Chapter 27 - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 27 PowerPoint Presentation
play fullscreen
1 / 77
Chapter 27
172 Views
Download Presentation
nasya
Download Presentation

Chapter 27

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Chapter 27 Next Generation: IPv6 and ICMPv6 Objectives Upon completion you will be able to: • Understand the shortcomings of IPv4 • Know the IPv6 address format, address types, and abbreviations • Be familiar with the IPv6 header format • Know the extension header types • Know the differences between ICMPv4 and ICMPv6 • Know the strategies for transitioning from IPv4 to IPv6 TCP/IP Protocol Suite

  2. 27.1 IPv6 IPv6 has these advantages over IPv4: 1. larger address space 2. better header format (options separated from base header, makes router faster since options don’t need to be checked)3. new options (as we will see) 4. allowance for extension (protocol can be extended if necessary)5. support for resource allocation (new field flow label can be used to designate real time traffic) 6. support for more security (encryption and authentication options provide confidentiality) TCP/IP Protocol Suite

  3. Figure 27.1IPv6 address How many addresses is 2128? 3.4 x 1038 How big is that? You can give out 1 million addresses every picosecond (10-12 seconds) … TCP/IP Protocol Suite 1.078x1012

  4. Figure 27.2Abbreviated address TCP/IP Protocol Suite

  5. Figure 27.3Abbreviated address with consecutive zeros Note: can only use this more abbreviated form once per address. Just align the unabbreviated forms and then insert zeros. TCP/IP Protocol Suite

  6. Figure 27.4CIDR address TCP/IP Protocol Suite

  7. Figure 27.5Address structure Three types of address: unicast, anycast, and multicast. We already know the unicast and multicast addresses. Anycast defines a group of computers with addresses that have the same prefix address. Just need to deliver to one of those in that address range. (This could be used to send an HTTP GET to the nearest of a number of mirror sites that contain the document.) The first part of an IPv6 address is the Type Prefix. This defines the purpose of the IP address. TCP/IP Protocol Suite

  8. Table 27.1 Type prefixes for IPv6 addresses Fraction of all addresses TCP/IP Protocol Suite

  9. INTERNET PROTOCOL VERSION 6 ADDRESS SPACE [last updated 05 October 2005] IPv6 Prefix Allocation Reference Note 0000::/8 Reserved by IETF [RFC3513] [1] [5] 0100::/8 Reserved by IETF [RFC3513] 0200::/7 Reserved by IETF [RFC4048] [2] 0400::/6 Reserved by IETF [RFC3513] 0800::/5 Reserved by IETF [RFC3513] 1000::/4 Reserved by IETF [RFC3513] 2000::/3 Global Unicast [RFC3513] [3] 4000::/3 Reserved by IETF [RFC3513] 6000::/3 Reserved by IETF [RFC3513] 8000::/3 Reserved by IETF [RFC3513] A000::/3 Reserved by IETF [RFC3513] C000::/3 Reserved by IETF [RFC3513] E000::/4 Reserved by IETF [RFC3513] F000::/5 Reserved by IETF [RFC3513] F800::/6 Reserved by IETF [RFC3513] FC00::/7 Unique Local Unicast [RFC4193] FE00::/9 Reserved by IETF [RFC3513] FE80::/10 Link Local Unicast [RFC3513] FEC0::/10 Reserved by IETF [RFC3879] [4] FF00::/8 Multicast [RFC3513] TCP/IP Protocol Suite

  10. Notes: [0] The IPv6 address management function was formally delegated to IANA in December 1995 [RFC1881]. [1] The "unspecified address", the "loopback address", and the IPv6 Addresses with Embedded IPv4 Addresses are assigned out of the 0000::/8 address block. [2] 0200::/7 was previously defined as an OSI NSAP-mapped prefix set [RFC1888]. This definition has been deprecated as of December 2004 [RFC4048]. [3] The IPv6 Unicast space encompasses the entire IPv6 address range with the exception of FF00::/8. [RFC3513] IANA unicast address assignments are currently limited to the IPv6 unicast address range of 2000::/3. IANA assignments from this block are registered in the IANA registry: iana-ipv6-unicast-address-assignments. [4] FEC0::/10 was previously defined as a Site-Local scoped address prefix. This definition has been deprecated as of September 2004 [RFC3879]. [5] 0000::/96 was previously defined as the "IPv4-compatible IPv6 address" prefix. This definition has been deprecated by [RFC-ietf-ipv6-addr-arch-v4-04.txt]. TCP/IP Protocol Suite

  11. Figure 27.6Provider-based unicast addresses A provider-based unicast address is generally used by a normal host as a unicast address. (Also known as aggregatable global unicast addresses.) Provider identifier - who provides the Internet access, such as an ISP (variable length field but 16 bits recommended). Subscriber identifier - when an org subscribes to the Internet through a provider, it is assigned a subscriber ID (24 bits recommended). Subnet identifier - identifies a subnet for the subscriber (32 bits recom.). Node identifier - 48 bits recommended, same as NIC address Defines the agency that has registered the address. INTERNIC for North America; RIPNIC for Europe; APNIC for Asian and Pacific countries. TCP/IP Protocol Suite

  12. Figure 27.7Address hierarchy This is just one big hierarchy! TCP/IP Protocol Suite

  13. Figure 27.8Unspecified address All addresses that start with 8 0s are reserved and have special meanings. Here are a few of them: Unspecified address When a host does not know its own address. So it uses 128 0s. Loopback address This address can be used for loopback testing - from application layer to network layer and then back to application layer. TCP/IP Protocol Suite

  14. Figure 27.10Compatible address If you want to simply convert an IPv4 address to an IPv6 address, you can imbed the 32-bit address into the 128 bit address space as below. But this form is not used much anymore, so use … TCP/IP Protocol Suite

  15. Figure 27.11Mapped address You can also do it this way (as a mapped address). TCP/IP Protocol Suite

  16. Figure 27.12Link local address and site local address These address are used if a LAN uses the Internet protocols but is not connected to the Internet for security reasons. Nobody outside an isolated network can send a message to the computers attached to a network using these addresses. These addresses are used if a site with several networks uses the Internet protocols but is not connected to the Internet (also for security reasons). TCP/IP Protocol Suite

  17. Figure 27.14Multicast address Permanent addresses are defined by the Internet authority and can be accessed at all times. Transient addresses are temporary, such as used in a teleconference. TCP/IP Protocol Suite

  18. Table 27.5 Comparison between IPv4 and IPv6 packet header TCP/IP Protocol Suite

  19. Figure 27.15IPv6 Packet Format TCP/IP Protocol Suite

  20. Figure 27.16Format of an IPv6 datagram Version - four bits, has the value 6 PRI - Priority field defines the priority of the packet with respect to traffic congestion (also called Traffic Class) Flow label - 24-bit field to provide special handling for a particular data flow (more on this later) Next header - defines the header that follows the base header. Each extension header also contains this field (more on this later) TCP/IP Protocol Suite

  21. Table 27.3 Priorities for congestion-controlled traffic If a source can adapt itself to traffic slowdown when there is congestion, the traffic is referred to as congestion-controlled traffic. TCP/IP Protocol Suite

  22. Table 27.4 Priorities for noncongestion-controlled traffic These priorities are assigned to those types of traffic that do not adapt well to congestion control techniques. For example, real-time traffic would be assigned these values. Lower priorities for data with more redundancy, such as high- fidelity audio or video. Higher priorities for data with less redundancy, such as low-fidelity audio or video. TCP/IP Protocol Suite

  23. Flow Label A flow of packets is a sequence of packets sent from a source to a destination and requires special handling by routers. The combination of source address and flow label value uniquely identifies a flow of packets. Kind of like creating a virtual circuit - router looks in table for flow label to see if it needs to be treated specially. Faster than consulting a routing table, so these packets should move faster. For example, real-time data should benefit from this (will need other protocols such as Real-Time Protocol or Resource Reservation Protocol). Sounds like MPLS, but MPLS is designed for MPLS-based edge routers, whereas flow label is end to end. TCP/IP Protocol Suite

  24. Flow Label The flow label is assigned to a packet by the source host. It is a random 24-bit value. A source must not reuse a flow label for a new flow while the existing low is still alive. If a host does not support the flow label, it sets this field to zero. If a router does not support the flow label, it ignores it. All packets belonging to the same flow label have the same source, destination, priority, and options. TCP/IP Protocol Suite

  25. Figure 27.17Extension header format TCP/IP Protocol Suite

  26. Table 27.2 Next header codes Note how NextHeader cleverly replaces both the IP options and the Protocol field of IPv4. If there are no extension headers, then next header value tells you what the higher layer protocol is (2,6,17). TCP/IP Protocol Suite

  27. Figure 27.18Extension header types Six different types of extension headers: Let’s take a brief look at each of these. TCP/IP Protocol Suite

  28. Figure 27.19Hop-by-hop extension header option Used when a source needs to pass information (such as management, debugging, or control functions) to all routers visited by the datagram. TCP/IP Protocol Suite

  29. Figure 27.20The format of options in a hop-by-hop option header Note: Only 3 types defined thus far. Pad1 and PadN are used for alignment (some options need to start on 32-bit word boundaries). Jumbo payload informs routers that the payload in this packet is greater than max of 65,535 bytes. TCP/IP Protocol Suite

  30. Figure 27.24Source routing extension header Combines the concepts of the strict source router and the loose source route options of IPv4. Type field defines loose or strict routing. TCP/IP Protocol Suite

  31. Figure 27.25Source routing example TCP/IP Protocol Suite

  32. Figure 27.26Fragmentation Similar concept to IPv4, except where IPv4 the source OR a router can fragment, in IPv6 ONLY the source can fragment. TCP/IP Protocol Suite

  33. Figure 27.27Authentication Can be used to validate the message sender and ensure the integrity of the data. The Security parameter index field defines the algorithm used for authentication. The Authentication data field contains the actual data generated by the algorithm. Many different algorithms can be used for authentication. TCP/IP Protocol Suite

  34. Figure 27.29Encrypted security payload Can be used to encrypt the payload. Security parameter index field defines the type of encryption/ decryption used. Encryption can be implemented in two ways: transport mode and tunnel mode. TCP/IP Protocol Suite

  35. Figure 27.30Transport mode encryption In the transport mode the datagram is first encrypted then encapsulated in an IPv6 packet. Used to encrypt data from host to host. Note that the Base and other headers is not encrypted. TCP/IP Protocol Suite

  36. Figure 27.31Tunnel-mode encryption In the tunnel-mode, the entire IP datagram with its base header and extension headers is encrypted and then encapsulated in a new IP packet using the ESP extension header. Used mostly by security gateways to encrypt data. TCP/IP Protocol Suite

  37. Table 27.6 Summary:Comparison between IPv4 options and IPv6 extension headers TCP/IP Protocol Suite

  38. 27.2 ICMPv6 ICMPv6, while similar in strategy to ICMPv4, has changes that makes it more suitable for IPv6. ICMPv6 has absorbed some protocols that were independent in version 4. The topics discussed in this section include: Error Reporting Query TCP/IP Protocol Suite

  39. Figure 27.32Comparison of network layers in version 4 and version 6 Note how ICMPv6 incorporates IGMP, ICMP, ARP, and RARP! TCP/IP Protocol Suite

  40. Figure 27.33Categories of ICMPv6 messages Same as version 4 TCP/IP Protocol Suite

  41. Figure 27.34General format of ICMP messages Type field tells which kind of ICMP message; Code field defines further the kind of the type TCP/IP Protocol Suite

  42. Figure 27.35Error-reporting messages TCP/IP Protocol Suite

  43. Table 27.7 Comparison of error-reporting messages in ICMPv4 and ICMPv6 TCP/IP Protocol Suite

  44. Figures 27.36 to 27.39 Code 0: no path 1: comm. prohibited 2: strict source routing impossible 3: dest unreachable 4: port not available Destination unreachable Packet too big Time exceeded Parameter problems 0: hop limit zero 1: fragments did not arrive 0:error in header 1: error in ext head 2: error in option TCP/IP Protocol Suite

  45. Figure 27.40Redirection message format new field TCP/IP Protocol Suite

  46. Figure 27.41Query messages TCP/IP Protocol Suite

  47. Table 27.8 Comparison of query messages in ICMPv4 and ICMPv6 Timestamp request and reply not needed here since TCP does it (and it is rarely used anyway). Address mask request and reply not needed since IPv6 address format allows for 2^32 - 1 different subnets. TCP/IP Protocol Suite

  48. Figure 27.42Echo request and reply messages Recall this is designed for diagnostic purposes. Network managers use this pair to identify network problems. With these they can determine whether two systems can communicate with each other. TCP/IP Protocol Suite

  49. Figure 27.43Router-solicitation and advertisement message formats Recall: router solicitation is used to ask other routers who is out there; router advertisement is returned from a router saying “Here I am”. TCP/IP Protocol Suite

  50. Figure 27.44Neighbor-solicitation and advertisement message formats This pair essentially replaces ARP in IPv6. TCP/IP Protocol Suite