No Slide Title

Download Report

Transcript No Slide Title

Introduction to IPv6
© J. Liebeherr, 2012, All rights reserved
Internet Protocol: Which version?
There are currently two versions of the Internet Protocol in
use for the Internet
• IPv4 (IP Version 4)
•
•
•
•
Specified in 1980/81 (RFC 760, 791)
Four byte addresses
Universally deployed
Problem: Address space almost exhausted
• IPv6 (IP Version 6)
•
•
•
•
Specification from 1998 (RFC 2460)
Not interoperable with IPv4, but not fundamental changes
128 bit addresses
Problem: Not widely used (yet?)
Slow adoption of IPv6
• IPv6 is available since 15 years, and almost all operating
systems now support it
• But IPv6 is not yet widely adopted
• Measurements at Internet Exchange Point in Amsterdam:
linear
semi-log
How many addresses in IPv6?
• IPv4 Addresses:
– 232 = 4,294,967,296 ≈ 4 billion
• IPv6 Addresses:
– 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 ≈ 3.4 x 1038
• Surface area of Earth: 510,072,000 km2
• Size of Atom: 10-10 m = 0.1 nm = 1 Angstrom (Å)
• “Area of Atom”: 1 square angstrom (Ų)= 10-20 m2
Number of atoms on
Earth’s surface: 510,072,000 km2 / 10-20 m2 = 5.1 x 1031
 Number of IPv6 addresses for each
atom on the surface of the Earth:
~ 6.7 million
IPv6: Summary of Features
•
•
•
•
•
•
128-bit interface addresses
Streamlined header format with extension headers
Security options
Node Mobility
No broadcast (therefore, no ARP)
No NAT (at least no need is seen)
Others:
• Anycast addresses
• Minimum MTU is 1280 bytes
• Jumbogram extensions allow datagrams up to 232-1 bytes
• Type field of Ethernet frames with IPv6 packets is 86DD
Protocols not affected by IPv6 transition
Protocols above and below network layer are not affected:
– Applications (e.g., web server, mail server, etc.)
• Additional considerations for support of both IPv4 and
IPv6
– Transport protocols (i.e., TCP, UDP)
– Link layer protocols (i.e., Ethernet)
Protocols and services with modifications
• Some protocols need to be slightly modified to account for
IPv6 addresses and requirements of IPv6 (e.g., no broadcast)
– Routing Protocols
• RIPng, OSPv3, MP-BGP
– DNS
– No change to structure of names or server hierarchy
– New record type (AAAA) for entries with IPv6 addresses
– DHCPv6
– Similar to DHCP, but without broadcast
• Changes are sometimes limited to allowing space for larger IP
addresses and prefixes, and replacing broadcast by multicast
• Some considerations are needed for simultaneous support of
IPv4 and IPv6
IPv6 Routing Protocols
RIPng
• Based on RIPv2
• Updated features: IPv6 prefix, next-hop IPv6 address, uses
the multicast group FF02::9 for updates, uses UDP port 521
OSPFv3
• Based on OSPFv2, with enhancements
• Updated: Distributes IPv6 prefixes, multiple addresses per
interface, authentication uses IPsec
MP-BGP
• Multiprotocol extension of BGP-4
• Can carry informaton on IPv6, but also other protocols
IPv6 Packet Format
IPv6 Header
32 bits
ve rs ion
(4 bits )
Traffic Clas s
(8 bits )
Payload Le ngth (16 bits )
Flow Labe l
(24 bits )
Ne xt He ade r
(8 bits )
Source IP addre s s (128 bits )
De s tination IP addre s s (128 bits )
• Minimum size: 40 bytes
• Header is multiple of 8 bytes long
Hop Lim its (8 bits )
IPv6 Packet header
• IPv6 has a simplified header structure:
– Headers have fixed size
– No fragmentation (but available via header extensions)
– No header checksum
• Most fields play a similar role as in IPv4:
IPv6
IPv4
Version
Traffic class
Version
… similar to …
DiffServ
Payload length
Total length
Next Header
Protocol
Hop Limit
TTL
• New Features:
– Extension headers
– Flow label
– Authentication and Privacy
11
Extension Headers
• Instead of header options, IPv6 allows to concatenate
optional headers to the main header
• Extension Headers:
•
•
•
•
Security: Authentication
Fragmentation
Routing
Payload Header (TCP, UDP, …)
IPv6 Header
Next Header =TCP
IPv6 Header
Next Header =
Security
TCP Header
DATA
Security Header Fragmentation
TCP Header
Next Header =
Header
Fragementation
Next Header =TCP
DATA
IPv6 Addresses
Convention for writing IPv6 addresses
• IPv6 addresses are as hexadecimals
• “Blocks” of 16 bits are separated by colons.
FE80:0000:0000:0000:002A:0000:FE04:0A81
Short notation:
• Leading zeroes in each block can be dropped
FE80:0000:0000:0000:002A:0000:FE04:0A81
FE80:0:0:0:2A:0:FE
04:A81
• A single contiguous blocks with value zero can be replaced by
a double colon
FE80:0:0:0:2a:0:FE04:A81
FE80::2A:0:FE04:A81

Types of IPv6 Addresses
Binary Prefix
IPv6 Prefix
Multicast
1111 1111
FF00::/8
Link-local unicast
1111 1110 10
FE80::/10
Global unicast
everything else
currently allocated global
unicast addresses
001
2000::/3
Unique Local unicast
Address (ULA)
1111 1100
1111 1101
FC::/8
FD::/8
Special IPv6 Addresses
Unspecified
Binary Prefix
IPv6 Prefix
00…0 (128 bits)
::/128
00…1 (128 bits)
::1/128
(not assigned, indicates absence of
an address)
Loopback
IPv4-mapped IPv6 addresses
::FFFF:0.0.0.0/96
• IPv4-mapped IPv6 addresses allow the use of IPv4
addressses in an IPv6 context.
– IPv4 part of the address can be written in dotted decimal notation
– Example: ::FFFF:128.100.11.2
Structure of a global unicast address
48 bits or more
16 bits or fewer
Global Routing Prefix Subnet ID
64 bits
Interface ID
• Global routing prefix defines the public topology
– When first three bits are not 000, Interface ID is 64
(otherwise, interface ID can have different length)
– Currently, allocated addresses start with 001 (binary).
• Subnet ID defines the subnetwork
• Interface ID is built using EUI-64 format
EUI-64 Address
• IEEE EUI-64 is essentially a 8-byte MAC address
• There is a method to create EUI-64 address from a 48-bit MAC address
C8
C8
2A
2A
14
14
04
0A
81
04
0A
MAC Address
81
EUI-64 identifier
11001000
FF
FE
FF
FE
U/L Bit
11001010
CA
2A
14
04
0A
81
modified
EUI-64 identifier
• Modified EUI-64 simply flips the 7th bit from the first byte
• The modified EUI-64 address is used as IPv6 Interface ID
IPv6 Address Allocation
• The process for allocating address blocks (prefixes) is as with IPv4:
IANA
RIR
allocates
LIR
(ISP)
assigns
assigns
•
•
•
•
allocates
End user
End user
IANA allocates prefixes of /23 up to /12 to RIRs
RIR allocates prefixes of /32 up to /19 to LIR, ISP, or End users
LIR/ISP obtains prefixes of /64 up to /48
There can be a National Internet Registry (NIR) between RIR and LIR/ISP
Currently available Global Unicast Addresses
IANA
Allocated
IPv6 prefix
2000::/3
RIR
APNIC
ARIN
ARIN
Note: Several additional
smaller blocks (longer
prefixes) have been assigned.
RIPE
AfriNIC
Allocated
IPv6 prefix
2400::/12
2600::/12
2800::/12
2A00::/12
2C00::/12
IPv6 Multicast Address
8 bits
4 bits
4 bits
1111 1111 flags scope
112 bits
group ID
• Four flags: 0RPT
1.
2.
3.
4.
0: first flag is always zero
T=0: permanent address (otherwise non-permanent)
P=1: Group ID based on network prefix
R=1: Group ID contains address of rendezvous point
• Scope defines area of validity of group ID (local to global)
• Predefined multicast addresses exist
•
•
All nodes: FF01:00:1, FF02:00:1
All routers: FF01:00:2, FF02:00:2 : FF05:00:2
Link-Local Unicast Addresses
10 bits
54-N bits
64 bits
1111 1110 10
0…0
Interface ID
• Used during autoconfiguration when no router is present
• IPv6 requires that each interface has link local address, even if the
interface has a routable address
• Packets with this address are local to a subnet (not forwarded by routers)
• Issue: Since all link-local addresses have the same prefix, how does a
node pick the correct outgoing interface?
– An additional identifier is appended to address Zone Index
– Routing tables use zone index for all link-local addresses
– Zone index can be index or name of interface:
fe80::21f:f3ff:fec5:dc47%1 , fe80::21f:f3ff:fec5:dc47%en1
Unique Local Unicast Addresses (ULA)
8 bits
40 bits
16 bits
64 bits
1111 110x
Global ID
Subnet ID
Interface ID
• Address bloc: FC00::/7
• Global ID is randomly selected
• Addresses for communication within a domain, e.g.,
enterprise network
• Packets with this address may be routed within an
administrative domain, but are not globally routable
• x =1: Global ID is locally assigned
x =0: not defined
University of Toronto
• IPv6 prefix of University of Toronto:
2606:FA00::/32
• Address block is allocated from ARIN
from:
2606:FA00:0000:0000:0000:0000:0000:0000
to:
2606:FA00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
32 bits
96 bits
32 bits
64 bits
Subnet ID
Interface ID
IP Address Configuration
Enhanced Role of ICMPv6
ICMPv6
IPv4
IPv6
Neighbhor
Discovery
ICMP
IPv4
Multicast
Listener
Discovery
IGMP
IPv6
ARP
Ethernet
Ethernet
• Functions of ARP and IGMP are performed by ICMPv6 messages
– NDP: Neighbor Discovery Protocol
– MLD: Multicast Listener Discovery
26
Neighbor Discovery Protocol
• Uses several ICMPv6 messages types:
•
•
•
Router Solicitation / Router Advertisement,
Neighbor Solicitation / Neighbor Advertisement,
Route Redirect
• Functions:
–
–
–
–
–
–
Router/Prefix/Parameter Discovery
Address Autoconfiguration
Address Resolution
Next-Hop Determination
Duplicate Address Detection
Neighbor Unreachable Detection
Dynamic Assignment of IPv6 Addresses
DHCPv6
• Similar to DHCP for IPv4
• Requires a server (“stateful”)
• For networks with central
control of address assignment
Stateless Autoconfiguration
•
•
•
•
Uses ICMPv6 messages
Nodes select their own interface ID
No need for server (“stateless”)
For networks without central
control of address assignment
• Static IP configuration still exists
ICMP Router Solicitation
ICMP Router Advertisement
• Router Solicitation sent to the
“all routers” multicast group
R1
• Router Advertisement sent to
“all nodes” multicast group
• Router Advertisement
contains:
– Network prefix
– MTU
– Default Hop limit
– Router advertisement may
tell host to use DHCP
R2
Router
advertisement
Router
advertisement
I am a router!
I am a router!
Router solicitation
Is there a router on this link?
Ethernet
H1
29
ICMP Neighbor Solicitation
ICMP Neighbor Advertisement
Functions:
• Replacement for ARP
• Duplicate address detection
H2
H3
Neigbhor
advertisement
• Messages sent to “solicited
node” multicast group, or via
unicast
My MAC address is ...
Neigbhor solicitation
What is H3's MAC address?
Ethernet
H1
30
Routing Redirect
• When a router detects that a packetshould have gone to a
different (better) router, the router (here R2)
• forwards the packet to the correct router
• sends an ICMP redirect message to the host
• Host uses ICMP message to update its routing table
(2) ICMP redirect
(3) IPv6 packet
(1) IPv6 packet
R1
31
Stateless Address Autoconfiguration
Stateless address autoconfiguration can set IP parameters
of a node without a server or manual configuration:
1. Upon startup, a node create link-local addresses for each
IPv6 interface from MAC address
2. Test uniqueness by sending a Neighbor Solicitation to the
created address
–
–
If a host replies with Neighbor Advertisement, address is in use
If no response, address can be used
3. Send “ICMP Router Solicitation” to “all routers” group
–
Router replies with Router advertisement containing prefix, MTU, and other
information
4. Node creates a globally routable IP address using the
prefix sent by the router, and the Interface ID from the
link-local address
IPv6 Transition
IPv6 Transition Mechanisms
• The adoption of IPv6 has been very slow
• Deployment of IPv6 will be incremental (gradual)
• For the foreseeable future, IPv4 and IPv6 must co-exist
• IPv6 transition mechanisms seek to facilitate the transition to
IPv6 and ensure coexistence of IPv4 and IPv6 on the same
network
• IP/ICMP translation
• Dual Stack
• Tunneling (6bone, 6to4, 6rd, …)
• many more
IP/ICMP translation
• Refers to a translation of ICMP and IP packet headers
between v4 and v6
• Takes advantage of IPv4-mapped IPv6 addresses
• Works similarly to NAT
IPv6/IPv4
Translator
IPv4
Internet
IPv6
Network
DNS
• Other scenarios: IPv6 NetworkIPv4 Network,
IPv4 NetworkIPv6 Internet, IPv4 InternetIPv6 Internet
Tunneling
• IPv6 “islands” can be connected across IPv4 network by
encapsulating them in IPv4 packets
IPv6 Network
IP
- in
-IP
tu
n
ne
l
Router
IPv6
Network
IPi
n-I
Pt
un
ne
l
IPv4 Internet
Router
IP-in-IP tunnel
IP-in
-
IP tu
nne
IPv6
Network
Router
IPv6 host in
IPv4 network
l
36
Tunneling
• IPv6 networks connect via IP tunnels
• With tunneling, IPv6 packets are encapsulated by IPv4
header (IP-in-IP encapsulation)
Payload
of IPv4 header
IPv6
header
Payload
IPv4
header
IPv6/IPv4 Router
IPv6
header
Payload
IPv6
header
Payload
Payload
of IPv4 header
IPv4
header
IPv4 Router
IP-in-IP Tunnel
IPv6
header
Payload
IPv6
header
Payload
IPv6/IPv4 Router
IPv6
header
Payload
Dual Stack
• Dual Stack means that IPv6
enabled hosts, servers, and
routers support IPv4 and
IPv6 in parallel
• Allows co-existence of IPv4
and IPv6 devices on the same
network
• Dual stack transition is used
by enterprise/university
networks
IPv4 Application
UDP
TCP
IPv4
IPv6
Type:
0x0800
Type:
0x86DD
Ethernet
IPv6 Topics not covered here
• Anycast
• Security (Authentication headers)
• Mobile IP