IP version 6

1
IP version 6

• Colin King
• CPE 701

2
Overview

• Reasons for a next-generation IP
• IPv6 features
• Header format
• Address format
• Automatic configuration
• Security options
• DNS
• IGP/EGP
• Transition mechanisms
• ISP support

3
Reasons for a next-generation IP

• IPv4 address space running out
• Internet becoming more accessible
• Larger number of devices accessing the Internet
• Lack of security features in original IPv4
• Violations of the end-to-end principle
• Resource limitations in routers

4
IPv6 features

• 128-bit address space, compared to 32-bit from
  IPv4, allowing for a theoretical maximum of
  3.40x1038 addresses
• Simplified header, extra features are moved into
  separate optional headers
• Authentication and encryption using Ipsec
• Path MTU to replace fragmentation

5
IPv6 features

• Automatic configuration and route discovery
• Mobility
• Transition mechanisms from IPv4
• Extensibility using optional headers

6
Header format

• Version (4 bits) version 6
• Traffic class (8 bits) used to specify
  congestion control parameters from source
• Flow label (20 bits) used for QoS
• Payload length (16 bits) packet size in bytes
  excluding first header
• Next header (8 bits) protocol number of next
  header (6 tcp, 17 udp)
• Hop limit (8 bits) TTL field from IPv4
• Source and destination addresses (128 bits)

7
Header Format

• Optional headers
• 43 Source-based routing
• 44 Fragmentation parameters
• 50 Encapsulating Security Payload
• 51 Authentication Header
• Each optional header contains a length and a
  next-header number, allowing optional headers to
  be chained in a single IPv6 packet

8
Address format

• IPv6 address consists of 8 groups of 4
  hexadecimal digits separated by
• 200105c097dd021372fffe5e59f4
• A leading zero may be omitted in each part of the
  address
• 05c0 becomes 5c0, 0213 becomes 213
• A continuous set of zeros may be collapsed to
  once in an address
• 20015c097dd0000000000000001 becomes
  20015c097dd1

9
Address Format

• The form may be used anywhere in the address
  and only once
• 1, 20015c097dd
• Instead of a subnet mask, IPv6 uses the concept
  of a prefix, which is the number of bits that
  defines the network/host boundary. A / character
  is used to specify the prefix
• 20015c097dd/48

10
Address Format

• IPv6 reserves some addresses and blocks for
  specific uses
• Loopback address 1/128 (equivalent to 127.0.0.1
  in IPv4)
• Link-local addresses fe80/10 (similar to
  169.254.0.0/16 in IPv4)
• Site-local addresses fc00/7
• Multicast ff00/8
• ff01/8 node-local scope
• ff02/8 link-local scope
• ff05/8 site-local scope
• Global unicast 2000/3 (2000 to 3fff)

11
Automatic Configuration

• By default, IPv6 nodes are configured to use the
  neighbor discovery methods described in RFC 2461
• Nodes send router solicitation message to the
  all-routers multicast address ff022
• Routers advertise their address and prefix to the
  all-nodes address ff021 and in response to
  solicitation messages
• Nodes generally use their layer-2 address to
  generate part of their IPv6 address

12
Security options

• IPv6 includes two optional headers for security,
  using the IPsec implementation
• Authentication Header (51) - Used to verify the
  authenticity of the data
• Encapsulating Security Payload (50) - Contains
  encrypted data, usually the TCP or UDP packet
• Additional protocols are used to establish
  public/private keys, known as security
  associations

13
DNS

• The DNS protocol has not been significantly
  modified to support IPv6
• IPv6 adds a new record type to DNS called AAAA
  (this corresponds to the A record in IPv4)
• IPv6 adds a new root domain for reverse lookups
  called IP6.INT.
• When performing a reverse lookup, each
  hexadecimal digit in the IPv6 address is a
  separate field
• 20015c097dd21372fffe5e59f4 becomes
  4.f.9.5.e.5.e.f.f.f.2.7.3.1.2.0.d.d.7.9.0.c.5.0.1.
  0.0.2.ip6.int
• In contrast, 134.197.40.1 becomes
  1.40.197.134.in-addr.arpa in IPv4
• In February 2008, 6 root servers added support
  for IPv6 and AAAA

14
IGP/EGP

• RIP and OSPF have been replaced with RIPng and
  OSPFv2 in IPv6 environments. These protocols are
  significant modifications to RIP and OSPF
• Since IPv6 has no concept of a broadcast address,
  the link-level multicast address prefix ff02 is
  used
• Authentication is removed from OSPF in favor of
  IPsec
• BGP has no significant modifications but uses
  multiprotocol extensions to support IPv6

15
Transition mechanisms

• IPv6 includes some additional features to support
  limited communication with IPv4 devices and
  networks
• Dual stack
• IPv4 mapped addresses
• 6-to-4 tunneling
• 6-in-4 tunneling

16
Dual stack

• Nodes that support IPv6 are likely to support
  IPv4 at the same time
• The layer-3 functionality of the node will
  automatically determine whether to use IPv4 or
  IPv6 and will use IPv6 whenever available
• Current distributions of Linux and Windows Vista
  have IPv6 enabled by default
• Other modern operating systems including Windows
  XP include support for IPv6 which can be enabled
  manually

17
IPv4 mapped addresses

• Newer programs that do not explicitly support
  IPv4 may use the operating systems IPv6 layer to
  communicate with IPv4 hosts
• An IPv4 host may be represented in an IPv6
  address in the form ffffxxxxyyyy where xxxx
  and yyyy represent the 32-bit IPv4 address
• Example 10.0.0.1 becomes ffff0a000001
• The address format ffffx.x.y.y is also
  supported
• Example ffff10.0.0.1

18
6-to-4 tunneling

• In situations where communication between two
  IPv6 hosts must be done across an IPv4 cloud, it
  is possible to encapsulate one packet within
  another
• A 6-to-4 router will accept an IPv6 packet
  addressed to 2002xxxxyyyy/48 and encapsulate
  it within an IPv4 packet with the destination set
  to x.x.y.y
• The address format 2002x.x.y.y is also
  supported
• This form of routing is not possible over NAT

19
6-in-4 tunneling

• An alternative approach to 6-to-4 tunneling is
  6-in-4 tunneling, where two endpoints are
  configured to encapsulate IPv6 packets to each
  other
• Ideally, one of these endpoints should be
  connected to the public IPv6 network, however two
  private networks may be connected to each other
  this way
• Usually, an IPv6 packet is encapsulated in an
  IPv4 packet as protocol 41
• This type of tunneling allows communication with
  hosts outside of the 2002/16 block

20
ISP support

• Most ISPs currently do not support IPv6
• The expansion of IPv6 in the public Internet has
  slowed for two main reasons
• CIDR allows for finer granularity in address
  allocation
• NAT provides more connectivity but violates the
  end-to-end principle
• Estimates show the IPv4 unallocated space running
  out in 2011 or 2012

21
ISP support

• To connect to the public IPv6 network, there are
  some free 6-in-4 providers called tunnel brokers
• www.tunnelbroker.net
• www.sixxs.net
• www.go6.net
• Some tunnel brokers use special software to
  encapsulate packets between 2 IPv4 hosts (non
  protocol-41 encapsulation)