140 likes | 152 Views
Learn about the advantages of IPv6, including larger address space, hierarchical addressing, better security features, QoS improvements, and extensibility. Explore the transition from IPv4, stateless/stateful configurations, built-in security protocols like IPSec, neighboring node interaction with ND, and potential security threats associated with IPv6 deployment.
E N D
IPv6 Overview Brent Frye EECS710
Overview • Google Drive • Microsoft Cloud Drive • Dropbox • Paid-for alternatives
Larger Address Space • IPv4 has 4.3 billion unique addresses • IPv6 has 340 trillion trillion trillion (undecillion) addresses or 3.4 x 10^38. • That is enough for a billion billion IP addresses for every person in the world for every second of their life. • No Network Address Translation (NAT) required.
New Header Format • Header overhead is minimized, even though address is 4 times as long as IPv4 the header is only twice as long. • Not backward compatible with IPv4 • Header information contains Source Address, Destination Address, and Hop Limit.
Hierarchical Addressing and Routing Infrastructure • IPv6 uses unicast address routing topology to make a simple hierarchical infrastructure that is more efficient and requires smaller routing tables on backbone routers. • Aggregatable global unicast addresses (highest level, public facing) • Link-local addresses (Communicate with neighboring nodes on same link, FP 1111 1110 10, auto configured) • Site-local addresses (similar to IPv4 private addresses, assigned through stateless or stateful configuration.) • Special addresses (Unspecified address 0:0:0:0:0:0:0:0 or ::, Loopback address 0:0:0:0:0:0:0:1 or ::1) • Compatibility Addresses (6to4 addresses, IPv4-mapped address) • NSAP addresses (Network Service Access Point)
Stateless and stateful address configuration • Stateful address configuration is with a DHCP server • Stateless configuration is without a DHCP server. Link-local auto configuration. • Combined: configuration based on Router Advertisement messages. Stateless prefixes that host stateful address protocol.
Built-in security • Confidentiality – IPSec encryption of all traffic • Authentication – IPSec traffic digitally signed for sender verification • Data integrity – IPSec traffic includes crypto checksum to validate integrity. • IPSec is not enabled by default but requires configuration by the network administrator
Built-in security cont. • Optional security feature Moving Target IPv6 Defense (MT6D) allows dynamic obscuring of the sender and reciever addresses • MT6D is possible because of the large address space allowed in IPv6 can provide and because of stateless address configuration (SLAAC) • Packets are encrypted and tunneled end-to-end so that source and destination address can be changed without breaking the session.
Better Quality of Service (QoS) • IPv6 can use “flows” to provide special handling to a packet. • New IPv6 header Flow Label field in the header means that QoS works even when the payload of the packet is encrypted.
Neighboring node interaction • IPv6 Neighbor Discovery (ND) replaces ARP and ICMP • Hosts use ND to discover neighboring routers and to discover addresses, address prefixes, and other parameters. • Routers use ND to advertise their presence, configure host parameters, inform hosts of next-hop address and on-link prefixes. • Nodes use ND to resolve link-layer address of a neighboring node to see if it has changed and to determine if IPv6 packets can be sent to or received from the neighbor.
Extensability • Added support for extension headers not limited to size of packet instead of 40 bytes like IPv4 • Current defined extension headers for: Hop-by Hop option, routing, fragmentation, authentication, encapsulation, destination options.
Threats • Many new operating systems have IPv6 enabled but uncontrolled by default when using IPv4 • IPSec is not mandatory and requires configuration • IPv6 using ND is vulnerable to man-in-the-middle attacks (route advertisement can expose all local assets to the global IPv6 network)
Conclusions • IPv6 is more than just extended address space. • Potential for more security challenges as well as improved security features.
Links • Microsoft overview - http://technet.microsoft.com/en-us/library/cc738636(v=ws.10).aspx • IPv6 white paper -http://140.116.82.38/members/html/ms03/dclin/technique_paper/IPv6/IPv6%20Features%20and%20Benefiits.pdf • IPv6 Security Fallacies - http://www.networkcomputing.com/ipv6/4-ipv6-security-fallacies/240159771