IPv6 Tutorial Gianluca Reali 1 IPv6 - Important changes • Expanded Address Space – Address length quadrupled to 16 bytes • Header Format Simplification – Fixed length, optional headers are daisy-chained – IPv6 header is twice as long (40 bytes) as IPv4 header without options (20 bytes) • No checksumming at the IP network layer • No hop-by-hop segmentation – Path MTU discovery •Authentication and Privacy Capabilities – IPsec is mandated • No more broadcast 2 IPv4- Datagram 0 15 16 31 Version (4) IHL (4) Type of Service (8) Total Length (16) •Version = 4 • IHL - Internet Header Length = 5 with Identifier (16) Flag(3) Fragment Offset (13) no header options [min = 160 bits] [max = 512 bits] Protocol (8) Header Checksum (16) Time To Live (8) • Type of service , desired quality service Source Address (32) Prec. D T R 0 0 Destination Address (32) 0 1 2 3 4 5 6 7 0- 2 Precedence 3 Normal delay low delay Options & Padding (multiple of 32) 4 Normal throughput High throughput 5 Normal Reliability High reliability Data 6- 7 Reserved . •Option and Padding - additional info to control functions such as routing and •Identification, Flags, Fragmentation Offset- use to segmentation and security reassembly packet Bit 0 = Reserved; must be 0 Bit 1 = DF ( 0 = May fragment; 1 = do not fragment ) Bit 2 = MF (0 = last fragment; 1 = more fragments ) 3 Issue on header format vers hlen TOS total length identification flag frag offset TTL protocol header checksum source address destination address options and padding • Checksum in header format will calculate only the header checksum. Computation will be done if there are changes in header value. TTL value is decrement at every hop. Therefore, computation will be done at every router hop. • Options and Padding Field will be checked at every router hop and this use up router processing time which will degrade router performance. 4 Address space • IPv4 with only 32 bits gave approximately 4.3 x109 • More connected devices • More management costs • More demanding applications - Communications appliances (e.g. phone, pager) - Information appliances(e.g. electronic books) - Entertainment appliances (e.g. set-top boxes) LARGE ADDRESS SPACE NEEDED Facts : With current world populations 2 persons need to share an IP address 5 Limitation to IPv4 addressing • Decision to stick with 32-bit address space meant that there were only 232 (4,294,967,296) IPv4 addresses available • Classful A, B, and C octet boundaries are easy to understand but inefficient to deploy in the real world. A /24 is too small for an average organization, while a /16 is too big! IP 4 Internet gowth 6 Fragmentation flag vers hlen TOS total length identification flag frag offset TTL protocol header checksum source address destination address • Identification Number options and padding 16 bits integer value used to identify all fragments. This id is not a sequence number! • Flags - 3 bits control fragmentation 0=may fragment 1=don’t fragment R DF MF 0=last fragment 1=more fragment reserved, must be 0 • Fragment offset - indicate the distance of fragment data from the start of the original datagram, measure in 8 octets unit 7 Problems in fragmentation • The end node has no way to know how many fragments there be. • Every node will travel independently.If any fragment lost, all datagram must be discarded • If any fragment fails to arrive (timer) all datagram must be discarded • IP will make no attempt to recover these situations (connectionless). Only give ICMP error e.g “Packet too big” • Security problems! 8 Routing problems • Large Backbone Routing Table backbone routing table explosion ~ 90K routes . Problem with legacy IPv4 • Routing Performance At every hop router will need to check and verify header checksum.This will increase processing time and degrade routing performance. Fragmentation of packets are also done by router. Might need to be fragmented several times. This will also effect routing performance. Hierarchical addressing scheme should be adopted and simplified header field can ease router burden. 9 IP layer security • Security at Network Layer. • Confidentiality, Integrity, and Authentication are key services used to protect against these threats • If data is encrypted while in transit, it is impossible for a perpetrator to observe or modify. • Security in IPv4 is not mandated. We have to run IPSec on top of IP. Strong Network-Layer authentication, identity spoofing and denial-of service can be prevented 10 Host auto-configuration Stateful Server Mode Via DHCP DHCP request DHCP host Server DHCP respond Stateless Server mode will be a better solution and can save cost 11 Quality of Service • Quality of Service in IPv4 is using best effort delivery services, for data to arrive its destination as soon as possible. • No reservation for bandwidth. This is adequate for traditional applications such as Telnet and FTP. But nowadays, multimedia applications need real-time and sensitive data transfer to the network. Therefore, better QOS is needed. An improved Quality of service need to be implemented. 12 What are IPv6 advantages? • scalable IP address with streamlined IP header • optimized routing table size (<10K routes) • better real time support • self-configuration of workstations • security features Note: IPv6 was designed to re-build and re-engineer IPv4; thus still inherit some IPv4’s characteristics but rejects its flaws 13 Header comparison 0 15 16 31 Removed (6) vers hlen TOS total length • ID, flags, frag offset 20 identification flags frag offset • TOS, hlen bytes TTL protocol header checksum • header checksum source address destination address Changed (3) options and padding • total length=> payload IPv4 • protocol=>next header • TTL=>hop limit vers traffic class flow label Added (2) payload length next header hop limit • traffic class 40 bytes source address • flow label destination address Expanded • address 32 to 128 bits IPv6 14 Major improvement 1- No Options. Options field is replaced with extension header. The removal of the options results in a fixed length, 40 byte IP header. 2- No header checksum. Transport and data link layer have already performed checksumming.The removal of this feature leads to fast IP packet’s processing. 3- No segmentation procedure by routers. With path MTU discovery in IPv6, only source host performs fragmentation process. Removal of this procedure will speed up IP forwarding in routers. 4- Eliminated IPv4’s 40-octet limit on options in IPv6, limit is total packet size, or Path MTU in some cases. 15 Packet size issues IPv6 requires that every link in the internet have an MTU of 1280 octets or greater. On any link that cannot convey a 1280-octet packet in one piece, link-specific fragmentation and reassembly must be provided at a layer below IPv6. Links that have a configurable MTU (for example, PPP links) must be configured to have an MTU of at least 1280 octets; it is recommended that they be configured with an MTU of 1500 octets or greater, to accommodate possible encapsulations (i.e., tunneling) without incurring IPv6-layer fragmentation. From each link to which a node is directly attached, the node must be able to accept packets as large as that link's MTU. 16 Fragmentation • IPv6 fragmentation & reassembly is an end-to-end function • Routers do not fragment packets BUT only send the ICMP “message too big”(with the new MTU size) using the Path MTU Discovery feature • Advantage: - better router performance; that is intermediate routers don’t have to check for the fragmentation fields (identification + flags + fragment offset fields) every time the packets pass through them 17 Path MTU discovery ICMP “packet too big” Destination Source Ethernet FDDI MTU=1500 FDDI FDDI MTU=4500 MTU=4500 MTU=4500 A B For packets bigger than 1280 bytes, path MTU discovery is expected: • start by assuming MTU of the first-hop link • if a packet reaches a link which couldn’t fit, an ICMP “packet too big” is generated and sent back to the source • then the source will fragmentize the packet into smaller chunks (following this new MTU size) and start this process all over again 18 IPv6 packet structure IPv6 Extension Higher-level protocol header Header Headers + application content header payload IPv6 packet Definitions: IP header provides addressing and control IP payload carries information and error/control protocols • Extension headers(optional): In IPv6, optional internet-layer information is encoded in separate headers that may be placed between the IPv6 header and the upper- layer header in a packet. There are a small number of such extension headers, each identified by a distinct Next Header value (RFC 2460). • Higher-level protocol header: ICMPv6, UDP & TCP 19 Higher-level protocol header Extension Headers Extension headers IPv6 Header + application content IPv6 packet IPv6 header TCP header + data next header=TCP IP header IP Payload IPv6 header Routing header TCP header + data next header=routing next header=TCP IP header Extension header IP Payload IPv6 header Routing header Fragment header fragment of next header=routing next header=fragment next header=TCP TCP header + data IP header Extension headers IP Payload Each extension header is an integer multiple of 8 octets long, in order to retain 8-octet alignment for subsequent headers. A full implementation of IPv6 includes implementation of the following extension headers: Hop-by-Hop, Options Routing, Fragment Destination, Options, Authentication Encapsulating Security Payload 20 Extension headers • Processed only by node identified in IPv6