IPv6

The purpose of this paper is to give an understanding of IPv6. In order to clearly explain IPv6, the characteristics of IPv4 must first be understood. Currently, the Internet and a number of private networks use the basic network infrastructure called Internet Protocol version 4, also known as IPv4. The reason IPv4 was created was to link networks by a unique address so that no other detail was needed. In order to achieve this, three requirements were implemented for IP to work. First, the computer in the network of networks must be uniquely identified. Second, all computers on the network must be able to send and receive data in a specific format. Lastly, the computer must have the capability to transmit data to other computers without having any specific information except for their network addresses. Section I is written for people who have no prior knowledge of IPv4. This section will give a brief overview of IPv4 which will cover addressing, performance, security and configuration. Section II will go into detail about IPv6 addressing, performance, security, configuration, and transition.

In the late 1980's, TCP/IP engineers and designers recognized the need for an upgrade when it became apparent that the existing IP address space would not support current Internet expansion. In 1991, the IETF (Internet Engineering Task Force) decided that IPv4 has outlived its design. The new version of IP, which is known as IPng (Internet Protocol Next Generation) or IPv6 (Internet Protocol Version 6) will one day replace IPv4.

IPv4 has a few areas that needed to be targeted. The IP address space has been the prime object for upgrading to IPv6. The IP addresses are 32 bits long where four numbers from 0-255 are separated by periods. The individual IP host address consists of two parts: a network address, which specifies the network to which the host is connected and a host address, which uniquely identifies the host within that network. IP addresses are divided into five categories, only three of which are used for IP networks. Class A addresses were intended for very large entities like governments, of which there are only 126 which has a theoretical maximum of over 16 million hosts (2²⁴ = 16,777,216) and 128 (2⁷) different possible combinations for network address. The IP addresses for Class A are 1.0.0.0 – 127.255.255.255. Class B addresses were intended for large organizations like universities and large corporations, can support a theoretical maximum of over 65,000 unique hosts addresses (2¹⁶ = 65,536) and 16,384 (2¹⁴) different Class B networks. The IP addresses for Class B are 128.0.0.0 – 191.255.255.255. Class C addresses were intended for smaller organizations and can support 256 (2⁸) different unique host addresses and 2,097,152 (2²¹) different Class C network addresses available. The IP addresses for Class C are 192.0.0.0-223.255.255.255. Class D also known as multicast addresses have an absolute maximum of 268,435,456 (2²⁸) different multicast addresses. The IP addresses for multicast are 224.0.0.0-239.255.255.255. Class E addresses space is currently reserved. The IP addresses for Class E are 240.0.0.0 – 247.255.255.255.

In IPv4, there is also Classless Inter-Domain Routing (CIDR) which allows a different addressing scheme for a more efficient allocation of IP addresses then class-oriented addressing scheme (Class A, B, C). CIDR is based on the concept of ignoring the IP class of address, permitting route aggregation and variable-length subnet mask (VLSM) that enables routers to combine routes in order to minimize the routing information that needs to be conveyed by the primary routers. It allows a group of IP networks to appear to other networks as a unified, larger entity. In CIDR, IP addresses and their subnet masks are written as four dotted octets, followed by a forward slash and the numbering of masking bits. CIDR currently uses prefixes anywhere from 13 to 27 bits. Thus, blocks of address can be assigned to networks as small as 32 hosts or to thoses with over 500,000 hosts. This allows for address assignments that fit an organization's specific needs. The example below shows a CIDR address 206.13.01.48/25, the "/25" indicates the first 25 bits are used to identify the unique network leaving the remaining bits to identify the specific host.

Performance, although IP performs remarkably well for 20-year-old technology there is quite a bit of room to make IPv4 even better. With technology moving at such a rapid pace IPv4 could use some improvements. Issues like maximum transmission unit size and maximum packet size, design of the IP headers and the use of checksums.

Security is another part where IPv6 can greatly improve upon. IPv4 was designed with a minimal security. The reason for this is because when the Internet was first developed it was devoted to research and development. Only organizations would be allowed to connect and strong ties to the military and government helped insure that security was not a major issue.

Configuration on an IPv4 network can be very complicated, time-consuming and costly. A system running IPv4 must be configured correctly so that all parameters are set. These usually include a host name, IP address, subnet mask, and a default router. Address management and host configuration are the two biggest problems. With the Internet being the size it is today, routing the wrong IP addresses could bring down an entire network. However, under IPv4, the Dynamic Host Configuration Protocol (DHCP) allows systems to rely on servers to provide them with the correct network configurations at boot up. For the time being, mobile and immobile devices continue to depend on a single point of connection.

IPv6 has moved from a 32-bit address space to a 128-bit address space. Therefore the need for Classless Inter-Domain Routing (CIDR) is no longer needed because the number of addresses needed are no longer a concern. The number of address available per person on this planet is approximately 10³⁰. The IPv6 addressing architecture makes a few adjustments to different types of address available to and IP host. There are three types of IPv6 addresses, unicast, multicast, and anycast addresses. The unicast and multicast addresses are similar to the IPv4 versions. However, IPv4 broadcast address is no longer supported and is replaced with a new type of address called anycast.

Unicast is an identifier for a single interface. A packet sent to a unicast address is delivered to the interface identified by that address. A node can have more than one IPv6 network interface. Each separate interface must have its own unicast address associated with it. Contained in the 128-bit field is an address that identifies one interface.

· FP. The format prefix is the three-bit prefix to the IPv6 address that identifies where it belongs in the IPv6 address space.

· TLA ID. The top-level aggregation identifier contains the highest-level routing information of the address. This refers to the grossest level of routing information in the internetwork, and as currently defined (at 13 bits) there can be no more then 8192 different top-level routes.

· NLA ID. The next-level aggregation identifier is 24 bits long, and it is meant to be used by organizations that control top-level aggregation Ids to organize that address space.

· SLA ID. The site-level aggregation identifier is the address space given to organizations for their internal network structure. With 16 bits available, each organization can create its own internal hierarchical network structure using subnets in the same way they are used in IPv4. As many as 65,535 different subnets are available using all 16 bits as a flat address space. Using the first eight bits for higher-level routing within the organization would allow 255 high-level subnets, each of which has as many as 255 sub-subnets.

· Interface ID. This 64-bit field contains a 64-bit value based on the IEEE EUI-64 interface ID

Multicast is an identifier for a set of interfaces (typically belonging to different nodes). A packet sent to a multicast address is delivered to all interfaces identified by that address. As soon as the first few bytes of a packet are received the node checks to see if the destination address is at the beginning of the transmission. If the destination address is the same as the node's interface address then the node will pick up the rest of the transmission. This makes it relatively simple for a node to pick up on broadcast and multicast transmissions. If a broadcast is sent then the node will listen. For multicasts, the node subscribes to a multicast address, and if it senses that the destination address is a multicast address, it must determine if it's a multicast address to which the node is then subscribed. When a node subscribes to a multicast address, it announces that it wants to be a member and any local routers will subscribe on behalf of that node. When a transmission is sent to that multicast address from another node that is on the same network, the IP multicast packet is encapsulated into a link layer multicast data transmission unit. The IPv6 solution to the broadcast problem is to use an “all nodes” multicast addresses to replace those broadcasts that are absolutely necessary, while resorting to more limited multicast addresses for other situations in which broadcasts were previously used. Below is an IPv6 multicast address format, from RFC 2373.

The first octet, which is all ones, identifies the address as a multicast address. Multicast addresses include a full 1/256^th of the IPv6 address space, as shown above. The rest of the multicast address consists of three fields:

· Flags. This is actually a set of four single-bit flags. Only the fourth flag is currently assigned, and it represents whether or not the address is a well-know multicast address that has been assigned by the Internet numbering authority or is a temporary multicast address. If this flag is set to zero, it means the address is well-known; being set to one signifies a transient address. The other three flags are currently being reserved for future use.

· Scope. This four-bit field contains a value that indicates what the scope of the multicast group is. Whether the multicast group can include only nodes on the same local network, same site, same organization, or anywhere within the IPv6 global address space. Possible values range from 0 to 15 (hexadecimal) in table below.

Hex	Decimal	Value
0	0	reserved
1	1	node-local scope
2	2	link-local scope
3	3	(unassigned)
4	4	(unassigned)
5	5	site-local scope
6	6	(unassigned)
7	7	(unassigned)
8	8	organization-local scope
9	9	(unassigned)
A	10	(unassigned)
B	11	(unassigned)
C	12	(unassigned)
D	13	(unassigned)
E	14	global scope
F	15	reserve

· Group ID. This 112-bit field identifies the multicast group. The same group ID can represent different groups, depending on whether the address is transient or well known, and also depending on the scope of the address. Permanent multicast addresses use assigned group ID's with special meaning, and the membership in such groups will depend both on the group ID and on the scope.

Anycast is an identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the “nearest” one, according to the routing protocols' measure of distance). All nodes that are members of a multicast address expect to receive all packets sent to that address. A router that connects five different local Ethernet networks will forward a copy of a multicast packet to each of those networks. Anycast is the same because multiple nodes may be sharing the anycast address, like a multicast address but different since only one of those nodes can expect to receive a datagram sent to the anycast address.

IPv6 addresses are now four times as long as an IPv4 address. The IPv4 address is represented as X.X.X.X, where the "X" is any number from 0-255. IPv6 address on the other hand is in the form X:X:X:X:X:X:X:X, where X refers to a four-digit hexadecimal integer (16 bits). For example, a few valid IPv6 addresses are as follows:

Note that the integers are hexadecimal integers, so the letters A through F represent the digits 10 through 15. Each integer must be included, but leading zeros are not required. In addition, a double colon (::) can be used once in an address to replace multiple fields of zeros. For example:

The double colon means that the address should be expanded out to a full 128-bit address. This method replaces zeros only when they fill a complete 16-bit group, and the double colon can be used only once in any given address.

The new IPv6 header structure has a header boundary at 64-bits and has only 40 bytes, where 32 of them are used for IPv6 addresses and the remaining 8 bytes by 6 additional fields. Whereas IPv4 headers are terminated on a 32-bit boundary and consist of 24 bytes, where 8 of them are used for IPv4 address and the remaining 16 bytes by 12 additional fields. IPv6 headers do not contain any optional elements. If additional functions are need IPv6 uses extension headers. This makes the new IPv6 header much simpler then its predecessor. Below is a side-by-side comparison of the IPv4 and IPv6 header.

0	4	8	16	19		24	31
Version	Header Length	Service Type	Total Length
Identification			Flags		Fragment Offset
Time to Live		Protocol	Header Checksum
Source IP Address
Destination IP Address
Options						PAD

IPv4 Headers

0		4	8	16	24
Version		Priority	Flow Label
Payload Length				Next Header	Hop Limit

	Source Address



	Destination Address

IPv6 Headers

· Version. This is a four-bit value, and for IPv6 must be equal to six. This field is the only field that has the same meaning from IPv4 to IPv6.

· Priority. This four-bit priority field allows an application to specify the type of traffic that is being sourced. This allows the network to take advantage of the various queuing and congestion control mechanisms that may exist within it.

· Flow Label. This is a 24-bit value used to identify packets that belong to the same flow. Similar to the Service Type field in IPv4, this allows networks devices to prioritize and shape traffic flows appropriately.

· Payload Length. This is a 16-bit field that contains an integer value equal to the length of the packet payload in bytes. It is very similar to the IPv4 Total Length Field, except that IPv6's field is the length of the data carried after the header whereas IPv4 included the header.

· Next Header. This 8-bit field value indicates what protocol is in use in the header immediately following the IPv6 packet. Similar to the IPv6 protocol field, the next header field may refer to a higher-layer protocol like TCP or UDP, but it may also indicate the existence of an IPv6 extension header.

· Hop Limit. This 8-bit field is used every time a node forwards a packet, it decrements this eight-bit field by one. If the hop limit reaches zero, the packet is discarded. This is very similar to IPv4, where the TTL (time-to-live) field fulfills a similar purpose.

· Source Address. This is the 128-bit address of the node originating the IPv6 packet.

· Destination Address. This is the 128-bit address of the intended recipient of the IPv6 packet. This address may be a unicast, multicast, or anycast address. If a routing extension is being used (which specifies a particular route that the packet must traverse), the destination address may be one of those intermediate nodes instead of the destination node.

o Hop-by-Hop Options Header. This header carries information that is intended to be examined by every node en route from the source to the destination.

o Routing Header. This header replaces source routing as it was implemented in IPv4. Source routing allows you to specify router that the packet must traverse on its way to its destination. IPv6 defines a generic routing extension header, with two one-byte fields: a routing type field, indicating what kind of routing header is in use, and a segment-left field, which indicates how many additional routers listed in the rest of the header must still be visited before the packet reaches it final destination.

o Fragment Header. By allowing fragmentation only by the source node, IPv6 streamlines the processing of packets by intermediate routers. The fragment header fields include:

§ Fragment offset field. This 13-bit field indicates, in units of eight bytes, where the data included in this packet (a fragment) begins in relation to the beginning of the fragmented portion of the data.

§ M flags. This single bit indicates whether or not more fragments are to come.

§ Identification field. This is like the IPv4 ID field except that it is 32 bits long rather than 16 bits.

o Authentication Header. The authentication header provides a mechanism for a source node to digitally sign packets. All data that follows an authentication header remains in plaintext and may be intercepted by attacker. Upon receipt by the destination node, however, the data can be authenticated with the data included in the authentication header.

o Encrypted Security Payload. The ESP header makes it possible to encrypt the contents of a packet. The ESP header holds enough data to allow the recipient to decrypt the rest of the packet (all data following an ESP header is encrypted).

o Destination Option Header. This option provides a mechanism, like the hop-by-hop options header, to deliver optional information along with IPv6 packets.

Authentication and security, including secure password transmission, encryption, and digital signatures on datagrams are all implemented under IPv6 through the Authentication Headers (AH) and Encapsulating Security Payload (ESP). The reason IPv4 did not incorporate any real security features during its time was because IPv4 was created to be an internetworking protocol.

The Authentication Header (AH) provides strong integrity services and strong authentication for IP datagrams. This means that the AH header can be used to carry content verification data for IP datagrams and can be used to link an entity with the contents of the datagrams. This also protects against replay attacks through the use of a sequence number field. The authentication header can be used in tunnel mode or in transport mode, which means that it can be used to authenticate and protect simple, direct datagram transfers between two nodes or it can be used to encapsulate an entire stream of datagrams that is sent to or from a security gateway.

The Encapsulating Security Payload (ESP) header is designed to allow IP nodes to send and receive datagrams whose payload is encrypted. The ESP header is designed to provide several different services including:

o Anti-replay services through the same sequence number mechanism as provided by the authentication header.

ESP can be used in tunnel or transport mode In transport mode, the IP header and any hop-by-hop, routing, or fragmentation extension headers precede the authentication header and are then followed by the ESP header. Any destination option headers can either precede or follow the ESP header. Where all headers that follow the ESP will be encrypted.

One of the important stated goals of IPv6 was to support “plug-and-play”. This would make it possible to plug a node into an IPv6 network and have it boot to the network without needing manual configuration. IPv6 offers two types of autoconfigurations, Stateful and Stateless.

Stateful autoconfiguration is the IPv6 equivalent of DHCP. This requires that a DHCP server be installed and administered and it requires that each new node to be served must be configured on the server. The DHCP server keeps a list of nodes that it will supply configurations information to and rejects all others. The problem with stateful auto configuration is that someone needs to maintain and administer a server in order to manage all the current connections. An update to DHCP for IPv6 is called DHCPv6 and is still under development.

Stateless autoconfiguration requires that the local link supports multicast and that the network interface be able to send and receive multicasts. With Stateless auto configuration, a host gains an address via an interface automatically leasing an address and does not require the establishment of a server to pass out and address. This address will be based on the network prefix and Ethernet MAC address. However, before it can take on that address, the node must verify that the starting address is in fact unique to the local link. This is the default mode for most IPv6 systems.

Mobile IPv6 is considerably more convenient to implement and to use. The reason is IPv6 is much simpler with stateless autoconfiguration. Because of its ability to establish contact with its home network even though its regular home agent becomes unavailable. The mobile node can send an anycast packet to an address reserved for home agents on the home network, with result that whatever home agent is available can notify the mobile node of its options.

The IPv6 transition will continue to take place relatively slowly, as vendors and developers gradually introduce versions of IPv6 for different platforms. It is expected that IPv4 and IPv6 will have to coexist for a long time, perhaps forever. One approach is to have protocol tunneling, where IPv6 packets are encapsulated within IPv4 packets for transmission from IPv6 islands through IPv4 oceans. The other approach is to have a dual-stack, where hosts and routers run IPv4 and IPv6 stacks on the same network interfaces. This way, a dual-stack node can accept and transmit both IPv4 and IPv6 packets.

IPv6 will slowly be integrated into our networks in the next few years. Because IPv6 is still in its development stages there is quite a bit of revising that needs to be done before IPv6 will become the new standard. IPv6 has been proven to be a worthy replacement for IPv4 and will solve many of the problems that exists on our networks today.

CIDR Block Prefix	# Equivalent Class C	# of Host Addresses
/27	1/8th of a Class C	32 hosts
/26	1/4th of a Class C	64 hosts
/25	1/2 of a Class C	128 hosts
/24	1 Class C	256 hosts
/23	2 Class C	512 hosts
/22	4 Class C	1,024 hosts
/21	8 Class C	2,048 hosts
/20	16 Class C	4,096 hosts
/19	32 Class C	8,192 hosts
/18	64 Class C	16,384 hosts
/17	128 Class C	32,768 hosts
/16	256 Class C	65,536 hosts
	(= 1 Class B)
/15	512 Class C	131,072 hosts
/14	1,024 Class C	262,144 hosts
/13	2,048 Class C	524,288 hosts

8	4	4	112 bits
11111111	Flags	Scope	Group ID

Value

IPv4 Headers

IPv6 Headers