Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPv6 Network Security.

Published byJena Shaker Modified over 9 years ago

Similar presentations

Presentation on theme: "IPv6 Network Security."— Presentation transcript:

1 IPv6 Network Security

2 Topics Introduction Comparison with IPv4 Header format
Extension headers Neighbour discovery Transition from IPv4 to IPv6 ICMPv6 IPv6 addresses Address Autoconfiguration IP Security Network Security

3 About IPv6 Internetworking Protocol version 6, IPng
IPv6 was developed because about 1992 it became clear that at the rate that the Internet was growing the world would soon be out of IPv4 numbers The experimental deployment of IPv6 started in 1995 IPv6 was designed to work alongside IPv4 on all network devices. This is often called the “Dual Stack” because devices have both an IPv4 Protocol Stack and an IPv6 Protocol Stack 128-bit address written in 8 hex quads It supports 2128 (about 3.4×1038) addresses Network Security

4 IPv4 deficiencies Address depletion
No support for real-time audio and video transmission No encryption and authentication of data Network Security

5 IPv6 advantages over IPv4
Large address space Better header format Stateless and stateful address auto-configuration Built-in security New options Extensibility Support for real-time audio and video

6 IPv4 Vs IPv6 Network Security

7 Reasons for delay in adoption
Classless addressing Use of DHCP Network Address Translation Network Security

8 IPv6 datagram Base Header
Network Security

9 IPV4 and IPV6 Header Network Security

10 IPV4 Vs IPV6 Packet Header
Network Security

11 IPv6 Extension Headers Network Security

12 IPv6 Extension Headers Hop-by-Hop Options header Source routing
When the source needs to pass info to all routers visited by the datagram. Source routing Combines the concepts of strict and loose source route options of IPv4. Fragmentation Source is required to fragment if size of datagram is larger that the MTU of network. Only original source can fragment. Network Security

13 Extension Headers contd…
Authentication header (AH) Validates the message sender and ensures integrity of data. Encrypted security payload (ESP) Provides confidentiality and guards against eavesdropping. Destination Options Used when source needs to pass info to the destination only. Intermediate routers are not permitted access. Network Security

14 IPv4 options and IPv6 extension headers
Network Security

15 Transition from IPv4 to IPv6
Network Security

16 Dual Stack A station must run IPv4 and IPv6 simultaneously until all the Internet uses IPv6 To determine which version to use when sending a packet to a destination, the source host queries the DNS If the DNS returns an IPv4 address, the source host sends an IPv4 packet If the DNS returns an IPv6 address, the source host sends an IPv6 packet Network Security

17 Tunneling a strategy used when two computers using IPv6 want to communicate with each other and the packet must pass through a region that uses IPv4 So the IPv6 packet is encapsulated in an IPv4 packet when it enters the region, and it leaves its capsule when it exits the region. Network Security

18 Header Translation necessary when the majority of the Internet has moved to IPv6 but some systems still use IPv4 the sender wants to use IPv6, but the receiver does not understand IPv6 the header format must be totally changed through header translation header of the IPv6 packet is converted to an IPv4 header uses the mapped address and some rules to translate an IPv6 address to an IPv4 address Network Security

19 ICMPv6 Internet Control Message Protocol Combines ICMPv4, ARP and IGMP
Message – oriented It uses messages to report errors Like version 4, ICMPv6 reports errors, handles group memberships, updates specific router and host tables, and checks the viability of a host. ICMPv6 forms an error packet which is then encapsulated in an IP datagram Network Security

20 ICMPv6 messages Error messages Informational messages
Destination unreachable, packet too big, time exceeded, parameter problems Informational messages Echo request & reply message Neighbour discovery messages Route solicitation & advertisement message Neighbour solicitation & advertisement message Group membership messages Membership query & report message Network Security

21 ND messages Mainly used by: Router-solicitation message
Hosts to find routers in the neighbourhood Nodes to find the link layer addresses of neighbours Nodes to find IPv6 addresses of the neighbour Router-solicitation message Router-advertisement message Neighbour-solicitation message Neighbour-advertisement message Network Security

22 IPv6 addressing Unicast address Anycast address Multicast address
IPv6 doesn’t implement broadcast address Broadcasts are replaced by multicasts and anycasts However, a multicast to address ff02::1 would result in a transmission to all nodes within the same local link, which is similar to IPv4 multicast to address  Network Security

23 Unicast & Anycast Address format
Unicast (one-to-one) and anycast (one-to-one-of-many) addresses are typically composed of two logical parts: a 64-bit network prefix used for routing, and a 64-bit host part used to identify a host within the network. The network prefix is /1 followed by a 40-bit random number. The 16 bits of the subnet identifier field are available to the network administrator to define subnets within the given network. The 64-bit interface identifier is either automatically generated from the interface's MAC address obtained from a DHCPv6 server randomly, or assigned manually. Network Security

24 Multicast Address format
The prefix holds the binary value   for any multicast address. Flag field defines the group address as either permanent or transient. Scope field defines the scope of the group address. Network Security

25 IPv6 notation An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by a colon (:). A typical example of an IPv6 address follows: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 The hexadecimal digits are case-insensitive. Network Security

26 Compressing Zeros A contiguous sequence of 16-bit blocks set to 0 in the colon hexadecimal format can be compressed to “::”, known as double-colon For example, the link-local address of FE80:0:0:0:2AA:FF:FE9A:4CA2 can be compressed to FE80::2AA:FF:FE9A:4CA2 Zero compression can only be used once in a given address Network Security

27 Address Autoconfiguration
Host has an ability to automatically configure itself, even without the use of a stateful configuration protocol such as DHCPv6 Types of Autoconfiguration: Stateless: Configuration of addresses is based on the receipt of Router Advertisement messages Stateful: Configuration is based on DHCPv6 to obtain addresses and other configuration options. A host will use a stateful address configuration protocol when there are no routers present on the local link. Network Security

28 Autoconfiguration process
Host first creates a link local address for itself The host then tests to see if this link local address is unique and not used by other hosts If the uniqueness of the link local address is passed, the host stores this address as its link-local address, but it still needs a global unicast address Network Security

29 IP Security IPSec is a collection of protocols designed by IETF to provide security for a packet at the network layer It helps create authenticated and confidential packets for the IP layer Two modes: Transport does not protect the IP header; it only protects the information coming from the transport layer Tunnel protects the original IP header Network Security

30 IPSec modes Network Security

31 IPSec Protocols AH and ESP Authentication Header
designed to authenticate the source host and to ensure the integrity of the payload carried in the IP packet uses a hash function and a symmetric key to create a message digest; the digest is inserted in the authentication header Network Security

32 AH Protocol in transport mode
Network Security

33 What is Message Digest? The electronic equivalent of the document and fingerprint pair is the message and message digest pair To preserve the integrity of a message, the message is passed through an algorithm called a hash function. The hash function creates a compressed image of the message that can be used as a fingerprint. The message digest needs to be kept secret. SHA-1 (Secure Hash Algorithm 1) Network Security

34 Encapsulating Security Payload (ESP)
The AH Protocol does not provide privacy, only source authentication and data integrity ESP adds a header and trailer ESP's authentication data are added at the end of the packet ESP does whatever AH does with additional functionality (privacy) Network Security

35 ESP Protocol in transport mode
Network Security

36 IPSec services Network Security

37 Things to study IPv4 packet, ICMPv4 DHCPv6, ICMPv6 IPv6 Routing
Internet Key Exchange for IPSec QoS support for IPv6 API for IPv6 Network Security

Download ppt "IPv6 Network Security."

Similar presentations

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 26 IPv6 Addressing.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 26 IPv6 Addressing.
Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.

IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
1 Chapter 11 Next Generation: IPv6 Chapter 11 Next Generation: IPv6 Mi-Jung Choi Dept. of Computer Science and Engineering

1 Chapter 11 Next Generation: IPv6 Chapter 11 Next Generation: IPv6 Mi-Jung Choi Dept. of Computer Science and Engineering
CSCI 4550/8556 Computer Networks Comer, Chapter 22: The Future IP (IPv6)

CSCI 4550/8556 Computer Networks Comer, Chapter 22: The Future IP (IPv6)
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services IPv6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implementing IP Addressing Services IPv6.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.

CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
IPv6 Victor T. Norman.

IPv6 Victor T. Norman.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IPV6. Features of IPv6 New header format Large address space More efficient routing IPsec header support required Simple automatic configuration New protocol.

IPV6. Features of IPv6 New header format Large address space More efficient routing IPsec header support required Simple automatic configuration New protocol.
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.

IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.
IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.

IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici "This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.
Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv6

Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv6

Similar presentations

Ads by Google