Network Layer Protocol & Internet Protocol (IP) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Similar documents
Network Layer Protocol & Internet Protocol (IP) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

IPv6 Concepts. Improve router performance Simplify IP header Align to 64 bits Address hierarchy with more levels Simplify routing tables

OSI Data Link & Network Layer

IPv6 Protocol & Structure. npnog Dec, 2017 Chitwan, NEPAL

IPv6 Protocol Architecture

Rocky Mountain IPv6 Summit April 9, 2008

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

ET4254 Communications and Networking 1

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

Lecture Computer Networks

Introduction to IPv6

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

TCP/IP Protocol Suite

OSI Data Link & Network Layer

Configuring IPv6 for Gigabit Ethernet Interfaces

OSI Data Link & Network Layer

Chapter 7: IP Addressing CCENT Routing and Switching Introduction to Networks v6.0

IPv6. (Internet Protocol version 6)

IPv6 : Internet Protocol Version 6

History. IPv6 : Internet Protocol Version 6. IPv4 Year-Wise Allocation (/8s)

SEN366 (SEN374) (Introduction to) Computer Networks

CS 356: Computer Network Architectures. Lecture 15: DHCP, NAT, and IPv6. [PD] chapter 3.2.7, 3.2.9, 4.1.3, 4.3.3

Configuring IPv6. Information About IPv6. Send document comments to CHAPTER

ISO 9001:2008. Pankaj Kumar Dir, TEC, DOT

Internet Protocol, Version 6

IP - The Internet Protocol

Athanassios Liakopoulos

Outline. IP Address. IP Address. The Internet Protocol. o Hostname & IP Address. o The Address

IPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

Workshop on Scientific Applications for the Internet of Things (IoT) March

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August

IPv6 Neighbor Discovery

Introduction to IPv6 - II

IPv6: An Introduction

TSIN02 - Internetworking

The Netwok Layer IPv4 and IPv6 Part 2

Networking Potpourri: Plug-n-Play, Next Gen

Introduction to Internetworking

RMIT University. Data Communication and Net-Centric Computing COSC 1111/2061. Lecture 2. Internetworking IPv4, IPv6

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

Mobile Communications Chapter 9: Network Protocols/Mobile IP

Planning for Information Network

IPv6 Feature Facts

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

CSCI-1680 Network Layer: IP & Forwarding John Jannotti

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Configuring IPv6 basics

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

Internet Protocols (chapter 18)

IPv6 Protocol. Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer Cisco Systems, Inc.

Mobile Communications Mobility Support in Network Layer


Computer Networking: A Top Down Approach Featuring the. Computer Networks with Internet Technology, William

Subnet Masks. Address Boundaries. Address Assignment. Host. Net. Host. Subnet Mask. Non-contiguous masks. To Administrator. Outside the network

LOGICAL ADDRESSING. Faisal Karim Shaikh.

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

CSC 401 Data and Computer Communications Networks

IPv6 Neighbor Discovery

CS 356: Computer Network Architectures. Lecture 14: Switching hardware, IP auxiliary functions, and midterm review. [PD] chapter 3.4.1, 3.2.

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

Internet Technology 3/23/2016

Network layer: Overview. Network Layer Functions

CS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).

Manual Configuration Stateful Address Configuration (i.e. from servers) Stateless Autoconfiguration : IPv6

The Internet. The Internet is an interconnected collection of netw orks.

TCP/IP Protocol Suite and IP Addressing

IPv6 Neighbor Discovery

12. Name & Address 최양희서울대학교컴퓨터공학부

IPv6 Protocols & Standards

CSCI-1680 Network Layer:

IPv6 Next generation IP

IPSec. Overview. Overview. Levente Buttyán

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

The Internet Protocol. IP Addresses Address Resolution Protocol: IP datagram format and forwarding: IP fragmentation and reassembly

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

IPv6 Technical Challenges

Introduction to IPv6. IPv6 addresses

EEC-684/584 Computer Networks

TSIN02 - Internetworking

CSEP 561 Internetworking. David Wetherall

Networking Fundamentals

EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Chapter 2 Advanced TCP/IP

Table of Contents 1 IPv6 Basics Configuration 1-1

Internet Control Message Protocol

Additional Material. Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science Information Network I/No.

IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Cpsc527 - Lecture 3. IPv6 (RFC1883) Dr. Son Vuong UBC

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

The Interconnection Structure of. The Internet. EECC694 - Shaaban

IPv6 Basics. APNIC Training Bali, Indonesia February, Jordi Palet - 1

An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is sent to a unicast

Transcription:

Network Layer Protocol & Internet Protocol (IP) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Reading Assignment Information Network 1 / 2012 2

Network Layer Features Basic model Node identification Node aggregation End-to-end Packet delivery Broadcast Multicast Failure isolation and Failure recovery Connecting heterogeneous datalinks Information Network 1 / 2012

OSI 7 Layer Reference Model ES (End System) Application Presentation Session Transport Network Data Link Physical Upper Layer Protocol IS (Intermediate System) ES (End System) NFS XDR Sun RPC TCP IP IEEE802.3 Ethernet Coax Physical connection Physical connection Information Network 1 / 2012 4

Connecting Heterogeneous Data Link Network Gateway The gateway forwards IP packets as an intermediate system according to the routing structure. Connecting directory with datalink in same network. Information Network 1 / 2012

TCP/IP as a Layered Protocol Architecture Application TCP Application TCP IP Network Interface Physical IP Network Interface Physical IP Network Interface Physical IP realizes the end-to-end communication Information Network 1 / 2012

TCP/IP as a Layered Protocol Architecture (1) Service relationship is defined by service provider. (2) The layer upper to the IP protocol defines the service. Thereby, it does not matter what comes below the data link layer. Information Network 1 / 2012

Node Identification Globally unique address space Address space and delegation of authority Network identification and host identification Address class Address class Address space that delegates authority to the layers Ex. IPv4 address 163 221 74 127 0xA3 0xDD 0x4A 0x7F Identifying network Identifying host Network area is 24 bits 163.221.74.127/24 Prefix length Information Network 1 / 2012 8

Node Aggregation 163.221/16 163.221.52/24 163.221.127.0/21... Prefix length = Binary tree level Simple expression Fast and memory-saving Especially in relay node... Information Network 1 / 2012 9

Address Aggregation Aggregating contiguous network blocks 24 C Network Number 00 Host C Network Number 01 Host C Network Number 10 Host C Network Number 11 Host 22 4C Prefix Information Network 1 / 2012 10

Address Aggregation Information Network 1 / 2012 11

End-to-End Packet Delivery 163.221.3.3 163.221.5.5 Network Layer Network Layer Cloud Hosts are present at the cloud edge Identified uniquely by IPv4 address 163.221.4.4 Information Network 1 / 2012 12

Graph Representation of Networks Information Network 1 / 2012 13

Hierarchy Perspective: who carries the ladder? From data link layer to network layer: Network Layer Native to data link layer Ex: LLC/SNAP, NLPID From network layer to datalink layer: Native to network layer ( IPv4 ) Ex) ARP ND (IPv6) Data Link Layer Data Link Layer Information Network 1 / 2012 14

Network to Data Link (1) ARP Address Resolution Protocol (ARP) RFC 826 A B: M a all stations: where is B b a: B is at b a b: A B: M A B C Network layer a b c Data-link layer Information Network 1 / 2012 15

Network to Data Link (2) ARP The case of routed networks A C: M a all stations: where is R r a: R is at r a r: A C: M r all stations: where is C c r: C is at c r c: A C: M R r A a B b Network layer Data-link layer C c D d Information Network 1 / 2012 16

Network to Data Link (3) ARP The case of bridged networks A C: M a all stations: where is C c a: C is at a a c: A C: M T t A a B b Network layer Data-link layer C c D d Information Network 1 / 2012 17

Data Link to Network Several network layer protocols are multiplexed to a single data link layer. Multiplexing, de-multiplexing IPv4 IPv6... IPv4 IPv6... Network? Ethernet Ethernet Datalink Information Network 1 / 2012 18

Ethernet: IEEE802.3, 802.2LLC, Ethernet2 6 6 2 Dst addr Src addr Type DATA (variable) FCS 4 IEEE802.3 (Length < 0x05DC) Length DATA (variable) FCS IEEE802.3 Raw Length (0xFFFF DATA (variable) FCS IEEE802.2 LLC 1 1 1 DSAP SSAP CTL DATA (variable) FCS SNAP 3 2 Protocol ID Type DATA (variable) FCS Information Network 1 / 2012 19

Data Link to Network De-multiplexing with LLC I/G = Individual or group address C/R = Command or response frame SAP address examples: 06 IP packet E0 Novell IPX FE OSI packet AA SubNetwork Access protocol (SNAP) 1 byte 1 1 or 2 bytes Destination SAP Address Source SAP Address Control Information Destination SAP Address Source SAP Address I/G C/R 1 7 bits 1 7 bits Information Network 1 / 2012 20

De-multiplexing with LLC/SNAP ORG Type 3 2 SNAP PDU SNAP Header Information LLC PDU AA AA 03 1 1 1 MAC Header FCS Information Network 1 / 2012 21

Implementing the Communication Model Unicast Peer to Peer communication Source and destination address allocation Example p.16, 17, 18 is Unicast Broadcast Multicast Information Network 1 / 2012 22

Broadcast Sending to all hosts running in the same transmission medium (data link). Broadcast communication availability depends on the datalink. Many data links do not support broadcast communication. Does not guarantee a perfect broadcast. Passive hosts will not receive the broadcast. Processing received data depends on the processes run by receiving hosts. IP broadcast Link-layer broadcast Information Network 1 / 2012 23

Bootstrapping with Broadcast Broadcast communication in multi-access network It is absolutely necessary to resolve address from network layer to data link layer. Automatic configuration is absolutely necessary. Bootstrap A: a all stations: who is router r a: router R is at r R r A B C Network layer a b c Data-link layer Information Network 1 / 2012 24

Selective Broadcasting Multicast Multi-point to Multi-point communication Selective broadcasting Membership If host is not a member, it won t be able to listen to communications within the group. Membership management Group Management IP multicast Link-layer multicast Information Network 1 / 2012 25

What if...? Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical physical connection Failure isolation and Failure recovery Information Network 1 / 2012 26

Failure Isolation: ICMP (1) RFC792 Failure occurs below the data link layer Dropping a Packet In the case a packet did not reach its destination Destination Unreachable Returning to the source address. ICMP Destination Unreachable failure Information Network 1 / 2012 27

Failure Isolation: ICMP (2) End-to-end reachability verification, faulty section judgement Echo Request, Echo Reply Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical Information Network 1 / 2012 28

Connecting Heterogeneous Data Links (1) Because of heterogeneity... Address architecture is different Resolving with ARP. Multiplexing method is different Resolving with LLC/SNAP Transmission speed is different Resolving with buffer Maximum Transmission Unit (MTU) size is different Fragmentation Information Network 1 / 2012 29

Connecting Heterogeneous Data Links (2) Fragmentation and reassembly Fragmentation Fragmenting a packet and keeping fragments within a maximum frame length. Reassembly Reconstructing the fragmented packet at the destination node. MTU = 9128 MTU = 1520 Information Network 1 / 2012 30

Fragmentation and Reassembly IPv4 header Flags = {0, MF, DF} Fragment offset: 13 bits 0 4 8 16 31 Ver. IHL Type of Service ( Octet Total Length (in Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address ( any Option (if Information Network 1 / 2012 31

BOOTP & DHCP Information Network 1 / 2012 32

Dynamic Assignment of IP addresses It is desirable for several reasons: IP addresses are assigned on-demand Avoid manual IP configuration Support mobility of laptops / handheld WiFi devices etc. Information Network 1 / 2012 33

RARP Reverse Address Resolution Protocol (RFC 903) Works similar to ARP Broadcast a request for the IP address associated with a given MAC address RARP server responds with an IP address Only assigns IP address (not the default router and subnet mask) Obsolete! IP address (32 bit) ARP RARP Ethernet MAC address (48 bit) Information Network 1 / 2012 34

BOOTP Bootstrap protocol (RFC 951) Predecessor of DHCP Host can configure its IP parameters at boot time It was designed for a static environment Three services IP address assignment. Detection of the IP address for a serving machine. The name of a file to be loaded and executed by the client machine (boot file name) Not only assign IP address, but also default router, network mask, etc. Sent as UDP messages (UDP Port 67 (server) and 68 (host)) Use limited broadcast address (255.255.255.255): These addresses are never forwarded Information Network 1 / 2012 35

DHCP (1) Dynamic Host Configuration Protocol It was developed in 1993 to improve and resolve specific limitations of BOOTP It was devised to automate the configuration DHCP is the preferred mechanism for dynamic assignment of IP addresses It use plug-and-play networking to join a new network and obtain an IP address DHCP server can be configured to have two type of addresses : Permanent addresses: assigned to server computers Pool of addresses: these are to be allocated on demand DHCP issues a lease on the address for a finite period of time If lease expires, computer must renegotiate with the DHCP server Information Network 1 / 2012 36

DHCP (2) Information Network 1 / 2012 37

BOOTP/DHCP Message Format OpCode Hardware Type Number of Seconds Transaction ID Client IP address Your IP address Server IP address Gateway IP address Client hardware address (16 bytes) Server host name (64 bytes) Boot file name (128 bytes) Options Hardware Address Hop Count Length Unused (in BOOTP) Flags (in DHCP) Information Network 1 / 2012 38

DHCP Operations (1) DHCP Client 00:a0:24:71:e4:44 DHCP Server DHCP DISCOVER DHCPDISCOVER Sent to 255.255.255.255 DHCP Server DHCP OFFER DHCP Client 00:a0:24:71:e4:44 DHCPOFFER DHCPOFFER DHCP Server DHCP Server Information Network 1 / 2012 39

DHCP Operations (2) DHCP Client 00:a0:24:71:e4:44 DHCP Server DHCP REQUEST DHCPREQUEST DHCPACK At this time, the DHCP client can start to use the IP address DHCP Server DHCP Client 00:a0:24:71:e4:44 DHCP Server Renewing a Lease (sent when 50% of lease has expired) DHCPREQUEST DHCPACK DHCP Server Information Network 1 / 2012 40

DHCP Operations (3) DHCP Client 00:a0:24:71:e4:44 DHCP Server DHCP RELEASE DHCPRELEASE At this time, the DHCP client has released the IP address DHCP Server Information Network 1 / 2012 41

Lecture Archive Information Network 1 / 2012 42

Lecture Archive (2011) Network Layer Protocols & Internet Protocol (IP) http://library.naist.jp/real/9b2cf40300e4f2f41bcbe9166ff8b430/ index.html Whole class http://library.naist.jp/mylimedio/search/av2.do? target=local&bibid=135469 Information Network 1 / 2012 43

IPv6 Information Network 1 / 2012 44

The End of IPv4 50 Billion individual elements on the Internet in 2014 Information Network 1 / 2012 45

IPv4 Address Allocation Report Date: 27-Apr-2012 http://labs.apnic.net/ipv4/report.html Information Network 1 / 2012 46

Internet Protocol version 6 (IPv6) Developed in early 90s Deployed since late 90s early 2000 Designed to overcome limitations in IPv4 First issue was to deal with addressing From 2 32 to 2 128 (4.3 x 10 9 to 3.4 x 10 38 ) Enhance the security IPsec is built in to IPv6 from the start IPv6 global addressing enables you to minimize devices, minimize delay, and simplify development Headers allow development of new quality and streaming services Information Network 1 / 2012 47

IPv4 vs IPv6 (1) Address architecture Hierarchic structure Introduction of the concept of scope Clear definition of address classes Multicast Standardization Discontinuation of broadcast Able to deal with high-speed networks Simplified header format Suppression of unused fields Static length Discontinuation of checksums Discontinuation of IP header options Discontinuation of en-route packet fragmentation Information Network 1 / 2012 48

IPv4 vs IPv6 (2) Link layer and network layer address resolution ( Protocol ARP -> NDP (Neighbor Discovery Unreachability detection Security IPsec as a standard Flexibility IP extension header MobileIPv6 IPsec Information Network 1 / 2012 49

IPv6 Address Format Information Network 1 / 2012 50

IPv6 Address (1) IPv4 address: 32 Bits (4 Bytes) 4 decimal numbers separated by a dot 192.168.1.240 IPv6 address: 128 Bits (16 Bytes) 8 Groups separated by colons ( : ) Each group represent 4 Hexadecimal digits 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Allowing to remove leading zeros and skip consecutive zero sequence 2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:db8:85a3:0:0:8a2e:370:7334 2001:db8:85a3::8a2e:370:7334 Information Network 1 / 2012 51

IPv6 Address (2) IPv4 compatibility address ::IPv4 address ::203.178.142.1 Address used for auto-tunneling IPv4-mapped address ::ffff:ipv4 address ::ffff:203.178.142.1 Address expression to show a node implements IPv4 only Information Network 1 / 2012 52

Scope (1) Link-Local To be used for auto-address configuration neighbor discovery Valid in the scope of the given link, not routable fe80::/ 10 prefix Global Global/Universal address Routable Connect to any global scope address anywhere Information Network 1 / 2012 53

Scope (2) Organization Global HOST HOST Organization Link-local Router Link-local HOST Information Network 1 / 2012 54

IPv4 Header Total length: 20 bytes + options Fields in red are suppressed or renamed in IPv6 bit 4 8 16 20 32 version HL ToS Total Length Iden4fica4on Flag Fragment Offset TTL Protocol Header Checksum Source address (32 bits) Des4na4on address (32 bits) Op4ons Padding Information Network 1 / 2012 55

IPv6 Header Fixed length: 40 bytes All optional/additional info is encoded in Extension Header It isn t protected by checksum bit 4 12 16 24 32 version Traffic class Flow label Payload length Next header Hop limit Source address (128 bits) Des4na4on address (128 bits) Information Network 1 / 2012 56

Address Structure (1) Separating network prefix and interface ID ( bits Network prefix (Upper 64 Interface ID (Lower 64 :( bits MAC address (EUI-64) E.g. 00:e0:18:98:93:6d (MAC address) 2001:200:16a:e320:2e0:18ff:fe98:936d 64 bits 64 bits Network Prefix Interface ID 3 45 16 64 001 global routing prefix subnet id interface id IANA RIR RIR LIR /48 block for end user Information Network 1 / 2012 57

Address Structure (2) Address assignment following the network topology RFC2374 3 13 8 24 16 64 FP TLA ID RE NLA ID SLA ID Interface ID RFC2450 3 13 13 6 13 16 64 FP TLA ID RE NLA ID SLA ID Interface ID sub-tla FP Format Prefix RE Reserved TLA ID Top-Level Aggregation Identifier NLA ID Next-Level Aggregation Identifier SLA ID Site-Level Aggregation Identifier Information Network 1 / 2012 58

Address Assignment APNIC 2001:200::/35 2001:200::/29-2001:3f8::/29 TLA ID WIDE sub-tla NAIST USM NLA ID 2001:200:16a::/48 2001:200:703::/48 Information Network 1 / 2012 59

Top Level Aggregator (TLA) Assigned from RIRs (ARIN, RIPE, APNIC) /29 address space 3 13 8 24 FP TLA ID RE NLA ID Previous assignment 3 13 13 19 FP TLA ID SubTLA ID NLA ID Current assignment Information Network 1 / 2012 60

Next Level Aggregator (NLA) ISPs and organizations acquire addresses from TLA Enabling to set a subnet From /35 to /48 address spaces 3 13 8 24 FP TLA ID RE NLA ID Previous assignment 3 13 13 19 FP TLA ID SubTLA ID NLA ID Current assignment Information Network 1 / 2012 61

Site Level Aggregator (SLA) Organizations acquire addresses from NLA. From /49 to /64 address spaces 3 13 13 19 16 FP TLA ID SubTLA ID NLA ID SLA ID Information Network 1 / 2012 62

Unicast Address Unicast Address Assigned to a single interface Address valid at the link scope fe80::2e0:18ff:fe98:936d 10 bits 56 bits 64 bits 1111111010 00000... 0000 interface Id Information Network 1 / 2012 63

Multicast Address Multicast Address Assigned to several interfaces and delivered to all these interfaces 8 bits 4 4 112 bits 11111111 flgs scope group ID 0 reserved 1 node-local scope 2 link-local scope 5 site-local scope 8 organization-local scope E global scope F reserved 0000 permanent(defined)address 0001 temporary address Information Network 1 / 2012 64

Format Prefix (1) Usage Prefix Occupation Reserved 0000 0000 1/256 Unassigned 0000 0001 1/256 Reserved for NSAP Allocation 0000 001 1/128 Reserved for IPX Allocation 0000 010 1/128 Unassigned 0000 011 1/128 Unassigned 0000 1 1/32 Unassigned 0001 1/16 Aggregatable Global Unicast Address 001 1/8 Unassigned 010 1/8 Unassigned 011 1/8 Unassigned 100 1/8 Unassigned 101 1/8 Information Network 1 / 2012 65

Format Prefix (2) Usage Prefix Occupation Unassigned 110 1/8 Unassigned 1110 1/16 Unassigned 1111 0 1/32 Unassigned 1111 10 1/64 Unassigned 1111 110 1/128 Unassigned 1111 1110 0 1/512 Link-Local Unicast Address 1111 1110 10 1/1024 Multicast Address 1111 1111 1/256 Unassigned is dealt with as Unicast from now on. Information Network 1 / 2012 66

Defined Multicast Address FF00:0:0:0:0:0:0:0 reserved FF01:0:0:0:0:0:0:0 reserved : FF0F:0:0:0:0:0:0:0 reserved FF01:0:0:0:0:0:0:1 All IPv6 nodes address (node-local) FF02:0:0:0:0:0:0:1 All IPv6 nodes address (link-local) FF01:0:0:0:0:0:0:2 All IPv6 routers address (node-local) FF02:0:0:0:0:0:0:2 All IPv6 routers address (link-local) FF02:0:0:0:0:0:0:C DHCP servers / relay agents FF02:0:0:0:0:1:x:x Solicited-Node address Information Network 1 / 2012 67

ICMPv6 & NDP Information Network 1 / 2012 68

Control Protocols IPv4 control protocols: ICMP ARP IGMP IPv6 control protocol: Internet Control Message Protocol version 6 (ICMPv6) Information Network 1 / 2012 69

ICMPv6 Many messages are the same as the IPv4 counterpart: Type 1: Destination Unreachable Type 2: Packet Too Big (MTU) Type 3: Time Exceeded Type 4: Parameter Problem Type 128/129: Echo Request/ Echo Reply Must not be fragmented Must not be originated in response to ICMPv6 error or redirect messages multicast/broadcast packets addresses 8 bits 8 bits 16 bits Type Code Checksum Message body Information Network 1 / 2012 70

Neighbor Discovery Protocol (NDP) Uses ICMPv6 messages Used to Neighbor Solicitation (NS) determine link-layer address of neighbor Neighbor Advertisement (NA) actively keep track of neighbor reachability Router Solicitation (RS) determine on-link routers and default route Router Advertisement (RA) send network information from routers to hosts Redirect router can inform a node about better first-hop routers Protocol used for host auto-configuration All ND messages must have hop limit = 255 must originate and terminate from the same link Information Network 1 / 2012 71

Neighbor Solicitation (NS) Sent by node to determine link-layer address of a neighbor Similar to an IPv4 ARP request Packet description Source address: Link-Local address Destination: Solicited-node multicast address or all nodes multicast (FF02::1) Data contains Link-Layer address of source Query: please send me your link-layer address ICMP type 135 Information Network 1 / 2012 72

Neighbor Advertisement (NA) Response to Neighbor Solicitation Similar to an IPv4 ARP response Includes my MAC address, so you can send me information Packet description Source address: Link-Local address of source Destination: Destination address of the NS request Data contains Link-Layer address of source ICMP type 136 Information Network 1 / 2012 73

Router Solicitation (RS) Nodes request routers to send Router Advertisement immediately Packet description Source: Link-Local address Destination: Multicast address all routers (FF02::2) ICMP type 133 Information Network 1 / 2012 74

Router Advertisement (RA) Routers advertise periodically Max time between advertisement ~ 4 8,000 sec. The advertisement has a lifetime Specifies if stateful or stateless auto-configuration is to be used Packet description Source: Router Link-Local address Destination: All nodes multicast address (FF02::1) Data: prefix, lifetimes, default router, options ICMP type 134 Information Network 1 / 2012 75

Duplicate Address Detection (DAD) Similar to IPv4 ARP self nodes can check whether an address is already in use Packet description Source: Unspecified Destination: Solicited-node multicast address Data: Link-layer address of source Query: please send me your link-layer address ICMP type 135 If no NA is received, address is ok Information Network 1 / 2012 76

Auto-configuration States Stateful Manual IP configuration DHCPv6 configuration Stateless Applies to hosts only (not to routers) No manual configuration required Specifies the prefix, default route, and lifetime RA doesn t specify the DNS servers Assumes interface has unique identifies Assumes multicast capable link Uses Duplicate Address Detection Information Network 1 / 2012 77

Auto-configuration Example Information Network 1 / 2012 78

Auto-configuration Example Information Network 1 / 2012 79

Internet Protocol Security (IPsec) Information Network 1 / 2012 80

IP Security Overview IPSec is not a single protocol IPSec provides a set of security algorithms IPSec provides a general security framework for a pair of communicating entities Across LAN, Private & Public WANs Across Internet Applications of IPSec Secure branch office connectivity over the Internet Secure remote access over the Internet Establishing extranet and intranet connectivity with partners Enhancing electronic commerce security Information Network 1 / 2012 81

IPsec Scenario Information Network 1 / 2012 82

IPsec Services Access Control Connectionless integrity Data origin authentication Rejection of replayed packets Confidentiality (encryption) Limited traffic flow confidentiality Information Network 1 / 2012 83

IPsec Protocols Authentication Header (AH) provide connectionless integrity and data origin authentication for IP datagrams Encapsulating Security Payload (ESP) provides confidentiality services ESP with Authentication Security Associations (SA) provides the bundle of algorithms and data that provide the parameters necessary to operate the AH and ESP operations Information Network 1 / 2012 84

Protocols & Services AH ESP (encryption only) ESP (encryption & authentication) Access control yes yes yes Connectionless integrity Data origin authentication yes yes yes yes Rejection of replay attacks yes yes yes confidentiality no yes yes Limited traffic flow confidentiality no yes yes Information Network 1 / 2012 85

IPsec Modes of Operations Transport IPSec protects IP payload IPSec headers added before IP payload No change in IP header Tunnel IPSec protects total IP packet IPSec headers encapsulates IP packet New IP header is created Information Network 1 / 2012 86

Security Services Protocols Transport Mode SA Tunnel Mode SA AH Authenticates IP payload and selected portions of IP header and IPv6 extension headers Authenticates entire inner IP packet plus selected portions of outer IP header ESP Encrypts IP payload and any IPv6 extesion header Encrypts inner IP packet ESP with authentication Encrypts IP payload and any IPv6 extesion header. Authenticates IP payload but no IP header Encrypts inner IP packet. Authenticates inner IP packet. Information Network 1 / 2012 87

Authentication Header (1) It uses hashing operation to hide packet information It provides connectionless integrity, data authentication, and replay protection Guards against replay attacks Header before applying AH Information Network 1 / 2012 88

Authentication Header (2) Transport Mode (AH Authentication) Tunnel Mode (AH Authentication) Information Network 1 / 2012 89

Encapsulating Security Payload (1) It encrypts the packet s payload with a symmetric key It provides confidentiality, data integrity, data origin authentication, and an anti-replay service Encryption Three-key triple DES RC5 IDEA Three-key triple IDEA CAST Blowfish Authentication HMAC-MD5-96 HMAC-SHA-1-96 Information Network 1 / 2012 90

Encapsulating Security Payload (2) Transport Mode Tunnel Mode Information Network 1 / 2012 91

RFCs IPSec documents: RFC 2401: An overview of security architecture RFC 2402: Description of a packet authentication extension to IPv4 and IPv6 RFC 2406: Description of a packet encryption extension to IPv4 and IPv6 RFC 2408: Specification of key management capabilities Information Network 1 / 2012 92

IPv6 Transition Information Network 1 / 2012 93

Dual Stack Dual stack host can speak both IPv4 and IPv6 Most workstations are IPv6-enabled Application Layer Transport Layer (TCP/UDP) IPv4 IPv6 Network Interface Layer Information Network 1 / 2012 94

Tunneling Connection of IPv6 domains via IPv4 clouds 6to4 the most common IPv6 over IPv4 tunneling protocol Tunnel endpoints must have public IPv4 addresses Teredo encapsulating IPv6 inside IPv4/UDP IPv6/Dual Network IPv4 Core IPv6/Dual Network Generation 6to4 Router Adds v4 header IPv4 Router Forwards as Usual Destination 6to4 router removes IPv4 header Delivery Information Network 1 / 2012 95

Address Translation NAT64 Packet headers are translated according to Stateless IP/ICMP Translation Algorithm (SIIT) IPv6 (address + port) is mapped to IPv4 (address + port) IPv4 is mapped into IPv6 as Pref64::IPv4 Pref64 is an /96 IPv6 address pool Information Network 1 / 2012 96

More Details Many resources available ARIN http://www.getipv6.info/index.php/main_page APNIC RIPE http://www.apnic.net/community/ipv6-program http://www.ripe.net/lir-services/resource-management/numberresources/ipv6 AfriNIC http://www.afrinic.net/ipv6/index.htm LACNIC http://portalipv6.lacnic.net/en Information Network 1 / 2012 97

IPv6 Advantages More efficient address space allocation End-to-end addressing; no NAT anymore Fragmentation only by the source host Routers don t calculate header checksum (speed up) Multicasting instead of broadcasting Built-in security mechanisms Single control protocol (ICMPv6) Auto-configuration etc. Information Network 1 / 2012 98

Assignment 2 Information Network 1 / 2012 99

Network Configuration (1) Goal: To understand the dynamics of IPv6 and to be able to troubleshoot connectivity in an IPv6 network What to do: Download the provided network topology from the link below: http://iplab.naist.jp/class/infon/2012/materials/sample.pkt Configure the IPv6 addresses on the routers in the topology Enable Auto Config in IPv6 of the PCs in the network Test network connectivity by using Neighbor Discovery Protocol Configure the RIPng in the routers Disconnect one link between two routers and test network connectivity again. Observe the communication between the two disconnected routers. Information Network 1 / 2012 100

Network Configuration (2) Essay Briefly explain the following: IPv6 (i.e., addressing and subnetting) Neighbor Discovery protocol Routing RIPng For the last step in the instructions, can the routers still communicate? Answer by yes or no, then explain why. Information Network 1 / 2012 101

Submission Deadline: May 16, 2012 (Wed) at 17:00 JST Compress your Packet Tracer file and essay in one folder with your name and student ID (e.g., DoudouFall1234567.zip) then send it to: network1-2012@is.naist.jp For questions and concerns about the assignment, you may contact the TAs by email (network1-2012@is.naist.jp) or meet them in A307 Internet Engineering Laboratory Information Network 1 / 2012 102

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback