Introduction to IPv6. IPv6 addresses

Similar documents
Introduction to IPv6. IPv6 addresses

Introduction to IPv6. IPv6 addresses

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

Module 28 Mobile IP: Discovery, Registration and Tunneling

CSE 4215/5431: Mobile Communications Winter Suprakash Datta

Mobile Communications Chapter 9: Network Protocols/Mobile IP

LECTURE 8. Mobile IP

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

Mobile Communications Mobility Support in Network Layer

Mobile IP. Mobile IP 1

Introduction to routing in the Internet

Introduction to routing in the Internet

Lecture Computer Networks

Mobile Communications Chapter 8: Network Protocols/Mobile IP

11. IP Mobility 최 양 희 서울대학교 컴퓨터공학부

Mohammad Hossein Manshaei 1393

SJTU 2018 Fall Computer Networking. Wireless Communication

Mobile & Wireless Networking. Lecture 9: Mobile IP. [Schiller, Section 8.1]

Mobile IP. rek. Petr Grygárek Petr Grygarek, Advanced Computer Networks Technologies 1

Internet Control Message Protocol (ICMP)

TSIN02 - Internetworking

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Internet Protocols (chapter 18)

Mobility Management - Basics

Internet Control Message Protocol

Mobility Management Basics

Configuring IPv6 basics

Outline. CS5984 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Host Mobility Problem Solutions. Network Layer Solutions Model

Charles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo

Outline. CS6504 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Dr. Ayman Abdel-Hamid. Mobile IPv4.

IPv6 Neighbor Discovery

Mobile IP. Mobile Computing. Mobility versus Portability

Mobile IP Overview. Based on IP so any media that can support IP can also support Mobile IP

IPv6. Copyright 2017 NTT corp. All Rights Reserved. 1

Configuring IPv6 for Gigabit Ethernet Interfaces

Rocky Mountain IPv6 Summit April 9, 2008

ICS 451: Today's plan

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

ECS-087: Mobile Computing

Mobile IPv6 Overview

Modification to Ipv6 Neighbor Discovery and Mobile Node Operation

Introduction to IPv6 - II

IPv6 Neighbor Discovery

IPv6: An Introduction

IPv6 Neighbor Discovery

History Page. Barracuda NextGen Firewall F

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Mobile IP and Mobile Transport Protocols

Internet Protocol, Version 6

IPv6. (Internet Protocol version 6)

Chapter 8 LOCATION SERVICES

IPv4 and IPv6 Commands

Guide to TCP/IP Fourth Edition. Chapter 6: Neighbor Discovery in IPv6

ET4254 Communications and Networking 1

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August

TCP/IP Protocol Suite

Configuring IPv6. Information About IPv6. Send document comments to CHAPTER

P A R T T W O MOBILE IPv6

tcp ipv6 timer fin-timeout 40 tcp ipv6 timer syn-timeout 40 tcp ipv6 window 41

(ICMP), RFC

The Netwok Layer IPv4 and IPv6 Part 2

MOBILE IP AND WIRELESS APPLICATION PROTOCOL

Chapter 2 Advanced TCP/IP

Workshop on Scientific Applications for the Internet of Things (IoT) March

SEN366 (SEN374) (Introduction to) Computer Networks

How Mobile IP Works? Presenter: Ajoy Singh

Mobile IP Support for RFC 3519 NAT Traversal

CMPE 257: Wireless and Mobile Networking

IPv6 Next generation IP

IPv6 : Internet Protocol Version 6

History. IPv6 : Internet Protocol Version 6. IPv4 Year-Wise Allocation (/8s)

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

Network Security. Security of Mobile Internet Communications. Chapter 17. Network Security (WS 2002): 17 Mobile Internet Security 1 Dr.-Ing G.

ICS 351: Networking Protocols

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols

The Internet. The Internet is an interconnected collection of netw orks.

IPv6. IPv6 Rationale. IPv6 (Review) IPv6 (Review) IPv6 Extension Headers. IPv6 Header Chaining PROTOCOL ADDRESSING AUTOCONFIGURATION DEPLOYMENT


Table of Contents 1 IPv6 Basics Configuration 1-1

Mobility Management. Advanced Mobile Communication Networks. Integrated Communication Systems Group Ilmenau University of Technology

IPv6 Protocol Architecture

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

IPV6 SIMPLE SECURITY CAPABILITIES.

Planning for Information Network

Internetworking/Internetteknik, Examination 2G1305 Date: August 18 th 2004 at 9:00 13:00 SOLUTIONS

Mobile Computing. Chapter 8: Mobile Network Layer

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Chapter 9 Internet Protocol Version 6 (IPv6)

Telecom Systems Chae Y. Lee. Contents. Overview. Issues. Addressing ARP. Adapting Datagram Size Notes

Introduction to Internetworking

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

IPv6 Neighbor Discovery

IPv6 Technical Challenges

The Internetworking Problem. Internetworking. A Translation-based Solution

IPv6 Configuration Commands

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

This chapter introduces protocols and mechanisms developed for the network

CS 457 Lecture 11 More IP Networking. Fall 2011

Transcription:

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A Types Unicast Defines one interface within their scope of validity Multicast Delivers packets to all members of a group Anycast Delivers packets to the nearest member of a group IPv6,Mobility-2

Special IPv6 addresses Unspecified = 0:0:0:0:0:0:0:0 = :: Only as source address Loopback = 0:0:0:0:0:0:0:1 = ::1 For sending datagrams to itself IPv4 addresses prepended with zeroes 0:0:0:0:0:0:AABB:CCDD = ::a.b.c.d Site-local addresses FEC0:0000:0000:subnet:station Link-local addresses FEB0:0000:0000:0000:station IPv6,Mobility-3 IPv6 header Version=6 (4) (4) Traffic class class (8) (8) Flow Flow label label (24) (24) Payload length (16) (16) Next Next header header type type (8) (8) Hop Hop limit limit (8) (8) Source address (128) Destination address (128) Differences between v4 and v6 No checksum (performed at lower layers) No fragmentation (path MTU discovery instead, min. 1280) No options (linked extension headers instead) Extension headers replace options IPv6 IPv6 header NH Extension NH Extension NH Payload (TCP) IPv6,Mobility-4

IPv6 supports strict or loose source routing Routing header Hext Hext header Header ext. ext. length Routing type type = 0 Reserved IPv6 IPv6 address 1 IPv6 IPv6 address 2.... IPv6 IPv6 address N Segments left left Only the router whose address is destination address in IPv6 header examines this extension Forwarder Moves the next address to the IPv6 header Decrements the number of segments left IPv6,Mobility-5 Fragmentation is performed by the sender Packets larger than the next hop s MTU are rejected Large packets must be fragmented by the sender Fragment header: Hext Hext header Reserved Fragment offset Identification Reserved M M Offset: Least significant 132 bits of 16-bit word M: More fragments IPv6,Mobility-6

Other extensions Authentication header Destination options header Only examined by the destination Contains one or several parameters Also defines handling for unrecognized parameters Hop-by-hop options header Examined by each router Similar format and coding as destination options header E.g. jumbo payload Processing order is important IPv6 Hop-by-hop Destination options (for tunneling) Routing Fragment Authentication Destination options Upper layers (TCP/UDP) IPv6,Mobility-7 Internet Control Message Protocol Version 6 ICMPv6 header Type Type Also includes the functionality of IGMP ICMP message types: 1. Destination unreachable 2. Packet too big 3. Time exceeded errors 4. Parameter problem 128. Echo request 129. Echo reply for ping 133. Router solicitation 134. Router advertisement router discovery 137. Redirect Code Code ICMP body body Checksum IPv6,Mobility-8

Router discovery For building a local list of routers on the same network Type Type = 134 134 Code Code = 0 Checksum Cur. Cur. hop hop limit limit M O Res. Res. Router lifetime Reachable time time Retransmission timer timer Options Curr.hop limit: Suggestion for initial hop limit value Router lifetime: Seconds for holding in router list Reachable time: Expected time neighbors remain reachable after advertising the media address in milliseconds Reachable retransmission timer: Interfal between successive solicitations of a neighbor that is not returning solicited neighbor advertisements (ms). IPv6,Mobility-9 Neighbor discovery in IPv6 replaces ARP If there is no MAC address entry for the next hop, a neighbor solicitation message (comp. ARP-request) is sent: Type Type = 135 135 Code Code = 0 RR S O Reserved Solicited address Options... TTL=1, own MAC address in source link-level address option The message is sent to a solicited node multicast address derived from the address of the next-hop MAC address for the message derived from this address The host recognizing its address, replies with a neighbor advertisement message (comp. ARP-reply) Format similar, but Type=136 MAC address in link layer address option R=address is router, S=reply to solicitation, O=overides previous cache entry Checksum IPv6,Mobility-10

Redirect works like in IPv4 but may include the media address of the next hop Redirect message: Type Type = 137 137 Code Code = 0 Reserved Target address Destination address Options Checksum Target address contains the better next hop for the destination The media address of the next hop may be included in a target link layer address option. IPv6,Mobility-11 The sender needs feedback from the destiation so that it is not sending to a black hole If the sender does not get feedback (within 30 min), it checks the existence of the receiver with a solicitation message update cache solicitation solicitated advertisement destination unreachable solicitation solicitation solicitation remove from from cache calculate new new next-hops IPv6,Mobility-12

Autoconfiguration can be stateful or stateless new host router solicitation [link-local-address all-routers] Type Type = 133 133 Code Code = 00 Checksum Checksum Reserved Reserved Options... Options... (link (link layer layer address) address) router advertisement [ all-hosts / link-local-address] router M=1 M=1 O=1 O=1 yes stateless configuration yes Type Type = 134 134 Code Code = 00 Hop.limit Hop.limit M O Res. Res. Checksum Checksum Router Router lifetime lifetime Reachable Reachable time time Retransmission Retransmission timer timer Options... Options... (prefix (prefix information information option) option) stateful conf. conf. with with conf.server obtain other other parameters from from conf.server Stateful autoconfiguration similar to DHCP in IPv4 IPv6,Mobility-13 Stateless autoconfiguration Type Type = 134 134 Code Code = 00 Hop.limit Hop.limit M O Res. Res. Checksum Checksum Router Router lifetime lifetime Reachable Reachable time time Retransmission Retransmission timer timer Options... Options... (prefix (prefix information information option) option) Prefix information option contains list of prefixes with parameters on-link bit the prefix is specific to the local link autonomous-bit host can construct address by replacing the last bits of the prefix with EUI-64 identifier Stateless autoconfiguration properties simple, no servers required inefficient: 64 bits used for one local network no access control IPv6,Mobility-14

When a host generates an address with autoconfiguration, it must check that it is unique In principle, addresses generated with the EUI-64 identifier should be unique, but... address not not unique pick pick another 1 s address is is unique solicitation solicitated advertisement solicitation IPv6,Mobility-15 Mobile IP (Chapter 13 in Huitema) IPv6,Mobility-16

Different types of mobility Computers transported and connected from different locations Dynamic configuration new IP address Access through modem/isdn new IP address TCP connection cut off Mobile computers, which stay connected during movements Radio, infrared same IP address Mobile networks, e.g. in cars, planes, trains, ships Recursive mobility (mobile station in mobile network) IPv6,Mobility-17 The traffic to a mobile node is tunneled from the home agent to the foreign agent Mobile Node (MN) Node, who has a home address in the home network, and obtains a care-of-address (COA) in the visite foreign network Home Agent () Belongs to the home network and serves the home address Foreign Agent (FA) Serves the visiting mobile node Corresponding Node (CN) A node exchanging data with the mobile node normal forwarding CN normal forwarding to home address MN care-of-address FA tunneling home address Home agents and foreign agents may be routers IPv6,Mobility-18

Discovery and registration MN ICMP router advertisement FA new location? Yes register register (COA address) reply (COA address) reply (COA address) grant? Yes A lost request is resent by MN FA never repeats the request. IPv6,Mobility-19 Discovery of a Home Agent or Foreign Agent using periodical ICMP messages Agent advertisements are extensions to ICMP router advertisements The agent advertisements contain Sequence number Life-time of registration Flags Registration required Foreign agent or home agent Minimal encapsulation (RFC-2003) or Generic Routing Encapsulation (GRE) (RFC-1701) Header compression used List of care-of-addresses Length of prefixes IPv6,Mobility-20

The sequence numbers in the agent adverstisement are similar to lollipop sequence numbers in OSPF 65635 0 256 If one of the number is < 256 The higher number is higher If both numbers are 256 If (b-a) < (65635-256)/2 then b is higher If the received is lower than the previous, then the server has been restarted Register again IPv6,Mobility-21 Alternative discovery mechanisms Periodic broadcast of ICMP messages wastes transmission capacity, especially on wireless LANs The MN can detect changed location through media-level information e.g. analyzing power of different basestations Instead of waiting, the MN can solicit the information Similar to ICMP router solicitation TTL = 1 Agent replies with agent advertisement IPv6,Mobility-22

Registration request Registration request message contains Message type = 1 Flags FA colocated with MN preferred encapsulation Requested lifetime 0 = cancellation of previous Home address of MN address COA address Request identification Extensions E.g. authentication IPv6,Mobility-23 Registration reply Registration reply message contains Message type = 3 Reply code (granted or denied) Who denied (FA or ) Why denied Accepted lifetime Same or smaller than requested lifetime Home address of MN address Request identification Same as in request Extensions E.g. authentication IPv6,Mobility-24

Security issues (1) Attack types Someone pretends to be a FA to capture its traffic Someone replaying old registration messages Authentication extension proves the origin of the message and that the contents has not been changed Security parameter index (SPI) together with, COA, or NM identifies security context Shared secret, signature algorithm (e.g. keyed MD5) part of security context Data and secret key authentication field MN to authentication mandatory FA to and MN to FA authentications optional IPv6,Mobility-25 Security issues (2) Attack types Someone pretends to be a FA to capture its traffic Someone replaying old registration messages Two request must not contain the same identification NTP timestamps (64-bit) Only requests with higher timestamps are accepted The timestamps must be close to the current time Random numbers used only once IPv6,Mobility-26

Encapsulation Basic encapsulation, RFC-2003 Source=, Dest=COA, Protocol=IP in in IP=4 Source=CN, Dest=MN, Protocol=TCP TCP header + data New IP header Minimal encapsulation, RFC-2004 Source=, Dest=COA, Protocol=Min.encaps=55 New IP header Generic Routing Encapsulation (GRE), RFC-1701 Source=, Dest=COA, Protocol=GRE=24 Compressed header Encapsulation parameters Original IP packet Original IP packet TCP header + data Source=CN, Dest=MN, Protocol=TCP Compressed header: Protocol type of encaps. packet (e.g. TCP), Destination address of encaps. packet, Optional source address of encaps. packet, Header checksum TCP header + data New IP header GRE header Original IP packet Parameters: Protocol type (similar to the one in Ethernet packet), optional checksum, optional sequence number, optional authentication key, (source) routing field IPv6,Mobility-27 Broadcast and multicast should only be received by the MN, not the network of MN Easy if FA is colocated with MN FA/MN encapsulated packet Double encapsulation of broadcast/multicast traffic MN encapsulated packet FA double encapsulation Source=, Dest=COA, Protocol=encaps Source=, Dest=MN, Protocol=encaps Source=CN, Dest=bc, Protocol=UDP UDP header + data New IP header ICMP messages are encapsulated MN Instead, MN can subscribe to groups on the foreign network Double encapsulation Original broadcast packet IPv6,Mobility-28

Multiple home agents Problem: MN becomes unreachable if fails If there are several home agents, one of them must be the designated home agent (compare to OSPF) CN MN FA designated Only supported by the early designs of mobile IP IPv6,Mobility-29 Source address filtering is a problem in Mobile IP (1) Why source address filtering? Address spoofing hides identity of attacker, helps thargeting third parties replies, helps gaining privilegies Source address filtering is performed in firewalls, between ISP and customer, at peering points between provides, etc. Packets sent by MN must be tunneled through the FA MN CN IPv6,Mobility-30

Source address filtering is a problem in Mobile IP (2) FAs capable of tunneling packets back to, advertise it with a flag in agent advertisement message The MN requests reverse tunneling MN ICMP router advertisement FA FA ICMP router advertisement (reverese tunnel capability) register (reverse tunneling) register... IPv6,Mobility-31 Considerations Path MN CN is shorter than the path CN MN Assymmetry If the MN moves relatively fast, it must choose a new FA often Many registration messages to IPv6,Mobility-32

Mobile IPv6 (Chapter 13 in Huitema) IPv6,Mobility-33 Mobility in IPv6 Discovery performed with IPv6 neighbor discovery and address configuration mechanisms Security MN can nofity their COA to the CN in addition to the Efficient encapsulation with the source routing header IPv6,Mobility-34

Discovery The MN and FA are often colocated No separate FA Hosts listen to router adverisements to the learn prefixes of the link Hosts can detect that they are visiting a foreign network COA obtained with address configuration procedures Routers willing to act as home agents indicate it in the router advertisement IPv6,Mobility-35 Binding updates (1) Binding performed using destination extensions Binding update informs about the new COA Binding ack acknowledges the COA Binding request To request information about the current COA Home address Identifies the home address of the MN Authentication with the security option IPv6,Mobility-36

Binding updates (2) COA transmitted in source address of IPv6 header Home address in home address option MN Binding update (lifetime, seq.num) Home address Security Binding ack (result cod, lifetime, update refresh period, seq.num) IPv6,Mobility-37 Source address filtering is not a problem in IPv6 The mobile node does not put its home address in the IPv6 header. Instead, the home address is sent in the home address option. The IPv6 header contains the COA. Mandatory requirement. IPv6,Mobility-38

The MN can send a binding update to the CN to optimize the route MN CN Note: if the COA changes a new binding update must be sent to all CNs that are sending directly want to update Yes packets Binding update Binding ack Binding request Binding update Binding ack packets packets ack requested Yes no timer update and expires Yes ack requested Yes IPv6,Mobility-39 MN IPv6 uses the routing header instead of encapsulation CN insert routing header Packet Routing header COA Packet Packet (source addr.=coa) Home address option Security (AH, ESP) Binding update sender is MN store the COA Packet Routing header COA Security (AH, ESP) Binding ack IPv6,Mobility-40

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback