Next Generation IP Next Generation IP National Dong Hwa University Director of Computer Center Han-Chieh Chao 趙涵捷 下一代網際網路協定

Overview Limitations of current Internet Protocol (IP) IPv6 addressing IPv4/IPv6 Transition IPv6 features –Autoconfiguration –IPSec –QoS IPv6 Mobility Support Summary

Internet Growth

Growing Pains Depletion of IP address ( between 2005 and 2001 ) Explosion of Routing Tables ( routing table explosion will condemn the internet even sooner than the exhaustion of network addresses )

IPv4 Addresses Example: = : : : (32 bits) = CB:40:69:64 Maximum = 2 32 = 4 Billion Class A Network: 15 Million nodes Class B Network: 64,000 nodes or less Class C Network: 250 nodes or less

IPv4 Address (cont.) 127 Class A + 16,381 Class B + 2,097,151 Class C Network = 2,113,659 networks total Class B is most popular 20% of Class B were assigned by 7/90 and doubling every 14 months => Will exhaust by 3/94 Question: Estimate how big will you become? Answer: more than 256! Class C is too small. Class B is just right.

How many address? Some believe 2 6 to 2 8 address per host Safety margin => addresses IPng Requirements => end systems and 10 9 networks. Desirable to networks

Address Size H Ratio = log 10 (number of objects)/available bits 2 n objects with n bits: H Ratio = log 10 2 = French telephone moved from 8 to 9 digits at 10 7 households => H = 0.26 (assuming 3.3 bits/digit) US telephone expanded area codes with 10 8 subscribers => H = 0.24 SITA expanded 7-character address at 64k nodes => H = 0.14 (assuming 5 bits/char)

Address Size (cont.) Physics/space science net stopped at nodes using 16-bit addresses => H = Million Internet hosts currently using 32-bit addresses => H = 0.20 => A few more years to go

The enormous growth of Internet. The Address space is running out in IPv4 (32 bits). Routing tables are exploding. The lack of security at the network layer Device Control – Smart Homes High Performance Networks IP Based Cellular Systems Connect everything over IP Several years of networking with TCP/IP had brought lessons and knowledge Lack of Mobility support New Applications such as Real Time Multimedia. Networked Entertainment - your TV will be an Internet host More Scalable Solution is needed IPv6 motivation

Internet Draft Technically complete and stable? Yes Proposed Standard (RFC) Yes Draft Standard (RFC) Multiple Interoperable Implemen- tations Yes Internet Standard (RFC) Significant Operational Experience? Where in the standardization process is IPv6? 6ren, vBNS etc. GPRS, UMTS? IPv6 Standardization

Ipng long term solution 1991: Work starts on next generation Internet protocols -- More than 6 different proposals were developed 1993: IETF forms IPng Directorate --To select the new protocol by consensus 1995: IPv6 selected -- Evolutionary (not revolutionary) step from IPv4 1996: 6Bone started 1998: IPv6 standardized Today: Initial products and deployments

IPv6 Main Features/Functionality IPv6 Main Features/Functionality expanded addressing and routing capabilities support for extension headers and options Simplified header format quality of service capabilities Auto-configuration Multi-Homing Class of Service/Multimedia support support for authentication and privacy Multicast (No more broadcast ) IPv4, IPv6 Transition Strategy

0 bits VerIHLTotal Length IdentifierFlagsFragment Offset 32 bit Source Address 32 bit Destination Address 24 Service Type Options and Padding Time to LiveHeader ChecksumProtocol SuppressedRenamed Revised IPv4 Header IPv4 Header 20 Octets+Options : 13 fields, include 3 flag bits

VersionClassFlow Label Payload LengthNext HeaderHop Limit 128 bit Source Address 128 bit Destination Address New IPv6 Header IPv6 Header 40 Octets, 8 fields

Major Simplifications Assign a fixed format to all headers (40 bytes) Remove the header checksum Remove the hop-by-hop segmentation procedure Built-in security

IPv6 Address 128 bits long. Fixed size = 3.4×10 38 addresses => 6.65×10 23 addresses per m 2 of earth surface If assigned at the rate of 106/  s, it would take 20 years Expected to support 8×10 17 to 2×10 33 addresses 8×10 17 => 1,564 address per m 2 Allows multiple interfaces per host Allows multiple addresses per interface

Text Representation of ddresses Colon-Hex: 1080 : 0 : 0 : 0 : 8 : 800 : 200C : 417A “::” indicates multiple groups of 16-bits of zeros Dot-Decimal : Can leave the last 32 bits in dot-decimal, :: :: 8 : 800 : 200C : 417A The "::" can only appear once in an address The "::" can also be used to compress the leading and/or trailing zeros in an address

Hierachy =80 The remaining 48 bits define the particular system on the subnetwork.

IPv6 Address Models Allows unicast, multicast, anycast Allows provider based, site-local, link-local 85% of the space is unassigned Addresses have lifetime –Valid and Preferred lifetime Global Site-Local Link-Local

Local-Use Address Link Local: Not forwarded outside the link, FE80::xxx Site Local: Not forwarded outside the site, FEC0::xxx bits Interface ID Subnet ID Interface ID bits

Multicast Address T=0 => Permanent (well-known) multicast address, T=1 => Transient Scope: 1 Node-local, 2 Link-local, 5 Site-local, 8 Organization-local, E Global, F Reserved Predefined: 1 => All nodes, 2 => Routers, T Flags Scope Group ID 4bits8bits112bits4bits

Multicast Address (cont.) Link-local scope limits multicast to single Ethernet

Multicast Address (cont.) Organization-local scope limits multicast to organization boundary

Subnetwork Prefix : 5A01: 203 : 405 :607 : 809 :: /80 Anycast Address (the subnet- router address) “Can any local router help me ” Destination address : 5A01: 203 : 405 :607 : 809 : 0 : 0 : 0 Workstation uses an anycast address to ask for help from any router.

Address Prefixes Can specify a prefix by /length

Allocation Prefix Fraction of (binary) Address Space Reserved /256 (0::/8) Unassigned /256 (100::/8) Reserved for NSAP Allocation /128 (200::/7) Reserved for IPX Allocation /128 (400::/7) Unassigned /128 (600::/7) Unassigned /32 (800::/5) Unassigned /16 (1000:/4) IPv6 Address Allocation

Allocation Prefix Fraction of (binary) Address Space Aggregatable Global Unicast Addresses 001 1/8 (2000::3) Unassigned /32 (F000::/5) Unassigned /64 (F800::/6) Unassigned /128 (FC00::/7) Unassigned /512 (FE00::/9) Link Local Unicast Addresses /1024 (FE80::/10) Site Local Unicast Addresses /1024 (FEC0::/10) Multicast Addresses /256 (FF00::/8) IPv6 Address Allocation (cont.)

IPv6 Extension Headers IP options have been moved to a set of optional Extension Headers Extension Headers are chained together IPv6 Header Next Header=TCP TCP Header IPv6 Header Next Header= Routing TCP Header Routing Header Next Header= TCP IPv6 Header Next Header= Routing TCP Header Routing Header Next Header= Fragment Fragment Header Next Header= TCP Next Header

Routing Header Next HeaderRouting TypeNum. Address ReservedStrict/Loose bit mask Address 1 Address 2 Next Address Address n …..

Routing Header (cont.) Strict => Discard if Address[Next-Address]  neighbor Type = 0 => Current source routing Type > 0 => Policy based routing (later) New Functionality: Provider selection, Host mobility, Auto-readdressing (route to new address)

Address Autoconfiguration Allow plug and play BOOTP and DHCP are used in IPv4 DHCPng will be used with IPv6 Two Methods: Stateless and Stateful Stateless: –A system uses link-local address as source and multicasts to "All routers on this link" –Router replies and provides all the needed prefix info –All prefixes have a associated lifetime –System can use link-local address permanently if no router

Address Autoconfiguration (cont.) Stateful: –Problem w stateless: Anyone can connect –Routers ask the new system to go DHCP server (by setting managed configuration bit) –System multicasts to "All DHCP servers " –DHCP server assigns an address

Automatic Renumbering Renumbering IPv6 Hosts is easy –Add a new Prefix to the Router –Reduce the Lifetime of the old prefix –As nodes depreciate the old prefix the new Prefix will start to be used for new connections Renumbering in IPv6 is designed to happen! An end of ISP “lock in”! –Improved competition

Dual Stack : Providing complete support for both IPv4 and IPv6 in hosts and routers. Transition Mechanism DRIVER IPv4 IPv6 APPLICATION TCP/UDP This allows indefinite co-existence of IPv4 and IPv6, and gradual, app-by-app upgrades to IPv6 usage IPv6 hostIPv4 host Dual IP host

Transition Mechanism (cont.) IPv6 over IPv4 tunneling : Encapsulating IPv6 packets within IPv4 headers to carry them over IPv4 routing infrastructures. Entry Router Entry Router Leaving Router Leaving Router IPv6 packet IPv6 packet IPv6 packet IPv6 packet IPv6 packet IPv6 packet IPv4 header IPv4 header Protocol number=41 IPv4 Infrastructure

Encapsulate IPv6 packets inside IPv4 packets (or MPLS frames) any methods exist for establishing tunnels: -- configured tunnels - manual -- automatic tunnels - IPv4 compatible addresses :: Transition Mechanism (cont.) IPv6-to-IPv4 (inter-domain, using IPv4 addr as IPv6 site prefix)

IPv4-compatible IPv6 Addresses 96 bits 32 bits | | IPv4 address | Dest. :: 0102:0304 Dest Transition Mechanism (cont.)

IPv4-mapped IPv6 address Dest Dest. ::FFFF: 0102: bits 16 bits | 000………000 : 11….11: IPv4 | Transition Mechanism (cont.)

QoS Class Field –Diff Serv Code Point will be used –Can be used for distinguish between different traffic classes Flow label –Identifies streams that needs special handling –Used by RSVP today –Not fully defined yet –Could be used for a deterministic hashkey to classify on L2- L7 -> Would make it easier to implement in Hardware

IPv6 Security Two headers in IPv6 that provides security - AH, ESP AH - Authentication Header –Provides source authentication –Integrity ESP - Encrypted Security Payload –Integrity –Authentication –Confidentiality Note: IPSec is exactly the same for IPv4 and IPv6 only that it was Taylor-made for IPv6. Advantages with IPsec –Network level security –Transparent to End-user –Open Standard

Mobile IPv6 IPv6 Mobility is based on core features of IPv6 –The base IPv6 was designed to support Mobility –Mobility is not an “Add-on” features All IPv6 Networks are IPv6-Mobile Ready All IPv6 nodes are IPv6-Mobile Ready All IPv6 LANs / Subnets are IPv6 Mobile Ready IPv6 Neighbor Discovery and Address Autoconfiguration allow hosts to operate in any location without any special support

Mobile IPv6 (cont.) No Foreign Agent –In a Mobile IP, an MN registers to a foreign node and borrows its’ address to build an IP tunnel so that the HA can deliver the packets to the MN. But in Mobile IPv6, the MN can get a new IPv6 address, which can be only used by the MN and thus the FA no longer exists. More Scalable : Better Performance –Less traffic through Home Link –Less redirection / re-routing (Traffic Optimisation)

IPv6 Mobility Support No FA’s, ND, always Co-located Co addresses mn.ndhu.tw INTERNET mit.us for mn.ndhu.tw Correspondend Node Home Agent Router for mn.ndhu.tw at agent.mit.us ndhu.tw Gets an address trough ND

Improved Performance Faster processing time per IPv6 packet –Align on 64 bits boundary –Fewer Optional Headers (from 12 to 8) –Removed checksum Better designed for HW support Scalable hierarchical address architecture –Faster routing lookups –Smaller routing tables due to Hierarchical address architecture -> which make ip_forwarding faster and more efficient use of the memory –Less routing traffic in the backbone -> which mean less load on the network

Summary Streamlined Header Format Flow Label 128-bit Network Addresses Elimination of Header Checksum Fragmentation only by source Host Extension Headers Built-in-security