Introduction To Ipv6: (Chapter 4 in Huitema)

Introduction to IPv6
(Chapter 4 in Huitema)
S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1
IPv6 addresses
• 128 bits long
• Written as eight 16-bit integers separated with colons
– E.g. 1080:0000:0000:0000:0000:0008:200C:417A
= 1080::8:800:200C:417A
• Types
– Unicast
• Defines one interface within their scope of validity
– Multicast
• Delivers packets to all members of a group
– Anycast
• Delivers packets to the nearest member of a group

Special IPv6 addresses
• Unspecified = 0:0:0:0:0:0:0:0 = ::
– Only as source address
• Loopback = 0:0:0:0:0:0:0:1 = ::1
– For sending datagrams to itself
• IPv4 addresses prepended with zeroes
– 0:0:0:0:0:0:AABB:CCDD = ::a.b.c.d
• Site-local addresses
– FEC0:0000:0000:subnet:station
• Link-local addresses
– FEB0:0000:0000:0000:station
IPv6 header
Version=6
Version=6(4)
(4) Traffic
Trafficclass
class(8)
(8) Flow
Flowlabel
label(24)
(24)
Payload
Payloadlength
length(16)
(16) Next
Nextheader
headertype
type(8)
(8) Hop
Hoplimit
limit(8)
(8)
Source
Sourceaddress
address(128)
(128)
Destination
Destinationaddress
address(128)
(128)
• Differences between v4 and v6

– No checksum (performed at lower layers)
– No fragmentation (path MTU discovery instead, min. 1280)
– No options (linked extension headers instead)
• Extension headers replace options
IPv6
IPv6header
header NH Extension
Extension NH Extension
Extension NH Payload
Payload(TCP)
(TCP)
IPv6 supports strict or loose source routing
• Routing header
Hext
Hextheader
header Header
Headerext.
ext.length
length Routing
Routingtype
type==00 Segments
Segmentsleft
left
Reserved
Reserved
IPv6
IPv6address
address11
IPv6
IPv6address
address22
. .. .. .
IPv6
IPv6address
addressNN
• Only the router whose address is destination address in IPv6
header examines this extension ÿ better performance
• Forwarder
– Moves the next address to the IPv6 header
– Decrements the number of segments left
Fragmentation is performed by the sender

• Packets larger than the next hop’s MTU are rejected
• Large packets must be fragmented by the sender
• Fragment header:
Hext
Hextheader
header Reserved
Reserved Fragment
Fragmentoffset
offset Reserved
Reserved M
M
Identification
Identification
• Offset: Least significant 132 bits of 16-bit word

• M: More fragments

Other extensions
• Authentication Header (AH)
• Encrypted Security Payload (ESP)
• Destination options header
– Only examined by the destination
– Contains one or several parameters
– Also defines handling for unrecognized parameters
• Hop-by-hop options header
– Examined by each router
– Similar format and coding as destination options header
– E.g. jumbo payload
• Processing order is important
– IPv6 ÿ Hop-by-hop ÿ Destination options (for tunneling) ÿ Routing ÿ
Fragment ÿ Authentication ÿ Destination options ÿ Upper layers
(TCP/UDP)
Internet Control Message Protocol Version 6

• ICMPv6 header
Type
Type Code
Code Checksum
Checksum
ICMP
ICMPbody
body
• Also includes the functionality of IGMP
• ICMP message types:
– 1. Destination unreachable
– 2. Packet too big
– 3. Time exceeded errors
– 4. Parameter problem
– 128. Echo request
– 129. Echo reply for ”ping”
– 133. Router solicitation
– 134. Router advertisement router discovery
– 137. Redirect
Router discovery
• For building a local list of routers on the same network
Type
Type==134
134 Code
Code==00 Checksum
Checksum
Cur.
Cur.hop
hoplimit
limit M
M OO Res.Res. Router
Routerlifetime
lifetime
Reachable time
Reachable time
Retransmission
Retransmissiontimer
timer
Options
Options
• Curr.hop limit: Suggestion for initial hop limit value
• Router lifetime: Seconds for holding in router list
• Reachable time: Expected time neighbors remain reachable after advertising the
media address (in milliseconds)
• Reachable retransmission timer: Interval between successive solicitations of a
neighbor that is not returning solicited neighbor advertisements (ms).
+ Source Link Layer option: contains media address of router
Neighbor discovery in IPv6 replaces ARP

• If there is no MAC address entry for the next hop, a neighbor solicitation
message (comp. ARP-request) is sent:
Type
Type==135
135 Code
Code==00 Checksum
Checksum
RR SS OO Reserved
Reserved
Solicited address
Solicited address
Options...
Options...
– TTL=1, own MAC address in source link-level address option
• The message is sent to a solicited node multicast address derived from the
address of the next-hop
• MAC address for the message derived from this address
• The host recognizing its address, replies with a neighbor advertisement message
(comp. ARP-reply)
– Format similar, but Type=136
– MAC address in link layer address option
– R=address is router, S=reply to solicitation, O=overides previous cache entry
Redirect works like in IPv4 but may include
the media address of the next hop
• Redirect message:
Type
Type==137
137 Code
Code==00 Checksum
Checksum
Reserved
Reserved
Target
Targetaddress
address
Destination
Destinationaddress
address
Options
Options
• Target address contains the better next hop for the destination
• The media address of the next hop may be included in a target link
layer address option.
The sender needs feedback from the destiation

so that it is not sending to a ”black hole”
• If the sender does not get feedback (within 30 seconds), it checks
the existence of the receiver with a solicitation message
solicitation
solicitated advertisement
update
updatecache
cache
solicitation
solicitation
solicitation
destination unreachable
remove
removefrom
fromcache
cache
calculate
calculatenew
newnext-hops
next-hops
Autoconfiguration can be stateful or stateless
new host router
router solicitation [link-local-addressÿall-routers]
Type
Type==133
133 Code
Code==00 Checksum
Checksum
Reserved
Reserved
Options....
Options....(link
(linklayer
layeraddress)
address)
router advertisement [ÿall-hosts / ÿlink-local-address]
Type
Type==134
134 Code
Code==00 Checksum
Checksum
Hop.limit
Hop.limit M
MOO Res.
Res. Router
Routerlifetime
lifetime
Reachable
Reachabletime
time
Retransmission
Retransmissiontimer
timer
Options....
Options....(prefix
(prefixinformation
informationoption)
option)
Stateful auto-
M=1 stateful
M=1 yes statefulconf.
conf.with
withconf.server
conf.server configuration
O=1
O=1 obtain
obtainother
otherparameters
parametersfrom
fromconf.server
conf.server similar to DHCP in
yes
IPv4
stateless
statelessconfiguration
configuration
Stateless autoconfiguration
Type
Type==134
134 Code
Code==00 Checksum
Checksum
Hop.limit
Hop.limit M
MOO Res.
Res. Router
Routerlifetime
lifetime
Reachable
Reachabletime
time
Retransmission
Retransmissiontimer
timer
Options....
Options....(prefix
(prefixinformation
informationoption)
option)
• Prefix information option contains list of prefixes with parameters

– on-link bit ÿ the prefix is specific to the local link
– autonomous-bit ÿ host can construct address by replacing the last bits of the
prefix with EUI-64 identifier
• Stateless autoconfiguration properties
– simple, no servers required
– inefficient: 64 bits used for one local network
– no access control
When a host generates an address with auto-
configuration, it must check that it is unique
• In principle, addresses generated with the EUI-64 identifier should
be unique, but...
solicitation
solicitated advertisement
address
addressnot
notunique
unique
ÿ pick another
ÿ pick another
solicitation
1s
address
addressisisunique
unique
• Lost messages ÿ retry several times
Mobile IP

Different types of mobility
• Computers transported and connected from different locations
– Dynamic configuration ÿ new IP address
– Access through modem/ISDN
ÿ new IP address
ÿ TCP connection cut off
• Mobile computers, which stay connected during movements
– Radio, infrared
ÿ same IP address
• Mobile networks, e.g. in cars, planes, trains, ships
– Recursive mobility (mobile host in mobile network)
The traffic to a mobile node is tunneled from

the home agent to the foreign agent
• Mobile Node (MN) – Node, who has a home address in the home network, and
obtains a care-of-address (COA) in the visited foreign network
• Home Agent (HA) – Belongs to the home network and serves the home address
• Foreign Agent (FA) – Serves the visiting mobile node
• Corresponding Node (CN) – A node exchanging data with the mobile node
normal forwarding CN normal forwarding

to home address
HA
FA tunneling home address
care-of-address
MN
Home agents and foreign agents may be routers
Discovery and registration
MN ICMP agent advertisement FA HA
(COA address)
new
new location?
location?
Yes
register (COA address)
register (COA address)
grant?
grant?
reply Yes
reply
A lost request is resent by MN

FA never repeats the request.
Discovery of a Home Agent or Foreign Agent

using periodical ICMP messages
• Agent advertisements are extensions to ICMP router
advertisements
• The agent advertisements contain
– Sequence number
– Life-time of registration
– Flags
• Registration required
• Foreign agent or home agent
• Minimal encapsulation (RFC-2003)
• Generic Routing Encapsulation (GRE) (RFC-1701)
• Header compression used
– List of care-of-addresses
– Length of prefixes
The sequence numbers in the agent adverstisement
are similar to ”lollipop” sequence numbers in OSPF
65635
0 256
• If one of the number is < 256

– The higher number is ”higher”
• If both numbers are ≥ 256
– If (b-a) < (65635-256)/2 then b is ”higher”
• If the received is ”lower” than the previous, then the server has
been restarted
ÿ Register again
Alternative discovery mechanisms

• Periodic broadcast of ICMP messages wastes
transmission capacity, especially on wireless LANs
• The MN can detect changed location through media-level
information
– e.g. analyzing power of different basestations
• Instead of waiting, the MN can solicit the information
– Similar to ICMP router solicitation
– TTL = 1
– Agent replies with agent advertisement

Registration request
• Registration request message contains
– Message type = 1
– Flags
• FA co-located with MN
• preferred encapsulation
– Requested lifetime
• 0 = cancellation of previous
– Home address of MN
– HA address
– COA address
– Request identification
– Extensions
• E.g. authentication
Registration reply
• Registration reply message contains
– Message type = 3
– Reply code (granted or denied)
• Who denied (FA or HA)
• Why denied
– Accepted lifetime
• Same or smaller than requested lifetime
– Home address of MN
– HA address
– Request identification
• Same as in request
– Extensions
• E.g. authentication
Security issues (1)
• Attack types
– Attacker pretends to be a FA to capture traffic
– Attacker replays old registration messages
• Authentication extension proves the origin of the message and that

the contents has not been changed
– Security parameter index (SPI) together with HA, COA, or NM identifies
security context
– Shared secret, signature algorithm (e.g. keyed MD5) parameters of security
context
– Data and secret key ÿ authentication field
– MN to HA authentication mandatory
– FA to HA and MN to FA authentications optional
Security issues (2)

• Attack types
– Attacker pretends to be a FA to capture traffic
– Attacker replays old registration messages
• Two requests must not contain the same identification

– NTP timestamps (64-bit)
• Only requests with higher timestamps are accepted
• The timestamps must be close to the current time
– Random numbers used only once (nonce)

Encapsulation
• Basic encapsulation, RFC-2003
Source=HA,
Source=HA,Dest=COA,
Dest=COA, Source=CN,
Source=CN,Dest=MN,
Dest=MN, TCP
TCPheader
header
Protocol=IP in IP=4
Protocol=IP in IP=4 Protocol=TCP
Protocol=TCP ++data
data
New IP header Original IP packet
Compressed header:
• Minimal encapsulation, RFC-2004 Protocol type of encaps. packet
Source=HA,
Source=HA,Dest=COA,
Dest=COA, TCP
TCPheader
header (e.g. TCP), Destination address of
Compressed
Compressedheader
header
Protocol=Min.encaps=55
Protocol=Min.encaps=55 ++data
data encaps. packet, Optional source
address of encaps. packet, Header
New IP header Original IP packet checksum
• Generic Routing Encapsulation (GRE), RFC-1701

Source=HA,
Source=HA,Dest=COA,
Dest=COA, Encapsulation
Encapsulation Source=CN,
Source=CN,Dest=MN,
Dest=MN, TCP
TCPheader
header
Protocol=GRE=24
Protocol=GRE=24 parameters
parameters Protocol=TCP
Protocol=TCP ++data
data
New IP header GRE header Original IP packet

Parameters: Protocol type (similar to the one in Ethernet packet), optional checksum, optional
sequence number, optional authentication key, (source) routing field
Broadcast and multicast should only be

received by the MN, not the network of MN
• Easy if FA is colocated with MN
FA/MN HA
encapsulated packet
• Double encapsulation of broadcast/multicast traffic
MN FA HA
encapsulated packet double encapsulation
Source=HA,
Source=HA,Dest=COA,
Dest=COA, Source=HA,
Source=HA,Dest=MN,
Dest=MN, Source=CN,
Source=CN,Dest=bc,
Dest=bc, UDP
UDPheader
header
Protocol=encaps
Protocol=encaps Protocol=encaps
Protocol=encaps Protocol=UDP
Protocol=UDP ++data
data
New IP header Double encapsulation Original broadcast packet
• ICMP messages are encapsulated MNÿHA

• Instead, MN can subscribe to groups on the foreign network
Source address filtering is a problem in
Mobile IP (1)
• Why source address filtering?
– Address spoofing hides identity of attacker, helps targeting third parties’
replies, helps gaining privileges
• Source address filtering is performed in firewalls, between ISP and
customer, at peering points between provides, etc.
ÿ Packets sent by MN must be tunneled through the HA
FA
HA
MN CN
Source address filtering is a problem in

Mobile IP (2)
• FAs capable of tunneling packets back to HA, advertise it with a
flag in agent advertisement message
• The MN requests reverse tunneling
MN FA FA HA
ICMP router advertisement
ICMP router advertisement

(reverese tunnel capability)
register
(reverse tunneling) register
. . .

Considerations
• Path MNÿCN is shorter than the path CNÿMN
– Asymmetry
• If the MN moves relatively fast, it must choose a new FA
often
ÿ Many registration messages to HA
Mobile IPv6

Mobility in IPv6
• Discovery performed with IPv6 neighbor discovery and
address configuration mechanisms
• Security ÿ MN can notify their COA to the CN in
addition to the HA
• Efficient encapsulation with the source routing header
Discovery
• The MN and FA are usually colocated ÿ No separate FA
• Hosts listen to router advertisements to the learn prefixes
of the link
– Hosts can detect that they are visiting a foreign network
• COA obtained with address configuration procedures
• Routers willing to act as home agents indicate it in the
router advertisement

Binding updates (1)
• Binding performed using destination options
– Binding update – informs about the new COA
– Binding ack – acknowledges the COA
– Binding request – To request information about the current
COA
– Home address – Identifies the home address of the MN
• Authentication with the security option
Binding updates (2)

• COA transmitted in source address of IPv6 header
• Home address in the Home Address option
MN HA
Binding update (lifetime, seq.num)

Home address
Security
Binding ack (result code, lifetime,

update refresh period, seq.num,
optional list of home agents)

Source address filtering is
not a problem in IPv6
• The mobile node does not put its home address in the
IPv6 header. Instead, the home address is sent in the
Home Address option. The IPv6 header contains the
COA.
• Mandatory requirement.
The MN can send a binding update

to the CN to optimize the route
MN HA CN
packets packets
Note: if the COA
changes a new binding Binding update
update must be sent to ack
Binding ack ack requested
requested
all CNs that are Yes
sending directly
packets
no
no update
update and
and
Binding request timer
timer expires
expires
Yes
want
want to
to update
update
Yes Binding update
ack
ack requested
requested
Binding ack Yes
IPv6 uses the routing header
instead of encapsulation
MN HA CN
insert routing header Packet

Packet insert routing header
Routing header ÿCOA
Packet (source addr.=COA)

Home address option
Security (AH, ESP) sender
sender is
is MN
MN
Binding update store the COA
store the COA
Packet
Routing header ÿCOA
Security (AH, ESP)
Binding ack

Introduction To Ipv6: (Chapter 4 in Huitema)

Uploaded by

Copyright:

Available Formats

Introduction To Ipv6: (Chapter 4 in Huitema)

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introduction To Ipv6: (Chapter 4 in Huitema)

Uploaded by

Copyright:

Available Formats

Introduction to IPv6

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-2

• Differences between v4 and v6

Fragmentation is performed by the sender

• Offset: Least significant 132 bits of 16-bit word

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-6

Internet Control Message Protocol Version 6

Neighbor discovery in IPv6 replaces ARP

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-11

The sender needs feedback from the destiation

• Prefix information option contains list of prefixes with parameters

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-16

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-17

The traffic to a mobile node is tunneled from

normal forwarding CN normal forwarding

A lost request is resent by MN

Discovery of a Home Agent or Foreign Agent

• If one of the number is < 256

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-21

Alternative discovery mechanisms

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-22

• Authentication extension proves the origin of the message and that

Security issues (2)

• Two requests must not contain the same identification

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-26

New IP header Original IP packet

• Generic Routing Encapsulation (GRE), RFC-1701

New IP header GRE header Original IP packet

Broadcast and multicast should only be

New IP header Double encapsulation Original broadcast packet

• ICMP messages are encapsulated MNÿHA

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-30

Source address filtering is a problem in

ICMP router advertisement

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-31

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-32

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-33

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-34

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-35

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-36

Binding updates (2)

Binding update (lifetime, seq.num)

Binding ack (result code, lifetime,

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-37

S-38.121 / Fall-04 / N Beijar IPv6,Mobility-38

The MN can send a binding update

insert routing header Packet

Packet (source addr.=COA)

You might also like