330 likes | 517 Views
IPv6 Application Analysis. Xi Chen scotor317@gmail.com. IPv6 Addressing. Overall Application Scenario. IPv6 Addressing. IPv6 Addressing Architecture. x:x:x:x:x:x:x:x x is a 16 bits hexadecimal field E.g.: 2001:0000:1234:0000:0000:C1C0:ABCD:0876 Case insensitive
E N D
IPv6 ApplicationAnalysis Xi Chen scotor317@gmail.com
IPv6 Addressing Overall Application Scenario
IPv6 Addressing IPv6 Addressing Architecture x:x:x:x:x:x:x:x x is a 16 bits hexadecimal field E.g.: 2001:0000:1234:0000:0000:C1C0:ABCD:0876 Case insensitive •2001:0000:1234:0000:0000:c1c0:abcd:0876 Leading zeros in a field are optional: •2001:0:1234:0:0:C1C0:ABCD:876 Successive fields of 0 are represented as ::, but only once in an address • 2001:0:1234::C1C0:ABCD:876 • Not valid: 2001::1234::C1C0:ABCD:876 Other examples: • FF02:0:0:0:0:0:0:1 => FF02::1 • 0:0:0:0:0:0:0:1 => ::1 • 0:0:0:0:0:0:0:0 => ::
IPv6 Addressing IPv6 Addressing Allocation The Anycast addressing use the same address allocation as Unicast. Example: Unicast 2080:0:0:0:8:800:200C:317A=1080::8:800:200C:317A Multicast FF01:0:0:0:0:0:0:101=FF01::101
FP TLA-ID Res NLA-ID SLA-ID Interface-ID IPv6 Addressing IPv6 Addressing Format ≥3 ≤13 8 24 16 64 Site Topology Public Topology Interface Identifier Node Portion Network Portion FP = Format Prefix (= 001 for globally aggregated unicast addresses) TLA-ID = Top-level aggreation identifier RES = Reserved for future use NLA = Next-level aggregation identifier SLA-ID = Site-level aggregation identifier Interface ID = Interface identifier
IPv6 Addressing Interface ID • MAC Address: 0000:0B0A:2D51 • In binary: 00000000 00000000 00001011 00001010 00101101 01010001 • Insert FFFE between Company-ID and Node-ID 00000000 00000000 00001011 11111111 11111110 00001010 00101101 01010001 • Set U/L bit to 1 00000010 00000000 00001011 11111111 11111110 00001010 00101101 01010001 • Resulting EUI-64 Address: 0200:0BFF:FE0A:2D51
IPv6 Addressing Unicast Addressing
IPv6 Addressing Anycast Addressing
IPv6 Addressing Multicast Addressing Format 128 bit 8 4 4 112 11111111 flgs scope Group-ID • Defines address scope • 0 Reserved • Node-local scope • Link-local scope • Site-local scope • Organization local scope • E Global scope • F Reserved First 3 bits set to 0 Last bit defines address type: 0 = Permanent (or well-known) 1 = Locally assigned (or transient)
IPv6 Addressing Multicast Addressing
IPv6 Addressing Link local Addressing 128 bit 10 54 64 1111111010 0 Interface-ID • Examples FE80::0060:08FF:FEB1:7EA2 FE80::200:CFF:FE0A:2C51
IPv6 Addressing Site Local Addressing 128 bit 10 54 64 16 1111111011 0 Subnet-ID (SLA-ID) Interface-ID • Examples FEC0::0060:08FF:FEB1:7EA2 FEC0::200:CFF:FE0A:2C51
ICMPv6 ICMPv6 – Type 1: Destination Unreachable – Type 2: Packet Too Big (MTU) – Type 3: Time Exceeded – Type 4: Parameter Problem – Type 128/129: Echo request/Echo reply
ICMPv6 Destination Unreachable 32 bits Type=1 Code Checksum Unused As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU Code0 - no route to destination 1 - communication with destination administratively prohibited 2 - (not assigned) 3 - address unreachable 4 - port unreachable Unused This field is unused for all code values. It must be initialized to zero by the senderand ignored by the receiver.
ICMPv6 Packet too big(MTU) 32 bits Type=2 Code Checksum MTU As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU Code Set to 0 by the sender and ignored by the receiver MTU The maximum transmission unit of the next-hop link
ICMPv6 Time Exceeded 32 bits Type=3 Code Checksum Unused As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU Unused This field is unused for all code values. It must be initialized to zero by the senderand ignored by the receiver. Code0 – Hop limit exceeded in transit 1 – Fragment reassembly time exceeded
ICMPv6 Parameter Problem 32 bits Type=4 Code Checksum Pointer Pointer As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU As much of invoking packet as will fit without the ICMPv6 packet exceeding the minimum IPv6 MTU Pointer Identifies the octet offset within theinvoking packetwhere the error wasdetected. The pointer will point beyond the end of the ICMPv6packet if the field in error is beyond what can fit in the maximum size of anICMPv6 errormessage. Code0 - erroneous header field encountered 1 - unrecognized Next Header type encountered 2 - unrecognized IPv6 option encountered
ICMPv6 Echo Request 32 bits Type=128 Code=0 Checksum Identifier Sequence Number Data Code0 Identifier An identifier to aid in matchingEcho Repliesto this EchoRequest. May be zero. SNA sequence number to aid inmatching Echo Repliesto this Echo Request. May be zero. DataZero or more octets of arbitrary data.
ICMPv6 Echo Reply 32 bits Type=129 Code=0 Checksum Identifier Sequence Number Data Code0 Identifier The identifier from the invoking Echo Request message. SNThe sequence number from the invoking Echo Request message DataThe data from the invoking Echo Request message.
Neighbor Discovery Neighbor Discovery Defines five ICMPv6 packets Router solicitation (RS) Router advertisement (RA) Neighbor solicitation (NS) Neighbor advertisement (NA) Redirect
Neighbor Discovery Router solicitation (RS) 32 bits Type=133 Code Checksum Reserved Options....
Neighbor Discovery Router advertisement (RA) 32 bits Type=134 Code Checksum Hop Limit M O Reserved Router lifetime Reachable Time Retransmit Timer Options....
Neighbor Discovery RS and RA procedure
Neighbor Discovery Router advertisement in routers
Neighbor Discovery Neighbor solicitation (NS) 32 bits Type=135 Code Checksum Reserved Target address Options....
Neighbor Discovery Neighbor advertisement (NA) 32 bits Type=136 Code Checksum R S O Reserved Target address Options....
Neighbor Discovery Redirect 32 bits Type=137 Code Checksum Reserved Target address Destination address Options....
ICMP Redirect to Router B Sent data to Host 3 using Default GW "A" Path used with Default Gateway "A" Redirect traffic via Router B Neighbor Discovery Redirect Procedure E Default GW-List A B C D A C B G F Host 3
Neighbor Discovery Next Hop Discovery • Check neighbor cache for existing next-hop entry for particular destination • Check whether destination is on- or off-link • On-link: Sent directly to destination • Off-link: Sent to default router • Identify link-layer address of next-hop
Neighbor Discovery Address Resolution • Uses Neighbor solicitation & advertisements • Node checks neighbor cache first • If no entry exists, node creates IP entry with state INCOMPLETE • Node then sends NS to solicited-node multicast address • Source address of NS is a unicast address • Receiving node responds with NA indicating it‘s own link-level address • Soliciting node updates neighbor cache entry from INCOMPLETE to REACHABLE upon receiption of NA
Neighbor Discovery Neighbor Unreachability Detection • 2 ways to verify neighbor reachability: • Using hints from upper-layer protocols • From responses to neighbor solicitations • Forward direction communication (FDC) must be possible for a neighbor to be REACHABLE • FDC is verified if forward progress is being made by an upper-layer protocol (i.e. TCP, receiption of TCP acks) • If no verification can be received from upper-layer protocols (like UDP): • Node actively probes neighbors to determine reachability state • Probes are sent in conjunction with traffic. No traffic, no probes! • Probe is neighbor solicitation (NS) • Neighbor advertisement (NA) reply is expected to establish FDC
Neighbor Discovery Duplicate Address Detection • Must be performed by all nodes • Performed before assigning a unicast address to an interface • Performed on interface initialization • Not performed for anycast addresses • Link must be multicast capable • New address is called "tentative" as long as duplicate address detection takes place • Interface joins all-nodes multicast group • Interface joins solicited-node multicast group • Node sends (one) NS with • Target address = tentative IP address • Source address = unspecified (::) • Destination address = tentative solicited-node address • If address already exists, the particular node sends a NA reply with • Target address = tentative IP address • Destination address = tentative solicited-node address • If soliciting node receives NA reply with target address set to the tentative IP address, the address must be duplicate