IPv6技术理论和实务研习班课件.ppt

1、IPv6 技術理論與實務研習班 IPv6 AddressingContent2Content3IPv4定址定址lIPv4以32bit來做定址空間l共四十億個IPv4位址可用lIPv4位址表示方式為xxx.xxx.xxx.xxx例如211.72.211.1lIPv4定址架構(classfull)如下001-126 =Class A 128-191 =Class B192-223 =Class C224-239 =Class D240-254 =Class E4Problems with IPv4(1/2)lAddress depletion/exhaustion and its implicat

2、ions NAT(Network Address Translation)CIDRIPv4 address allocation rate5Problems with IPv4(1/2)lScaling problems with Inter-domain routingCIDR(Classless Inter-Domain Routing)lManual configuration requiredDHCP(Dynamic Host Configuration Protocol)lMulticast,Security,Quality of Service and MobilityIP mul

3、ticast,IPSec,DiffServ and IP mobilitylHeader and format limitations that limit future flexibility6NATlNetwork Address Translation allows a site to use private addresses behind a NAT gateway/firewall when communicating locally,land then automatically get a global IPv4 address assigned from a smaller

4、pool when needed for Internet communication,lwhich requires changing the IPv4 headers source address on the fly,which has a few problems.7Potential IPv6 ServiceslBroadband Access Subscribers95%FTTH coverage by 20196 millions by 2019l3G and WLAN Services 3G services to be launched in 4Q 2019Public Ho

5、tspots deployment plan to make Taiwan a“Wireless IslandlHome network and IA Servicese-Taiwan Projects will catalyze the development of home&IA1.More IP addresses will be consumed 2.More advanced features(e.g.Mobility,Auto-configuration,QoS,Security)will be required8Content9Address Notationl以16進位，每16

6、位元為單位並以：為區隔來表示3FFE:3600:4368:1234:0008:AB12:98CE:1000IPv4以十進位，每8位元為單位並以 為區隔來表示，如202.39.157.141l為使標示簡潔，位於一單位內前方之0可省略3FFE:3600:4368:1234:8:AB12:98CE:1000l為使標示簡潔，若有連續為0 之位元，可以“:”表示，但一個位址中只能使用一次3FFE:3600:1 與 3FFE:3600:0000:0000:0000:0000:0000:00013FFE:3600:3:0000:1與3FFE:3600:0000:0000:0000:0003:0000:000

7、110IPv6-Addressing Modell Addresses are assigned to interfacesNo change from IPv4 ModellInterface expected to have multiple addresseslAddresses have scopeLink LocalSite LocalGloballAddresses have lifetimeValid and Preferred lifetime11Basic Address TypeslUnicastAddress of a single interfaceDelivery t

8、o single interfacefor one-to-one communicationlMulticastAddress of a set of interfacesDelivery to all interfaces in the setfor one-to-many communicationlAnycastAddress of a set of interfacesDelivery to a single interface in the setfor one-to-nearest communicationNearest is defined as being closest i

9、n term of routing distanceMMMAAAU12Address Type Prefixes Address type Binary prefixIPv4-compatible0000.0(96 zero bits)global unicast001link-local unicast1111 1110 10site-local unicast1111 1110 11multicast1111 1111lall other prefixes reserved(approx.7/8ths of total)lanycast addresses allocated from u

10、nicast prefixes13Aggregatable Global Unicast AddresseslTLA(Top Level Aggregator)=13 bitsTLA routers(default-free router)do not have a default route,only route with 16 bits prefixmay be assigned to providers or exchangeslRes=8 bitsReserved for future use in expanding the size of either the TLA or NLA

11、lNLA(Next Level Aggregator)=24 bitslSLA(Site level Aggregator)=16 bitslPublic topologyCollection of larger and smaller ISPlSite topologyCollection of subnets within an organizations sitesitetopology(16 bits)interfaceidentifier(64 bits)publictopology(45 bits)interface IDsubnetNLATLA001Res14Link-Local

12、 Unicast Addresseslmeaningful only in a single link zone,and may be re-used on other linkslLink-local addresses for use during auto-configuration and when no routers are presentlRequired for Neighbor Discovery process,always automatically configurationlAn IPv6 router never forwards link-local traffi

13、c beyond the linklPrefix=FE80:/64interface ID0111111101010 bits54 bits64 bits15Site-Local Unicast Addresseslmeaningful only in a single site zone,and may be re-used in other siteslEquivalent to the IPv4 private address spacelAddress are not automatically configured and must be assignedlPrefix=FEC0:/

14、48subnet IDinterface ID0111111101110 bits38 bits64 bits16 bits16Special IPv6 addresslUnspecified address(0:0:0:0:0:0:0:0 or:)Indicate the absence of an addressEquivalent to IPv4 0.0.0.0Never assigned to an interface or used as a destination addresslLoopback address(0:0:0:0:0:0:0:1 or:1)Identify a lo

15、opback interfacelIPv4-compatible address(0:0:0:0:0:0:w.c.x.z or:w.c.x.z)Used by dual-stack nodesIPv6 traffic is automatically encapsulated with an IPv4 header and send to the destination using the IPv4 infrastructurelIPv4 mapped address(0:0:0:0:0:FFFF:w.c.x.z or:FFFF:w.c.x.z)Represent an IPv4-only n

16、ode to an IPv6 nodeNever used as a source or destination address of IPv6 packetlNSAP(Network Service Access Point)address(FP=0000001)lIPX(Internetwork Packet Exchange)address(FP=0000010)17Multicast IPv6 addresseslMulticast address can not be used as source or as intermediate destination in a Routing

17、 headerllow-order Transient(T)flag indicates permanent(T=0)/transient(T=1)group;three other flags reservedlScope field1:node-local2:link-local5:site-local8:organization-localE:globalOthers:reserved4112 bits8group IDscopeflags11111111418Other IPv6 addresseslSolicited-node addressFacilitates the effic

18、ient query of network node during address resolutionPrefix=FF02:1FF00/104 and the last 24-bits of IPv6 addresslAnycast IPv6 addressAssigned to multiple interfaceOnly used as destination addressOnly assigned to routeranycast addresses are indistinguishable from unicastSubnet-router anycast address is

19、 predefined and requiresn bits128-n bits000000Subnet Prefix19IPv6 interface identifierlLowest-order 64-bit field of unicast address lGlobally unique or locally unique within a subnetlFuture higher-layer protocols may take advantage of globally-unique interface IDs to identify nodes independently of

20、their current locationlConfigure interface identifiermanual configurationDHCPv6(configures whole address)automatic derivation from MAC address or other hardware serial numberpseudo-random generation(for client privacy)the latter two choices enable“serverless”or“stateless”autoconfiguration,when combi

21、ned with high-order part of the address learned via Router Advertisements20The conversion of a universally administered,unicast IEEE The conversion of a universally administered,unicast IEEE 802 address to an IPv6 interface identifier802 address to an IPv6 interface identifier 21Content22IPv6 vs.IPv

22、4 Packet Data Unitminimum20 octetsmaximum65535 octetsIPv4 PDUFixed40 octetsmaximum65535 octetsIPv6 PDU0 or moreIPv4 HeaderData FieldTransport-level PDUIPv6 HeaderExtensionHeaderExtensionHeader23Comparison of IPv4 and IPv6 HeaderDestination AddressSource AddressVer IHLService TypeIdentificationFlagsO

23、ffsetTTLProtocolHeader ChecksumSource AddressDestination AddressOptions+PaddingTotal LengthVerFlow LabelPayload LengthNext HeaderHop LimitTraffic Class32 bits24Summary of Header Changes between IPv4&IPv6lStreamlined Fragmentation fields moved out of base header IP options moved out of base header He

24、ader Checksum eliminated Header Length field eliminated Length field excludes IPv6 header Alignment changed from 32 to 64 bitslRevised Time to Live Hop Limit Protocol Next Header Precedence&TOS Traffic Class Addresses increased 32 bits 128 bitslExtended Flow Label field added25IPv6 extension headerl

25、Hop-by-hop options headerlRouting headerlFragment headerlAuthentication headerlEncapsulating security payload headerlDestination options headerIPv6 PDU general formTransport-level PDUIPv6 HeaderExtensionHeaderExtensionHeader40 octets0 or more26IPv6 extension header(cont.)lIPv6 specification recommen

26、ded order:IPv6 headerHop-by-hop options headerDestination options header(for intermediate destination when the routing header is present)Routing headerFragment headerAuthentication headerEncapsulation security payload headerDestination options header(for final destination)IPv6 packet with all extens

27、ion headersOctets:40VariableVariableVariableVariableVariableVariable8=Next header fieldIPv6 headerHop-by-hop options headerRouting headerFragment headerAuthentication headerEncap security payload headerTCP headerApplication data27Hop-by-Hop option headerlSpecify delivery parameters at each hop on th

28、e path to the destinationHeader Extension LengthlNo of 8-byte block in Hop-by-Hop option headerlNot including first 8 bytesOption lType-Length-Value(TLV)formatl0:Pad1 insert single byte of paddingl1:PadN insert 2 or more byte of paddingl5:Router Alert indicate to the router the packets require addit

29、ional processing(MLD and RSVP)l194:Jumbo Payload indicate payload size over 65,535(65,535232-1)28Destination option headerlSpecify packet delivery parameter for either intermediate destinations or final destinationslIf Routing header exists,it specifies delivery or processing options at each interme

30、diate destination29Routing headerlSimilar to the source routing in IPv4lUse of Routing header with anycast addresses allows routing packets through particular regionse.g.,for provider selection,policy,performance,etc.30Example:Header when S to ASABD31Example:Header when A to BSABD32Example:Header wh

31、en B to DSABD33Fragment headerlFragmentation and reassembly services is an end-to-end function;routers do not fragment packets en-route if too bigthey send ICMP“packet too big”insteadlSupport only on source nodes 34Authentication headerlProvide data authentication verification of the node that sent

32、the packet lProvide data integrityverification that the data was not modified in transit lProvide anti-replay protection assurance that captured packets cannot be retransmitted and accepted as valid data 35Encapsulating security payload(ESP)header and trailerlProvides data confidentiality,data authe

33、ntication,and data integrity36Content37Features of ICMPv6lAn integral part of IPv6 and MUST be fully implement by every IPv6 node(RFC 2463)lNext Header value=58lReport delivery or forwarding errorslProvide simple echo service for troubleshootinglMulticast Listener discovery(MLD)3 ICMP messageslNeigh

34、bor Discovery(ND)5 ICMP messages38ICMPv6 message format39Two types of ICMP messageslError messagesReport error in the forwarding or deliverylInformational messagesProvide diagnostic function,MLD,and ND 40Error message(Destination Unreachable)lSend by router or destination host41Error message(Packet

35、Too Big)lSend when link MTU is smaller than the size of packetlUsed for IPv6 Path MTU Discovery process42Error message(Time Exceeded)lSend by router when Hop limit field is zeroCode field:l0:Hop limit=0Hop limit of outgoing packets is not large enough to reach destination,orRouting loop existl1:frag

36、mentation reassembly time of destination host is exceeded43Error message(Parameter Problem)lSend by router or destination host when errors of IPv6 header or extension header44Informational messagelEcho Request messagelEcho Reply messagelIdentifier and Sequence Number are send by host and used to mat

37、ch incoming Echo Reply with corresponding Echo Request(same as IPv4)lMulticast Listener Query messages:Query,Report,done(like IGMP for IPv4)45Minimum MTUlLink MTUA links maximum transmission unit(ex:the max IP packet size that can be transmitted over the link)lPath MTUThe minimum MTU of all the link

38、s in a path between a source and a destinationlMinimum link MTU for IPv6 is 1280 octets vs 68 octets for IPv4lOn links with MTU 1280,link-specific fragmentation and reassembly must be usedlOn links that have a configurable MTU,its recommended a MTU of 1500 bytes46Path MTU DiscoverylRFC 1981lImplemen

39、tations are expected to perform path MTU discovery to send packets bigger than 1280 octetsFor each destination,start by assuming MTU of first-hop linkIf a packet reach a link in which it cant fit,will invoke ICMP“packet too big”message to source,reporting the links MTU;MTU is cached by source for sp

40、ecific destinationOccasionally discard cached MTU to detect possible increaselMinimal implementation can omit path MTU discovery as long as all packets kept=1280 octetsEx:in a boot ROM implementation47Content48Neighbor Discovery(ND)Neighbor Discovery(ND)lRFC 2461lNode(Hosts and Routers)use ND to det

41、erminate the link-layer addresses for neighbors known to reside on attached links and quick purge cached valued that become invalidlHosts also use ND to find neighboring router that willing to forward packets on their behalflNodes use the protocol to actively keep track of which neighbors are reacha

42、ble and which are not,and to detect changed link-layer addresseslReplace ARP,ICMP Router Discovery,and ICMP Redirect used in IPv4 49IPv6 ND processeslRouter discoveryDiscover the local hosts on an attached linkEquivalent to ICMPv4 Router DiscoverylPrefix discoveryDiscovery the network prefixEquivale

43、nt to ICMPv4 Address Mask Request/ReplylParameter discoveryDiscovery additional parameter(ex:link MTU,default hop limit for outgoing packet)lAddress autoconfigurationConfigure IP address for interfaceslAddress resolutionEquivalent to ARP in IPv450IPv6 ND processes(cont.)lNext-hop determinationDestin

44、ation address,orAddress of an on-link default routerlNeighbor unreachable detection(NUD)lDuplicate address detection(DAD)Determine that an address considered for use is not already in use by a neighboring nodelFirst-hop Redirect functionInform a host of a better first-hop IPv6 address to reach a des

45、tinationEquivalent to ICMPv4 Redirect51ND message formatl5 ND messages:Router solicitationRouter AdvertisementNeighbor SolicitationNeighbor AdvertisementRedirectlAll ND message are send with hop limit=255.If it is not set to 255,the message is silently discardedProvide Protection from ND-based netwo

46、rk attacks launched from off-link nodesRouter can not have forwarded the ND message from an off-link node52Neighbor Discovery optionslSource/Target link-layer address optionSource link-layer addresslIndicate the link-layer address of the ND senderlIncluded in Neighbor Solicitation,Router Solicitatio

47、n,and Router AdvertisementlType=1Target link-layer addresslIndicate the link-layer address of the neighbor nodelIncluded in Neighbor Advertisement and RedirectlType=2Example for Ethernet53Neighbor Discovery options(cont.)lPrefix information optionIndicate both address prefixes and information about

48、address autoconfigurationIncluded in Router AdvertisementCan be multiple prefix information options in Router Advertisement messageAutonomous flag:stateless address configuration54Neighbor Discovery options(cont.)lRedirect header optionlMTU option55ND Autoconfiguration,Prefix&Parameter DiscoverylRou

49、ter solicitation are sent by booting nodes to request RAs for configuring the interfaces.1.RS:ICMP Type=133Src=:Dst=All-Routers multicast Addressquery=please send RA2.RA2.RA1.RS2.RA:ICMP Type=134Src=Router Link-local AddressDst=All-nodes multicast addressData=options,prefix,lifetime,autoconfig flag5

50、6ND Address Resolution&Neighbor Unreachability DetectionICMP type=135(NS)Src=A Dst=Solicited-node multicast of B Data=link-layer address of AQuery=what is your link address?ABICMP type=136(NA)Src=B Dst=A Data=link-layer address of BA and B can now exchange packets on this link57ND RedirectlRedirect