IPv6 This will be real shortly Packet format Header format and contents Address space & allocation Header extensions Fragmentation ICMPv6 Security

Ipv6 Internet Protocol Connectionless communication Best effort delivery Virtual addressing Address is 128 bits = 340,000,000,000,000,000,000,000,000,000,000,000,000 Provides for some increase in security Increases the address space from 2 32 to A modest increase of 2 96 = 90,000,000,000,000,000,000,000,000,000

Ipv6 RFC's RFC 2460 – Ipv6 Specification RFC 2373 – Addressing Architecture RFC 2463 – ICMP RFC 2473 – Packet Tunneling RFC Jumbograms RFC 2732 – Ipv6 addresses in URL's RFC 3041 – Privacy Extensions RFC 2464 – Ipv6 over Ethernet RFC 3879 – SiteLocal Addresses Plus many others

IPv6 Datagram Format 1 st HeaderPayload Total datagram size constraints Maximum bytes, unless! Header length bit words (40 bytes)‏ Plus other headers n th Header...

IPv6 Datagram Header Ver Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address 4 * 4 * 8 bits Destination Address 4 * 4 * 8 bits Bit Word 0 Word 1 Word 3 Word

IP Datagram (cont)‏ Ver IP Version 6 Traffic Class8 bit priority value Flow LabelMay indicate special handling Payload LengthActual length of payload including all extension headers or 0 Next header8-bits that identifies the next header Similar to protocol field in IPv4 Hop limitSimilar to IPv4 ttl Source AddressIP address of sender Destination Address IP address of destination

Definitons Node:A device that implements Ipv6 Router:A node that forwards Ipv6 packets not explicitly addressed to itself. Host:Any node that is not a router. Link:Layer 2 communication link over which nodes can communicate. Neighbors:Nodes attached to the same link. Interface:A node's attachment to a link. Address:An IPv6 identifier for an interface or set of interfaces. Packet:An IPv6 header plus payload.

Ipv6 Address Types Unicast:An identifier for a single interface. A packet sent to a unicast address is delivered to that addressed interface. Anycast:An identifier for a set of interfaces. A packet sent to an anycast address is delivered to one (usually the neaest) of the addressed interfaces. Multicast:An identifier for a set of interfaces. A packet sent to a multicast address is delivered to all interfaces identified by that address. Broadcast:No longer. Must use multicast.

IPv6 Address Model Addresses are assigned to interfaces not to nodes. Every interface is required to have at least one link-local unicast address. An interface may have multiple addresses. A subnet prefix is associated with one link. Multiple subnets may be assigned to the same link.

IPv6 Address Representation Generally an IPv6 address is 8 16 bit hex numbers separated by :'s. For example: FEDC:BA98:7654:3210:FEDC:BA98:7654: :0000:0000:0008:0080:200C:417A: :0:0:8:80:200C:417A:1234 (Note: the last two are equivalent)‏ Leading zeros can be suppressed within a field.

Ipv6 Address Representation (cont'd)‏ Ipv6 addresses tend to have way to many zeros. Sometimes these strings of zeros can be compressed. :: indicates multiple groups of 16-bits of zeros. Only one :: per address. :: can be used to compress both leading and trailing zeros. For example: 1080:0:0:0:8:800:200C:417A 1080::8:800:200C:417A FF01:0:0:0:0:0:0:101FF01::101 0:0:0:0:0:0:0:1::1 0:0:0:0:0:0:0:0::

IPv4 Addresses in IPv6 Addresses IPv4 addresses can be embedded within an IPv6 address. Generally it looks like x:x:x:x:x:x:d.d.d.dd.d.d.d For example: 0:0:0:0:0:0: or :: :0:0:0:0:FFFF: or ::FFFF:

IPv6 Address Prefixes As in IPv4, IPv6 the network address is represented as an address prefix. Usually indicated by a number of left most bits. For example representations of the 60-bit prefix 12AB CD3 (hex) are: 12AB:0000:0000:CD30:0000:0000:0000:0000/60 12AB::CD30:0:0:0/60 12AB:0:0:CD30::/60 Often both a node's address and it's prefix can be combined 12AB::CD30:1234:4567:89AB:CDEF/60

Address Types

Address Types cont'd

Special Addresses 0:0:0:0:0:0:0:0Is the Unspecified address The only permitted use of this address is as the source address before the node has learned its own address. 0:0:0:0:0:0:0:1Is the Loopback address Must never appear outside of a single node.

IPv4 Addresses in IPv6 Addresses Node address Something goes hereIPv4 Address 32 bits80 bits16 bits

Unicast Addresses Node address 0127 Node address Node address 0127 Subnet 1 prefixSubnet 2 prefix Subnet prefixInterface ID m-1m bits128-m bits 128 bits 128-m-n bitsm bitsn bits

Interface Identifiers Node address 0127 Subnet prefix, link addressInterface ID bits Interface IDs are used to identify interfaces on a link. They must be unique on the link. They may be unique over a broader scope, i.e. the entire net. Often the interface ID is the interface's link-layer address, e.g. The ethernet NIC's MAC address. A single node with multiple interfaces may have the same interface ID's. 64

EUI-64 Interface Identifiers Extended Unique Identifier Node address 0127 Subnet prefix, link addressInterface ID 6364 bits EUI-64 Interface IDs have global scope when a global token is available. cccc|ccug|cccc|cccc|cccc|cccc|mmmmmmmm|mmmmmmmm|mmmmmmmm|mmmmmmmm|mmmmmmmm |0 7|8 15|1623|24 31|3247|4863| “c” are the company ID bits. “m” are the company's extension identifier, as in IEEE ether net NICs. “u” is the universal/local bit: u = 1 indicates global scope. “g” is the individual/group bit

EUI-64 Interface Identifiers for IEEE 802 MAC addresses Node address 0127 Subnet prefix, link addressInterface ID 6364 bits EUI-64 Interface IDs should have global scope when a global token is available. cccc|cc1g|cccc|cccc|cccc|cccc| | |mmmmmmmm|mmmmmmmm|mmmmmmmm |0 7|8 15|1623|24 31|3247|4863| “c” are the company ID bits. “m” are the company's extension identifier, as in IEEE ether net NICs. Global scope. “g” is the individual/group bit

Local-Use IPv6 Addresses 0Interface ID 64 bits10 bits 54 bits Interface ID 64 bits10 bits38 bits bits Subnet ID Link-Local addresses Site-Local addresses (deprecated in 2004) Auto-address configuration, neighbor discovery Addressing inside a site without the need for a global prefix. This the site-local address type has be deprecated by RFC 3879, 9/04.

Aggregatable Global Unicast Addresses Interface ID 64 bits || 3|13 | FP 24 | NLA ID Provides support for current provider based aggregation and exchanges, a new type of aggregation. FPFormat prefix = “001” TLA IDTop Level Aggregation Identifier RESReserved for future use NLA IDNext-Level Aggregation Identifier SLA IDSite-Level Aggregation Identifier Interface IDInterface Identifier Bits TLA ID 8 | RES SLA ID 16 | Reference: RFC 2374

Aggregatable Global Unicast Addresses for Testing Interface ID 64 bits || 3|13 | FP 24 | NLA ID Provides support for 6bone IPv6 testing. FPFormat prefix = “001” TLA ID0x1ffe - Top Level Aggregation Identifier RESReserved for future use NLA IDNext-Level Aggregation Identifier SLA IDSite-Level Aggregation Identifier Interface IDInterface Identifier Bits TLA ID 8 | RES SLA ID 16 | Reference: RFC 2471

Multicast IPv6 Addresses flgs group ID | 8 | 4 | 4 | 112 bits | Multicast addresses An identifier for a group of nodes A node may belong to any number of multicast groups scope Multicast addresses must never be used as a source address in IPv6.

Multicast IPv6 Addresses (cont'd)‏ The first 3 bits of “flgs” are reserved and must be (0) zero. T = 0 indicates a permanently assigned multicast address This address is assigned by the global Internet numbering authority T = 1 indicates a non-permanently assigned multicast address Flgs group ID | 8 | 4 | 4 | 112 bits | Multicast addresses scope Flgs is a set of 4 flags: 0 | 0 | 0 | T

Multicast IPv6 Addresses (cont'd)‏ flgs group ID | 8 | 4 | 4 | 112 bits | Multicast addresses “scope” is a 4-bit multicast scope value to limit the scope of the multicast group. reserved0, F unassigned3, 4, 6, 7, 9, A, B, C, D node-local 1 link-local 2 site-local5 organization-local8 globalE scope

Multicast IPv6 Addresses (cont'd)‏ Examples of multicast addresses Assume that NTP is assigned a permanent multicast group ID of 0x101, then : FF01:0:0:0:0:0:0:101means all NTP servers on the same node as the sender. FF02:0:0:0:0:0:0:101means all NTP servers on the same link as the sender. FF05:0:0:0:0:0:0:101means all NTP servers on the same site as the sender. FF0E:0:0:0:0:0:0:101means all NTP servers on the internet. All nodes addressesAll routers addresses node-local and Link-local:node-local, Link-local and site-local: FF01:0:0:0:0:0:0:1FF01:0:0:0:0:0:0:2 FF02:0:0:0:0:0:0:1FF02:0:0:0:0:0:0:2 FF05:0:0:0:0:0:0:2 The following multicast addresses are reserved and shall never be assigned to any group : FF0X:0:0:0:0:0:0:0where X ranges from 0 – F.

Required Addresses A node is required to recognize the following addressses as itself: – Its link-local address – Assigned unicast addresses – Loopback address – All-nodes multicast address – Solicited-node multicast

Frame 15 (70 bytes on wire, 70 bytes captured)‏ Ethernet II, Src: 00:0d:93:88:6a:48, Dst: 33:33:00:00:00:02 Destination: 33:33:00:00:00:02 (Ipv6-Neighbor-Discovery_00:00:00:02)‏ Source: 00:0d:93:88:6a:48 (AppleCom_88:6a:48)‏ Type: IPv6 (0x86dd)‏ Internet Protocol Version 6 Version: 6 Traffic class: 0x00 Flowlabel: 0x00000 Payload length: 16 Next header: ICMPv6 (0x3a)‏ Hop limit: 255 Source address: fe80::20d:93ff:fe88:6a48 (fe80::20d:93ff:fe88:6a48)‏ Destination address: ff02::2 (ff02::2)‏ Internet Control Message Protocol v6 Type: 133 (Router solicitation)‏ Code: 0 Checksum: 0x7f72 (correct)‏ ICMPv6 options Type: 1 (Source link-layer address)‏ Length: 8 bytes (1)‏ Link-layer address: 00:0d:93:88:6a: d a dd jH..` a ff fe d....: ff fe 88 6a 48 ff jH f r d a jH

Ethernet frame header (6 bytes dst, 6 bytes src 2 bytes size/type): d a dd Ipv6: Ver, Type, Flow, Payload Length, Next Header, hop limit a ff Next header 3a = 58 – ICMP Source Address: 0010 fe d ff fe 88 6a :: d: 93 ff fe 88: 6a 48 link local address c ug cc cc Mac Address Destination Address (multicast all nodes link-local): 0020 ff ICMP Message (Type 85 = 133 – router solicitation) : Type Checksum Code 00 Checksum 7f 72 Reserved TLV Type 01 Length of this TLV Header in 8-octet units 01 Source Link layer address d a 48

IPv6 Datagram Extension Headers Ver Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address 4 * 4 * 8 bits Destination Address 4 * 4 * 8 bits Bit Word 0 Word 1 Word 3 Word Extension Headers Word 11

Extension Headers Currently defined extension headers Next Header Value – Hop-by-Hop Options 0 – Routing Header43 – Fragment Header44 – Destination Options60 – Authentication51 – Encapsulating Security Payload50 – ICMP Header58 – No next header59

Extension Headers Next header values also indicate the protocol field that follows the extension headers. Next Header Value – TCP 1 – UDP17 – OSPF89

Extension Header Order – IPv6 header – Hop-by-Hop Options header – Destination Options header – Routing header – Fragment header – Authentication header – Encapsulating Security Payload header – Destination Options header – ICMP header – Upper-layer header

Hop-by-Hop Options Header Bit Next Header 7 8 Next Header8-bit selector identifies the type of the next header. Hdr Ext Len8-bit unsigned integer indicating the length of this header in 8-octet units, not including the first 8 octets. OptionsContains one or more TLV-encoded options and padding so that the entire header is and integer multiple of 8-octets long. Hdr Ext Len Options This header carries additional information that must be examined by every node along the packet's delivery path.

TLV (type-length-value) Encoded Options Bit Option Type 7 8 Option Type8-bit identifier of the type of option. Opt Data Len8-bit unsigned integer indicating the length of the option data field of this option, in octets OptionsVariable length field. Option-Type_specific data. Opt Data Len This header carries additional information that must be examined by every node along the packet's delivery path. Option Data

TLV Option Types Bit |2|3|4|5|6|7|8 7 8 Bit1 2 3 Action Taken if the option type is not recognized 0 0 Skip over this option and continue processing the header 0 1 Discard packet 1 0 Discard packet and send ICMP Parameter Problem 1 1 Discard 0 Option Data does not change enroute 1 Option Data may change Opt Data Len The Option Type identifiers are internally encoded such that that the highest- order 2 bits specify the action that must be taken. The third highest bit specifies whether or not the Option Data may be changed. These are used primarily for padding within the options area of a header. Option Data

Jumbograms (RFC 2147)‏ – Permit Datagrams larger than 65,535 Actually between 65,536 and 4,294,967,295 = – A Jumbo Payload Option must be carried in a Hop-by-Hop extension – IP header must have payload length = 0 – Next Header = 0 – next header is a Hop-by-Hop header – Can be used only on links with large enough MTU's – Cannot carry a Fragment Header – Payload can be either TCP or UDP

Jumbograms Bit Option Type 7 8 Option Type8-bit 0xC2 ( Option data does not change)‏ Opt Data Len8-bit value 4 Payload Len32-bit unsigned integer Opt Data Len Jumbo Payload Length Next HeaderHdr Ext Len

Routing Header Bit Next Header 7 8 Next Header8-bit selector identifies the type of the next header. Hdr Ext Len8-bit unsigned integer indicating the length of this header in 8-octet units, not including the first 8 octets. Routing Type8-bit identifier of a particular routing header variant. Segments Left8-bit unsigned integer indicating the number of nodes to be visited. Type-specific dataInfo required by the routing type. Hdr Ext LenRouting TypeSegments Left Type-specific data

Routing Header Bit Next Header 7 8 Next Header8-bit selector identifies the type of the next header. Hdr Ext Len8-bit unsigned integer indicating the length of this header in 8-octet units, not including the first 8 octets. Routing Type8-bit identifier of a particular routing header variant. Segments Left8-bit unsigned integer indicating the number of nodes to be visited. Type-specific dataInfo required by the routing type. Hdr Ext LenRouting TypeSegments Left Type-specific data

Type 0 Routing Header Bit Next Header 7 8 Hdr Ext LenRouting TypeSegments Left Address 1 Address 2 Address n... Reserved

Fragment Header Bit Next Header 7 8 Reserved Fragment OffsetM Identification Res Next Header8-bit selector identifies the type of the next header. Reserved8-bit reserved field initialized to 0. Fragment Offset13-bit unsigned integer indicating the offset of this fragment in 8-octet units. Res2reserved field that is initialized to 0. M1-bit flag: 1 = more fragments; 0 = last fragment. Identification32 bits IP datagram identification number.

Fragmenting Packets Unfragmentable Part Unfragmentable PartIPv6 Header and all extension headers. Fragmentable PartThe rest of the packet.. Original Packet Fragments Fragmentable Part Unfragmentable Part First fragment Second fragment Last fragment... Unfragmentable Part Fragment Header First fragment Unfragmentable Part Fragment Header Second fragment Unfragmentable Part Fragment Header Last fragment...

Destination Options Header Bit Next Header 7 8 Next Header8-bit selector identifies the type of the next header. Hdr Ext Len8-bit unsigned integer indicating the length of this header in 8-octet units, not including the first 8 octets. OptionsContains one or more TLV-encoded options and padding so that the entire header is and integer multiple of 8-octets long. Hdr Ext Len Options This header carries optional information that must be examined only by a packet's destination node. Again this is used primarily for padding.

Size Issues IPv6 requires that every link in the internet have an MTU of 1280 octets or greater. Otherwise there must a provision in Layer 2 for fragmentation and reassembly.

ICMPv6 Internet Control Message Protocol Ver. 6 RFC 2463 Used to Return error codes Return informational messages Sent within an IP datagram Next Header value of 58 Highly abused protocol

ICMPv6 Message Codes Error Messages: Code 0 – 127 1Destination Unreachable 2Packet too big 3Time exceeded 4Parameter problem Informational Messages: 128 – Echo request 129Echo reply

ICMP Message General Format Bit TypeChecksum Code 7 8 Message Body The Type field indicates the type of the message and determines the format of the remaining data. The Code field depends on the message type. Checksum detects data corruption.

Destination Unreachable Message Bit Type Checksum Code 7 8 As much of the invoking packet without exceeding the my Unused Type1 Code0 – no route to destination 1 – communication with destination admin prohibited 2 – not assigned 3 – address unreachable 4 – port unreachable

Packet Too Big Message Bit Type Checksum Code 7 8 Type2 Code0 – set by sender, ignored by receiver. MTUThe Maximum Transmission of the next-hop link. MTU As much of the invoking packet without exceeding the my

Time Exceeded Message Bit Type Checksum Code 7 8 As much of the invoking packet without exceeding the my Type3 Code0 – hop limit exceeded in transit 1 – fragment reasssembly time exceeded Unusedset to 0 by sender, ignored by receiver. Unused

Parameter Problem Message Bit Type Checksum Code 7 8 As much of the invoking packet without exceeding the my Pointer Type4 Code0 – erroneous header field encountered 1 – unrecognized Next Header type encountered 2 – unrecognized IPv6 option encountered PointerThe octet offset of the error within the invoking packet

Echo Request Message Bit Type Checksum Code 7 8 Data... Type128 Code0 IdentifierAn identifier to aid in matching Echo Replies to this Echo Request. May be zero. Seg. No.An identifier to aid in matching Echo Replies to this Echo Reauest. May be zero. DataZero or more octets of arbitrary data. IdentifierSequence Number

Echo Reply Message Bit Type Checksum Code 7 8 Data... Type129 Code0 IdentifierThe identifier the invoking Echo Reauest. Seg. No.The sequence number from the invoking Echo Request. DataThe data from the invoking Echo Request message. IdentifierSequence Number

Other Informational Messages These are ICMP Informational Messages TypeCodeName 1330Router Solicitation 1340Router Advertisement 1350Neighbor Solicitation 1360Neighbor Advertisement 1370Redirect RFC 2461Neighbor Discovery Neighbor Discovery protocol is used to discover nodes on the same link, their link-layer addresses and to find routers.

Router Solicitation Message Bit Type Checksum Code 7 8 Options... Type133 Code0 IdentifierThe identifier the invoking Echo Reauest. ReservedSet to zero OptionsSource link-layer address Reserved Hosts send Router Solicitations in order to prompt routers to generate Router Advertisements quickly.

Router Advertisement Message Bit Type Checksum Code 7 8 Options... Current hop limit Router Lifetime M O Reserved Routers send out Router Advertisement message periodically, or in response to a Router Solicitation. Reachable Time Retrans Time

Router Advertisement Fields Type134 Code0 Cur Hop Limit8-bit unsigned int. Default value that should be placed in the Hop Count field of the IP header. M1-bit “Managed address configuration flag. O1-bit “Other stateful configuration” flag. Reserved6-bit unsed field. Router Lifetime 16-bit uint. Lifetime associated with the default router in seconds, max 18.2 hours.

Router Advertisement Fields (cont'd)‏ Reachable Time 32-bir uint. The time, in milliseconds, a node assumes a neighbor is reachable. Retrans Time 32-bit uint. The time between retransmitted Neighbor Solicitation messages. Possible options: Source link-layer address The link-layer address of the interface from which the Router Ad is sent. MTUShould be sent on links that have a variable MTU.

Neighbor Solicitation Message Bit Type Checksum Code 7 8 Target Address Nodes send Neighbor Solicitations to request the link-layer address of a target node while also providing their own link-layer address to the target. Reserved Options...

Neighbor Solicitation Fields Type135 Code0 ReservedUnused Target AddressThe IP address of the solicitation. It must not be a multicast address. Possible Options: Source link-layer address Link-layer address of the sender

Neighbor Advertisement Message Bit Type Checksum Code 7 8 Target Address R S O Reserved A node sends Neighbor Advertisements in response to Neighbor Solicitations and sends unsolicited Neighbor Advertisements in order to propagate new information quickly. Options...

Neighbor Advertisement Fields Type136 Code0 RRouter flag. When set indicates that the sender is a router. SSolicited flag. When set indicates that the ad was sent in response to a Solicitation from the Destination address. OOverride flag. Indicates that the ad should override an existing cache entry. Reserved 29-bit field that is unused. Target Address The Target Address field in the Solicitation. Possible options: Target link-layer address

Redirect Message Bit Type Checksum Code 7 8 Target Address Routers send redirects to a host of a better first-hop. Reserved Options... Destination Address

Redirect Message Fields Type137 Code0 ReservedUnused Target AddressAn IP address that is a better first hop to use for the ICMP Destination Address. Destination Address The IP address of the destination which is redirected to the target. Possible options; Target link-layer address Link-layer address for the target. Redirected Header As much as possible of the IP packet that triggered the sending of the Redirect.

IPv6 Stateless Address Autoconfiguration Creates link-local addresses Verifies its uniqueness on a link Determines what information should be autoconfigured Should a stateful mechanism be used (i.e. Is there a DHCP close at hand)‏ Requires no manual configuration of hosts Minimal configuration of routers No additional hosts

IPv6 Stateless Address Autoconfiguration Routers advertise prefixes the subnet associated with a link. Hosts generate an interface identifier. Combined generates an IPv6 compliant address. With no router, hosts can generate link-local addresses. Good enough for communication among nodes attached to the same link.

IPv6 Address Leases IPv6 addresses are leased to an interface – For a fixed length of time. – May be infinite An address is valid within its lease time. Invalid otherwise. For graceful lease expiration the address goes through 2 phases – Preferred – Deprecated

IPv6 Address Generation Required when: The interface is initialized at system startup Reinitialized after failure Reinitialized after sys mgnt disables Interface attaches to a link for the first time

IPv6 Address Generation Prepend the link-local prefix to the EUI-64 interface identifier. FE80:0:0:0:Interface ID Link-local addresses have infinite preferred and valid lifetimes

IPv6 Address Uniqueness Ipv6 addresses should be unique. The Duplicate Address Detection Algorithm is used. The Duplicate Address Detection Algorithm uses – Neighbor Solicitation – Neighbor Advertisement Possible DoS – Claim every address is a duplicate

IPv6 Addresses Privacy Considerations Certain amount of surveillance can be performed if Some part of your address remains constant over time. Privacy advocates say bad, bad, bad. Are you at the office or are you at home on a dialup, etc.

IPv6 Addresses Randomized 1)Take the history from the previous iteration and append it to the interface ID (IEEE 802 MAC address). If there is no previous history generate a random number 2)Compute the MD5 hash of the above. 3)Take the left-most 64-bits. Set bit 6 to zero thus setting the local/global bit indicating local. This is the interface ID. 4)Take the right-most 64-bits of the hash is step 2) and sve them in the history value for the next iteration.