1. Adapted from Gordon Chaffee’s slides
13: IPV6 and NAT
Last Modified:
1/17/2019 3:35:45 PM
Adapted from Gordon Chaffee’s slides
4: Network Layer

2. IPv6
4: Network Layer

3. History of IPv6
IETF began thinking about the problem of running out of IP addresses in 1991
Requires changing IP packet format - HUGE deal!
While we’re at it, lets change X too
“NGTrans” (IPv6 Transition) Working Group of IETF - June 1996
4: Network Layer

4. IPv6 Wish List From “The Case for IPv6”
Scalable Addressing and Routing
Support for Real Time Services
Support of Autoconfiguration (get your own IP address and domain name to minimize administration
Security Support
Enhanced support for routing to mobile hosts
4: Network Layer

5. IPv4 Datagram V ersion HLen TOS Length Ident Flags Offset TTL Protocol
Checksum
SourceAddr
DestinationAddr
Options (variable)
Pad
(variable) 4 8 16 19 31
Data
4: Network Layer

6. IPv6 Datagram 4: Network Layer V ersion T rafficClass FlowLabel
PayloadLen
NextHeader
HopLimit
SourceAddress
DestinationAddress 4 12 16 24 31
Next header/data
4: Network Layer

7. IPv6 Base Header Format VERS = IPv6
TRAFFIC CLASS: specifies the routing priority or QoS requests
FLOW LABEL: to be used by applications requesting performance guarantees
PAYLOAD LENGTH: like IPv4’s datagram length, but doesn’t include the header length like IPv4
NEXT HEADER: indicates the type of the next object in the datagram either type of extension header or type of data
HOP LIMIT: like IPv4’s TimeToLive field but named correctly
NO CHECKSUM (processing efficiency)
4: Network Layer

8. Address Space 32 bits versus 128 bits - implications?
4 billiion vesus 3.4 X1038
1500 addresses per square foot of the earth surface
4: Network Layer

9. Addresses
Still divide address into prefix that designates network and suffix that designates host
But no set classes, boundary between suffix and prefix can fall anywhere (CIDR only)
Prefix length associated with each address
4: Network Layer

10. Addresses Types Unicast: delivered to a single computer
Multicast: delivered to each of a set of computers (can be anywhere)
Conferencing, subscribing to a broadcast
Anycast: delivered to one of a set of computers that share a common prefix
Deliver to one of a set of machines providing a common servicer
4: Network Layer

11. Address Notation Dotted sixteen? Colon hexadecimal notation (8 groups)
Colon hexadecimal notation (8 groups)
69DC:8768:9A56:FFFF:0:5634:343
Or even better with zero compression (replace run of all 0s with double ::)
Makes host names look even more attractive huh?
4: Network Layer

12. Special addresses Ipv4 addresses all reserved for compatibility
96 zeros + IPv4 address = valid IPv6 address
Local Use Addresses
Special prefix which means “this needn’t be globally unique”
Allow just to be used locally
Aids in autoconfiguration
4: Network Layer

13. Datagram Format Base Header + 0 to N Extension Headers + Data Area
4: Network Layer

14. Extensible Headers Why? Saves Space and Processing Time Extensibility
Only have to allocate space for and spend time processing headers implementing features you need
Extensibility
When add new feature just add an extension header type - no change to existing headers
For experimental features, only sender and receiver need to understand new header
4: Network Layer

15. Flow Label Virtual circuit like behaviour over a datagram network
A sender can request the underlying network to establish a path with certain requirements
Traffic class specifies the general requirements (ex. Delay < 100 msec.)
If the path can be established, the network returns an identifier that the sender places along with the traffic class in the flow label
Routers use this identifier to route the datagram along the prearranged path
4: Network Layer

16. ICMPv6 New version of ICMP
Additional message types, like “Packet Too Big”
Multicast group management functions
4: Network Layer

17. Summary like IPv4
Connectionless (each datagram contains destination address and is routed seperately)
Best Effort (possibility for virtual circuit behaviour)
Maximum hops field so can avoid datagrams circulating indefinitely
4: Network Layer

18. Summary New Features Bigger Address Space (128 bits/address)
CIDR only
Any cast addresses
New Header Format to help speed processing and forwarding
Checksum: removed entirely to reduce processing time at each hop
No fragmentation
Simple Base Header + Extension Headers
Options: allowed, but outside of header, indicated by “Next Header” field
Ability to influence the path a datagram will take through the network (Quality of service)
4: Network Layer

19. Transition From IPv4 To IPv6
Not all routers can be upgraded simultaneous
no “flag days”
How will the network operate with mixed IPv4 and IPv6 routers?
Two proposed approaches:
Dual Stack: some routers with dual stack (v6, v4) can “translate” between formats
Tunneling: IPv6 carried as payload n IPv4 datagram among IPv4 routers
4: Network Layer

20. Dual Stack Approach
4: Network Layer

21. Tunneling
IPv6 inside IPv4 where needed
4: Network Layer

22. More Recent History
First blocks of IPv6 addresses delegated to regional registries - July 1999
~ websites in the .com domain that can be reached via an IPv6 enhanced client via an IPv6 TCP connection
U.S. government agencies required to be IPv6 compliant to meet an OMB mandate announced in 2005
2009/10 – Major websites like Google and Facebook on IPv6
Info from Akamai’s State of the Internet report
4: Network Layer

23. IPv5?
New version of IP temporarily named “IP - The Next Generation” or IPng
Many competing proposals; name Ipng became ambiguous
Once specific protocol designed needed a name to distinguish it from other proposals
IPv5 has been assigned to an experimental protocol ST
4: Network Layer

24. Network Address Translation (NAT)
4: Network Layer

25. Background RFC 1918 defines private intranet address ranges for IPv4
(Class A)
(Class B)
(Class C)
Addresses reused by many organizations
Addresses cannot be used for communication on Internet
4: Network Layer

26. Problem Discussion
Hosts on private IP networks need to access public Internet
All traffic travels through a gateway to/from public Internet
Traffic needs to use IP address of gateway
Conserves IPv4 address space
Private IP addresses mapped into fewer public IP addresses
4: Network Layer

27. Scenario Public Internet Private Network 128.32.32.68 24.1.70.210
BMRC
Server
Public Internet
All Private Network hosts must use the gateway IP address
Gateway
Public network IP address, globally unique
Same private network IP addresses may be used by many organizations
Host A
Private Network
4: Network Layer

28. Network Address Translation Solution
Special function on gateway
IP source and destination addresses are translated
Internal hosts need no changes
TCP based protocols work well
Non-TCP based protocols more difficult
Changes required to applications that embed IP addresses? FTP? Others?
Provides some security
Hosts behind gateway difficult to reach
Possibly vulnerable to IP level attacks
4: Network Layer

29. TCP NAT Example 2 1 3 4 4: Network Layer
PROTO
SADDR
DADDR
SPORT
DPORT
FLAGS
CKSUM
TCP
1049 80
SYN
0x1636 1
1. Host tries to connect to web server at It sends out a SYN packet using its internal IP address,
PROTO
SADDR
DADDR
SPORT
DPORT
FLAGS
CKSUM
TCP
40960 80
SYN
0x2436 2
2. NAT gateway sees SYN flag set, adds new entry to its translation table. It then rewrites the packet using gateway’s external IP address, Updates the packet checksum.
Internet
Server
NAT
Gateway
PROTO
SADDR
DADDR
SPORT
DPORT
FLAGS
CKSUM
TCP 80
1049
SYN, ACK
0x7841 4
4. NAT gateway looks in its translation table, finds a match for the source and destination addresses and ports, and rewrites the packet using the internal IP address.
PROTO
SADDR
DADDR
SPORT
DPORT
FLAGS
CKSUM
TCP 80
40960
SYN, ACK
0x8041 3
3. Server responds to SYN packet with a SYN,ACK packet. The packet is sent to the NAT gateway’s IP address.
NAT Translation Table
Client Server
IPAddr Port IPAddr Port NATPort
4: Network Layer

30. NAT traversal problem
client wants to connect to server with address
server address local to LAN (client can’t use it as destination addr)
only one externally visible NATed address:
solution 1: statically configure NAT to forward incoming connection requests at given port to server
e.g., ( , port 2500) always forwarded to port 25000
Client ?
NAT
router
Network Layer

31. NAT traversal problem
solution 2: Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol. Allows NATed host to:
learn public IP address ( )
add/remove port mappings (with lease times)
i.e., automate static NAT port map configuration
IGD
NAT
router
Network Layer

32. NAT traversal problem solution 3: relaying (used in Skype)
NATed client establishes connection to relay
External client connects to relay
relay bridges packets between to connections
2. connection to
relay initiated
by client
NAT
router
1. connection to
relay initiated
by NATed host
3. relaying
established
Client
Network Layer

33. Load Balancing Servers with NAT
Public
Internet
NAT
Gateway
(Virtual
Server)
Server
Private
Intranet
Server
Server
Single IP address for web server
Redirects workload to multiple internal servers
4: Network Layer

34. Load Balancing Networks with NAT
Service Provider 1
Private
Intranet
NAT
Gateway
Network X
Service Provider 2
Connections from Private Intranet split across Service Providers 1 and 2
Load balances at connection level
Load balancing at IP level can cause low TCP throughput
4: Network Layer

35. NAT Discussion NAT works best with TCP connections
NAT breaks End-to-End Principle by modifying packets
Problems
Connectionless UDP (Real Audio)
ICMP (Ping)
Multicast
Applications use IP addresses within data stream (FTP)
Need to watch/modify data packets
NAT works bets with applications that make connections to the outside world using TCP connections. It has trouble with datagram protocols.
4: Network Layer

36. IP addresses: how to get one? One more time 
Hard-coded by system admin in a file
Long with subnet mask, default gateway and DNS server
DHCP: Dynamic Host Configuration Protocol: dynamically get network identity and neighborhood info dynamically, “plug-and-play”
4: Network Layer

37. DHCP Automated configuration of IP addresses
DHCP server hands out IP addresses to hosts in a administrative domain
Relieves burdens of system administrators - major factor in lifetime cost of computer systems!
Runs over UDP (ports 67 and 68)
RFC 2131
4: Network Layer

38. Finding the DHCP server?
Wouldn’t be big improvement if had to configure each host with address of DHCP server!
A little better because at least every machine in a local network gets same info
Hosts send special DHCPDISCOVER message to the special IP address
This is a special IP broadcast address and all other nodes on that network will receive
We’ll see more about special addresses like this
4: Network Layer

39. DHCP Discover/Offer Host broadcasts “DHCP discover” msg
Sent to from
Contains a client ID to uniquely identify the client in that network
Usually use MAC address
DHCP server can be configured with a “registered list” of MAC addresses to accept
DHCP server responds with “DHCP offer” msg
Sent from IP address of DHCP server to
Includes ip address, subnet mask, DNS servers, default gateway, length of lease
4: Network Layer

40. DHCP Request/Ack Host sends “DHCP request” msg directly to server
Sent to DHCP Server’s IP address
Requests the address and other info offered with DHCP offer or could be requesting the address it was offered last time ( ie before it expires)
Still sent from
DHCP server responds with “DHCP ack” msg
Sent from IP address of DHCP server to
Final confirmation of the ip address, subnet mask, DNS servers, default gateway, length of lease
4: Network Layer

41. DHCP client-server scenario
DHCP server:
arriving
client
DHCP discover
src : , 68
dest.: ,67
yiaddr:
transaction ID: 654
DHCP offer
src: , 67
dest: , 68
yiaddrr:
transaction ID: 654
Lifetime: 3600 secs
DHCP request
src: , 68
dest:: , 67
yiaddrr:
transaction ID: 654
Lifetime: 3600 secs
time
DHCP ACK
src: , 67
dest: , 68
yiaddrr:
transaction ID: 654
Lifetime: 3600 secs
Network Layer

42. DHCP server on every network?
If there is a DHCP server on the local network to receive the broadcast, then it can respond the host with its IP address, its default router, etc.
Alternatively, can have a DHCP relay agent on each network that knows the address of the DHCP server and will forward the DHCPDISCOVER message
4: Network Layer

43. Leases
DHCP doesn’t *give* each client an IP address, just lease them for a while
IP addresses aren’t reserved by clients not currently connected to the network
Clients can keep their address by renewing their leases
Some DHCP servers will hand out new address each time (especially to prevent customers running servers)
Dynamic DNS?
Clients typically start renewing ½ way through lease period
Internet wide DHCP to enforce efficient CIDR?
4: Network Layer

44. Renew lease Host requests IP address: “DHCP request” msg
Once know the IP address of the DHCP server then just send a request message directly to them
DHCP server sends address: “DHCP ack” msg
Contains same info as an offer
4: Network Layer

45. DHCP other DHCP servers and DNS DHCP servers and routers
What if some machine choose their own IP address in the proper range? Doesn’t stop data from flowing to them (see ARP later)
Unless routers or switches keep list of valid MACs
DHCP and BOOTP
Security problem – attach to network and act like DHCP server – give out all duplicate IPs
4: Network Layer

46. Outtakes
4: Network Layer

47. 6Bone The 6Bone: an IPv6 testbed
Started as a virtual network using IPv6 over IPv4 tunneling/encapsulation
Slowly migrated to native links for IPv6 transport
RFC 2471
Abandoned 2006
4: Network Layer

48. NAT Example NAT Gateway TCP Connection 1 Address Translator
Server
TCP Connection 1
Address
Translator
4: Network Layer

49. TCP Protocol Diagram Client Server IP Header TCP Header
SYN
SYN flag indicates a new TCP connection
Client
Server
IP Header
SYN, ACK
Checksum
ACK
Source IP Address
Destination IP Address
Packet 0:50
ACK 0:50
TCP Header
FIN
Source Port Number
Dest Port Number
FIN, ACK
Sequence Number
4: Network Layer