Embed Size (px)
Citation preview
The Future of TCP/IP
• Always evolving:– New computer and communication technologies
• More powerful PCs, portables, PDAs
• ATM, packet-radio, fiber optic, satellite, cable
– New applications• WWW, electronic commerce, internet broadcasting, chat
– Increased size and load
– New policies• New industries, new countries
• Move away from centralized core architecture
The Future of IP
• IP version 4 (IPv4) has been in use since the 1970’s
• IPv4 is being replaced:– Address space exhaustion
• Running out of 32-bit IP addresses
– Support new applications• Electronic commerce - authentication
• Audio/video - Quality of Service (QoS) guarantees
– Decentralization
The Next Version of IP
• Work on an open standard has been underway for years– Add functionality to IPv4
– Modify OSI CLNS
– Simple IP Plus (SIPP) - simple extensions to IPv4
• IP - The Next Generation (Ipng)• IPv6
IPv6
• Details available at: http://playground.sun.com/pub/ipng/html/ipng-main.html
• Major similarities with IPv4:– Connectionless datagram delivery
– TTL, IP options, fragmentation
• Major differences from IPv4:– Larger address space
• 128-bit IPv6 IP addresses
– New datagram format
IPv6 (cont)
• IPv4 - fixed-size header, variable-length options field, variable length data field:
• IPv6 - a set of variable-length (optional) headers:
VERS (4) HLEN SERVICE TYPE TOTAL LENGTH
IDENTIFICATION FLAGS FRAGMENT OFFSET
TIME TO LIVE PROTOCOL HEADER CHECKSUM
SOURCE IP ADDRESS
DESTINATION IP ADDRESS
DATA
IP OPTIONS (IF ANY) PADDING
VERS (6) TRAFFIC CLASS FLOW LABEL
PAYLOAD LENGTH NEXT HEADER HOP LIMIT
SOURCE IP ADDRESS
DESTINATION IP ADDRESS
IPv6 Extension Headers
• IPv6 datagram format:– Fixed-size base header
– Zero or more variable-length extension headers
– Variable-length data (or payload) segment
BASE EXTENSION …. EXTENSION DATA
HEADER HEADER 1 HEADER N
IPv6 Extension Headers (cont)
• Zero extension headers
• One Extension header
• Two extension headers
Base Header Next=TCP
TCP Segment
Base Header Next=Route TCP Segment
Route Header Next=TCP
Base Header Next=Route TCP Segment
Route Header Next=Auth
Auth Header Next=TCP
Security in IPv6
• Based on two mechanisms:– Authentication Header (AH)
• Proof of the sender’s identity
• Protection of the integrity of the data
– Encapsulating Security Payload (ESP)• Protection of the confidentiality of the data
Authentication Header - Example
Base Header Next=Auth TCP Segment
Auth Header Next=TCP
Authentication Header
• Security parameters index field – specifies which specific authentication scheme is being used
• Authentication data field – contains data that can be used to establish the datagrams:– Authenticity– Integrity
Encapsulating Security Payload
• Encryption of the datagram or part of the datagram
• 2 modes:– Transport mode – encryption of datagram
payload– Tunneling mode
• Encryption of entire datagram
• Encapsulation of datagram
ESP Transport Mode
• Encryption of payload for privacy:
Base Header Next=ESP
Encrypted TCP SegmentESP Header Next=TCP
ESP Trailer
Security Parameter Index
Sequence Number
Padding Pad Len Next Header
ESP Auth Data (Var)
ESP Tunnel Mode
• Encryption of entire datagram for privacy
Base Header Next=ESP
Encrypted DatagramESP Header Next=IP
AH and ESP
• Protect authenticity, integrity, and privacy:
IPv6 (cont)
• Major differences from IPv4:– Improved Options
• More flexibility and new options
– Support for resource allocation• Packets labeled as belonging to particular traffic flow
• Sender requests special handling (e.g. Qos, real-time, etc.)
– Authentication, data integrity, and data confidentiality supported
– Provision for protocol extension
IPv6 Fragmentation
• IPv4– Intermediate router fragments datagram when
necessary
– Ultimate destination reassembles
• IPv6 - end-to-end fragmentation– Before sending a datagram, source must determine the
path’s MTU
– Source fragments the datagram
– Ultimate destination reassembles
IPv6 Fragmentation (cont)
• End-to-end fragmentation– Advantages
– Disadvantages
Representing IPv6 Addresses
• 128-bits– Binary:
00000000 00000001 10000010 00000011 11111111 11000101 00001110 00000000 00001000 01111111 00110000 10000011 00000000 00000000 00000000 00000000
– Dotted decimal:0.1.130.3.255.197.14.0.8.127.48.131.0.0.0.0
– Hex-colon:1:8203:FFC5:E00:807F:3083:0:0
Representing IPv6 Addresses (cont)
• 128-bits– Compressed hex-colon format
• Zero compression– A string of repeated zeroes is replaced by a pair of colons
– Performed at most once per address (unambiguous)
• Examples:– FF05:0:0:0:0:0:0:B3 = FF05::B3
– 0:0:0:0:0:0:E00:807F = ::E00:807F
– 0:0:0:F6AD:0:0:0:0 = 0:0:0:F6AD::
IPv4 Addresses Assignment
• Class A
• Class B
• Class C
0 netid hostid0 8 16 24 31
0 8 16 24 31
0 8 16 24 31
1 0 netid hostid
1 1 0 netid hostid
IPv6 Address Assignment
Binary Prefix Type of Address Part of Address Space0000 0000 Reserved (IPv4 compatible) 1/2560000 0001 Reserved 1/2560000 001 NSAP Addresses 1/1280000 010 IPX Addresses 1/1280000 011 Reserved 1/128….0000 111 Reserved 1/1280001 Reserved 1/16001 Reserved 1/8010 Provider-assigned unicast 1/8011 Reserved 1/8100 Reserved for geographic 1/8101 Reserved 1/8110 Reserved 1/81110 Reserved 1/161111 0 Reserved 1/321111 10 Reserved 1/641111 110 Reserved 1/1281111 1110 Available for local use 1/2561111 1111 Multicast 1/256
IPv6 Address Types
• Unicast– Specifies a single computer
• Cluster/Anycast– Specifies a set of computers that share an
address prefix (possibly at multiple locations)
• Multicast– Specifies a set of computers (possibly at
multiple locations)
IPv6 Address Hierarchy
Address type prefix
Provider prefix
Subscriber prefix
Subnet prefix
IPv6 address
010 Provider ID Subscriber ID Subnet ID Node ID
