Modulo IPV6

© 2008, ITA-SYC 1 TEMAS AVANZADOS DE REDES DE COMPUTADORAS

Module III Internet Protocol version 6 (IPv6)

Profesor Marco Antonio Hernández Vargas

07/03/2013


Outline

 Module II: Internet Protocol version 6 (IPv6)

IPv6 introduction An overview of IPv6 new features An examination of the IPv6 packet format An explanation of additional IPv6 functions A description of associated protocols A review of IPv6 mobility applications A projection of new opportunities opened up by IPv6

An explanation of the needs for next generation IPv6

An exploration into IPv4-to-IPv6 transition paths


IPv6 Introduction IP growth

 A principios de los noventa, Internet evoluciona debido a múltiples factores: CRECIMIENTO Usuarios comerciales Nuevos tipos de tráfico (multimedia) Redes de Banda Ancha…

 Problemas más acuciantes: Escasez de direcciones Explosión del tamaño tablas encaminamiento Organización: interconexión de SAs ¡Necesidad de Soluciones Inmediatas!



The Internet is growing extremely rapidly. The latest Internet Domain Survey1, conducted in January 2006, counted 395 million hosts (374,991,609 hosts to be exact).



  Direcciones de 32 bits (más de 4.000 millones en total)

Clase Net Host Dirs.# Hosts Asignadas Crecimiento A 1 oct. 3 oct. 126 16.387.064 115 (91%) 0 B 2 oct. 2 oct. 16.383 64.516 8.361 (51%) muy alto C 3 oct. 1 oct. 1.097.151 254 128.709 (6%) alto

Clase A Clase B

Clase C

Clase D (multicast)

Clase E (reservado)   Sistema de asignación basado en clases MUY

INEFICIENTE: falta de flexibilidad en la asignación de rangos de direcciones

  Consecuencias: Agotamiento de direcciones clase B (corto

plazo) Agotamiento del espacio total de

direcciones IP (medio plazo)

Direcciones asignadas en Octubre 93



ARPANET

Host

Host Host

Host

ARPANET

R LAN

R LAN R

LAN

Host

Autonomous System

Autonomous System

ARPANET

R4

R4

R1

R3 R2

R5

SA1

Backbone

CIX

Campus

Red Regional

Campus

Campus

Campus Campus Red

Regional

SA8

Backbone Backbone Red

Regional

Red Regional

Campus

Red Regional

SA4

SA7

Campus

Campus

SA3

Backbone

SA2

SA6

FIX


NAP Regionales


TIER 1

TIER 2

TIER 3

NAP Internacional

NAP Nacionales

ISP Locales

Clientes

Conexión privada (private peering) Conexión a través de NAP (public peering)


IPv6 Introduction Router Functional Model

Subred 1 Subred 2

Subred Enlace Físico

CPU

Subred Enlace Físico

Tablas Encaminamiento +

otras informaciones.

Cab. IP Datos

ROUTER IP

MEMORIA Cab. IP

Cab. IP Datos Cab. IP Datos

Datos


IPv6 Introduction Router Functional Model

Router IP

...

Matriz de Conmutación

Enlaces Salida

...

Enlaces Entrada

PN

P2

P1

Procesador Rutas

QE1

QE2

QEN

QS1

QS2

QS2

Ej: con enlaces de 2,5 Gbps y paquetes de 256 octetos ≈ ¡¡ 1 millón de consultas por segundo !!


IPv6 Introduction IPv4 Routing

  El tamaño de las tablas de encaminamiento de un router central (sin ruta por defecto) supera las 100.000 entradas

  CIDR ha permitido superar la primera gran crisis, pero, ¿será capaz de absorber el crecimiento de los próximos años (móviles, ADSL, etc)?

La respuesta es......

= Alto Consumo Recursos: •  CPU •  Memoria •  Ancho de banda

¡¡IPv6!!

100 k

2001

BG

P Ta

ble

Size

Evolución Tamaño Tablas BGP Fuente: Geoff Huston


IPv6 Introduction IPv4 restrictions summary

 Even with the use of CIDR, routing tables, primarily in the IP backbone routers, are growing too large to be manageable.

 Traffic priority, or class of service, is vaguely defined, scarcely used, and not at all enforced in IPv4, but highly desirable for modern real-time applications.

 The number of mobile data applications and devices grow quickly, IPv4 has difficulty in managing forwarding addresses and in realizing visitor-location network authentication.

 There is no direct security support in IPv4. Various open and proprietary security solutions cause interoperability concerns. As the internet becomes the fabric of every life in the new cyber space, security enhancement to the infrastructure should be placed in the basic IP protocol.


IPv6 Introduction IPng objectives

 Solucionar los problemas de direccionamiento y encaminamiento que limitan el crecimiento de Internet, pero además...

 ...resolver otros problemas no tan acuciantes como: mejora de prestaciones soporte tráficos multimedia, seguridad, autoconfiguración, encaminamiento, etc

 En definitiva, rediseñar el protocolo de red de TCP/IP para entrar con buen pie en el próximo siglo.


IPv6 Introduction IPv6 RFC

 Eventually, the specification for Internet Protocol, Version 6 (IPv6) was produced in RFC2460 as the latest version.


IPv6 Introduction IPv6 feature overview

 IPv6 es una evolución de IPv4 (no una revolución) Direccionamiento: Direcciones de 128 bits asignadas jerárquicamente Encaminamiento: Jerárquico. Agregación de rutas Prestaciones: Cabecera simple alineada a 64 bits Versatilidad: Formato flexible de opciones. Extensibilidad mejorada Multimedia: Identificador de flujos Multicast: Obligatorio, control de ámbitos Seguridad: Soporte autentificación/cifrado obligatorio (IPSec) Autoconfiguración: 3 métodos PnP

Movilidad: Mejora de la eficiencia y seguridad


IPv6 Introduction IPv6 Note

 Note: IPv6 uses the term packet rather than datagram. The meaning is the same, although the formats are different.

 IPv6 uses the term node for any system running IPv6, that is, a host or a router.

 An IPv6 host is a node that does not forward IPv6 packets that are not explicitly addressed to it.

 A router is a node that forwards IP packets not addressed to it.


The IPv6 header format

The format of the IPv6 packet header has been simplified from its counterpart in IPv4. The length of the IPv6 header increases to 40 bytes (from 20 bytes) and contains two 16-byte addresses (source and destination), preceded by 8 bytes of control information. The IPv4 header has two 4-byte addresses preceded by 12 bytes of control information and possibly followed by option data. The reduction of the control information and the elimination of options in the header for most IP packets are intended to optimize the processing time per packet in a router. The infrequently used fields that have been removed from the header are moved to optional extension headers when they are required.


Ver IHL Type of Service Total Length

Identification Flags Fragment

Offset Time To

Live Protocol Header Checksum

Source Address

Destination Address

Options Padding

IPv4

20 b

ytes

The IPv6 header format IPv4 vs. IPv6

Ver Traffic Class Flow Label

Payload Length Next

Header Hop Limit

Source Address

Destination Address

IPv6

40 b

ytes

32 bits



Source Address

Vers Flow Label Traffic Class

Next Header Payload Length

Hop Limit

31 12 0

Destination Address

64 bits

40 b

ytes

4 47 55 63



 Vers: 4-bit Internet Protocol version number: 6.  Traffic class: 8-bit traffic class value.  Flow label: 20-bit field.  Payload length: The length of the packet in bytes

(excluding this header) encoded as a 16-bit unsigned integer. If length is greater than 64 KB, this field is 0 and an option header (Jumbo Payload) gives the true length.

 Next header: Indicates the type of header immediately following the basic IP header. It can indicate an IP option header or an upper layer protocol. The protocol numbers used are the same as those used in IPv4. The next header field is also used to indicate the presence of extension headers, which provide the mechanism for appending optional information to the IPv6 packet.



  Next header (cont.): The following values appear in IPv6 packets, in addition to those mentioned for IPv4: 41 Header 45 Interdomain Routing Protocol 46 Resource Reservation Protocol 58 IPv6 ICMP Packet

  The following values are all extension headers: 0 Hop-by-Hop Options Header 43 IPv6 Routing Header 44 IPv6 Fragment Header 50 Encapsulating Security Payload 51 IPv6 Authentication Header 59 No Next Header 60 Destination Options Header



 Hop limit:This is similar to the IPv4 TTL field but it is now measured in hops and not seconds. It was changed for two reasons:

IP normally forwards datagrams faster than one hop per second and the TTL field is always decremented on each hop, so, in practice, it is measured in hops and not seconds.

Many IP implementations do not expire outstanding datagrams on the basis of elapsed time.

 The packet is discarded after the hop limit is decremented to zero.



 Source address: A 128-bit address.  Destination address: A 128-bit address.


The IPv6 header format Extension headers

 Every IPv6 packet starts with the basic header. In most cases, this will be the only header necessary to deliver the packet. Sometimes, however, it is necessary for additional information to be conveyed along with the packet to the destination or to intermediate systems on route (information that would previously have been carried in the Options field in an IPv4 datagram). Extension headers are used for this purpose.



 Extension headers are placed immediately after the IPv6 basic packet header and are counted as part of the payload length. Each extension header (with the exception of 59) has its own 8-bit Next Header field as the first byte of the header that identifies the type of the following header. This structure allows IPv6 to chain multiple extension headers together.

Base Header

Extension Header 1 ... Extension

Header N Data


. . .

Basic Header

Extension Headers

Transport Protocol



 The length of each header varies, depending on type, but is always a multiple of 8 bytes.

 There are a limited number of IPv6 extension headers, any one of which can be present only once in the IPv6 packet (with the exception of the Destination Options Header, 60, which can appear more than once).

 IPv6 nodes that originate packets are required to place extension headers in a specific order (numeric order, with the exception of 60), although IPv6 nodes that receive packets are not required to verify that this is the case.

 The order is important for efficient processing at intermediate routers.

 Routers will generally only be interested in the hop-by-hop options and the routing header.



 IPv6 allows for encapsulation of IPv6 within IPv6 (“tunneling”). This is done with a Next Header value of 41 (IPv6). The encapsulated IPv6 packet can have its own extension headers.

 With the exception of the hop-by-hop header (which must immediately follow the IP header if present), extension headers are not processed by any router on the packet's path except the final one



0 Cabecera opcional salto-a-salto 4 Protocolo Internet 6 Protocolo de control de transmisión (TCP) 17 Protocolo datagrama de usuario (UDP) 43 Cabecera de encaminamiento 44 Cabecera de fragmentación 45 Protocolo de encaminamiento interdominio 46 Protocolo de Reserva de Recursos (RSVP) 50 Carga útil de seguridad de encapsulamiento 51 Cabecera de autenticación 58 Protocolo de Control de Mensaje Internet (ICMP) 59 Ninguna cabecera siguiente 60 Cabecera de opciones para el destino


The IPv6 header format Extension header: Routing Header

 The path that a packet takes through the network is normally determined by the network itself. Sometimes, however, the source wants more control over the route taken by the packet. It might want, for example, for certain data to take a slower but more secure route than would normally be taken. The routing header allows a path through the network to be predefined. The routing header is identified by the value 43 in the preceding Next Header field. The only type defined initially is type 0, strict/loose source routing, which operates in a similar way to source routing in IPv4.


The IPv6 header format Extension header: Fragment Header

 The source node determines the maximum transmission unit or MTU for a path before sending a packet. If the packet to be sent is larger than the MTU, the packet is divided into pieces, each of which is a multiple of 8 bytes and carries a fragment header.


The IPv6 header format Extension header: Authentication Header

 The authentication header is used to ensure that a received packet has not been altered in transit and that it really came from the claimed sender. The authentication header is identified by the value 51 in the preceding Next Header field.


The IPv6 header format Extension header: Encapsulating Security Payload Header

 The Encapsulated Security Payload (ESP) is a special extension header, in that it can appear anywhere in a packet between the basic header and the upper layer protocol. All data following the ESP header is encrypted.


The IPv6 header format Extension header: Destination Options Header

 This has the same format as the hop-by-hop header, but it is only examined by the destination node or nodes. Normally, the destination options are only intended for the final destination only and the destination options header will be immediately before the upper-layer header. However, destination options can also be intended for intermediate nodes, in which case, they must precede a routing header. A single packet can, therefore, include two destination options headers. The value for the preceding Next Header field is 60.


The IPv6 header format Extension headers: Resumen

 Definidas actualmente: Hop-by-Hop Options: Información que debe ser

examinada en cada salto Ej: Jumbogram (!paquetes de hasta 4 GB!)

Routing: similar a la opción Source Route de IPv4

Fragmentation: Segmentación y Reensamblado Authentication: Firmas digitales Security Encapsulation: Cifrado Destination Options: Información examinada

sólo en destino


The IPv6 header format Extension headers: Examples

IPv6 Header NH = TCP

TCP Header + DATA

IPv6 Header NH = Routing TCP Header + DATA Routing Header

NH = TCP

IPv6 Header NH = Routing TCP Header + DATA Routing Header

NH = Fragment Fragment Header

NH = TCP

IPv6 Header NH = Fragment TCP Header + DATA Fragment Header

NH = Security Security Header

NH = TCP


Calidad de Servicio en IPv6  Existen dos campos en la cabecera de IPv6

relacionados con QoS:

 Clase de Tráfico: utilizado en DiffServ (DSCP)  Identificador de Flujo: pensado para identificar

flujos de datagramas desde un origen a un destino (unicast o multicast) para los que se solicita una determinada QoS Definido inicialmente como experimental (RFC 2460) Las propuestas de utilización se están definiendo (draft-

conta-ipv6-flow-label-02.txt)

Clase de Tráfico (6 bits) Identificador de Flujo (20 bits)


IPv6 Addressing


IPv6 Addressing

 The IPv6 address model is specified in RFC 4291 – IP Version 6 Addressing Architecture. IPv6 uses a 128-bit address instead of the 32-bit address of IPv4.

 That theoretically allows for as many as 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses.

  Even when used with the same efficiency as today's IPv4 address space, that still allows for 50,000 addresses per square meter of land on Earth.


IPv6 Addressing

 The IPv6 address provides flexibility and scalability: It allows multilevel subnetting and allocation

from a global backbone to an individual subnet within an organization.

It improves multicast scalability and efficiency through scope constraints.

It adds a new address for server node clusters, where one server can respond to a request to a group of nodes.

The large IPv6 address space is organized into a hierarchical structure to reduce the size of backbone routing tables.


IPv6 Address

 IPv6 addresses are represented in the form of eight hexadecimal numbers divided by colons, for example:

FE80:0000:0000:0000:0001:0800:23E7:F5DB FE80:0:0:0:1:800:23E7:F5DB

FE80::1:800:23E7:F5DB

Eduardo

Nota adhesiva


IPv6 Address

 Note: The double colon shortcut can be used only once in the notation of an IPv6 address. If there are more groups of all zeroes that are not consecutive, only one can be substituted by the double colon; the others have to be noted as 0.

 The IPv6 address space is organized using format prefixes, similar to telephone country and area codes, that logically divide it in the form of a tree so that a route from one network to another can easily be found.


IPv6: Format prefix allocation

Eduardo

Nota adhesiva

Con alcance global

Eduardo

Nota adhesiva

Prefijo fijo Se puede deducir


IPv6: Format prefix allocation


IPv6: Type of addresses unicast addresses

 A unicast address is an identifier assigned to a single interface. Packets sent to that address will only be delivered to that interface. Special purpose unicast addresses are defined as follows:

Loopback address (::1): This address is assigned to a virtual interface over which a host can send packets only to itself. It is equivalent to the IPv4 loopback address 127.0.0.1.

Unspecified address (::):This address is used as a source address by hosts while performing autoconfiguration. It is equivalent to the IPv4 unspecified address 0.0.0.0.



IPv4-compatible address (::<IPv4_address>): Addresses of this kind are used when IPv6 traffic needs to be tunneled across existing IPv4 networks. The endpoint of such tunnels can be either hosts

(automatic tunneling), or Routers (configured tunneling).

IPv4-compatible addresses are formed by placing 96 bits of zero in front of a valid 32-bit IPv4 address.

1.2.3.4 (hex 01.02.03.04) becomes ::0102:0304.



IPv4-mapped address (::FFFF:<IPv4_address>): Addresses of this kind are used when an IPv6 host needs to communicate with an IPv4 host. This requires a dual stack host or router for header translations. For example, if an IPv6 node wants to send data to host with an IPv4 address of 1.2.3.4, it uses a destination address of

• ::FFFF:0102:0304.



Link-local address: Addresses of this kind can be used only on the physical network that to which a host's interface is attached.

Site-local address: Addresses of this kind cannot be routed into the Internet. They are the equivalent of IPv4 networks for private use (10.0.0.0, 176.16.0.0-176.31.0.0, 192.168.0.0-192.168.255.0).


IPv6: Global unicast address format

 IPv6 unicast addresses are aggregatable with prefixes of arbitrary bit-length, similar to IPv4 addresses under Classless Inter-Domain Routing. The latest global unicast address format, as specified in RFC 3587 – IPv6 Address architecture and RFC 4291 – IPv6 Global Unicast Address Format, is expected to become the predominant format used for IPv6 nodes connected to the Internet.



 Global Routing Prefix. A value assigned to a site for a cluster of subnets/links. The global routing prefix is designed to be structured hierarchically by the RIRs and ISPs.

 Subnet ID. An identifier of a subnet within the site. The subnet field is designed to be structured hierarchically by site administrators.



 Interface ID. Interface identifiers in IPv6 unicast addresses are used to identify interfaces on a link. They are required to be unique within a subnet

prefix. Do not assign the same interface identifier to different nodes on a link. They can also be unique over a broader scope.

In some cases, an interface's identifier will be. derived directly from that interface's link layer address (Modified EUI-64 format).

The same interface identifier can be used on multiple interfaces on a single node as long as they are attached to different subnets.


IPv6: Type of addresses multicast addresses

 A multicast address is an identifier assigned to a set of interfaces on multiple hosts. Packets sent to that address will be delivered to all interfaces corresponding to that address (“Internet Group Management Protocol, IGMP, in IPv4)”. There are no broadcast addresses in IPv6, their function being superseded by multicast addresses.



 FP Format Prefix: 1111 1111.  Flags:

0000. Permanent address assigned by a numbering authority.

0001. Transient address. Addresses of this kind can be established by applications as required. When the application ends, the address will be released by the application and can be reused.



 Scope. 0. Reserved 1. Confined to interfaces on the local node

(node-local) 2. Confined to nodes on the local link (link-local) 5. Confined to the local site 8. Confined to the organization E. Global scope F. Reserved



 Group ID. Identifies the multicast group. For example, if the NTP servers group is

assigned a permanent multicast address, with a group ID of &hex.101, then:

FF02::101 means all NTP servers on the same link as the sender

FF05::101 means all NTP servers on the same site as the sender


IPv6: Type of addresses special purpose multicast addresses

 FF01::1 All interfaces node-local  FF02::1 All nodes link-local  FF01::2 All routers node-local  FF02::2 All routers link-local  FF05::2 All routers site-local  FF02::B Mobile agents link-local  FF02::1:2 All DHCP agents link-local  FF05::1:3 All DHCP servers site-local


IPv6: Type of addresses anycast address

 An anycast address is a special type of unicast address that is assigned to interfaces on multiple hosts. Packets sent to such an address will be delivered to the nearest interface with that address. Routers determine the nearest interface based upon their definition of distance, for example, hops in case of RIP or link state in case of OSPF


IPv6: Type of addresses anycast address

 Anycast addresses use the same format as unicast addresses and are indistinguishable from them. However, a node that has been assigned an anycast address must be configured to be aware of this fact.

 RFC 4291 currently specifies the following restrictions on anycast addresses: An anycast address must not be used as the source address of a packet.

Any anycast address can only be assigned to a router.


IPv6: Header Format Traffic Class

 The 8-bit traffic class field allows applications to specify a certain priority for the traffic they generate, thus introducing the concept of class of service. This enables the prioritization of packets, as in Differentiated Services. DSCP Differentiated Services Code Point (6 bits).It

provides various code sets to mark the per-hop behavior for a packet belonging to a service class.

ECN Explicit Congestion Notification (2 bits). It allows routers to set congestion indications instead of simply dropping the packets. This avoids delays in retransmissions, while allowing active queuing management.


IPv6: Header Format Flow Labels

 IPv6 introduces the concept of a flow, which is a series of related packets from a source to a destination that requires a particular type of handling by the intervening routers, for example, real-time service. The nature of that handling can either be conveyed:

by options attached to the datagrams (that is, by using the IPv6 hop-by-hop options header), or

by a separate protocol (such as Resource Reservation Protocol (RSVP).


IPv6: Header Format Flow Labels

 All packets belonging to the same flow must be sent with the same source address, destination address, and flow label. The handling requirement for a particular flow label is known as the state information; this is cached at the router. When packets with a known flow label arrive at the router, the router can efficiently decide how to route and forward the packets without having to examine the rest of the header for each packet.

 See RFC 3697 for further details about the use of the flow label


IPv6: Header Format IPv6 Security

 There are two optional headers defined for security purposes: Authentication Header (AH) Encapsulated Security Payload (ESP)

 AH and ESP in IPv6 support authentication, data integrity, and optionally confidentiality. AH conveys the authentication information in an IP package, while ESP carries the encrypted data of the IP package


IPv6: Header Format IPv6 Security

 Either or both can be implemented alone or combined in order to achieve different levels of user security requirements. Note that they can also be combined with other optional header to provision security features. For example, a routing header can be used to list the intermediate secure nodes for a packet to visit on the way, thus allowing the packet to travel only through secure routers.

 IPv6 requires support for IPSec as a mandatory standard. This mandate provides a standards-based solution for network security needs and promotes interoperability.


IPv6: Header Format IPv6 Security: Authentication Header (AH)

 The authentication header is used to ensure that a received packet has not been altered in transit and that it really came from the claimed sender.

 The authentication header is identified by the value 51 in the preceding Next Header field.

 The format of the authentication header and further details are specified in RFC 4302.


IPv6: Header Format IPv6 Security: Encapsulating Security Payload (ESP)

 The Encapsulated Security Payload (ESP) is defined in RFC 4303. All data following the ESP header is encrypted.

 The packet begins with the Security Parameters Index (SPI) and Sequence Number (SN). Following these fields is the Payload Data, which has a substructure that depends on the choice of encryption algorithm and mode and on the use of TFC padding.

 Following the Payload Data are Padding and Pad Length fields and the Next Header field. The optional Integrity Check Value (ICV) field completes the packet.


IPv6: Header Format Packet Sizes

 All IPv6 nodes are expected to dynamically determine the maximum transmission unit (MTU) supported by all links along a path (as described in RFC 1191 – Path MTU Discovery) and source nodes will only send packets that do not exceed the path MTU. IPv6 routers will, therefore, not have to fragment packets in the middle of multihop routes and allow much more efficient use of paths that traverse diverse physical transmission media. IPv6 requires that every link supports an MTU of 1280 bytes or greater.


IPv6: Header Format IPv6 Security: Encapsulating Security Payload (ESP)

 The source node determines the maximum transmission unit or MTU for a path before sending a packet. If the packet to be sent is larger than the MTU, the packet is divided into pieces, each of which is a multiple of 8 bytes and carries a fragment header. The fragment header is identified by the value 44 in the preceding Next Header field.


IPv6: Header Format SUMMARY

Ver Traffic Class Flow Label

Payload Length Next

Header Hop Limit

Source Address

Destination Address

IPv6

40 b

ytes

32 bits

4-bit Internet Protocol version number: 6.

The 8-bit traffic class field it introduces the concept of

class of service. It has DSCP and ECN fields

The length of the packet in bytes (excluding this header) encoded as a 16-bit unsigned integer. If length > 64 KB, this field = 0 and an option header (Jumbo Payload) gives the true length.

All packets belonging to the same flow must be sent with the same source address, destination address, and flow label. 20-bit field

Indicates the type of header immediately following the basic IP header. It can indicate an IP option header or an upper layer protocol. 8-bit field.

This is similar to the IPv4 TTL field but it is now measured in hops and not seconds. 8-bit field.

Source and Destination addresses are a 128-bit

address


Internet Control Message Protocol Version 6 (ICMPv6)

 IP concerns itself with moving data from one node to another. However, in order for IP to perform this task successfully, there are many other functions that need to be carried out: error reporting, route discovery, and diagnostics, to name a few. All these tasks are carried out by the Internet Control Message Protocol. In addition, ICMPv6 carries out the tasks of conveying multicast group membership information, a function that was previously performed by the IGMP protocol in IPv4 and address resolution, previously performed by ARP (“Address Resolution Protocol (ARP)”).



 ICMPv6 messages and their use are specified in RFC 4443 – Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification and RFC 2461 – Neighbor Discovery for IP Version 6 (IPv6). Both RFCs are draft standards with a status of elective.

 Every ICMPv6 message is preceded by an IPv6 header (and possibly some IP extension headers). The ICMPv6 header is identified by a Next Header value of 58 in the immediately preceding header.



 Type. There are two classes of ICMPv6 messages. Error messages have a Type from 0 to 127. Informational messages have a Type from 128 to 255.



  1 Destination Unreachable   2 Packet Too Big   3 Time (Hop Count) Exceeded   4 Parameter Problem   128 Echo Request   129 Echo Reply   130 Group Membership Query   131 Group Membership Report   132 Group Membership Reduction   133 Router Solicitation   134 Router Advertisement   135 Neighbor Solicitation   136 Neighbor Advertisement   137 Redirect Message



 Code. Varies according to message type.  Checksum. Used to detect data corruption in the

ICMPv6 message and parts of the IPv6 header.  Body of message. Varies according to message

type.

For full details of ICMPv6 messages for all types, refer to RFC 4443.


ICMPv6 Neighbor Discovery

 Neighbor discovery is an ICMPv6 function that enables a node to identify other hosts and routers on its links. The node needs to know of at least one router so that it knows where to forward packets if a target node is not on its local link.

 Neighbor discovery also allows a router to redirect a node to use a more appropriate router if the node has initially made an incorrect choice.


ICMPv6 Neighbor Discovery: Address Resolution

 Workstation A needs to send data to workstation C. It knows the IPv6 address of workstation B, but it does not know how to send a packet, because it does not know its MAC address. To find this information, it sends a neighbor solicitation message.



Neighbor Solicitation Message



Neighbor Advertisement Message

  After workstation A receives this packet, it commits the information to memory in its neighbor cache, and then forwards the data packet that it originally wanted to send to workstation C.

  Neighbor advertisement messages can also be sent by a node to force updates to neighbor caches if it becomes aware that its link layer address has changed.




ICMPv6 Router and prefix discovery

 In a larger network, particularly one connected to the Internet, the neighbor discovery process is used to find nodes on the same link in exactly the same way. However, it is more than likely that a node will need to communicate not just with other nodes on the same link but with nodes on other network segments that might be anywhere in the world. In this case, there are two important pieces of information that a node needs to know: The address of a router that the node can use to

reach the rest of the world. The prefix (or prefixes) that define the range of IP addresses on the same link as the node that can be reached without going through a router.



 Routers use ICMPv6 to convey this information to hosts, by means of router advertisements. The message generally has one or more attached options.



Router advertisement message






The three possible options in a router advertisement message are:

 Option 1 (source link address). Allows a receiving node to respond directly to the router without having to do a neighbor solicitation.

 Option 5 (MTU) Specifies the maximum transmission unit size for the link. For some media, such as Ethernet, this value is fixed, so this option is not necessary.

 Option 3 (Prefix) Defines the address prefix for the link. Nodes use this information to determine when they do, and do not, need to use a router. Prefix options used for this purpose have the L (link) bit set on. Prefix options are also used as part of address configuration, in which case the A bit is set on.






192.168.1.0/24 192.168.2.0/24

192.168.3.0/24

fec0:0:0:1::/64 fec0:0:0:2::/64

fec0:0:0:3::/64

.1

.2 .3

.1

.1

.2

.2

fe80::202:3fff:fe2e:e72c link-local fec0::2:202:3fff:fe2e:e72c site-local

00:02:3f:2e:e7:2c

RFC 2461 RFC 2462

Direcciones IPv6 Direcciones IPv4 Direcciones Ethernet

192.168.2.2

RA RA

RA

Enrutamiento



192.168.2.2 192.168.1.2

OS: Win XP OS: Win XP

rl0 00:c0:26:50:07:31 de0 00:00:c0:a2:ca:dc

fe80::2c0:26ff:fe50:731 link-local fe80::200:c0ff:fea2:cadc link-local 192.168.2.1 192.168.1.1

00:02:3f:2e:e7:2c 00:00:39:73:20:c5

Direcciones IPv6 Direcciones IPv4 Direcciones Ethernet

Host A Host B

fec0::1:200:39ff:fe73:20c5 site-local fec0::2:202:3fff:fe2e:e72c site-local

fec0:0:0:1::/64 Prefix

192.168.1.0/24 fec0:0:0:2::/64 Prefix 192.168.2.0/24

RFC 2461 RFC 2462

fe80::200:39ff:fe73:20c5 link-local fe80::202:3fff:fe2e:e72c link-local fec0::2:202:3fff:fe2e:e72c site-local

192.168.2.0/24 fec0:0:0:2::/64 Prefix

Host C OS: Win XP

192.168.2.3 00:02:3f:2e:e7:2c

fe80::202:3fff:fe2e:e72c link-local

Router dual

RFC 2460



Router solicitation message



 Homework

Redirection Neighbor unreachability detection


ICMPv6 Autoconfiguration

 Although the 128-bit address field of IPv6 solves a number of problems inherent in IPv4, the size of the address itself represents a potential problem to the TCP/IP administrator. Because of this, IPv6 has been designed with the capability to automatically assign an address to an interface at initialization time, with the intention that a network can become operational with minimal to no action on the part of the TCP/IP administrator. IPv6 nodes generally use autoconfiguration to obtain their IPv6 address. This can be achieved using: DHCP, which is known as stateful autoconfiguration Stateless autoconfiguration, which is a new feature

of IPv6 and relies on ICMPv6.



  The stateless autoconfiguration process is defined in RFC 2462 – IPv6 Stateless Address Autoconfiguration. It consists of the following steps: During system startup, the node begins the autoconfiguration by

obtaining an interface token from the interface hardware (EUI-64 format)

B A C S

ROUTER

250:4ff:fe5c:b3f4

Token (Dir. MAC)



 The node creates a tentative link-local unicast address by combining the well-known link-local prefix (FE80::/10) with the interface token.

B A C S

ROUTER

fe80::

Prefijo Local

250:4ff:fe5c:b3f4

Token (Dir. MAC)



  The node attempts to verify that this tentative address is unique by issuing a neighbor solicitation message with the tentative address as the target. If the address is already in use, the node will receive a neighbor advertisement in response, in which case the autoconfiguration process stops. (Manual configuration of the node is then required.).

B A C S

ROUTER

D.A.=fe80:: 250:4ff:fe5c:b3f4

neighbor solicitation message

neighbor advertisement message

Manual configuration of the node is then required

If response

tentative



  If no response is received, the node assigns the link-level address to its interface. The host then sends one or more router solicitations to the all-routers multicast group.

B A C S

ROUTER

D.A.=fe80:: 250:4ff:fe5c:b3f4

neighbor solicitation message If no response

tentative

definitive

Router solicitation



B A C S

ROUTER

fe80:: 250:4ff:fe5c:b3f4

RA Prefijos: 3ffe:3328:1::/64

ff02::1

3ffe:3328:1::

Prefijo Global

250:4ff:fe5c:b3f4

Token (Dir. MAC)

 If there are any routers present, they will respond with a router advertisement.

If response



B A C S

ROUTER

fe80:: 250:4ff:fe5c:b3f4

If no response Router solicitation

 If no router advertisement is received, the node attempts to use DHCP to obtain an address and configuration information. If no DHCP server responds, the node continues using the link-level address and can communicate with other nodes on the same link only.

DHCP If no response



 If a router advertisement is received in response to the router solicitation, this message contains several pieces of information that tells the node how to proceed with the autoconfiguration process: M flag: Managed address configuration. If this bit is

set, the node used DHCP to obtain its IP address. O flag: Other stateful configuration. If this bit is

set, the node uses DHCP to obtain other configuration parameters.

Prefix option: If the router advertisement has a prefix option with the A bit (autonomous address configuration flag) set on, the prefix is used for stateless address autoconfiguration.



 If stateless address configuration is used, the prefix is taken from the router advertisement and added to the interface token to form the global unicast IP address, which is assigned to the network interface.

 The working node continues to receive periodic router advertisements. If the information in the advertisement changes, the node must take appropriate action


ICMPv6 Notes

 If stateless address configuration is used, the prefix is taken from the router advertisement and added to the interface token to form the global unicast IP address, which is assigned to the network interface.

 The working node continues to receive periodic router advertisements. If the information in the advertisement changes, the node must take appropriate action


ICMPv6 Notes

 Note that it is possible to use both stateless and stateful configuration simultaneously. It is quite likely that stateless configuration will be used to obtain the IP address, but DHCP will then be used to obtain further configuration information. However, plug-and-play configuration is possible in both small and large networks without the requirement for DHCP servers.

 The stateless address configuration process, together with the fact that more than one address can be allocated to the same interface, also allows for the graceful renumbering of all the nodes on a site (for example, if a switch to a new network provider necessitates new addressing) without disruption to the network. For further details, refer to RFC 2462.


Homework

 DNS in IPv6


IPv6 new oportunities

 IPv6 opens up new opportunities in infrastructure and services as well as in research opportunities.


IPv6 new infrastructure

  IPv6 can serve as the next generation wireless core network infrastructure.

  Additional sensor devices can be connected into the IPv6 backbone with an individual IP address.

  “Smart” networks with sufficient bandwidth and quality of service make the Internet available for phone calls and multimedia applications.

  As virtualization is widely deployed in both computing data centers and network services, the IPv6 functions become mandatory in security, in flow label processing, and so on.

  IPv6 can create a new virtual private network (VPN) infrastructure, with inherently built-in tunneling capabilities.

  Inside a computer, the traditional I/O bus architecture might be replaced by a pure IP packet exchanged structure.

  …


IPv6 new services

  Presence Service can be developed on top of Location Based Service (LBS).

  Voice and Video over IP (which we call V2oIP in IPv6) will replace traditional phone service and provide video services over IPv6.

  Always On Services (AOS) allows V2oIPv6 to be ready for service with ease of use. Communication sessions can be kept alive and active using IPv6 mobility functions as well as the IPv6 QoS capability.

  IPv6 Management Service (IMS) provides address automatic inventory, service provisioning, and service assurance services.

  IPv6 Testing Service (ITS) provides capabilities in functional conformance and performance testing for implementations of IETF IPv6 standards or RFCs

  …


IPv6 new research and development platforms

  The 6Bone consists of many islands supporting IPv6 packets, linked by tunnels across the existing IPv4 backbone. The 6Bone was widely used for testing of IPv6 protocols and products. By June 6th, 2006 the 6Bone was phased out per agreements with the IETF IPv6 community. http://www.6Bone.net

  The 6NET project demonstrated that growth of the Internet can be met using new IPv6 technology. 6NET built a native IPv6-based network connecting 16 European countries. The network allows IPv6 service testing and interoperability with enterprise applications. http://www.6net.org



 Internet2 built an experimental IPv6 infrastructure. The Internet2 consortium (not a network) established IPv6 working group to perform research and education in the following areas: Infrastructure engineering, operations, and

deployment Education for campus network engineers Exploring the motivation for use of IPv6 http://ipv6.internet2.edu



 Another regional IPv6 example is the MOONv6 project. Moonv6 is just one of the world's largest native IPv6 networks in existence.

http://www.moonv6.org/


New open research problems in IPv6

 IPv6 and next generation network architecture design:  Network infrastructure and service management: Peer-to-

peer (P2P) network applications are available to flood the Internet.

 Security: In addition to the native security functions supplied in IPv6 protocols, IPv6 network security architecture needs to define how to extend security across upper layers of IP networks.

 Real-time control capability: IPv6 quality of service features provide real-time support of voice and multimedia applications. Additional research topics include signaling and integration with IP multimedia subsystems.

 IPv6 network virtualization: Automatic configuration inventory and provisioning capabilities have to be studied in order to allocate networking resources and transport on demand.


Internet transition: Migrating from IPv4 to IPv6

 If the Internet is to realize the benefits of IPv6, a period of transition will be necessary when new IPv6 hosts and routers are deployed alongside existing IPv4 systems. RFC 2893 – Transition Mechanisms for IPv6 Hosts and Routers and RFC 2185 – Routing Aspects of IPv6 Transition define a number of mechanisms to be employed to ensure both compatibility between old and new systems and a gradual transition that does not impact the functionality of the Internet. These techniques are sometimes collectively termed Simple Internet Transition (SIT).


Internet transition: Migrating from IPv4 to IPv6

The transition employs the following techniques:   Dual-stack IP implementations for hosts and routers that must

interoperate between IPv4 and IPv6.   Imbedding of IPv4 addresses in IPv6 addresses. IPv6 hosts will

be assigned addresses that are interoperable with IPv4, and IPv4 host addresses will be mapped to IPv6.

  IPv6-over-IPv4 tunneling mechanisms for carrying IPv6 packets across IPv4 router networks.

  IPv4/IPv6 header translation. This technique is intended for use when implementation of IPv6 is well advanced and only a few IPv4-only systems remain.

Sistemas IPv4 Sistemas IPv4 Sistemas IPv6 Sistemas IPv4/IPv6

duales

Tiempo


Internet transition: Example of Migrating from IPv4 to IPv6.

Hosts IPv6/IPv4

Routers IPv4/IPv6

N1 N2 H1 H2

Hosts IPv4

Servidor DNS

Otros Dominios

Dominio X


Internet transition: Dual Stack

  Los sistemas (hosts y routers) mantienen dos pilas de protocolos en paralelo: IPv4 e IPv6

  Utilizan una u otra en función de la situación (ej: si el destinatario conoce IPv6 o sólo IPv4)

  Un sistema puede saber si otro “habla” IPv6 a través de consultas al DNS Subred (Ej: Ethernet)

IPv4

TCP

IPv6

UDP

Aplicación


Internet transition: Dual Stack

IPv4/IPv6 Dual Stack System


Internet transition: Tunneling

 When IPv6 or IPv6/IPv4 systems are separated from other similar systems with which they want to communicate by older IPv4 networks, IPv6 packets must be tunneled through the IPv4 network. IPv6 packets are tunnelled over IPv4 very simply: The IPv6 packet is encapsulated in an IPv4 datagram, or in other words, a complete IPv4 header is added to the IPv6 packet. The presence of the IPv6 packet within the IPv4 datagram is indicated by a protocol value of 41 in the IPv4 header.

 There are two kinds of tunneling of IPv6 packets over IPv4 networks: automatic and configured.


Internet transition: Tunneling

IPv4 Router

IPv6 / IPv4 Router

IPv6 / IPv4 Router

Origen

Destino

Nodo IPv6 / IPv4

Nodo IPv6 / IPv4

Internet IPv4


Internet transition: Automatic Tunneling

  Automatic tunneling can be either host-to-host, or it can be router-to-host. The mechanism used for automatic tunneling is very simple:   The encapsulating IPv4 datagram uses the low-order 32 bits of the

IPv6 source and destination addresses to create the equivalent IPv4 addresses and sets the protocol number to 41 (IPv6).

  The receiving node's network interface layer identifies the incoming packets (or packets if the IPv4 datagram was fragmented) as belonging to IPv4 and passes them upward to the IPv4 part of the dual IPv6/IPv4 internetwork layer.

  The IPv4 layer then receives the datagram in the normal way, reassembling fragments if necessary, notes the protocol number of 41, removes the IPv4 header, and passes the original IPv6 packet “sideways” to the IPv6 part of the internetwork layer.

  The IPv6 code then processes the original packet as normal. Because the destination IPv6 address in the packet is the IPv6 address of the node, the packet is at its final destination.


RA

IPv6 IPv4

Router-to-host automatic tunneling

Eduardo

Nota adhesiva

Son compatibles con IPv4 - Viaja al primer router, el router q le llega un paqete y lo encapsulo con una cabecera 1pv4, el valor net. 41 qioere deir que detras d el vien una direccion IPv6 - Viaja del router X hasta el nodo b en formato IPv4 hasta el nodo b, lo procesa y pregunta el valor


Host-to-host automatic tunneling

IPv4


Internet transition: Configured Tunneling

 Configured tunneling is used for host-router or router-router tunneling of IPv6-over-IPv4. The sending host or the forwarding router is configured so that the route, as well as having a next hop, also has a tunnel end address (which is always an IPv4-compatible address). The process of encapsulation is the same as for automatic tunneling, except that the IPv4 destination address is not derived from the low-order 32 bits of the IPv6 destination address, but from the low-order 32 bits of the tunnel end. The IPv6 destination and source addresses do not need to be IPv4-compatible addresses in this case.


 IPv4-compatible address (::<IPv4_address>)

 1.2.3.4 (hex 01.02.03.04) becomes ::0102:0304

 IPv4-mapped address (::FFFF:<IPv4_address>)

 1.2.3.4, becomes ::FFFF:0102:0304.


Internet transition: Configured Tunneling

 When the router at the end of the tunnel receives the IPv4 datagram, it processes it in exactly the same way as a node at the end of an automatic tunnel. When the original IPv6 packet is passed to the IPv6 layer in the router, it recognizes that it is not the destination, and the router forwards the packet on to the final destination as it would for any other IPv6 packet.

 It is, of course, possible that after emerging from the tunnel, the IPv6 packet is tunnelled again by another router.


RA

IPv4

IPv6

IPv6


Internet transition: Header translation

 Installing IPv6/IPv4 nodes allows for backward compatibility with existing IPv4 systems. However, when migration of networks to IPv6 reaches an advanced stage, it is likely that new systems being installed will be IPv6 only. Therefore, there will be a requirement for IPv6-only systems to communicate with the remaining IPv4-only systems. Header translation is required for IPv6-only nodes to interoperate with IPv4-only nodes. Header translation is performed by IPv6/IPv4 routers on the boundaries between IPv6 routed areas and IPv4 routed areas.


Interoperability summary

 Whether two nodes can interoperate depends on their capabilities and their addresses.

 An IPv4 node can communicate with: Any IPv4 node on the local link Any IPv4 node through an IPv4 router Any IPv6 node with IPv4-mapped address through a

header translator  An IPv6 node (IPv6-only address) can communicate

with: Any IPv6 node on the local link Any IPv6 node through an IPv6 router on the local

link (might require tunneling through the IPv4 network from the

router)


Interoperability summary

  Whether two nodes can interoperate depends on their capabilities and their addresses.

  An IPv6 node (IPv4-mapped address) can communicate with: Any IPv6 node on the local link Any IPv6 node through an IPv6 router on the local link (might

require tunneling through the IPv4 network from the router) Any IPv4 node through a header translator

  An IPv6/IPv4 node (IPv4-compatible address) can communicate with: Any IPv4 node on the local link Any IPv4 node through an IPv4 router on the local link Any IPv6 node on the local link Any IPv6 node through an IPv6 router on the local link (might

require tunneling through the IPv4 network from the router) Any IPv6/IPv4 node (IPv4-compatible address) through a host-to-

host tunnel


IPv6 migration to the world


Fuente: Página del proyecto IPv6 de la UNAM

IPv6 migration to Latin America


IPv6 migration at Mexico


Why IPv6?

3G RAN

  Solución ALL-IP: Integración de Redes y Servicios

IPv6 between

access systems Cable

DSL

WLAN RAS

RAS

RAS

IPv6 all-IP

Packet Core

3G-GGSN 3G RAN

ER/FW IPv4

(public or private)

ER/FW IPv6 (public or private)

PSTN

GW 3G-GGSN

3G-GGSN

Contents

Eduardo

Nota adhesiva

Pegamento entre todos los tipos de redes que hay en el mundo, como redes de celulares de ultima generacion (para acceder al backone los datos esta bajo IPv6).


References

  RFC 3041 – Privacy Extensions for Stateless Address Autoconfiguration in IPv6 (January 2001)

  RFC 3056 – Connection of IPv6 Domains via IPv4 Clouds (February 2001)   RFC 3307 – Allocation Guidelines for IPv6 Multicast Addresses (August 2002)   RFC 3315 – Dynamic Host Configuration Protocol for IPv6 (DHCPv6) (July 2003)   RFC 3484 – Default Address Selection for Internet Protocol version 6 (IPv6)

(February 2003)   RFC 3596 – DNS Extensions to Support IP Version 6 (October 2003) (Obsoletes

RFC3152, RFC1886)   RFC 3633 – IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP)

version 6 (December 2003)   RFC 3646 – DNS Configuration options for Dynamic Host Configuration Protocol for

IPv6 (DHCPv6) (December 2003)   RFC 3697 – IPv6 Flow Label Specification (March 2004)   RFC 3736 – Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6

(April 2004)   RFC 3775 – Mobility Support in IPv6 (June 2004)   RFC 3776 – Using IPSec to Protect Mobile IPv6 Signaling Between Mobile Nodes and

Home Agents (June 2004)


References

  RFC 3596 – DNS Extensions to Support IP Version 6 (October 2003) (Obsoletes RFC3152, RFC1886)   RFC 3633 – IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6 (December 2003)   RFC 3646 – DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6) (December

2003)   RFC 3697 – IPv6 Flow Label Specification (March 2004)   RFC 3736 – Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6 (April 2004)   RFC 3775 – Mobility Support in IPv6 (June 2004)   RFC 3776 – Using IPSec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents (June

2004)   RFC 3956 – Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address (November 2004)   RFC 4007 – IPv6 Scoped Address Architecture (March 2005)   RFC 4038 – Application Aspects of IPv6 Transition (March 2005)   RFC 4057 – IPv6 Enterprise Network Scenarios (June 2005)   RFC 4241 – A Model of IPv6/IPv4 Dual Stack Internet Access Service (December 2005)   RFC 4443 – Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6)

Specification (March 2006)   RFC 4302 – IP Authentication Header (December 2005)   RFC 4303 – IP Encapsulating Security Payload (ESP) (for v6 and v4) (December 2005)   RFC 2675 – IPv6 Jumbograms, August 1999)   RFC 2460 – Internet Protocol, Version 6 (IPv6) (December 1998)   RFC 4291 – IP Version 6 Addressing Architecture (February 2006)   RFC 3587 – IPv6 Global Unicast Address Format (August 2003)   RFC 2461 – Neighbor Discovery for IP Version 6 (IPv6) (December 1998)   RFC 2462 – IPv6 Stateless Address Autoconfiguration (December 1998)   RFC 3596 – DNS Extensions to Support IP Version6 (October 2003)   RFC 2893 – Transition Mechanisms for IPv6 Hosts and Routers (August 2000)

Technology

Modulo IPV6