compressed hex-colon format • Zero compression – A string of repeated zeroes is replaced by a pair of colons – Performed at most once per address (unambiguous) • Examples: – FF05:0:0:0:0:0:0:B3 = FF05::B3 – 0:0:0:0:0:0:E00:807F = ::E00:807F – 0:0:0:F6AD:0:0:0:0 = 0:0:0:F6AD:: IPv4 Addresses Assignment • Class A 0 0 8 16 netid 24 31 24 hostid 31 24 31 hostid • Class B 0 10 8 netid 16 • Class C 0 110 8 16 netid hostid IPv6 Address Assignment Binary Prefix Type of Address Part of Address Space 0000 0000 0000 0001 0000 001 0000 010 0000 011 …. 0000 111 0001 001 010 011 100 101 110 1110 Reserved 1111 0 1111 10 1111 110 1111 1110 1111 1111 Reserved (IPv4 compatible) Reserved NSAP Addresses IPX Addresses Reserved 1/256 1/256 1/128 1/128 1/128 Reserved Reserved Reserved Provider-assigned unicast Reserved Reserved for geographic Reserved Reserved 1/128 1/16 1/8 1/8 1/8 1/8 1/8 1/8 1/16 Reserved Reserved Reserved Available for local use Multicast 1/32 1/64 1/128 1/256 1/256 IPv6 Address Types • Unicast – Specifies a single computer • Cluster/Anycast – Specifies a set of computers that share an address prefix (possibly at multiple locations) • Multicast – Specifies a set of computers (possibly at multiple locations) IPv6 Address Hierarchy Address type prefix 010 Provider ID Subscriber ID Subnet ID Provider prefix Subscriber prefix Subnet prefix IPv6 address Node ID
