760 likes | 1.07k Views
IPv6. This will be real shortly Packet format Header format and contents Address space & allocation Header extensions Fragmentation ICMPv6 Security. Ipv6. I nternet P rotocol Connectionless communication Best effort delivery Virtual addressing Address is 128 bits
E N D
IPv6 This will be real shortly • Packet format • Header format and contents • Address space & allocation • Header extensions • Fragmentation • ICMPv6 • Security
Ipv6 • Internet Protocol • Connectionless communication • Best effort delivery • Virtual addressing • Address is 128 bits • 2128 = 340,000,000,000,000,000,000,000,000,000,000,000,000 • Provides for some increase in security • Increases the address space from 232 to 2128 • A modest increase of • 296 = 90,000,000,000,000,000,000,000,000,000
Ipv6 RFC's • RFC 2460 – Ipv6 Specification • RFC 2373 – Addressing Architecture • RFC 2463 – ICMP • RFC 2473 – Packet Tunneling • RFC 2675 - Jumbograms • RFC 2732 – Ipv6 addresses in URL's • RFC 3041 – Privacy Extensions • RFC 2464 – Ipv6 over Ethernet • RFC 3879 – SiteLocal Addresses • Plus many others
IPv6 Datagram Format • Total datagram size constraints • Maximum 216 -1 bytes, unless! • Header length 10 32-bit words (40 bytes) • Plus other headers ... nth Header 1st Header Payload
IPv6 Datagram Header 15 16 23 24 Bit 0 3 4 11 12 31 Traffic Class Word 0 Ver Flow Label Word 1 Next Header Hop Limit Payload Length Word 3 Source Address 4 * 4 * 8 bits Word 7 Destination Address 4 * 4 * 8 bits
IP Datagram (cont) Ver IP Version 6 Traffic Class 8 bit priority value Flow Label May indicate special handling Payload Length Actual length of payload including all extension headers or 0 Next header 8-bits that identifies the next header Similar to protocol field in IPv4 Hop limit Similar to IPv4 ttl Source Address IP address of sender Destination Address IP address of destination
Definitons Node: A device that implements Ipv6 Router: A node that forwards Ipv6 packets not explicitly addressed to itself. Host: Any node that is not a router. Link: Layer 2 communication link over which nodes can communicate. Neighbors: Nodes attached to the same link. Interface: A node's attachment to a link. Address: An IPv6 identifier for an interface or set of interfaces. Packet: An IPv6 header plus payload.
Ipv6 Address Types Unicast: An identifier for a single interface. A packet sent to a unicast address is delivered to that addressed interface. Anycast: An identifier for a set of interfaces. A packet sent to an anycast address is delivered to one (usually the neaest) of the addressed interfaces. Multicast: An identifier for a set of interfaces. A packet sent to a multicast address is delivered to all interfaces identified by that address. Broadcast: No longer. Must use multicast.
IPv6 Address Model Addresses are assigned to interfaces not to nodes. Every interface is required to have at least one link-local unicast address. An interface may have multiple addresses. A subnet prefix is associated with one link. Multiple subnets may be assigned to the same link.
IPv6 Address Representation Generally an IPv6 address is 8 16 bit hex numbers separated by :'s. For example: FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 1080:0000:0000:0008:0080:200C:417A:1234 1080:0:0:8:80:200C:417A:1234 (Note: the last two are equivalent) Leading zeros can be suppressed within a field.
Ipv6 Address Representation(cont'd) Ipv6 addresses tend to have way to many zeros. Sometimes these strings of zeros can be compressed. :: indicates multiple groups of 16-bits of zeros. Only one :: per address. :: can be used to compress both leading and trailing zeros. For example: 1080:0:0:0:8:800:200C:417A 1080::8:800:200C:417A FF01:0:0:0:0:0:0:101 FF01::101 0:0:0:0:0:0:0:1 ::1 0:0:0:0:0:0:0:0 ::
IPv4 Addresses inIPv6 Addresses IPv4 addresses can be embedded within an IPv6 address. Generally it looks like x:x:x:x:x:x:d.d.d.d For example: 0:0:0:0:0:0:13.1.68.3 or ::13.1.68.3 0:0:0:0:0:FFFF:129.144.52.38 or ::FFFF:129.144.52.38
IPv6 Address Prefixes As in IPv4, IPv6 the network address is represented as an address prefix. Usually indicated by a number of left most bits. For example representations of the 60-bit prefix 12AB00000000CD3 (hex) are: 12AB:0000:0000:CD30:0000:0000:0000:0000/60 12AB::CD30:0:0:0/60 12AB:0:0:CD30::/60 Often both a node's address and it's prefix can be combined 12AB::CD30:1234:4567:89AB:CDEF/60
Special Addresses 0:0:0:0:0:0:0:0 Is the Unspecified address The only permitted use of this address is as the source address before the node has learned its own address. 0:0:0:0:0:0:0:1 Is the Loopback address Must never appear outside of a single node.
IPv4 Addressesin IPv6 Addresses 0 80 bits 16 bits 32 bits 0000 0000 Something goes here IPv4 Address Node address
Unicast Addresses 0 127 128 bits Node address 0 m bits m-1 128-m bits 127 Subnet prefix Interface ID Node address 0 m bits n bits 128-m-n bits 127 Subnet1 prefix Subnet2 prefix Interface ID Node address
Interface Identifiers 63 64 0 64 bits 64 bits 127 Subnet prefix, link address Interface ID Node address Interface IDs are used to identify interfaces on a link. They must be unique on the link. They may be unique over a broader scope, i.e. the entire net. Often the interface ID is the interface's link-layer address, e.g. The ethernet NIC's MAC address. A single node with multiple interfaces may have the same interface ID's.
EUI-64 Interface IdentifiersExtended Unique Identifier 0 64 bits 63 64 bits 127 Subnet prefix, link address Interface ID Node address EUI-64 Interface IDs have global scope when a global token is available. |0 7|8 15|16 23|24 31|32 47|48 63| cccc|ccug|cccc|cccc|cccc|cccc|mmmmmmmm|mmmmmmmm|mmmmmmmm|mmmmmmmm|mmmmmmmm “c” are the company ID bits. “m” are the company's extension identifier, as in IEEE ether net NICs. “u” is the universal/local bit: u = 1 indicates global scope. “g” is the individual/group bit
EUI-64 Interface Identifiersfor IEEE 802 MAC addresses 0 64 bits 63 64 bits 127 Subnet prefix, link address Interface ID Node address EUI-64 Interface IDs should have global scope when a global token is available. |0 7|8 15|16 23|24 31|32 47|48 63| cccc|cc1g|cccc|cccc|cccc|cccc|11111111|11111110|mmmmmmmm|mmmmmmmm|mmmmmmmm “c” are the company ID bits. “m” are the company's extension identifier, as in IEEE ether net NICs. Global scope. “g” is the individual/group bit
Local-Use IPv6 Addresses Link-Local addresses 10 bits 64 bits 54 bits 0 Interface ID 1111111010 Auto-address configuration, neighbor discovery Site-Local addresses (deprecated in 2004) 10 bits 38 bits 16 bits 64 bits 0 Subnet ID Interface ID 1111111011 Addressing inside a site without the need for a global prefix. This the site-local address type has be deprecated by RFC 3879, 9/04.
Aggregatable Global Unicast Addresses Provides support for current provider based aggregation and exchanges, a new type of aggregation. Bits | 3| 13 | 8 | 24 | 16 | 64 bits | NLA ID SLA ID TLAID RES FP Interface ID FP Format prefix = “001” TLA ID Top Level Aggregation Identifier RES Reserved for future use NLA ID Next-Level Aggregation Identifier SLA ID Site-Level Aggregation Identifier Interface ID Interface Identifier Reference: RFC 2374
Aggregatable Global Unicast Addresses for Testing Provides support for 6bone IPv6 testing. Bits | 3| 13 | 8 | 24 | 16 | 64 bits | NLA ID SLA ID TLAID RES FP Interface ID FP Format prefix = “001” TLA ID 0x1ffe - Top Level Aggregation Identifier RES Reserved for future use NLA ID Next-Level Aggregation Identifier SLA ID Site-Level Aggregation Identifier Interface ID Interface Identifier Reference: RFC 2471
Multicast IPv6 Addresses Multicast addresses An identifier for a group of nodes A node may belong to any number of multicast groups | 8 | 4 | 4 | 112 bits | flgs scope group ID 11111111 Multicast addresses must never be used as a source address in IPv6.
Multicast IPv6 Addresses(cont'd) Multicast addresses | 8 | 4 | 4 | 112 bits | Flgs scope group ID 11111111 Flgs is a set of 4 flags: 0 | 0 | 0 | T The first 3 bits of “flgs” are reserved and must be (0) zero. T = 0 indicates a permanently assigned multicast address This address is assigned by the global Internet numbering authority T = 1 indicates a non-permanently assigned multicast address
Multicast IPv6 Addresses(cont'd) Multicast addresses | 8 | 4 | 4 | 112 bits | flgs scope group ID 11111111 “scope” is a 4-bit multicast scope value to limit the scope of the multicast group. reserved 0, F unassigned 3, 4, 6, 7, 9, A, B, C, D node-local 1 link-local 2 site-local 5 organization-local 8 global E
Multicast IPv6 Addresses(cont'd) Examples of multicast addresses Assume that NTP is assigned a permanent multicast group ID of 0x101, then: FF01:0:0:0:0:0:0:101 means all NTP servers on the same node as the sender. FF02:0:0:0:0:0:0:101 means all NTP servers on the same link as the sender. FF05:0:0:0:0:0:0:101 means all NTP servers on the same site as the sender. FF0E:0:0:0:0:0:0:101 means all NTP servers on the internet. All nodes addresses All routers addresses node-local and Link-local: node-local, Link-local and site-local: FF01:0:0:0:0:0:0:1 FF01:0:0:0:0:0:0:2 FF02:0:0:0:0:0:0:1 FF02:0:0:0:0:0:0:2 FF05:0:0:0:0:0:0:2 The following multicast addresses are reserved and shall never be assigned to any group: FF0X:0:0:0:0:0:0:0 where X ranges from 0 – F.
Required Addresses A node is required to recognize the following addressses as itself: • Its link-local address • Assigned unicast addresses • Loopback address • All-nodes multicast address • Solicited-node multicast
Frame 15 (70 bytes on wire, 70 bytes captured) Ethernet II, Src: 00:0d:93:88:6a:48, Dst: 33:33:00:00:00:02 Destination: 33:33:00:00:00:02 (Ipv6-Neighbor-Discovery_00:00:00:02) Source: 00:0d:93:88:6a:48 (AppleCom_88:6a:48) Type: IPv6 (0x86dd) Internet Protocol Version 6 Version: 6 Traffic class: 0x00 Flowlabel: 0x00000 Payload length: 16 Next header: ICMPv6 (0x3a) Hop limit: 255 Source address: fe80::20d:93ff:fe88:6a48 (fe80::20d:93ff:fe88:6a48) Destination address: ff02::2 (ff02::2) Internet Control Message Protocol v6 Type: 133 (Router solicitation) Code: 0 Checksum: 0x7f72 (correct) ICMPv6 options Type: 1 (Source link-layer address) Length: 8 bytes (1) Link-layer address: 00:0d:93:88:6a:48 0000 33 33 00 00 00 02 00 0d 93 88 6a 48 86 dd 60 00 33........jH..`. 0010 00 00 00 10 3a ff fe 80 00 00 00 00 00 00 02 0d ....:........... 0020 93 ff fe 88 6a 48 ff 02 00 00 00 00 00 00 00 00 ....jH.......... 0030 00 00 00 00 00 02 85 00 7f 72 00 00 00 00 01 01 .........r...... 0040 00 0d 93 88 6a 48 ....jH
Ethernet frame header (6 bytes dst, 6 bytes src 2 bytes size/type): 0000 33 33 00 00 00 0200 0d 93 88 6a 48 86 dd Ipv6: Ver, Type, Flow, Payload Length, Next Header, hop limit 0000 60 00 0010 00 00 00 10 3a ff Next header 3a = 58 – ICMP Source Address: 0010 fe 80 00 00 00 00 00 00 02 0d 0020 93 ff fe 88 6a 48 1111 1110 0100 0000::0 0010 0d: 93 ff fe 88: 6a 48 link local address c ug cc cc Mac Address Destination Address (multicast all nodes link-local): 0020 ff 02 00 00 00 00 00 00 00 00 0030 00 00 00 00 00 02 ICMP Message (Type 85 = 133 – router solicitation) : Type Checksum 0030 85 Code 00 Checksum 7f 72 Reserved 00 00 00 00 TLV Type 01 Length of this TLV Header in 8-octet units 01 Source Link layer address 0040 00 0d 93 88 6a 48
IPv6 Datagram Extension Headers 15 16 23 24 Bit 0 3 4 11 12 31 Traffic Class Word 0 Ver Flow Label Word 1 Next Header Hop Limit Payload Length Word 3 Source Address 4 * 4 * 8 bits Word 7 Destination Address 4 * 4 * 8 bits Word 11 Extension Headers
Extension Headers Currently defined extension headers Next Header Value • Hop-by-Hop Options 0 • Routing Header 43 • Fragment Header 44 • Destination Options 60 • Authentication 51 • Encapsulating Security Payload 50 • ICMP Header 58 • No next header 59
Extension Headers Next header values also indicate the protocol field that follows the extension headers. Next Header Value • TCP 1 • UDP 17 • OSPF 89
Extension Header Order • IPv6 header • Hop-by-Hop Options header • Destination Options header • Routing header • Fragment header • Authentication header • Encapsulating Security Payload header • Destination Options header • ICMP header • Upper-layer header
Hop-by-Hop Options Header This header carries additional information that must be examined by every node along the packet's delivery path. 15 16 7 8 Bit 0 31 Next Header Hdr Ext Len Options Next Header 8-bit selector identifies the type of the next header. Hdr Ext Len 8-bit unsigned integer indicating the length of this header in 8-octet units, not including the first 8 octets. Options Contains one or more TLV-encoded options and padding so that the entire header is and integer multiple of 8-octets long.
TLV (type-length-value) Encoded Options This header carries additional information that must be examined by every node along the packet's delivery path. 15 16 7 8 Bit 0 31 Option Type Opt Data Len Option Data Option Type 8-bit identifier of the type of option. Opt Data Len 8-bit unsigned integer indicating the length of the option data field of this option, in octets Options Variable length field. Option-Type_specific data.
TLV Option Types The Option Type identifiers are internally encoded such that that the highest-order 2 bits specify the action that must be taken. The third highest bit specifies whether or not the Option Data may be changed. These are used primarily for padding within the options area of a header. 15 16 Bit 0 7 8 31 1|2|3|4|5|6|7|8 Opt Data Len Option Data Bit 1 2 3 Action Taken if the option type is not recognized 0 0 Skip over this option and continue processing the header 0 1 Discard packet 1 0 Discard packet and send ICMP Parameter Problem 1 1 Discard 0 Option Data does not change enroute 1 Option Data may change
Jumbograms (RFC 2147) • Permit Datagrams larger than 65,535 Actually between 65,536 and 4,294,967,295 = 232 - 1 • A Jumbo Payload Option must be carried in a Hop-by-Hop extension • IP header must have payload length = 0 • Next Header = 0 – next header is a Hop-by-Hop header • Can be used only on links with large enough MTU's • Cannot carry a Fragment Header • Payload can be either TCP or UDP
Jumbograms 15 16 Bit 0 7 8 31 Next Header Hdr Ext Len Option Type Opt Data Len Jumbo Payload Length Option Type 8-bit 0xC2 ( 11000010 Option data does not change) Opt Data Len 8-bit value 4 Payload Len 32-bit unsigned integer
Routing Header 15 16 Bit 0 7 8 31 Next Header Hdr Ext Len Routing Type Segments Left Type-specific data Next Header 8-bit selector identifies the type of the next header. Hdr Ext Len 8-bit unsigned integer indicating the length of this header in 8-octet units, not including the first 8 octets. Routing Type 8-bit identifier of a particular routing header variant. Segments Left 8-bit unsigned integer indicating the number of nodes to be visited. Type-specific data Info required by the routing type.
Routing Header 15 16 Bit 0 7 8 31 Next Header Hdr Ext Len Routing Type Segments Left Type-specific data Next Header 8-bit selector identifies the type of the next header. Hdr Ext Len 8-bit unsigned integer indicating the length of this header in 8-octet units, not including the first 8 octets. Routing Type 8-bit identifier of a particular routing header variant. Segments Left 8-bit unsigned integer indicating the number of nodes to be visited. Type-specific data Info required by the routing type.
Type 0 Routing Header 15 16 Bit 0 7 8 31 Next Header Hdr Ext Len Routing Type Segments Left Reserved Address 1 Address 2 . . . Address n
Fragment Header 15 16 28 29 Bit 0 7 8 31 Fragment Offset Res M Next Header Reserved Identification Next Header 8-bit selector identifies the type of the next header. Reserved 8-bit reserved field initialized to 0. Fragment Offset 13-bit unsigned integer indicating the offset of this fragment in 8-octet units. Res 2reserved field that is initialized to 0. M 1-bit flag: 1 = more fragments; 0 = last fragment. Identification 32 bits IP datagram identification number.
Fragmenting Packets Unfragmentable Part Fragmentable Part Unfragmentable Part IPv6 Header and all extension headers. Fragmentable Part The rest of the packet.. Original Packet Fragments Unfragmentable Part First fragment Second fragment Last fragment . . . Unfragmentable Part Fragment Header First fragment Unfragmentable Part Fragment Header Second fragment . . . Unfragmentable Part Fragment Header Last fragment
Destination Options Header This header carries optional information that must be examined only by a packet's destination node. Again this is used primarily for padding. 15 16 7 8 Bit 0 31 Next Header Hdr Ext Len Options Next Header 8-bit selector identifies the type of the next header. Hdr Ext Len 8-bit unsigned integer indicating the length of this header in 8-octet units, not including the first 8 octets. Options Contains one or more TLV-encoded options and padding so that the entire header is and integer multiple of 8-octets long.
Size Issues • IPv6 requires that every link in the internet have an MTU of 1280 octets or greater. • Otherwise there must a provision in Layer 2 for fragmentation and reassembly.
ICMPv6 • Internet Control Message Protocol Ver. 6 • RFC 2463 • Used to • Return error codes • Return informational messages • Sent within an IP datagram • Next Header value of 58 • Highly abused protocol
ICMPv6Message Codes • Error Messages: Code 0 – 127 • 1 Destination Unreachable • 2 Packet too big • 3 Time exceeded • 4 Parameter problem • Informational Messages: 128 – 255 • 128 Echo request • 129 Echo reply
ICMP Message General Format 15 16 Bit 0 7 8 31 Type Checksum Code Message Body The Type field indicates the type of the message and determines the format of the remaining data. The Code field depends on the message type. Checksum detects data corruption.