Introduction to the IPv6 Protocol - PowerPoint PPT Presentation

About This Presentation
Title:

Introduction to the IPv6 Protocol

Description:

IPv6 IETF Next Gen Internet Greg O Shea Microsoft Research – PowerPoint PPT presentation

Number of Views:185
Avg rating:3.0/5.0
Slides: 49
Provided by: josep410
Category:

less

Transcript and Presenter's Notes

Title: Introduction to the IPv6 Protocol


1
IPv6 IETF Next Gen Internet Greg
OShea Microsoft Research
2
Contents
  • Motivation
  • Addressing
  • Packet structure
  • ICMPv6 (Neighbor Discovery)
  • Address auto-configuration
  • IPSec
  • Mobile IPv6
  • Transitioning
  • Reflections

3
IPv4 a protocol for the present
  • 32-bits seemed plenty in 1978
  • Yield might be as low as 200M/4G
  • Shortage of class B addresses
  • NAT relieve pressure on address space
  • CIDR relieve pressure on routers
  • Is this too restrictive for the future?

4
IPv6 a protocol for the future
  • Anticipated growth of the Internet
  • 10 billion people by 2020 ?
  • Some with several computers
  • mobile phones (etc) with IP addresses?
  • Debate and proposals in IETF (1994)
  • Goal an IP address for every computer
  • Avoid restrictions of address shortage
  • IPv6 (1996) uses 128-bit addresses
  • cheap and easily acquired

5
Scalability and housekeeping
  • More efficient headers (router-friendly)
  • fixed header size, no options, wrt forwarding
  • extension headers follow IP hdr
  • Hierarchical route prefixes
  • Per Classless Inter-Domain Routing (CIDR)
  • route/n is route of prefix length 0ltnlt64
  • space-efficient longest-match route tables
  • Reduce net admin overheads
  • Stateless Address auto-configuration
  • And also Security (IPSec)
  • Security for IP layer (sometimes, in principle)
  • And also Mobility (MIPv6)
  • Support mobile hosts moving between IP nets

6
Notabilia
  • You have to modify your apps a little is enough
  • Struct sockaddr -gt SOCKADDRINFO
  • Gethostbyname() - gt getaddrinfo()
  • Does not modify TCP, UDP etc
  • Co-exists with IPv4, typically dual-stack
  • Why 128 bits? Room for hierarchical prefixes
  • 1500 lt packetsize lt 64KB
  • Min exploits most common case (eth)
  • Routers unlikely to fwd more than 64KB
  • No header checksum
  • L2, PPP and e.g. TCP checksums suffice
  • Saves routers recomputing cks(--HopCount)
  • No fragmentation between routers
  • Lost frag requires rexmit whole packet
  • Source learns PMTU from ICMPv6

7
Addressing
8
3ffe83100000000020d56fffe6df02c
64-bit network prefix
64-bit Interface Id
8-bit
13-bit
24-bit
3-bit
16-bit
SLA
001
TLA
Res
NLA
Interface Id
  • Type 001 Global aggregatable address
  • TLA Top Level Aggregator (think long haul)
  • NLA Next Level Aggregator (think NSP, ISP)
  • SLA Site Level Aggregator (think any.org)
  • Interface Id (unique)
  • Derived from MAC
  • Else manual else random else DHCPv6 else novel
    (e.g. CGA)
  • Collision avoidance via DAD (else feel wrath of
    IESG)

9
Primary Address Types
  • Global
  • Link-local (fe80/10)
  • Routers do not forward beyond link
  • Site-local (feco/10) (deprecated)
  • Routers do not forward beyond site
  • Multicast (ff00/8)
  • no broadcast in IPv6
  • FF021 (Link-local all-nodes address)
  • FF022 (Link-local all-routers address)
  • Null ( string of zero hextets)
  • Loopback 1

10
Packet Headers
11
IPv6 Header
  • Designed for efficiency in routers
  • Fixed size, no options
  • Larger (40-byte) but simpler to handle

12
Extension Headers
  • 1. Hop-by-Hop (e.g. MLD)
  • 2. Dest Opts header (intermediate nodes)
  • 3. Routing Header
  • 4. Fragment Header
  • 5. Authentication Header (AH) (deprecated)
  • 6. Encapsulating Security Payload (ESP) header
  • Destination Opts header (final destination)
  • Mobility Header

13
Compare headers (in your own time)
  • IPv4 Header Field Change in IPv6
  • Version New value of 6
  • Internet Header Length Removed
  • Type of Service Traffic Class field
  • Total Length Payload Length field
  • Identification Removed to Fragment extension
    header
  • Fragmentation Flags Removed to Fragment extension
    header
  • Fragment Offset Removed to Fragment extension
    header
  • Time to Live Hop Limit field
  • Protocol Next Header field
  • Header Checksum Removed
  • Source Address Same, new 128-bit length
  • Destination Address Same, new 128-bit length
  • Options Removed to extension headers

14
ICMPv6
15
ICMPv6 in general
  • Test reachability
  • ping, tracert
  • Error report
  • Destination Unreachable
  • Time Exceeded
  • Packet Too Big (ref PMTU discovery)
  • Multicast Listener Discovery (MLD)
  • e.g. join solicited node multicast group
  • Neighbor Discovery (ND)
  • Address resolution and 2-way reachable
  • Stateless addr autoconfig DAD

16
Neighbor Discovery (ND)
  • Router Solicitation (RS)
  • Exists a router?
  • Router Advertisement (RA)
  • publishes route, prefix and option info
  • Neighbor Solicitation (NS)
  • L3-gtL2 address resolution
  • Bi-directional reachable
  • maintain Neighbor Cache state
  • Neighbor Advertisement (NA)
  • Redirect

17
NCE state machine
18
Stateless address auto-configuration
19
IPv6 Address Autoconfiguration
  • Configure link-local address (fe80IFid)
  • Perform duplicate address detection
  • Send RS to discover router(s)
  • Receive RA(s)
  • Populate route table with routes from RA
  • Note /0 route published by default routers
  • Form tentative address(es) from (prefixIfid)
  • Start DAD on tentative address(es)
  • If DAD succeeds, address(es) preferred
  • O(1.5s) elapsed (mostly DAD timeout)

20
IPSec
21
Internet Protocol Security (IPSec)
  • Network-layer (IP-layer) security protocol.
  • Specified for IPv6 and IPv4.
  • Intended to replace all other Internet security
    protocols but probably won't.
  • End-to-end authentication and encryption between
    two IP hosts.
  • IP addresses used to as host identifiers.
  • Three steps
  • Configure Security Policy Database (SPD)
  • IKE or manual create Security Associations (SA).
  • ESP session protocol protects data.

22
IPSec Architecture
Untrusted network
Host A
Host B
IKE(v2)
IKE(v2)
Session Key
Session Key
  • Security associations (SA) created by IKE, used
    by IPSec.
  • Security policy guides SA creation and selection
    for use.

23
ESP Packet Format
ESP header and trailer SPI Sequence number
Padding ESP authentication trailer message
authentication code (MAC)
  • Original Packet

IP header
IP Payload
ESP in transport mode
Original
Original
IP header
ESP header
Auth trailer
ESP trailer
IP Payload
Encrypted
Authenticated
ESP in tunnel mode
Original
IP header
ESP header
IP Payload
IP header
Auth trailer
ESP trailer
Encrypted
Authenticated
24
Mobile IPv6 (2003)
25
The Problem internet hosts cannot move
  • Traditional IP address (network host-id)
  • is bound to a specific network
  • Connections break if node moves between nets
  • Okay for traditional, wired connections
  • Problem for mobile, wireless computers (future)

26
MIPv6 a game for three players...
  • Mobile Node (MN)
  • (s)he who moves between IP nets
  • Home Agent (HA)
  • Proxy on home net for absent MN
  • Correspondent Node (CN)
  • (s)he who speaks with a MN
  • Potentially every IPv6 node is a CN
  • Potentially the CN is also an MN

27
involving up to four addresses
  • Home Address (HoA)
  • where apps think host is
  • Care-Of Address (CoA)
  • where host actually is
  • IP header
  • Source CoA where sender is attached
  • Dest CoA where destination is attached
  • Home Address Destination Option
  • HoA of sender, if sender is MN abroad
  • Routing Header (Type 2)
  • HoA of recipient, if recipient is MN abroad

28
Messages and data structures
  • Binding Update (HoA, CoA)
  • Sent by MN to inform CN (or HA) of its
    whereabouts
  • Binding Cache on CN and HA
  • list of Binding Updates accepted
  • Binding Update List on MN
  • list of BUs sent that have not yet expired

29
Mobile on home net,Correspondent elsewhere
30
Packets arrive on home net (normal)
31
Mobile node moves abroad
32
Mobile tells HA its whereabouts
IPSec Transport
33
Home Agent fwds to mobile
IPSectunnel
34
HoTi Request K0 from CN
IPSectunnel
35
HoT Get K0 HMAC(HoA)Kcn
IPSectunnel
36
CoTi Request K1 from CN
37
CoT Get K1 HMAC(CoA)Kcn
38
BU key K SHA1(K0, K1)
39
CN regenerates K bypasses HA
40
Transitioning
41
Microsoft IPv6 Deployment
  • Native v6 indicated by circles
  • Also in Cambridge, U.K.
  • ISATAP available in all buildings and all
    locations
  • Native and ISATAP can communicate via ISATAP
    routers
  • Microsoft publicly hosts Teredo servers on the
    Internet

42
v4/v6 Co-Existence Strategy
ISATAP Router 6to4 Router
6to4 Router
6to4 Relay
6to4
6to4 IDG
6to4 Relay ISATAP Teredo Relay
43
IPv6 Transitioning Overview
  • Fragmented IPv6 infrastructure
  • Bridge the gaps using IPv4 tunnels
  • 6to4 tunneling uses (2002/16 routes)
  • 6to4 router with public V4ADDRw.x.y.z
  • forms 2002V4ADDRIFid and publishes in DNS
  • Advertises 2002V4ADDR/48 (local)
  • Advertises 2002/16 (offsite) via its IF3
  • Isolated IPv6 host can tunnel to known 6to4
    router
  • ISATAP for isolated hosts on IPv4 intranet
  • Host looks up ISATAP to find ISATAP router
  • Host configures e.g. fe8005EFEw.x.y.z(2)
  • Host sends via tunnel IF(2) (wraps v6 in v4)
  • Tunneled RS/RA to ISATAP router yields offsite
    routes
  • Teredo if behind a v4 NAT that cant do 6to4
  • 3FFE831F/32 prefix (TBC, awaiting IANA)
  • 3ffe831fwwxxyyzzencoding (read the docs)
  • IPv6 tunneled over UDP port 3544 /IPv4 from host
    to Teredo server

44
Reflections
45
Reflections on MIPv6
  • From 20 pages (1996) to 219 pages (2003)
  • Modified (IPSec, RA, RH2, DAD, ND)
  • New (MH, HAO, DHAAD, MPS)
  • Loose consensus and working code
  • Good people all agree that spec looks okay
  • Try to implement discover it isnt okay
  • compliance tests become definitive interpretation
  • Debate on IETF list fight your corner
  • Politics choose IPSec if possible
  • Security based on IPSec AH didnt scale.
  • Editorial riding the paper tiger
  • For use on corp nets? Carrier nets? Both?
  • Why must the home net exist ?
  • Would tunnel be better than HAO RH2 ?
  • Some want alternative to IPSec (Hot Topic)
  • What are the scenarios ?

46
Deployment of IPv6
  • Base specs in place and stable
  • Production implementations
  • routers, BSD, Linux, Windows
  • Demand from Far East, then Europe
  • Recently mandated by U.S. DoD
  • Time and to change and retest apps
  • Need apps that survive loss of IPv4
  • Dominant in 10 years? Ever?
  • Where are the production nets ?
  • not tunnels or experimental

47
References
  • http//www.ietf.org/
  • http//www.uk.ipv6tf.org/
  • http//www/microsoft.com/ipv6
  • http//www.ipv6forum.com/
  • http//www.ipv6tf.org/

48
Questions
Write a Comment
User Comments (0)
About PowerShow.com