Scenario

IP
Powerline ATM
1

DVDM Frame Relay

GSM/UMTS Ethernet

Bluetooth Satellite

Wi-Fi SONET

Limitations of IPv4
Shortage of IPv4 addresses Problems with routing scalability Need for new and more efficient services

Agencies that assign addresses

IANA distributes (better: distributed) prefizes to regional registries /8 network

Situation (2010)

Situation (2011)

Scalability problems with routing (1)

Factors increasing routing table size
increase of Internet size each single subnetwork needs to be advertized "unordered" assignment of IP addresses

Problems
Router limitations
Too much information to manage

Protocol di routing limitations

High probability that at least one route changes in a shortnperiod of time

Solutions with IPv4

CIDR (Classless Inter-Domain Routing)

Problems mainly afecting backbone routers

8

Scalability problems with routing (2)

http://bgp.potaroo.net/

Need for new services

New needs appear at the beginning of '90s
Mobility Security Autoconfiguration (Plug & Play) Quality of Service (QoS) Multicast

10

The long way to IPv6 adoption

Long period for defining and migrating toward IPv6
Several problems needed to be solved with interim solutions When IPv6 reached the "production" stage, several problems were already solved

11

Saturation of address space

Introduction of network with "taylored" size
Netmask

Private addresses
Intranet, RFC 1918 Not enough to solve the problem
It should be used in conjunction with NAT or ALG

Network Address Translator (NAT)

Extremely popular Proposal for RSIP (Realm Specific IP)

ALG (Application Level Gateway)

12

Support for new services: Mobility (1)

Nomadicity
Reduced form of mobility Possibility to operate hosts that can be connected to the network at different points anfat different times
The problem is th smooth address assigment and configuration process

Solutions: DHCP, PPP, etc. It allows a host to contact the rest of the world
Client interaction with a server, but not the other way around

Mobility
Possibility to move from a point to another of the network, in a fully transparent way for IP.

13

Support for new services: Mobility (2)

Mobility
It implies Reachability The mobile host should be always contacted using the same address
It allows the host to play the role of server in a client/server system

Higher security requirements (protecting data in transit) Solution: Mobile IP (RFC 2002) never really implemented in IPv4
Mobile IP requires several addresses, which are lacking

Fundamental networks

problem

for

full

support

to

3G

Each device (phone) is a server and a client, as well

14

Support for new services: Security

Requirements
Authenticating the sender Encryption of the channel

Solution
IPsec (RFC 2401)
IP Authentication Header (AH) Encapsulating Security Paylod (ESP)

15

Supporto for new services: Autoconfiguration

Dinamic Host Configuration Protocol
Stateless assignment
Normal way of working

Stateful assignment
Based on recognition of the interface MAC address If the network interface changes, the IP address changes too

Problems
Requires an "ad hoc" server Network re-numbering is not managed with this protocol
Autoconfiguration for the hosts, not for the network

16

Support for new services: QoS & Multicast

Quality of Service
IntServ Model
Deterministic quality Resource reSerVation Protocol

DiffServ Model
Stochastic quality Service class definition

Multicast
No specific solution defined for IPv4 Research advances applicable to both IPv4 and IPv6 Multicast is still an open problem

17

Why to migrate to IPv6

Interim solutions have slown down IPv6 adoption
No compelling reasons to switch to IPv6

Major problems
Routing scalability Need for public addresses required by peer-to-peer applications
E.g. Voice over IP

18

Birth of di IPv6
Meeting IETF Boston (1992), Call for proposals
Appointment of dedicated Working Groups

Several proposals
TUBA: adopting OSI CNLP as new IP CATNIP: integration of different network (IP, CLNP, IPX) and transport (TP4, SPX, TCP, UDP) protocols
TCP/IP allowedat one end of the connection, and TCP/CLNP at the other end

SIPP: evolutionary proposal respect to IPv4 (correction for some drawbacks)

Simple: increasing the address field and eliminating unused ones

Winning proposal
List of requirements with 17 goals The winner should satisfy the higher number of requirements
SIPP with 128 bit addresses

19

Header IPv6 & IPv4 comparison (1)

0 4 12 16 Version Traffic Class Payload Length 31 24 Flow Label Next Header Hop Limit

Source IP Address

IPv6

Destination IP Address

0 Vers.

4 HLEN

8 Traffic Class

16

19 Total Length

31

Identification Time To Live Protocol

Flags

Fragment Offset Header Checksum

IPv4

Source IP Address Destination IP Address Options

20

PAD

Header IPv6 & IPv4 comparison (2)

Simplification
Goal: to limit the amount of information that should be processed in the critical router loop

Details
8 fields in IPv6 rather than 12 in IPv4
Some field re-named, other added

Fixed size header (40 bytes), no Header Length No checksum No fragmentation allowed in intermediate nodes (router)

21

Header IPv6 & IPv4 comparison (3)

Results: not completely positive
IPv6 address very big (128 bit)
Increased complexity in route lookup Increase CAM / TCAM size in routers to speed up access list lookup

Problems in locating layer 4 fields (TCP/UDP port)

Often used to classify packets and in access lists

22

Header IPv6 (1)

Version (4 bit)
Fixed value of 6

Flow label (20 bit)

Designates packet belonging to the same flow Improves IPv4 performances Value between 1 and FFFFFF

23

Header IPv6 (2)

Hop Limit (8 bit)
Substitute fir Time-To-Live in IPv4 It is decremented by 1 at each router traversed

Payload length (16 bit)

Length, in bytes, of the packet payload
Header IPv6 has fixed length It includes possible extension headers Set to 0 in case of Jumbo Payload

Traffic class (8 bit)

It allows to assign different priorities to packets

24

Header IPv6 (3)

Next Header (8 bit)
Indicates the type of the next, inner header in the IPv6 packet

Main allowed values:

0 6 17 43 44 51 52 58 59 60 89 HBH TCP UDP RH FH AH ESP ICMPv6 Null DOH OSPF Hop by Hop option Transmission Control Protocol User Datagram Protocol Routing Header Fragment Header Authentication Header Encrypted Security Payload Internet Control Message No next header Destination Option Header (IPv6) Open Shortest Path First

25

Headers chaining

IPv6 Header Next Header = TCP

TCP Header + Payload

IPv6 Header Next Header = Routing

Routing Header Next Header = TCP

TCP Header + Payload

IPv6 Header Next Header = Routing

Routing Header Next Header = Fragment

Fragment Header Next Header = TCP

TCP header + Payload

26

Extension Headers
Six types defined, so far:
Hop By Hop Option Header Routing Header Fragment Header Authentication Header Encrypted Security Payload Header Destination Option Header

Order of appearence

Processing order = Extension header order

A preferential order does exist The Destination Option Header may be placed in 2nd, if used in conjunction with the Routing Header

27

Common characteristics of the Extension Header

Next Header: always in 1st position
Except with Encrypted Security Payload

Extension Header Length: often present

0 Next Header

8 Extension Header Length

16

31

Type Specific Data

28

Common characteristics of the Extension Header with options (1)

Some Extension Header include optiona headere that can be repeated several times
Format: Type - Length Value In IPv6 Extension Header, Type e Length are always 8 bit long

Common options
Pad1 and PadN to align packets to a 8 byte boudary Classical extension header classici do not need padding

0 Type

8 Length

16

31

Value

29

Common characteristics of theExtension Header with options (2)

Field Type
Special meaning for the first 3 bits
First 2 bits: action to be executed, in case the option is not recognized
Code 00 Meaning The current option can ignored. it is possible to proceed with the next one The pcket must be discarded The packet must be descrded, and an ICMPv6 Parameter Problem must be generated

01 10

11

The packet must be descrded, and an ICMPv6 Parameter Problem must be generated, unless the destination addres is a multicast one

Third bit: indicates if the option can be modified on-the-fly

Code 0 1 Meaning The option cannot be changed on-the-fly The option can be changed on-the-fly

30

Hop-by-Hop Options Header

It is read by ALL the router along the way Same format and encoding as the Destination Options Header Options defined:
Router Alert (RFC 2711) Payload Jumbogram (RFC 2675) Padding (Pad1, PadN)

0 Next Header

8 Header Length Options

16

31

31

Routing Header
The sender indicates the path to follow to reach the destination
Similar to Source Routing in IPv4

Main fields
Segment Left: number of path segments to go Routing Type: cuirrently 0 (classical source routing) Header Length: in multiples of 8 bytes, excluding the first 8 0 Next Header 8 Header Length 16 Routing Type 24 Segment Left 31

Type-Specific Data (min 4 bytes) Reserved Router Address 1 ... Router Address N
32

Routing Header: example

S R1 R2 D

IPv6 Hdr From: S To: R1 NextHdr: Routing Routing Hdr Segment Left: 2 Hop 1: R2 Hop 2: D

IPv6 Hdr From: S To: R2 NextHdr: Routing Routing Hdr Segment Left: 1 Hop 1: R1 Hop 2: D

IPv6 Hdr From: S To: D NextHdr: Routing Routing Hdr Segment Left: 0 Hop 1: R1 Hop 2: R2

List of routers that have used the header (may be the list of router traversed by the packet) 33

Fragment Header
Fargmentation in IPv4 and IPv6
IPv4: any node along the path is allowed to fragment datagrams IPv6: only the sender node is allowed to fragment the datagram

IPv6 avoids fragmentation, as much as possible :

Path MTU Discovery (RFC 1981)

When fragmentation is required, an header is inserted

0 Next Header 8 Reserved 16 Fragment Offset 29 Res 31 M

Identification

34

Fragmentation mechanism
Each packet includes to sections:
A section that can be fragmented A section the cannot be fragmented
Includes IPv6 header and all the Extension Header written before the Fragment Header (that is, up to the Routing Header included) It should be repeated in all the fragments

Do not fragment

Fragment 1

Fragment 2

Fragment 3

Do not fragment Do not fragment Do not fragment

35

Fragment Header Fragment Header Fragment Header

Fragment 1 Fragment 2 Fragment 3

Fragmentation example
40 24 24 IPv6 Ext Hdr Ext Hdr Header non framm. framm. 520 Data (1412 bytes) Data (1412 ottetti) 544 348

MTU=620

40 24 8 24 IPv6 Ext Hdr Fragm. Ext Hdr Header non framm. Header framm.

520 Data

40 24 8 IPv6 Ext Hdr Fragm. Header non framm. Header

348 Data

Payload Length = 576 Fragm. Hdr Next Hdr= Ext. Hdr. Fragm Identification = 777 40 24 8 Offset = 0 MF Flag = 1 IPv6 Ext Hdr Fragm. Header non framm. Header

544 Data

Payload Length = 412 Fragm. Hdr Next Hdr= Ext. Hdr. Fragm Identification = 777 Offset = 136 [(520+24+544)/8] MF Flag = 0

36

Payload Length = 576 Fragm. Hdr Next Hdr= Ext. Hdr. Fragm Identification = 777 Offset = 68 [(520+24)/8] MF Flag = 1

IPv6 and security (1)

Two different options
Authentication Header
Packet integrity and authentication

Encrypted Security Payload Header

Encryption of all the bytes following the ESP header It must be the last header of the packet

Theey operate on a "normalized" IPv6 packet

All the options that can be modified are set to zero, and a possible Routing Header is set to the value it should have at destination

To improve security, it is possible to use the tunnel mode

37

IPv6 and security (2)

Important parameter: SPI
Ever increasing number, associated to a one-way communication Used in a Security Association

Security Association
Relation between two ore more entities, with an associated set of security options One-way It si defined in each host by the triple SPI, Destination Address, security mechanism used (AH/ESP) It is negotiated in a preliminary phase
Internet Key Exchange (IKE)

38

Authentication Header
Authentication Header
Sender authentication

Authentication Data
Includes the Integrity Check Value 0 Next Header 8 Payload Length 16 Reserved 31

Security Parameters Index (SPI) Sequence number Authentication Data (variabile)

39

Encrypted Security Payload Header

Encrypted Security Payload
Payload encryption (for privacy) 0 16 SPI Auhenticated Next Header Sequence number Encripted Data (variabile) 24 31

Padding (0-255) Padding Length Authentication Data

40

Encrypted

Usage modes
Tunnel mode
Avoids plaintext data Problems: fragmentation, more overhead, need for additional entities to manage the tunnel

Transport mode Header v6 Ext. Headers

plaintext

ESP

Data to encrypt
encrypted

Tunnel mode Nuovo Header v6

plaintext

ESP

Header v6

Ext. Headers Dati da cifrare

encrypted

41

Destination Options Header

Conveys optional information for the destination nodes It may be placed in two different positions:
Before the Routing Header
This option is inspected by all the routers along the way

At the end of the Extension Header chain, before the header of the upper layer protocol

0 Next Header

8 Header Length Options

16

31

42

Addressing architecture
Three types of IP addresses:
Unicast: host addresses
Global (aggregatable), equivalent to public ones (in IPv4) Site-local, equivalent to private ones Link-local, equivalent to autoconfigured ones (always present)

Anycast: service addresses Multicast: addresses for groups of stations

No broadcast addresses One address is associated to one interface

It is possible to have more than one addresse for each interface

Different protocol code overE thernet (0x86DD instead of 0x0800)

43

How addresses are written

Addresses are written in hexadecimal as 8 numbers separated by :
FEDC:BA98:0876:45FA:0562:CDAF:3DAF:BB01 1080:0000:0000:0007:0200:A00C:3423:A037

Simplified formats are allowed:

It is possible to omit leading 0s in each group
1080:0:0:7:200:A00C:3423:A037

It is possible to skip goups of all 0s with ::

1080::7:200:A00C:3423:A037 ::1 (loopback address)

Compatibility addresse deriving from IPv4 are written:

0:0:0:0:0:0:A00:1 ::A00:1 ::10.0.0.1

44

Prefix
No more Netmask It is substituted by the Prefix concept Prefix is indicated by adding /N at the end, where N is the length of the prefix in bits Example:
FEDC:0123:8700::/36 is the prefix 1111 1110 1101 1100 0000 0001 0010 0011 1000

45

Address prefixes
Reserved (IPv4) Unassigned Reserved for NSAP Allocation Reserved for IPX Allocation Unassigned Unassigned Unassigned Aggregatable Global Unicast Addr. Unassigned (was Provider-Based Unicast Addr.) Unassigned Unassigned (was Geographic-Based Unicast Addr.) Unassigned Unassigned Unassigned Unassigned Unassigned Private (substitutes site local) Unassigned Link Local Use Addresses Site Local Use Addresses (deprecated in 2004) Multicast Addresses 0000 0000 0000 0000 0000 0000 0001 001 010 011 100 101 110 1110 1111 1111 1111 1111 1111 1111 1111 0000 0001 001 010 011 1 1/256 1/256 1/128 1/128 1/128 1/32 1/16 1/8 1/8 1/8 1/8 1/8 1/8 1/16 1/32 1/64 1/256 1/512 1/1024 1/1024 1/256

0 10 1101 1110 0 1110 10 1110 11 1111

46

Address hierarchy and routing domain

NLA

TLA

To other Interchanges

NLA NLA Provider Subscriber Provider Subscriber Subscriber

47

Provider Provider Subscriber

Addresses: Global Unicast

Public topology
Format Prefix Top Level Aggregation Identifier Reserved Next-Level Aggregation Identifier

Site topology
Site-Level Aggregation Identifier (instradamento intra-sito)

Interface ID
ID dellhost 3 k n m NLA ID 16 SLA ID site topology 64 Interface ID interface identifier

FP TLA ID RES

public topology (48 bits)

48

Il formato EUI-64
48 bit MAC address
cccccc0gcccccccccccccccc xxxxxxxxxxxxxxxxxxxxxxxx

OUI
Universal bit

manufacturer-selected

cccccc1gcc............cc

11111111 11111110

xxxxxx...xxxxxxx

OUI

0xFF

0xFE

manufacturer-selected

IPv6 interface identifier

49

Indirizzi: Local Unicast

Private addresses
they substitute RFC 1597 e 1918 Site local Link local 8 40 random 16 Subnet ID 64 Interface ID

site local 1111-1110

(FD00)

10

54 0

64 Interface ID

link local

1111-1110-10 (FE80)

50

Special unicat addresses

Unspecified
::

Loopback
::1

IPv4 compatible and IPv4 mapped

100.1.2.3 (IPv4 address) ::100.1.2.3 (IPv6 address compatibile with IPv4) ::FFFF:100.1.2.3 (IPv4 mapped address)

Addresses compatible architectures

NSAP address IPX address

with

different

network

51

Stazioni dual-stack

application
sockets

IPv4

IPv6

Ethernet

52

Multi-homing
Users with more than one provider Configuration problems (destination routing, doble registration in DNS) address-based

2001:B6EF::0/32

Provider a

Provider b

3001:45CD::0/32

2001:B6EF:25::0/48

3001:45CD:F300::0/48

utente

53

Anycast addresses
Non reserved address space
unicast addresses assigned to a group of interfaces nodes should known that it is an anycast address

The target is the machine of the group "closest" to the sender They can be assigned only to routers, and not to generic hosts

54

Anycast: formati
Only one anycast address defined, so far:
subnet router anycast address : n Subnet prefix 128-n 000..00

Generico indirizzo Anycast :

64 Subnet prefix

57 111111011....11

7 Anycast ID

interface identifier
55

Multicast address
Flag
format: 000T T is set (1) for a temporary address o reset (0) for a permanent one

Scope: used to limit the diffusion of multicast

Better that TTL di IPv4
1 - node local 2 - link local 5 - site local 8 - organization local E - global

8 1111-1111
56

4 Flag

4 Scope Group ID

112

Multicast Listener Discovery

Substitute for IGMP in IPv4 Messagges
Multicast Listener Query, divided in:
General Query Multicast Address Specific Query

Multicast Listener Report Multicast Listener Done

Type

Code

Checksum Reserved

Maximum Response Delay Multicast Address

57

ICMPv6
Internet Control Message Protocol Three main usages
Diagnostics Neighbor Discovery Multicast group management

Includes functions that in IPv4 were in:

ICMP ARP (Address Resolution Protocol) IGMP (Internet Group Membership Protocol) Type Code Message Body Checksum

58

Field Type
Currently defined values
1 2 3 4 128 129 130 131 132 133 134 135 136 137
59

Destination Unreachable Packet too big Time exceeded Parameter Problem Echo Request Echo Reply Group Membership Query Group Membership Report Group Membership Termination Router Solicitation Router Advertisement Neighbor Solicitation Neighbor Advertisement Redirect

ICMPv6: error messages

Types of messagges
Destination Unreachable (type = 1) Packet too big (type = 2) Time exceeded (type = 3) Parameter Problem (type = 4)

ICMPv6 packet: cannot be longer than 576 bytes

8 Type 8 Code Parameter Headers del pacchetto che ha causato lerrore 16 Checksum

60

ICMPv6: Echo
Tipes of messages
Echo request (type= 128) Echo reply (type= 129)

8 Type Identifier

8 Code

16 Checksum Sequence Number Data

61

ICMPv6: Group Management

Types of messages
Group Membership Query Group Membership Report (type=130) (type=131)

Group Membership Termination (type=132)

Type

Code

Checksum Unused

Maximum Response Delay Multicast Address

62

State-of-the-art of IPv6
All the major aspects are defined and stabilized Implementations:
router: all the major manufacturers have their implementation Host
very good compatibility in all modern operating systems default installation in many operating systems

63

Is it necessary to migrate to IPv6 ?

Retrofitting
Almost all the solutions studied for IPv6 have been made available in IPv4
DHCP IPSec Quality of Service MobileIP

Main problem: shortage of addresses

il NAT potente ma molto complesso e difficile da realizzare in hardware

Yes, it is necessary to migrate to IPv6.

64

Conclusions
IPv6 reached a mature stage for wide adoption Adoption has been slow down by massive usage of IPv4 The lack of available IPv4 will push to IPv6 adoption

65