IPv6 Links
Goals of IPv6
- Huge address space
- Reduce the size of routing tables (possibly at the cost of
wasting address space)
- Simplify protocol to speed routers
- Better security
- Better type-of-service (to support realtime)
- Aid multicasting
- Allow roaming hosts to maintain a constant address
- Allow for future evolution
- Be backwards compatable!!!!
The IPv6 Packet and Header Format
Only eight fields, not fifteen like before. They are
- Version (4 bits): Always a 6
- Priorty (4 bits): How important is this traffic. 0-7
are transmissions that can slow down for congestion, 8-15 are real time
constant speed traffic. Higher is more important. But why
would anyone be honest? Wouldn't you get better performance if
you always claim priority 15? Yes, but your network administartor
will hunt you down.
- Flow label 3 bytes): Experimental, but probably will be
used to make bandwisth and latency reservations. Zero is no
special treatment. Otherwise numbers will be assigned randomly,
and not start at one, for better hashing. Clever!
- Payload length (2 bytes): Length of everything except the
header. Weirdly, the IPv4 length field DID include the header.
- Next Header (1 byte): Describes which of currently 6
optional headers follows. The IPv6 header is smaller because the
weird cases can have optional extra headers, and the normal case can
omit them. For the last header, this field describes the type of
payload (TCP, UDP, etc).
- Hop Limit (1 byte): Just like Time to live in IPv4, except
IPv4 claimed that TTL was in seconds (even though no router did that)
and IPv6 admits it's hops.
- Source Address (16 bytes): Where from
- Destination Address (16 bytes): Where to.
- (Possibly other optional headers)
- (The data)
- (The CRC)
Interesting is what is omitted
- Header Checksum (subsumed by overall checksum)
- Protocol (subsumed by Next Header)
- Fragement Offset (now an optional header)
- Header Length (The header is now a fixed size, so no length
field
needed)
- Don't Fragement (Fragementing not allowed!)
- More Fragements
Size of the IPv6 Address Space.
The IPv6 adress space allows for 2^128 addresses. That's
340,282,366,920,938,463,463,374,607,431,768,211,456 addresses. Or
more concretely, that's 665,570,793,348,866,943,898,599 (~ 665 million
quadrillion) addresses per square meter of the whole earth (including
the water). Really a huge number indeed!! But not all of
these addresses will be useable. In fact LOTS will be wasted by
the adress asignment scheme. If the scheme is as good as the
French and US telephone system, IPv4, and IEEE 802 node assignments
systems, there will be between 1564 and 3,911,873,538,269,506,102 (3.9
million quadrillion) addresses per square meter.
Currently, IPv4 was scheduled to run out in 2010. But network
address translation has helped that ALOT.
Allocation of Addresses
Allocation Prefix Fraction of
(binary) Address Space
Reserved 0000 0000 1/256
Unassigned 0000 0001 1/256
Reserved for NSAP Allocation 0000 001 1/128
Reserved for IPX Allocation 0000 010 1/128
Unassigned 0000 011 1/128
Unassigned 0000 1 1/32
Unassigned 0001 1/16
Unassigned 001 1/8
Provider-Based Unicast Address 010 1/8
Unassigned 011 1/8
Reserved for Geographic-based 100 1/8
Unicast Addresses
Unassigned 101 1/8
Unassigned 110 1/8
Unassigned 1110 1/16
Unassigned 1111 0 1/32
Unassigned 1111 10 1/64
Unassigned 1111 110 1/128
Unassigned 1111 1110 0 1/512
Link Local Use Addresses 1111 1110 10 1/1024
Site Local Use Addresses 1111 1110 11 1/1024
Multicast Addresses 1111 1111 1/256
Provider Based Addresses allow for 32 registries to have their own
address space, and hand it out as they see fit. They could give a
chunck out to each telcom company that asks. But what if you
switch companies?
Geographic Based Addresses does the same scheme for location based
addresses. But what if you move?
Multicast addresses have a bit within them that distinguished permenant
from temporary groups. They have 4 bits that distinguish 'scope',
incluing link site organization and planet. The other levels are
currently undefined. Interstingly, planet is level 14, so 15 must
be extra-planetary.
The Extra Headers
Interestingly, the 'type' field of every optional header tells the
router what to do it it's never heard of it. The first two bits
tell an otherwise clueless router to skip the option, drop the packet,
send an ICMP error, or send ICMP error unless it's multicast.
| Hop-by-hop |
Support information needed by routers along the way.
The only current one is jumbo-payload (length more than 64K) |
| Routing |
Offer a loose or strict source route. Only 24 addresses
can be listed (which takes 24 * 16 bytes. |
| Fragementation |
Only the source can fragement. This describes the
fragement offset, etc. |
| Authentication |
Verifies between two parties that have already exchanged keys
that the contents really came from the source. Does this by
computing a checksome of the payload, non-variable parts of the header,
and the secret key. |
| Encryption |
Encrypts the payload with an already agreed upon key |
| Destination |
Options for the destination. No ones though of any yet,
but their ready when it happens |
Encryption and Authentication
Each host has a set of secret keys, and each key is assigned a 24bit
number. At least one key must be secretly given to every person
you want to use encryption or authentication with. IPv6 does not
say how to do this, but using RSA seems an obvious idea.
To authenticate, construct a packet (including the authentication
header) with the variable portion of the header set to zero, padded to
a 16 byte boundrey. Compute a CRC on this. Fill this CRC
into the authentication header. Send it. Receiver verifies
they got the same CRC.
Questions: What are the variable parts of the header?
Why treat them differently? Why is this different than the normal
CRC, which protects against errors? How do routers in the middle,
which don't know the key, deal with this header?
To encrypt: Encrypt the data with the secret key. Add to
the header the encrytion option, describing the key used. Send
it.
Question: What algorithm should be used to encrypt and
CRC? The default is MD5, but others can be used. Would you
really trust it, or would you rather each application role it's own?
Controversies
Hop length field: Do we really want to limit the diameter
of the internet to 255. Do we really want packets roaming for
2^16
hops?
Maximum Packet Length: Is 64K enough in a world with
super-links and huge sound/video/smell files (and
supercomputers). Also, when a 64K packet hits a slow link, won't
everyone notice a serious delay?
Encryption: Some nations (France did and Iraq does) have
laws prohibiting their citizens from using serious encryption.
Other nations (US) prhibit the export of such encryption. What if
IPv6 is banned in France and the source cannot be exported from the
U.S.
Mobile Hosts: They still don't know how to do it, but they
have a set of addresses (and header options) to support it when it
happens.
The Switch
All IPv4 hosts get an IPv6 address of
0:0:0:0:0:0:0:0:0:0:0:0:aaa.bb.ccc.dd
There is a standard way to encode an IPv6 packet within an IPv4 packet.
All routers for now can speak IPv4, even the IPv6 capable ones.
DNS servers need to be upgraded to handle the large addresses.
However, no IPv4 host will be able to see (or speak) to an IPv6 host
when the IPv6 host has a non IPv4 address.
Interesting Notes
The Linux version uses a routing deamon using Distance-Vector
They are adding several new tunnels to the 6bone daily (and still
routing the 6bone by hand)