DOCSLIB.ORG

INTRODUCTION to the INTERNET PROTOCOL How Does IP Impact Control Networks? by George Thomas, Contemporary Controls

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Volume 1 • Issue 4 Winter 1999 Introduction to Industrial Ethernet, Part 2. Part 1 was featured in Issue 3, the Fall 1999. If you would like a copy, please send your request to EXTENSION [email protected] A Technical Supplement to control NETWORK INTRODUCTION TO THE INTERNET PROTOCOL How does IP impact control networks? By George Thomas, Contemporary Controls Application TELNET FTP SMTP DNS SNMP DHCP INTRODUCTION Presentation Session The push to incorporate Industrial RIP Ethernet or even “plain vanilla” Ethernet into control networks Transport RTP Transmission User Diagram implies that by making that choice OSPF RTCP Control Protocol Protocol completes the selection process. As mentioned in a previous article, Ethernet II and IEEE 802.3 are IGMP ICMP strictly data link layer technologies Internet Protocol which do not guarantee the deliv- Network ery of messages over a network or between networks. Protocol stacks ARP such as TCP/IP or SPX/IPX provide that functionality and without them Ethernet would be useless. With Data Link Ethernet ARCNET Token Ring FDDI the immense interest in the Physical Internet and the potential of at- taching control networks to the to guarantee the delivery of mes- Figure 1. The TCP/IP stack is actually a Internet, the protocol stack of sages. Above TCP is the applica- set of protocols. IP resides at the choice is TCP/IP because it pro- network layer of the OSI Reference tion layer. The services of the Model shown on the left. vides the foundation for the presentation and session layers of Internet. This article addresses the OSI Reference Model are in- lump these fields into Ethernet issues related to the IP portion of corporated into the application header, data and trailer fields The the TCP/IP stack as it applies to layer. Therefore, the reference IP data sits above the data link control networks. model for TCP/IP-based systems layer and its data, called a data- actually consists of only five gram, is inserted into the data field layers. Technologies such as THE TCP/IP STACK of the Ethernet frame. The data- Ethernet II and IEEE 802.3 reside gram has it own header and data Actually TCP/IP is a set of proto- at the lower data link and physical fields but no trailer field. Above cols defined by a series of RFCs layers of the same model. the IP layer is the transport layer (request for comments) that have where TCP and User Datagram evolved over the years. In general Protocol (UDP) reside. Data from the Internet Protocol (IP) is used DATA ENCAPSULATION this layer is likewise applied to the to route messages between net- The data sent over wires is repre- data portion of the IP datagram. works and, therefore, properly sented as frames. An Ethernet II TCP applies segments while UDP resides at the network layer of frame consists of a preamble, applies datagrams. Both TCP and the OSI Reference Model. source and destination addresses, UDP have headers as well. Finally Transmission Control Protocol type field, data field and a frame above the transport layer is the (TCP) sits on top of IP and is used sequence check field. You can application layer which needs to 1 USER DATA works thereby corrupting data- grams. It is not the responsibility of APPLICATION IP to guarantee the delivery of mes- APPL sages and, therefore, IP is frequent- HEADER USER DATA ly termed an unreliable delivery service. That may be a little harsh TCP of a criticism of IP but it is the re- sponsibility of the transport layer TCP APPLICATION DATA HEADER and not the network layer to guar- TCP SEGMENT antee end-to-end message delivery. IP IP is simply responsible for the ad- IP TCP dressing and routing of datagrams. HEADER HEADER APPLICATION DATA IP DATAGRAM ETHERNET DRIVER ROUTERS AND HOSTS ETHERNET IP TCP ETHERNET Unlike repeaters that operate at the HEADER HEADER HEADER APPLICATION DATA TRAILER ETHERNET physical layer and bridges that ETHERNET FRAME operate at the data link layer, routers operate at the network 46 TO 1500 BYTES layer. A router is used to intercon- nect two networks together to Figure 2. The wrapping of data into the sends datagrams. Finally, the appli- form an internet. An internet is a data field of the next immediate lower cation sends data. To further add general term used to denote a col- layer is called encapsulation. to the confusion, the terms packet lection of networks. It is not to be and frame are sometimes used in- confused with the Internet which terchangeably. is the public network that requires insert its own data into the data strict addressing standards in order portion of the transport layer as for different systems to communi- well as its own header. THE INTERNET PROTOCOL cate. With a control network, we The Internet Protocol provides the may want to keep it completely This application data is simply re- basic unit of data transfer, provides private and not connect it to the ferred to as data since there is no addressing, routing and fragmenta- Internet or the corporate internet defined structure in terms of the tion. The Internet Protocol resides (sometimes called an Intranet) but TCP/IP stack. That is why if two at the network layer and sends and if we do we will need a router. application data structures are dif- receives blocks of data called data- This is being mentioned here ferent, communication between grams received from upper layer because IP is a routable protocol these applications will not be ef- software. IP feeds these datagrams and routers are used to implement fective even with strict adherence to its attached data link layer the protocol. to TCP/IP standards. which sends and receives these datagrams as a series of packets. A datagram is analogous to a first- The end-to-end devices on the in- This wrapping of data within the class letter sent in the Post. In ternet are called hosts. If two hosts data field of the next immediate general, it will reach its destination are on the same local network, then lower layer of the protocol stack is but there is no formal acknowl- messages are routed directly involv- called encapsulation while the un- edgement that the letter was re- ing no routers. If the two hosts are wrapping of the same data at the ceived like there would be with on different networks, a router must receiving side is called demulti- either registered or certified mail. pass the message. This is called in- plexing. In order to reduce confu- IP utilizes a “best effort” or “con- direct routing. sion on what is the actual data we nectionless” delivery service will say that frames are sent over between source and destination IP ADDRESSING the data link layer. The IP sends addresses. It is connectionless out datagrams to the data link because there was no formal The IP is responsible for source layer in the form of packets. A session established between the and destination addresses and its packet can be a datagram or a source and destination before the structure is defined in RFC 761. fragment of a datagram. The TCP data was sent. Packets can be lost IPv4 is the most common version sends segments while the UDP as they traverse the network or net- of addressing and it uses 32-bit ad- 2 dressing. The newer IPv6 calls for shown as a decimal number from If the first two bits of the first byte 128-bit addressing and was devel- 0 to 255. Therefore, an IP address are a “10,” then this is a class B oped because the explosive growth is usually represented as address. With class B addresses of the Internet will soon deplete XXX.XXX.XXX.XXX. This address the first two bytes identify the the inventory of possible 32-bit ad- can be shown as a binary or hexa- network and the remaining two dresses. IPv6 will not be discussed decimal number as well but the bytes identify the host. This pro- here since there is ample confu- decimal-dot-decimal notation is the vides a slightly more reasonable sion in simply discussing 32-bit IP most popular. Therefore, the range 65,534 host addresses. addressing. of addresses is from 0.0.0.0 to 255.255.255.255. An example of an address would be 128.8.120.5 but If the first three bits of the first An IP address must not only looking at the address it is hard to byte are a “110,” then this is a address a particular host but a par- tell which is the network address class C address. With class C ad- ticular network as well. The IP and which is the host address. dresses the first three bytes identi- address must not be confused with fy the network and the remaining the Ethernet II address which is a byte identifies the host. This pro- 48-bit address sometimes called There are five classes of IP ad- vides a reasonable 254 hosts. the MAC address. The MAC dresses: A, B, C, D, E. Class D is address is used to facilitate com- for multicasting, a message from munication only at the data link one host to many hosts, and class Class D and class E addresses can layer. The IP address facilitates E is reserved for experiments. That be identified in the same way. A communication over networks and leaves classes A, B and C which class D address has a leading bit must be universally recognized, are the most important.
Recommended publications
  • DE-CIX Academy Handout

    DE-CIX Academy Handout

    Networking Basics 04 - User Datagram Protocol (UDP) Wolfgang Tremmel [email protected] DE-CIX Management GmbH | Lindleystr. 12 | 60314 Frankfurt | Germany Phone + 49 69 1730 902 0 | [email protected] | www.de-cix.net Networking Basics DE-CIX Academy 01 - Networks, Packets, and Protocols 02 - Ethernet 02a - VLANs 03 - the Internet Protocol (IP) 03a - IP Addresses, Prefixes, and Routing 03b - Global IP routing 04 - User Datagram Protocol (UDP) 05 - TCP ... Layer Name Internet Model 5 Application IP / Internet Layer 4 Transport • Data units are called "Packets" 3 Internet 2 Link Provides source to destination transport • 1 Physical • For this we need addresses • Examples: • IPv4 • IPv6 Layer Name Internet Model 5 Application Transport Layer 4 Transport 3 Internet 2 Link 1 Physical Layer Name Internet Model 5 Application Transport Layer 4 Transport • May provide flow control, reliability, congestion 3 Internet avoidance 2 Link 1 Physical Layer Name Internet Model 5 Application Transport Layer 4 Transport • May provide flow control, reliability, congestion 3 Internet avoidance 2 Link • Examples: 1 Physical • TCP (flow control, reliability, congestion avoidance) • UDP (none of the above) Layer Name Internet Model 5 Application Transport Layer 4 Transport • May provide flow control, reliability, congestion 3 Internet avoidance 2 Link • Examples: 1 Physical • TCP (flow control, reliability, congestion avoidance) • UDP (none of the above) • Also may contain information about the next layer up Encapsulation Packets inside packets • Encapsulation is like Russian dolls Attribution: Fanghong. derivative work: Greyhood https://commons.wikimedia.org/wiki/File:Matryoshka_transparent.png Encapsulation Packets inside packets • Encapsulation is like Russian dolls • IP Packets have a payload Attribution: Fanghong.
  • IP Datagram ICMP Message Format ICMP Message Types

    IP Datagram ICMP Message Format ICMP Message Types

    ICMP Internet Control Message Protocol ICMP is a protocol used for exchanging control messages. CSCE 515: Two main categories Query message Computer Network Error message Programming Usage of an ICMP message is determined by type and code fields ------ IP, Ping, Traceroute ICMP uses IP to deliver messages. Wenyuan Xu ICMP messages are usually generated and processed by the IP software, not the user process. Department of Computer Science and Engineering University of South Carolina IP header ICMP Message 20 bytes CSCE515 – Computer Network Programming IP Datagram ICMP Message Format 1 byte 1 byte 1 byte 1 byte VERS HL Service Total Length Datagram ID FLAG Fragment Offset 0781516 31 TTL Protocol Header Checksum type code checksum Source Address Destination Address payload Options (if any) Data CSCE515 – Computer Network Programming CSCE515 – Computer Network Programming ICMP Message Types ICMP Address Mask Request and Reply intended for a diskless system to obtain its subnet mask. Echo Request Id and seq can be any values, and these values are Echo Response returned in the reply. Destination Unreachable Match replies with request Redirect 0781516 31 Time Exceeded type(17 or 18) code(0) checksum there are more ... identifier sequence number subnet mask CSCE515 – Computer Network Programming CSCE515 – Computer Network Programming ping Program ICMP Echo Request and Reply Available at /usr/sbin/ping Test whether another host is reachable Send ICMP echo_request to a network host -n option to set number of echo request to send
  • A Secure Peer-To-Peer Web Framework

    A Secure Peer-To-Peer Web Framework

    A Secure Peer-to-Peer Web Framework Joakim Koskela Andrei Gurtov Helsinki Institute for Information Technology Helsinki Institute for Information Technology PO Box 19800, 00076 Aalto PO Box 19800, 00076 Aalto Email: joakim.koskela@hiit.fi Email: andrei.gurtov@hiit.fi Abstract—We present the design and evaluation of a se- application, that can be deployed without investing in dedi- cure peer-to-peer HTTP middleware framework that enables cated infrastructure while addressing issues such as middlebox a multitude of web applications without relying on service traversal, mobility, security and identity management. providers. The framework is designed to be deployed in existing network environments, allowing ordinary users to create private II. PEER-TO-PEER HTTP services without investing in network infrastructure. Compared to previous work, scalability, NAT/firewall traversal and peer From its launch in the early 1990s, the HyperText Transfer mobility is achieved without the need for maintaining dedicated Protocol (HTTP) had grown to be one of the most popular servers by utilizing new network protocols and re-using existing protocols on the Internet today. It is used daily for everything network resources. from past-time activities, such as recreational browsing, gam- I. INTRODUCTION ing and media downloads, to business- and security-critical Peer-to-peer (P2P) systems have been popular within net- applications such as payment systems and on-line banking. work research during the past years as they have the potential The success of HTTP has clearly grown beyond its original to offer more reliable, fault-tolerant and cost-efficient network- design as a simple, easy to manage protocol for exchanging ing.
  • I.L. 40-614A 1 1. INTRODUCTION the Basic Interface to Remote Terminal, Or BIRT, Is an INCOM Network Master. BIRT Gives Users An

    I.L. 40-614A 1 1. INTRODUCTION the Basic Interface to Remote Terminal, Or BIRT, Is an INCOM Network Master. BIRT Gives Users An

    I.L. 40-614A 1. INTRODUCTION 3. DESCRIPTION The Basic Interface to Remote Terminal, or BIRT, is 3.1. Power Requirements an INCOM Network Master. BIRT gives users an economical way of getting information from their Range: 48 Vdc to 250 Vdc and 120 Vac INCOM-compatible devices since it connects directly between a user’s external MODEM or personal com- Burden: 3.5 W @ 48 Vdc puter and the INCOM network. 9 W @ 250 Vdc 5 W @ 120 Vac BIRT can directly replace Westinghouse MINTs, talk- ing to all INCOM-based communication devices. 3.2. Temperature Range BIRTs also include a special high-speed mode for communicating with SADIs – allowing users to collect For Operation: 0˚ to +55˚ C data from other manufacturer’s relays more rapidly For Storage: -20˚ to +80˚ C than ever before. 3.3. Physical Dimensions BIRTs are built to handle the abuse of substation environment; their “hardened” RS-232 serial port can The BIRT enclosure dimensions are identical to the handle surges and sustained high voltages that ERNI and SADI, as shown in figure 1. would destroy ordinary serial ports, and BIRTs can run on a wide range of voltages, from 48 to 250 Vdc Dimensions and weight of chassis or even 120 Vac, with no jumpers or adjustments needed. Height: 5.26” (133.6) mm) Width: 3.32” (84.3) mm) Depth: 5.92” (150.4) mm) 2. FEATURES Weight: 2.0 lbs (0.9 kg) BIRT is designed to be very flexible in its RS-232 External Wiring: See figures 2 and 3.
  • TCP Over Wireless Multi-Hop Protocols: Simulation and Experiments

    TCP Over Wireless Multi-Hop Protocols: Simulation and Experiments

    TCP over Wireless Multi-hop Protocols: Simulation and Experiments Mario Gerla, Rajive Bagrodia, Lixia Zhang, Ken Tang, Lan Wang {gerla, rajive, lixia, ktang, lanw}@cs.ucla.edu Wireless Adaptive Mobility Laboratory Computer Science Department University of California, Los Angeles Los Angeles, CA 90095 http://www.cs.ucla.edu/NRL/wireless Abstract include mobility, unpredictable wireless channel such as fading, interference and obstacles, broadcast medium shared In this study we investigate the interaction between TCP and by multiple users and very large number of heterogeneous MAC layer in a wireless multi-hop network. This type of nodes (e.g., thousands of sensors). network has traditionally found applications in the military To these challenging physical characteristics of the ad-hoc (automated battlefield), law enforcement (search and rescue) network, we must add the extremely demanding requirements and disaster recovery (flood, earthquake), where there is no posed on the network by the typical applications. These fixed wired infrastructure. More recently, wireless "ad-hoc" include multimedia support, multicast and multi-hop multi-hop networks have been proposed for nomadic computing communications. Multimedia (voice, video and image) is a applications. Key requirements in all the above applications are reliable data transfer and congestion control, features that are must when several individuals are collaborating in critical generally supported by TCP. Unfortunately, TCP performs on applications with real time constraints. Multicasting is a wireless in a much less predictable way than on wired protocols. natural extension of the multimedia requirement. Multi- Using simulation, we provide new insight into two critical hopping is justified (among other things) by the limited problems of TCP over wireless multi-hop.
  • User Datagram Protocol - Wikipedia, the Free Encyclopedia Página 1 De 6

    User Datagram Protocol - Wikipedia, the Free Encyclopedia Página 1 De 6

    User Datagram Protocol - Wikipedia, the free encyclopedia Página 1 de 6 User Datagram Protocol From Wikipedia, the free encyclopedia The five-layer TCP/IP model User Datagram Protocol (UDP) is one of the core 5. Application layer protocols of the Internet protocol suite. Using UDP, programs on networked computers can send short DHCP · DNS · FTP · Gopher · HTTP · messages sometimes known as datagrams (using IMAP4 · IRC · NNTP · XMPP · POP3 · Datagram Sockets) to one another. UDP is sometimes SIP · SMTP · SNMP · SSH · TELNET · called the Universal Datagram Protocol. RPC · RTCP · RTSP · TLS · SDP · UDP does not guarantee reliability or ordering in the SOAP · GTP · STUN · NTP · (more) way that TCP does. Datagrams may arrive out of order, 4. Transport layer appear duplicated, or go missing without notice. TCP · UDP · DCCP · SCTP · RTP · Avoiding the overhead of checking whether every RSVP · IGMP · (more) packet actually arrived makes UDP faster and more 3. Network/Internet layer efficient, at least for applications that do not need IP (IPv4 · IPv6) · OSPF · IS-IS · BGP · guaranteed delivery. Time-sensitive applications often IPsec · ARP · RARP · RIP · ICMP · use UDP because dropped packets are preferable to ICMPv6 · (more) delayed packets. UDP's stateless nature is also useful 2. Data link layer for servers that answer small queries from huge 802.11 · 802.16 · Wi-Fi · WiMAX · numbers of clients. Unlike TCP, UDP supports packet ATM · DTM · Token ring · Ethernet · broadcast (sending to all on local network) and FDDI · Frame Relay · GPRS · EVDO · multicasting (send to all subscribers). HSPA · HDLC · PPP · PPTP · L2TP · ISDN · (more) Common network applications that use UDP include 1.
  • Configuring Ipv6 First Hop Security

    Configuring Ipv6 First Hop Security

    Configuring IPv6 First Hop Security This chapter describes how to configure First Hop Security (FHS) features on Cisco NX-OS devices. This chapter includes the following sections: • About First-Hop Security, on page 1 • About vPC First-Hop Security Configuration, on page 3 • RA Guard, on page 6 • DHCPv6 Guard, on page 7 • IPv6 Snooping, on page 8 • How to Configure IPv6 FHS, on page 9 • Configuration Examples, on page 17 • Additional References for IPv6 First-Hop Security, on page 18 About First-Hop Security The Layer 2 and Layer 3 switches operate in the Layer 2 domains with technologies such as server virtualization, Overlay Transport Virtualization (OTV), and Layer 2 mobility. These devices are sometimes referred to as "first hops", specifically when they are facing end nodes. The First-Hop Security feature provides end node protection and optimizes link operations on IPv6 or dual-stack networks. First-Hop Security (FHS) is a set of features to optimize IPv6 link operation, and help with scale in large L2 domains. These features provide protection from a wide host of rogue or mis-configured users. You can use extended FHS features for different deployment scenarios, or attack vectors. The following FHS features are supported: • IPv6 RA Guard • DHCPv6 Guard • IPv6 Snooping Note See Guidelines and Limitations of First-Hop Security, on page 2 for information about enabling this feature. Configuring IPv6 First Hop Security 1 Configuring IPv6 First Hop Security IPv6 Global Policies Note Use the feature dhcp command to enable the FHS features on a switch. IPv6 Global Policies IPv6 global policies provide storage and access policy database services.
  • 2606 A. Panitz BCP: 32 June 1999 Category: Best Current Practice

    2606 A. Panitz BCP: 32 June 1999 Category: Best Current Practice

    Network Working Group D. Eastlake Request for Comments: 2606 A. Panitz BCP: 32 June 1999 Category: Best Current Practice Reserved Top Level DNS Names Status of this Memo This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1999). All Rights Reserved. Abstract To reduce the likelihood of conflict and confusion, a few top level domain names are reserved for use in private testing, as examples in documentation, and the like. In addition, a few second level domain names reserved for use as examples are documented. Table of Contents 1. Introduction............................................1 2. TLDs for Testing, & Documentation Examples..............2 3. Reserved Example Second Level Domain Names..............2 4. IANA Considerations.....................................3 5. Security Considerations.................................3 References.................................................3 Authors' Addresses.........................................4 Full Copyright Statement...................................5 1. Introduction The global Internet Domain Name System is documented in [RFC 1034, 1035, 1591] and numerous additional Requests for Comment. It defines a tree of names starting with root, ".", immediately below which are top level domain names such as ".com" and ".us". Below top level domain names there are normally additional levels of names. Eastlake & Panitz Best Current Practice [Page 1] RFC 2606 Reserved Top Level DNS Names June 1999 2. TLDs for Testing, & Documentation Examples There is a need for top level domain (TLD) names that can be used for creating names which, without fear of conflicts with current or future actual TLD names in the global DNS, can be used for private testing of existing DNS related code, examples in documentation, DNS related experimentation, invalid DNS names, or other similar uses.
  • Network Connectivity and Transport – Transport

    Network Connectivity and Transport – Transport

    Idaho Technology Authority (ITA) ENTERPRISE STANDARDS – S3000 NETWORK AND TELECOMMUNICATIONS Category: S3510 – NETWORK CONNECTIVITY AND TRANSPORT – TRANSPORT CONTENTS: I. Definition II. Rationale III. Approved Standard(s) IV. Approved Product(s) V. Justification VI. Technical and Implementation Considerations VII. Emerging Trends and Architectural Directions VIII. Procedure Reference IX. Review Cycle X. Contact Information Revision History I. DEFINITION Transport provides for the transparent transfer of data between different hosts and systems. The two (2) primary transport protocols in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). II. RATIONALE Idaho State government must be able to easily, reliably, and economically communicate data and information to conduct State business. TCP/IP is the protocol standard used throughout the global Internet and endorsed by ITA Policy 3020 – Connectivity and Transport Protocols, for use in State government networks (LAN and WAN). III. APPROVED STANDARD(S) TCP/IP Transport: 1. Transmission Control Protocol (TCP); and 2. User Datagram Protocol (UDP). IV. APPROVED PRODUCT(S) Standards-based products and architecture S3510 – Network Connectivity and Transport – Transport Page 1 of 2 V. JUSTIFICATION TCP and UDP are the transport standards for critical State applications like electronic mail and World Wide Web services. VI. TECHNICAL AND IMPLEMENTATION CONSIDERATIONS It is also important to carefully consider the security implications of the deployment, administration, and operation of a TCP/IP network. VII. EMERGING TRENDS AND ARCHITECTURAL DIRECTIONS The use of TCP/IP (Internet) protocols and applications continues to increase. Agencies purchasing new systems may want to consider compatibility with the emerging Internet Protocol Version 6 (IPv6), which was designed by the Internet Engineering Task Force to replace IPv4 and will dramatically expand available IP addresses.
  • Network Working Group J. Postel Request for Comments: 820 J. Vernon January 1983 Obsoletes Rfcs

    Network Working Group J. Postel Request for Comments: 820 J. Vernon January 1983 Obsoletes Rfcs

    Network Working Group J. Postel Request for Comments: 820 J. Vernon January 1983 Obsoletes RFCs: 790, 776, 770, 762, 758, 755, 750, 739, 604, 503, 433, 349 Obsoletes IENs: 127, 117, 93 ASSIGNED NUMBERS This Network Working Group Request for Comments documents the currently assigned values from several series of numbers used in network protocol implementations. This RFC will be updated periodically, and in any case current information can be obtained from Jon Postel. The assignment of numbers is also handled by Jon, subject to the agreement between DARPA/IPTO and DDN/PMO about number allocation, documented in Appendix A of this RFC. If you are developing a protocol or application that will require the use of a link, socket, port, protocol, or network number please contact Jon to receive a number assignment. Jon Postel USC - Information Sciences Institute 4676 Admiralty Way Marina del Rey, California 90291 phone: (213) 822-1511 ARPANET mail: POSTEL@ISIF The ARPANET community is making the transition form the ARPANET to the ARPA Internet. This has been characterized as the NCP/TCP transition [63], although many other the protocols are involved, too. The working documents for the new Internet environment have been collected by the Network Information Center (NIC) in a book entitled the "Internet Protocol Transition Workbook" [62]. Most of the protocols mentioned here are documented in the RFC series of notes. The more prominent and more generally used are documented in the "Internet Protocol Transition Workbook" or in the old "Protocol Handbook" [17] prepared by the NIC. Some of the items listed are undocumented.
  • The Internet in Transition: the State of the Transition to Ipv6 in Today's

    The Internet in Transition: the State of the Transition to Ipv6 in Today's

    Please cite this paper as: OECD (2014-04-03), “The Internet in Transition: The State of the Transition to IPv6 in Today's Internet and Measures to Support the Continued Use of IPv4”, OECD Digital Economy Papers, No. 234, OECD Publishing, Paris. http://dx.doi.org/10.1787/5jz5sq5d7cq2-en OECD Digital Economy Papers No. 234 The Internet in Transition: The State of the Transition to IPv6 in Today's Internet and Measures to Support the Continued Use of IPv4 OECD FOREWORD This report was presented to the OECD Working Party on Communication, Infrastructures and Services Policy (CISP) in June 2013. The Committee for Information, Computer and Communications Policy (ICCP) approved this report in December 2013 and recommended that it be made available to the general public. It was prepared by Geoff Huston, Chief Scientist at the Asia Pacific Network Information Centre (APNIC). The report is published on the responsibility of the Secretary-General of the OECD. Note to Delegations: This document is also available on OLIS under reference code: DSTI/ICCP/CISP(2012)8/FINAL © OECD 2014 THE INTERNET IN TRANSITION: THE STATE OF THE TRANSITION TO IPV6 IN TODAY'S INTERNET AND MEASURES TO SUPPORT THE CONTINUED USE OF IPV4 TABLE OF CONTENTS FOREWORD ................................................................................................................................................... 2 THE INTERNET IN TRANSITION: THE STATE OF THE TRANSITION TO IPV6 IN TODAY'S INTERNET AND MEASURES TO SUPPORT THE CONTINUED USE OF IPV4 .......................... 4
  • Ipv6-Ipsec And

    Ipv6-Ipsec And

    IPSec and SSL Virtual Private Networks ITU/APNIC/MICT IPv6 Security Workshop 23rd – 27th May 2016 Bangkok Last updated 29 June 2014 1 Acknowledgment p Content sourced from n Merike Kaeo of Double Shot Security n Contact: [email protected] Virtual Private Networks p Creates a secure tunnel over a public network p Any VPN is not automagically secure n You need to add security functionality to create secure VPNs n That means using firewalls for access control n And probably IPsec or SSL/TLS for confidentiality and data origin authentication 3 VPN Protocols p IPsec (Internet Protocol Security) n Open standard for VPN implementation n Operates on the network layer Other VPN Implementations p MPLS VPN n Used for large and small enterprises n Pseudowire, VPLS, VPRN p GRE Tunnel n Packet encapsulation protocol developed by Cisco n Not encrypted n Implemented with IPsec p L2TP IPsec n Uses L2TP protocol n Usually implemented along with IPsec n IPsec provides the secure channel, while L2TP provides the tunnel What is IPSec? Internet IPSec p IETF standard that enables encrypted communication between peers: n Consists of open standards for securing private communications n Network layer encryption ensuring data confidentiality, integrity, and authentication n Scales from small to very large networks What Does IPsec Provide ? p Confidentiality….many algorithms to choose from p Data integrity and source authentication n Data “signed” by sender and “signature” verified by the recipient n Modification of data can be detected by signature “verification”