Introduction to IPv6. IPv6 addresses

Similar documents
Introduction to IPv6. IPv6 addresses

Introduction to IPv6. IPv6 addresses

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

Module 28 Mobile IP: Discovery, Registration and Tunneling

Mobile Communications Chapter 9: Network Protocols/Mobile IP

CSE 4215/5431: Mobile Communications Winter Suprakash Datta

Mobile Communications Mobility Support in Network Layer

Mohammad Hossein Manshaei 1393

TSIN02 - Internetworking

Introduction to routing in the Internet

LECTURE 8. Mobile IP

IPv6 Neighbor Discovery

Lecture Computer Networks

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

Introduction to routing in the Internet

Mobile Communications Chapter 8: Network Protocols/Mobile IP

Mobile IP. Mobile IP 1

Outline. CS5984 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Host Mobility Problem Solutions. Network Layer Solutions Model

Outline. CS6504 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Dr. Ayman Abdel-Hamid. Mobile IPv4.

Internet Control Message Protocol (ICMP)

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Introduction to IPv6 - II

Charles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo

Internet Protocols (chapter 18)

11. IP Mobility 최 양 희 서울대학교 컴퓨터공학부

Modification to Ipv6 Neighbor Discovery and Mobile Node Operation

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

Mobile IP. rek. Petr Grygárek Petr Grygarek, Advanced Computer Networks Technologies 1

SJTU 2018 Fall Computer Networking. Wireless Communication

Mobile & Wireless Networking. Lecture 9: Mobile IP. [Schiller, Section 8.1]

Configuring IPv6 basics

IPv6 Neighbor Discovery

Configuring IPv6 for Gigabit Ethernet Interfaces

IPv6 Protocol Architecture

ET4254 Communications and Networking 1

Mobility Management - Basics

IPv6 Neighbor Discovery

Internet Control Message Protocol

The Netwok Layer IPv4 and IPv6 Part 2

IPv6. (Internet Protocol version 6)

ECS-087: Mobile Computing

Mobility Management Basics

Mobile IP Overview. Based on IP so any media that can support IP can also support Mobile IP

Mobile IP and Mobile Transport Protocols

Internet Protocol, Version 6

Rocky Mountain IPv6 Summit April 9, 2008

Obsoletes: 2002 January 2002 Category: Standards Track

IPv6 Neighbor Discovery

TCP/IP Protocol Suite

Mobile IP Support for RFC 3519 NAT Traversal

Configuring IPv6. Information About IPv6. Send document comments to CHAPTER

IPv6: An Introduction

IPv6. IPv6 Rationale. IPv6 (Review) IPv6 (Review) IPv6 Extension Headers. IPv6 Header Chaining PROTOCOL ADDRESSING AUTOCONFIGURATION DEPLOYMENT

IPv6 Configuration Commands

IPv6 Protocol & Structure. npnog Dec, 2017 Chitwan, NEPAL

CMPE 257: Wireless and Mobile Networking

History Page. Barracuda NextGen Firewall F

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

CS 457 Lecture 11 More IP Networking. Fall 2011

IPv6 Neighbor Discovery

Mobile IPv6 Overview

IPv4 and IPv6 Commands

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

ICS 451: Today's plan

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

SEN366 (SEN374) (Introduction to) Computer Networks

Workshop on Scientific Applications for the Internet of Things (IoT) March

Mobile IP. Mobile Computing. Mobility versus Portability

tcp ipv6 timer fin-timeout 40 tcp ipv6 timer syn-timeout 40 tcp ipv6 window 41

CMPE 257: Wireless and Mobile Networking

IPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

Foreword xxiii Preface xxvii IPv6 Rationale and Features

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

IPv6 Concepts. Improve router performance Simplify IP header Align to 64 bits Address hierarchy with more levels Simplify routing tables

Computer Networking: A Top Down Approach Featuring the. Computer Networks with Internet Technology, William

Guide to TCP/IP Fourth Edition. Chapter 6: Neighbor Discovery in IPv6

IPv6 Technical Challenges


Table of Contents 1 IPv6 Basics Configuration 1-1

Last time. Network layer. Introduction. Virtual circuit vs. datagram details. IP: the Internet Protocol. forwarding vs. routing

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

(ICMP), RFC

Network Layer (4): ICMP

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August

Chapter 2 Advanced TCP/IP

internet technologies and standards

IPv6. Copyright 2017 NTT corp. All Rights Reserved. 1

Internetworking/Internetteknik, Examination 2G1305 Date: August 18 th 2004 at 9:00 13:00 SOLUTIONS

IPv4. Christian Grothoff.

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

The Netwok Layer IPv4 and IPv6 Part 2

The Internet. The Internet is an interconnected collection of netw orks.

TSIN02 - Internetworking

Introduction to Internetworking

Planning for Information Network

IPV6 SIMPLE SECURITY CAPABILITIES.

Binding information contains the entries in the mobility binding table.

Network Layer: Internet Protocol

Transcription:

Introduction to IPv6 (Chapter4inHuitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit hexadecimal integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A Types Unicast Defines one interface within their scope of validity Multicast Delivers packets to all members of a group Anycast Delivers packets to the nearest member of a group IPv6,Mobility-2

Special IPv6 addresses Unspecified = 0:0:0:0:0:0:0:0 = :: Only as source address Loopback = 0:0:0:0:0:0:0:1 = ::1 For sending datagrams to itself IPv4addressesprependedwithzeroes 0:0:0:0:0:0:AABB:CCDD = ::a.b.c.d Site-local addresses FEC0:0000:0000:subnet:station (subnet 16 bits, station 64 bits) Link-local addresses (not relayed by router) FEB0:0000:0000:0000:station IPv6,Mobility-3 IPv6 header Version=6 (4) (4) Traffic class class (8) (8) Flow Flowlabel label (24 (24bits) Payload length (16 (16bits) Next Nextheader headertype type (8) (8) Hop Hoplimit (8) (8) Source address (128 (128bits) Destination address (128 (128bits) Differences between v4 and v6 No checksum (performed by lower layers) No fragmentation (path MTU discovery instead, min. 1280 bytes) No options (fixed length header, options in linked extension headers instead) Extension headers replace options IPv6 IPv6header NH Extension NH Extension NH Payload (TCP) IPv6,Mobility-4

Source routing is implemented with the routing header Routing header: Next Nextheader Only the router whose address is destination address in IPv6 header examines this extension ÿ better performance Forwarder Swaps the next address in the list and the destination address of the header Decrements the number of segments left Header ext. ext. length Routing type type = 0 Reserved IPv6 IPv6address 1 IPv6 IPv6address 2...... IPv6 IPv6address N Segments left left Can be replaced by IP-in-IP IPv6,Mobility-5 Only the sender can fragment packets No fragmentation in routers Packets larger than the next hop s MTU are rejected, and ICMP message sent back Large packets (e.g. in UDP) must be fragmented by the sender Fragment header: Hext Hextheader Reserved Fragment offset Identification Reserved M M Most significant 13 bits of 16-bit word More fragments (M=1 in all packets but the last) IPv6,Mobility-6

Other extensions Authentication Header (AH) for authentication Encrypted Security Payload (ESP) for authentication + encryption Destination options header is only examined by the destination Contains one or several options Also defines handling for unrecognized parameters Ignore / discard silently / discard and send ICMP message Hop-by-hop options header is examined by each router Similar format and coding as destination options header E.g. jumbo payload Processing order is important IPv6 ÿ Hop-by-hop options ÿ Destination options (for endpoint of tunnel) ÿ Routing ÿ Fragment ÿ Authentication ÿ Destination options (for destination) ÿ Upper layers (TCP/UDP) IPv6,Mobility-7 Internet Control Message Protocol Version 6 ICMPv6 header: Type Type Code Code ICMP body body Checksum ICMP message types: 1. Destination unreachable 2. Packet too big 3. Time exceeded 4. Parameter problem 128. Echo request 129. Echo reply 133. Router solicitation 134. Router advertisement 137. Redirect errors for ping router discovery Also includes the functionalities of IGMP and ARP IPv6,Mobility-8

Router advertisements are sent by routers For building a local list of routers on the same network Suggestion for initial hop limit value Seconds for holding in router list Type Type = 134 134 Code Code = 0 Checksum Cur. Cur. hop hoplimit M O Res. Res. Router lifetime Reachable time time Retransmission timer timer Options (e.g. (e.g. source link linklayer layeroption, MTU option) Expected time neighbors remain reachable after advertising their media address (in milliseconds) Source Link Layer option: contains media address of router Interval between successive solicitations of a neighbor that is not returning solicited neighbor advertisements IPv6,Mobility-9 Neighbor discovery finds the MAC address corresponding to the IP address of the next hop MAC address in cache? neighbor solicitation (comp. ARP-request): Type Type = 135 135 Code Code = 0 Checksum RR S O Reserved Solicited address Source link-level address option ÿ own ownmac address ÿsolicited node multicast address = FF02:0:0:0:0:1 + last 32 bits of address No R=1 if address is router, S=1 reply to solicitation, O=1 overrides previous entry neighbor advertisement (comp. ARP-reply): Type Type = 136 136 Code Code = 0 Checksum RR S O Reserved Solicited address Link Linklayer layeraddress option ÿ found MAC address My IP address in solicitaition? IPv6,Mobility-11

Redirect works like in IPv4 but may include the media address of the next hop Redirect message: Type Type = 137 137 Code Code = 0 Checksum Reserved Target address Destination address Options (e.g. (e.g. target link linklayer layeraddress, redirected header option) Target address contains the better next hop for the destination The media address of the next hop may be included in a target link layer address option. IPv6,Mobility-12 The sender needs feedback from the destination so that it does not send to a black hole If the sender does not get feedback (e.g. TCP acks) within 30 seconds, it checks the existence of the receiver with a solicitation message update cache solicitation solicitated advertisement destination unreachable (to application) solicitation solicitation solicitation remove from fromcache calculate new newnext-hops IPv6,Mobility-13

Before obtaining an address with autoconfiguration, the host uses a link local address FEB0:0000:0000:0000 + EUI-64 identifier The 64-bit EUI-64 identifier is generated from the 48-bit Ethernet address The host must check that the link local address is unique In principle, addresses generated with the EUI-64 identifier should be unique, but... solicitation solicitated advertisement address not notunique ÿ pick pickanother 1s address is isunique solicitation Lost messages ÿ retry several times IPv6,Mobility-14 Autoconfiguration can be stateful or stateless router new host router solicitation [link-local-addressÿall-routers] Type Type = 133 133 Code Code = 00 Checksum Checksum Reserved Reserved Options... (link layer address) Options... (link layer address) router advertisement [ÿall-hosts / ÿlink-local-address] M=1 M=1 O=1 O=1 yes yes stateless configuration Type Type = 134 134 Code Code = 00 Hop.limit Hop.limit M O Res. Res. Checksum Checksum Router Routerlifetime Reachable Reachabletime time Retransmission Retransmissiontimer timer Options... Options... (prefix (prefixinformation informationoption) option) stateful conf. conf. with withconf.server obtain other otherparameters from fromconf.server Stateful autoconfiguration similar to DHCP in IPv4 IPv6,Mobility-15

Stateless autoconfiguration Type Type = 134 134 Code Code = 00 Hop.limit Hop.limit M O Res. Res. Checksum Checksum Router Routerlifetime Reachable Reachabletime time Retransmission Retransmissiontimer timer Options... Options... (prefix (prefixinformation informationoption) option) Properties simple, no servers required inefficient: 64 bits used for one local network no access control Contains list of prefixes with parameters on-link bit ÿ the prefix is specific to the local link autonomous-bit ÿ host can construct address by replacing the last bits of the prefix with EUI-64 identifier IPv6,Mobility-16 Mobile IP (Chapter 13 in Huitema) IPv6,Mobility-17

Different types of mobility Computers transported and connected from different locations Access through modem/isdn/wlan/ Dynamic configuration ÿ new IP address ÿ TCP connection cut off Mobile computers, which stay connected during movements Radio, infrared ÿ same IP address Mobile networks, e.g. in cars, planes, trains, ships Recursive mobility (mobile host in mobile network) Mobility performed on lower layers, e.g. GPRS IPv6,Mobility-18 The traffic to a mobile node is tunneled from the home agent to the foreign agent Mobile Node () Node, who has a home address in the home network, and obtains a care-of-address (COA) in the visited foreign network Home Agent () Router in the home network that serves the home address Foreign Agent (FA) Router that serves the visiting mobile node Corresponding Node (CN) A node exchanging data with the mobile node normal forwarding CN normal routing to home address foreign network FA care-of-address tunneling Several s may use the same COA! home address home network Dogleg routing IPv6,Mobility-19

In exceptional cases the and the FA can be co-located E.g. if there is no FA in the visited network obtains a COA using DHCP or PPP Uses more IP addresses Tunnel over air interface consumes more bandwidth normal forwarding CN normal forwarding to home address care-of-address tunneling home address Each s needs a separate COA! IPv6,Mobility-20 When a host discovers that the location has changed, it must register the new COA with the ICMP agent advertisement (COA address) FA new location? register (COA address) register (COA address) reply reply grant? A lost request is resent by FA never repeats the request. IPv6,Mobility-21

Discovery of a Home Agent or Foreign Agent using periodical ICMP messages Agent advertisements are extensions to ICMP router advertisements The agent advertisements contain Sequence number Life-time of registration Flags Registration required Foreign agent or home agent Supporting Minimal encapsulation (RFC-2003) Supporting Generic Routing Encapsulation (GRE) (RFC-1701) Header compression used List of care-of-addresses Length of prefixes FA ICMP agent advertisement (COA address) new new location? location? register (COA address) reply register (COA address) grant? grant? reply IPv6,Mobility-22 The sequence numbers in the agent advertisement are similar to lollipop sequence numbers in OSPF 65635 0 256 If one of the number is < 256 The higher number is higher If both numbers are 256 If (b-a) < (65635-256)/2 then b is higher If the received is lower than the previous, then the server has been restarted ÿ Register again IPv6,Mobility-23

Alternative discovery mechanisms Periodic broadcast of ICMP messages wastes transmission capacity, especially on wireless LANs Cannot be frequent The can detect changed location through media-level information e.g. analyzing power of different basestations Instead of waiting, the can solicit the information Similar to ICMP router solicitation TTL=1 Agent replies with agent advertisement IPv6,Mobility-24 Registration request Registration request message contains Message type = 1 (request) Flags FA co-located with preferred encapsulation Requested lifetime 0 = cancel the previous Home address of address COA address 64-bit request identification Extensions E.g. authentication FA ICMP agent advertisement (COA address) new newlocation? register (COA address) reply register (COA address) reply grant? grant? IPv6,Mobility-25

Registration reply Registration reply message contains Message type = 3 (reply) Reply code (granted or denied) Who denied (FA or ) Why denied Accepted lifetime Sameasorsmallerthan requested lifetime Home address of address 64-bit request identification Same as in request Extensions E.g. authentication FA ICMP agent advertisement (COA address) new newlocation? register (COA address) reply register (COA address) reply grant? grant? IPv6,Mobility-26 Security issues (1) Attack types Attacker pretends to be a FA to capture traffic Attacker replays old registration messages Authentication extension proves the origin of the message and that the contents has not been changed Security parameter index (SPI) together with, COA, or NM identifies security context Shared secret, signature algorithm (e.g. keyed MD5) parameters of security context Data and secret key ÿ authentication field to authentication mandatory FA to and to FA authentications optional IPv6,Mobility-27

Security issues (2) Attack types Attacker pretends to be a FA to capture traffic Attacker replays old registration messages Two requests must not contain the same identification NTP timestamps (64-bit) Only requests with higher timestamps are accepted The timestamps must be close to the current time Random numbers used only once (nonce) IPv6,Mobility-28 Encapsulation Basic encapsulation, RFC-2003 Source=, Dest=COA, Protocol=IP in inip=4 Source=CN, Dest=, Protocol=TCP TCP header +data New IP header Minimal encapsulation, RFC-2004 Source=, Dest=COA, Compressed Protocol=Min.encaps=55 header New IP header Generic Routing Encapsulation (GRE), RFC-1701 Source=, Dest=COA, Protocol=GRE=24 Encapsulation parameters Original IP packet TCP header +data Original IP packet Source=CN, Dest=, Protocol=TCP Compressed header: Protocol type of encaps. packet (e.g. TCP), Destination address of encaps. packet, Optional source address of encaps. packet, Header checksum TCP header +data New IP header GRE header Original IP packet Parameters: Protocol type (similar to the one in Ethernet packet), optional checksum, optional sequence number, optional authentication key, (source) routing field, flags (which options are present) IPv6,Mobility-29

Broadcast and multicast should only be received by the, not the network of Easy if FA is co-located with FA+ encapsulated packet Double encapsulation of broadcast/multicast traffic encapsulated packet FA double encapsulation Source=, Dest=COA, Protocol=IP in inip IP Source=, Dest=, Protocol=IP in inip IP Source=CN, Dest=bc, Protocol=UDP UDP header +data New IP header Joining multicast groups: ICMP messages are tunneled ÿ More efficient: can subscribe to groups on the foreign network Double encapsulation Original broadcast packet IPv6,Mobility-30 Source address filtering is a problem in Mobile IP (1) Why source address filtering? Address spoofing hides identity of attacker, helps targeting third parties replies, helps gaining privileges Source address filtering is performed in firewalls, between ISP and customer, at peering points between provides, etc. ÿ Packets sent by must be tunneled through the FA CN IPv6,Mobility-32

Source address filtering is a problem in Mobile IP (2) FAs capable of tunneling packets back to, advertise it with a flag in agent advertisement message The requests reverse tunneling ICMP router advertisement FA FA ICMP router advertisement (reverese tunnel capability) register (reverse tunneling) register... IPv6,Mobility-33 Considerations Path ÿcn is shorter than the path CNÿ Asymmetry If the moves relatively fast, it must choose a new FA often ÿ Many registration messages to IPv6,Mobility-34

Mobile IPv6 (Chapter 13 in Huitema) IPv6,Mobility-35 Mobility in IPv6 Discovery performed with IPv6 neighbor discovery and address configuration mechanisms Security built-in ÿ can notify their COA to the CN in addition to the Efficient encapsulation with the source routing header IPv6,Mobility-36

Discovery The and FA are usually colocated ÿ No separate FA A separate address can be assigned to every Hosts listen to router advertisements to the learn prefixes of the link Hosts can detect that they are visiting a foreign network COA obtained with address configuration procedures Routers willing to act as home agents indicate it in the router advertisement IPv6,Mobility-37 Mobile IPv6 replaces registration messages with destination options Binding performed using destination options Binding update informs about the new COA Binding ack acknowledges the COA Binding request requests information about the current COA Home address Identifies the home address of the Authentication with the security option IPv6,Mobility-38

Registration is performed using a binding update COA transmitted in source address of IPv6 header Home address in the Home Address option IPv6 (src=coa, dest=) Binding update (flags, lifetime, seq.num) Home address Security IPv6 (src=, dest=coa) Binding ack (result code, lifetime, update refresh period, seq.num, optional list of home agents) IPv6,Mobility-39 The can also send a binding update to the CN to optimize the route CN Note: if the COA changes a new binding update must be sent to all CNs that are sending directly want to update packets Binding update Binding ack Binding request Binding update Binding ack packets packets ack requested no timer update and expires ack requested IPv6,Mobility-40

IPv6 uses the routing header instead of encapsulation CN insert routing header IPv6 Routing header (ÿcoa) IPv6 Sourceaddress filtering is not a problem! IPv6 (src=coa) Home address option Security (AH / ESP) Binding update IPv6 (src=coa) Home address option sender is store the COA IPv6 Routing header (ÿcoa) Security (AH / ESP) Binding ack IPv6,Mobility-41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback