Transcript IPv6 - Southern Oregon University

IPv6
This will be real shortly
•
•
•
•
•
•
•
Packet format
Header format and contents
Address space & allocation
Header extensions
Fragmentation
ICMPv6
Security
Ipv6





Internet Protocol
Connectionless communication
Best effort delivery
Virtual addressing
Address is 128 bits
2128 = 340,000,000,000,000,000,000,000,000,000,000,000,000


Provides for some increase in security
Increases the address space from 232 to 2128
A modest increase of
296 = 90,000,000,000,000,000,000,000,000,000
Ipv6 RFC's

RFC 2460 – Ipv6 Specification
RFC 2373 – Addressing Architecture
RFC 2463 – ICMP
RFC 2473 – Packet Tunneling
RFC 2675 - Jumbograms
RFC 2732 – Ipv6 addresses in URL's
RFC 3041 – Privacy Extensions
RFC 2464 – Ipv6 over Ethernet
RFC 3879 – SiteLocal Addresses

Plus many others








IPv6 Datagram Format
Total datagram size constraints
Maximum 216 -1
bytes, unless!
Header length 10 32-bit words (40 bytes)
Plus other headers
1st Header
...
nth Header
Payload
IPv6 Datagram Header
Bit 0
Word 0
Word 1
3 4
Ver
Traffic Class
11
12
Payload Length
Word 3
Source Address
4 * 4 * 8 bits
Word 7
Destination Address
4 * 4 * 8 bits
15
16
Flow Label
Next Header
23
24
31
Hop Limit
IP Datagram (cont)
Ver
Traffic Class
Flow Label
Payload Length
IP Version 6
8 bit priority value
May indicate special handling
Actual length of payload including all
extension headers or 0
Next header
8-bits that identifies the next header
Similar to protocol field in IPv4
Hop limit
Similar to IPv4 ttl
Source Address
IP address of sender
Destination Address
IP address of destination
Definitons
Node:
A device that implements Ipv6
Router:
A node that forwards Ipv6 packets not explicitly addressed to itself.
Host:
Any node that is not a router.
Link:
Layer 2 communication link over which nodes can communicate.
Neighbors:
Nodes attached to the same link.
Interface:
A node's attachment to a link.
Address:
An IPv6 identifier for an interface or set of interfaces.
Packet:
An IPv6 header plus payload.
Ipv6 Address Types
Unicast:
An identifier for a single interface. A packet sent to a unicast
address is delivered to that addressed interface.
Anycast:
An identifier for a set of interfaces. A packet sent to an
anycast address is delivered to one (usually the neaest) of the
addressed interfaces.
Multicast:
An identifier for a set of interfaces. A packet sent to a
multicast address is delivered to all interfaces identified by
that address.
Broadcast:
No longer. Must use multicast.
IPv6 Address Model
Addresses are assigned to interfaces not to nodes.
Every interface is required to have at least one link-local unicast address.
An interface may have multiple addresses.
A subnet prefix is associated with one link.
Multiple subnets may be assigned to the same link.
IPv6 Address Representation
Generally an IPv6 address is 8 16 bit hex numbers separated by :'s.
For example:
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
1080:0000:0000:0008:0080:200C:417A:1234
1080:0:0:8:80:200C:417A:1234
(Note: the last two are equivalent)
Leading zeros can be suppressed within a field.
Ipv6 Address Representation
(cont'd)
Ipv6 addresses tend to have way to many zeros. Sometimes these
strings of zeros can be compressed.
:: indicates multiple groups of 16-bits of zeros.
Only one :: per address.
:: can be used to compress both leading and trailing zeros.
For example:
1080:0:0:0:8:800:200C:417A
FF01:0:0:0:0:0:0:101 FF01::101
0:0:0:0:0:0:0:1
::1
0:0:0:0:0:0:0:0
::
1080::8:800:200C:417A
IPv4 Addresses in
IPv6 Addresses
IPv4 addresses can be embedded within an IPv6 address.
Generally it looks like x:x:x:x:x:x:d.d.d.d
For example:
0:0:0:0:0:0:13.1.68.3
0:0:0:0:0:FFFF:129.144.52.38
or ::13.1.68.3
or ::FFFF:129.144.52.38
IPv6 Address Prefixes
As in IPv4, IPv6 the network address is represented as an address prefix.
Usually indicated by a number of left most bits.
For example representations of the 60-bit prefix 12AB00000000CD3 (hex) are:
12AB:0000:0000:CD30:0000:0000:0000:0000/60
12AB::CD30:0:0:0/60
12AB:0:0:CD30::/60
Often both a node's address and it's prefix can be combined
12AB::CD30:1234:4567:89AB:CDEF/60
Address Types
Bit Number
0 1 2 3
4 5 6 7
Address prefix (binary)
0 0 0 0
0 0 0 0
0 0 0 1
0 0 0 0
Allocation
Reserved
Unassigned
1/256
1/256
0 0 0 0
0 0 0 0
0 0 1
0 1 0
NSAP Allocation
IPX Allocation
1/128
1/128
0 0 0 0
0 0 0 0
0 0 0 1
0 1 1
1
Unassigned
Unassigned
Unassigned
1/128
1/32
1/16
0
0
0
1
1
1
0
1
1
0
0
1
1
0
1
0
1
0
Global Unicast Addresses
Unassigned
Unassigned
Unassigned
Unassigned
Unassigned
1/8
1/8
1/8
1/8
1/8
1/8
Address Types cont'd
Bit Number
0 1 2 3
4 5 6 7
Address prefix (binary)
1 1 1 0
0
1 1 1 1
1 0
1 1 1 1
1 1 0
1 1 1 1
1 1 1 0
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 0
1 1 1 0
1 1 1 1
1 1 1 1
0
Allocation
Unassigned
Unassigned
Unassigned
Unassigned
Unassigned
1 0
1 1
Link-local unicast
Site-local unicast
Multicast Addresses
1/16
1/32
1/64
1/128
1/512
1/1024
1/1024
1/256
Special Addresses
0:0:0:0:0:0:0:0
Is the Unspecified address
The only permitted use of this address
is as the source address before the node
has learned its own address.
0:0:0:0:0:0:0:1
Is the Loopback address
Must never appear outside of a single node.
IPv4 Addresses
in IPv6 Addresses
0
0000 0000
80 bits
Something goes here
Node address
16 bits
32 bits
IPv4 Address
Unicast Addresses
0
127
128 bits
Node address
0
m bits
m-1
Subnet prefix
128-m bits
127
Interface ID
Node address
0
m bits
n bits
Subnet1 prefix
Subnet2 prefix
Node address
128-m-n bits
Interface ID
127
Interface Identifiers
0
63 64
64 bits
Subnet prefix, link address
64 bits
127
Interface ID
Node address
Interface IDs are used to identify interfaces on a link.
They must be unique on the link.
They may be unique over a broader scope, i.e. the entire net.
Often the interface ID is the interface's link-layer address, e.g.
The ethernet NIC's MAC address.
A single node with multiple interfaces may have the same interface ID's.
EUI-64 Interface Identifiers
Extended Unique Identifier
0
64 bits
63
Subnet prefix, link address
64 bits
127
Interface ID
Node address
EUI-64 Interface IDs have global scope when a global token is available.
|0
7|8
15|16
23|24
31|32
47|48
63|
cccc|ccug|cccc|cccc|cccc|cccc|mmmmmmmm|mmmmmmmm|mmmmmmmm|mmmmmmmm|mmmmmmmm
“c” are the company ID bits.
“m” are the company's extension identifier, as in IEEE ether net NICs.
“u” is the universal/local bit: u = 1 indicates global scope.
“g” is the individual/group bit
EUI-64 Interface Identifiers
for IEEE 802 MAC addresses
0
64 bits
63
Subnet prefix, link address
64 bits
127
Interface ID
Node address
EUI-64 Interface IDs should have global scope when a global token is available.
|0
7|8
15|16
23|24
31|32
47|48
63|
cccc|cc1g|cccc|cccc|cccc|cccc|11111111|11111110|mmmmmmmm|mmmmmmmm|mmmmmmmm
“c” are the company ID bits.
“m” are the company's extension identifier, as in IEEE ether net NICs.
Global scope.
“g” is the individual/group bit
Local-Use IPv6 Addresses
Link-Local addresses
10 bits
54 bits
1111111010
0
64 bits
Interface ID
Auto-address configuration, neighbor discovery
Site-Local addresses (deprecated in 2004)
10 bits
1111111011
38 bits
0
16 bits
Subnet ID
64
bits
Interface ID
Addressing inside a site without the need for a global prefix.
This the site-local address type has be deprecated by RFC 3879, 9/04.
Aggregatable Global Unicast
Addresses
Provides support for current provider based aggregation
and exchanges, a new type of aggregation.
Bits | 3| 13
FP
TLA
ID
FP
TLA ID
RES
NLA ID
SLA ID
Interface ID
| 8
|
RES
24
NLA
ID
|
16
SLA
ID
Format prefix = “001”
Top Level Aggregation Identifier
Reserved for future use
Next-Level Aggregation Identifier
Site-Level Aggregation Identifier
Interface Identifier
Reference: RFC 2374
|
64
bits
Interface ID
|
Aggregatable Global Unicast
Addresses for Testing
Provides support for 6bone IPv6 testing.
Bits | 3| 13
FP
TLA
ID
FP
TLA ID
RES
NLA ID
SLA ID
Interface ID
| 8
|
RES
24
NLA
ID
|
16
|
SLA
ID
Format prefix = “001”
0x1ffe - Top Level Aggregation Identifier
Reserved for future use
Next-Level Aggregation Identifier
Site-Level Aggregation Identifier
Interface Identifier
Reference: RFC 2471
64
bits
Interface ID
|
Multicast IPv6 Addresses
Multicast addresses
An identifier for a group of nodes
A node may belong to any number of multicast groups
|
8
| 4
| 4
11111111 flgs scope
|
112 bits
group ID
Multicast addresses must never be used
as a source address in IPv6.
|
Multicast IPv6 Addresses
(cont'd)
Multicast addresses
|
8
| 4
| 4
|
11111111 Flgs scope
Flgs is a set of 4 flags:
112 bits
group ID
0 | 0 | 0 | T
The first 3 bits of “flgs” are reserved and must be (0) zero.
T = 0 indicates a permanently assigned multicast address
This address is assigned by the global Internet numbering authority
T = 1 indicates a non-permanently assigned multicast address
|
Multicast IPv6 Addresses
(cont'd)
Multicast addresses
|
8
| 4
| 4
11111111 flgs scope
|
112 bits
group ID
“scope” is a 4-bit multicast scope value to limit the scope of the multicast group.
reserved
0, F
unassigned
3, 4, 6, 7, 9, A, B, C, D
node-local
1
link-local
2
site-local
5
organization-local 8
global E
|
Multicast IPv6 Addresses
(cont'd)
Examples of multicast addresses
Assume that NTP is assigned a permanent multicast group ID of 0x101, then:
FF01:0:0:0:0:0:0:101 means
FF02:0:0:0:0:0:0:101 means
FF05:0:0:0:0:0:0:101 means
FF0E:0:0:0:0:0:0:101 means
all
all
all
all
NTP
NTP
NTP
NTP
servers
servers
servers
servers
on
on
on
on
the
the
the
the
same node as the sender.
same link as the sender.
same site as the sender.
internet.
All nodes addresses
node-local and Link-local:
All routers addresses
node-local, Link-local and site-local:
FF01:0:0:0:0:0:0:1
FF02:0:0:0:0:0:0:1
FF01:0:0:0:0:0:0:2
FF02:0:0:0:0:0:0:2
FF05:0:0:0:0:0:0:2
The following multicast addresses are reserved and shall never be assigned to any group:
FF0X:0:0:0:0:0:0:0
where X ranges from 0 – F.
Required Addresses
A node is required to recognize the following addressses
as itself:
–
–
–
–
–
Its link-local address
Assigned unicast addresses
Loopback address
All-nodes multicast address
Solicited-node multicast
Frame 15 (70 bytes on wire, 70 bytes captured)
Ethernet II, Src: 00:0d:93:88:6a:48, Dst: 33:33:00:00:00:02
Destination: 33:33:00:00:00:02 (Ipv6-Neighbor-Discovery_00:00:00:02)
Source: 00:0d:93:88:6a:48 (AppleCom_88:6a:48)
Type: IPv6 (0x86dd)
Internet Protocol Version 6
Version: 6
Traffic class: 0x00
Flowlabel: 0x00000
Payload length: 16
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source address: fe80::20d:93ff:fe88:6a48 (fe80::20d:93ff:fe88:6a48)
Destination address: ff02::2 (ff02::2)
Internet Control Message Protocol v6
Type: 133 (Router solicitation)
Code: 0
Checksum: 0x7f72 (correct)
ICMPv6 options
Type: 1 (Source link-layer address)
Length: 8 bytes (1)
Link-layer address: 00:0d:93:88:6a:48
0000
0010
0020
0030
0040
33
00
93
00
00
33
00
ff
00
0d
00
00
fe
00
93
00
10
88
00
88
00
3a
6a
00
6a
02
ff
48
02
48
00
fe
ff
85
0d
80
02
00
93
00
00
7f
88
00
00
72
6a
00
00
00
48
00
00
00
86
00
00
00
dd
00
00
00
60
02
00
01
00
0d
00
01
33........jH..`.
....:...........
....jH..........
.........r......
....jH
Ethernet frame header (6 bytes dst, 6 bytes src 2 bytes size/type):
0000
33 33 00 00 00 02 00 0d 93 88 6a 48 86 dd
Ipv6: Ver, Type, Flow, Payload Length, Next Header, hop limit
0000
60 00
0010 00 00 00 10 3a ff
Next header 3a = 58 – ICMP
Source Address:
0010
fe 80 00 00 00 00 00 00 02 0d
0020 93 ff fe 88 6a 48
1111 1110 0100 0000::0 0010 0d: 93 ff fe 88: 6a 48
link local address c
ug cc cc
Mac Address
Destination Address (multicast all nodes link-local):
0020
ff 02 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 02
ICMP Message (Type 85 = 133 – router solicitation) :
Type
Checksum
0030
85 Code
00 Checksum
7f 72 Reserved
00 00 00 00
TLV Type
01
Length of this TLV Header in 8-octet units 01
Source Link layer address
0040 00 0d 93 88 6a 48
IPv6 Datagram
Extension Headers
Bit 0
Word 0
Word 1
Word 3
3 4
Ver
11 12
Traffic Class
Payload Length
Source Address
4 * 4 * 8 bits
Word 7
Destination Address
4 * 4 * 8 bits
Word 11
Extension Headers
15 16
23 24
31
Flow Label
Next Header
Hop Limit
Extension Headers
Currently defined extension headers
Next Header Value
–
–
–
–
–
–
–
–
Hop-by-Hop Options
0
Routing Header 43
Fragment Header 44
Destination Options
60
Authentication 51
Encapsulating Security Payload50
ICMP Header
58
No next header 59
Extension Headers
Next header values also indicate the
protocol field that follows the extension
headers.
Next Header Value
– TCP
– UDP
– OSPF
1
17
89
Extension Header Order
–
–
–
–
–
–
–
–
–
–
IPv6 header
Hop-by-Hop Options header
Destination Options header
Routing header
Fragment header
Authentication header
Encapsulating Security Payload header
Destination Options header
ICMP header
Upper-layer header
Hop-by-Hop Options Header
This header carries additional information that must be examined by every
node along the packet's delivery path.
7 8
Bit 0
Next Header
15 16
Hdr Ext Len
Options
Next Header
Hdr Ext Len
Options
8-bit selector identifies the type of the next header.
8-bit unsigned integer indicating the length of this header
in 8-octet units, not including the first 8 octets.
Contains one or more TLV-encoded options and padding
so that the entire header is and integer multiple of
8-octets long.
31
TLV (type-length-value)
Encoded Options
This header carries additional information that must be examined by every
node along the packet's delivery path.
7 8
Bit 0
Option Type
15 16
Opt Data Len
31
Option Data
Option Type
8-bit identifier of the type of option.
Opt Data Len
8-bit unsigned integer indicating the length of the option
data field of this option, in octets
Options
Variable length field. Option-Type_specific data.
TLV Option Types
The Option Type identifiers are internally encoded such that that the highestorder 2 bits specify the action that must be taken. The third highest bit
specifies whether or not the Option Data may be changed. These are used
primarily for padding within the options area of a header.
Bit 0
7 8
1|2|3|4|5|6|7|8
Bit
1
0
0
1
1
2 3
0
1
0
1
0
1
15 16
Opt Data Len
31
Option Data
Action Taken if the option type is not recognized
Skip over this option and continue processing the header
Discard packet
Discard packet and send ICMP Parameter Problem
Discard
Option Data does not change enroute
Option Data may change
Jumbograms (RFC 2147)
– Permit Datagrams larger than 65,535
Actually between 65,536 and 4,294,967,295 = 232 - 1
– A Jumbo Payload Option must be carried in a Hop-by-Hop
extension
– IP header must have payload length = 0
– Next Header = 0 – next header is a Hop-by-Hop header
– Can be used only on links with large enough MTU's
– Cannot carry a Fragment Header
– Payload can be either TCP or UDP
Jumbograms
Bit 0
7 8
Next Header
15 16
Hdr Ext Len
31
Option Type
Opt Data Len
Jumbo Payload Length
Option Type
Opt Data Len
Payload Len
8-bit 0xC2 ( 11000010 Option data does not change)
8-bit value 4
32-bit unsigned integer
Routing Header
Bit 0
7 8
Next Header
15 16
Hdr Ext Len
Routing Type
31
Segments Left
Type-specific data
Next Header
Hdr Ext Len
Routing Type
Segments Left
Type-specific data
8-bit selector identifies the type of the next header.
8-bit unsigned integer indicating the length of this header
in 8-octet units, not including the first 8 octets.
8-bit identifier of a particular routing header variant.
8-bit unsigned integer indicating the number of nodes
to be visited.
Info required by the routing type.
Routing Header
Bit 0
7 8
Next Header
15 16
Hdr Ext Len
Routing Type
31
Segments Left
Type-specific data
Next Header
Hdr Ext Len
Routing Type
Segments Left
Type-specific data
8-bit selector identifies the type of the next header.
8-bit unsigned integer indicating the length of this header
in 8-octet units, not including the first 8 octets.
8-bit identifier of a particular routing header variant.
8-bit unsigned integer indicating the number of nodes
to be visited.
Info required by the routing type.
Type 0 Routing Header
Bit 0
7 8
Next Header
15 16
Hdr Ext Len
Routing Type
Reserved
Address 1
Address 2
. . .
Address n
31
Segments Left
Fragment Header
Bit 0
15 16
7 8
Next Header
Reserved
28 29
Fragment Offset
Res M
Identification
Next Header
Reserved
Fragment Offset
Res
M
Identification
31
8-bit selector identifies the type of the next header.
8-bit reserved field initialized to 0.
13-bit unsigned integer indicating the offset of this
fragment in 8-octet units.
2reserved field that is initialized to 0.
1-bit flag: 1 = more fragments; 0 = last fragment.
32 bits IP datagram identification number.
Fragmenting Packets
Unfragmentable
Part
Fragmentable
Part
Unfragmentable Part
Fragmentable Part
IPv6 Header and all extension headers.
The rest of the packet..
Original Packet
Unfragmentable
Part
First
fragment
Second
fragment
Unfragmentable
Part
Fragment
Header
First
fragment
Unfragmentable
Part
. . .
Fragment
Header
Second
fragment
Unfragmentable
Part
Fragment
Header
Last
fragment
Fragments
. . .
Last
fragment
Destination Options Header
This header carries optional information that must be examined only by a
packet's destination node. Again this is used primarily for padding.
7 8
Bit 0
Next Header
15 16
Hdr Ext Len
Options
Next Header
Hdr Ext Len
Options
8-bit selector identifies the type of the next header.
8-bit unsigned integer indicating the length of this header
in 8-octet units, not including the first 8 octets.
Contains one or more TLV-encoded options and padding
so that the entire header is and integer multiple of
8-octets long.
31
Size Issues
• IPv6 requires that every link in the
internet have an MTU of 1280 octets or
greater.
• Otherwise there must a provision in Layer
2 for fragmentation and reassembly.
ICMPv6
• Internet Control Message Protocol Ver. 6
• RFC 2463
• Used to
• Return error codes
• Return informational messages
• Sent within an IP datagram
• Next Header value of 58
• Highly abused protocol
ICMPv6
Message Codes
• Error Messages: Code 0 – 127
•
•
•
•
1
2
3
4
Destination Unreachable
Packet too big
Time exceeded
Parameter problem
• Informational Messages: 128 – 255
• 128
• 129
Echo request
Echo reply
ICMP Message
General Format
Bit 0
15 16
7 8
Type
Code
31
Checksum
Message Body
The Type field indicates the type of the message and determines
the format of the remaining data.
The Code field depends on the message type.
Checksum detects data corruption.
Destination Unreachable Message
15 16
7 8
Bit 0
Type
31
Checksum
Code
Unused
As much of the invoking packet without
exceeding the my
Type
Code
1
0
1
2
3
4
–
–
–
–
–
no route to destination
communication with destination admin prohibited
not assigned
address unreachable
port unreachable
Packet Too Big
Message
15 16
7 8
Bit 0
Type
31
Checksum
Code
MTU
As much of the invoking packet without
exceeding the my
Type
2
Code
0 – set by sender, ignored by receiver.
MTU
The Maximum Transmission of the next-hop link.
Time Exceeded
Message
15 16
7 8
Bit 0
Type
31
Checksum
Code
Unused
As much of the invoking packet without
exceeding the my
Type
3
Code
0 – hop limit exceeded in transit
1 – fragment reasssembly time exceeded
Unused set to 0 by sender, ignored by receiver.
Parameter Problem
Message
15 16
7 8
Bit 0
Type
31
Checksum
Code
Pointer
As much of the invoking packet without
exceeding the my
Type
Code
4
0 –
1 –
2 –
Pointer The
the
erroneous header field encountered
unrecognized Next Header type encountered
unrecognized IPv6 option encountered
octet offset of the error within
invoking packet
Echo Request
Message
15 16
7 8
Bit 0
Type
31
Checksum
Code
Identifier
Sequence Number
Data ...
Type
Code
Identifier
Seg. No.
Data
128
0
An identifier to aid in matching Echo Replies
to this Echo Request. May be zero.
An identifier to aid in matching Echo Replies
to this Echo Reauest. May be zero.
Zero or more octets of arbitrary data.
Echo Reply
Message
Bit 0
15 16
7 8
Type
31
Checksum
Code
Identifier
Sequence Number
Data ...
Type
Code
Identifier
Seg. No.
Data
129
0
The identifier the invoking Echo Reauest.
The sequence number from the invoking
Echo Request.
The data from the invoking Echo
Request message.
Other Informational
Messages
RFC 2461
Neighbor Discovery
Neighbor Discovery protocol is used to discover nodes on
the same link, their link-layer addresses and to find routers.
These are ICMP Informational Messages
Type
Code
Name
133
134
135
136
137
0
0
0
0
0
Router Solicitation
Router Advertisement
Neighbor Solicitation
Neighbor Advertisement
Redirect
Router Solicitation
Message
Hosts send Router Solicitations in order to prompt routers to
generate Router Advertisements quickly.
Bit 0
15 16
7 8
Type
Code
31
Checksum
Reserved
Options ...
Type
Code
Identifier
Reserved
Options
133
0
The identifier the invoking Echo Reauest.
Set to zero
Source link-layer address
Router Advertisement
Message
Routers send out Router Advertisement message periodically,
or in response to a Router Solicitation.
Bit 0
15 16
7 8
Type
Current hop
limit
Code
M O Reserved
Reachable Time
Retrans Time
Options ...
31
Checksum
Router Lifetime
Router Advertisement
Fields
Type
Code
Cur Hop Limit
M
O
Reserved
Router Lifetime
134
0
8-bit unsigned int. Default value that
should be placed in the Hop Count field
of the IP header.
1-bit “Managed address configuration flag.
1-bit “Other stateful configuration” flag.
6-bit unsed field.
16-bit uint. Lifetime associated with
the default router in seconds,
max 18.2 hours.
Router Advertisement
Fields (cont'd)
Reachable Time
32-bir uint. The time, in milliseconds,
a node assumes a neighbor is reachable.
Retrans Time
32-bit uint. The time between retransmitted
Neighbor Solicitation messages.
Possible options:
Source link-layer address
The link-layer address of the interface
from which the Router Ad is sent.
MTU
Should be sent on links that have
a variable MTU.
Neighbor Solicitation
Message
Nodes send Neighbor Solicitations to request the link-layer address
of a target node while also providing their own link-layer address to the target.
Bit 0
15 16
7 8
Type
Checksum
Code
Reserved
Target Address
Options ...
31
Neighbor Solicitation
Fields
Type
Code
Reserved
Target Address
135
0
Unused
The IP address of the solicitation.
It must not be a multicast address.
Possible Options:
Source link-layer address
Link-layer address of the sender
Neighbor Advertisement
Message
A node sends Neighbor Advertisements in response to Neighbor Solicitations
and sends unsolicited Neighbor Advertisements in order to propagate
new information quickly.
Bit 0
15 16
7 8
Type
R S O
Code
Reserved
Target Address
Options ...
31
Checksum
Neighbor Advertisement
Fields
Type
Code
R
136
0
Router flag. When set indicates that
the sender is a router.
S
Solicited flag. When set indicates that
the ad was sent in response to
a Solicitation from the Destination address.
O
Override flag. Indicates that the ad should
override an existing cache entry.
Reserved
29-bit field that is unused.
Target Address
The Target Address field in the Solicitation.
Possible options:
Target link-layer address
Redirect Message
Routers send redirects to a host of a better first-hop.
Bit 0
15 16
7 8
Type
31
Checksum
Code
Reserved
Target Address
Destination Address
Options ...
Redirect Message
Fields
Type
Code
Reserved
Target Address
137
0
Unused
An IP address that is a better first hop
to use for the ICMP Destination Address.
Destination Address
The IP address of the destination which
is redirected to the target.
Possible options;
Target link-layer address
Link-layer address for the target.
Redirected Header
As much as possible of the IP packet
that triggered the sending of the
Redirect.
IPv6 Stateless
Address Autoconfiguration
Creates link-local addresses
Verifies its uniqueness on a link
Determines what information should be autoconfigured
Should a stateful mechanism be used
(i.e. Is there a DHCP close at hand)
Requires no manual configuration of hosts
Minimal configuration of routers
No additional hosts
IPv6 Stateless
Address Autoconfiguration
Routers advertise prefixes the subnet associated with a link.
Hosts generate an interface identifier.
Combined generates an IPv6 compliant address.
With no router, hosts can generate link-local addresses.
Good enough for communication among nodes attached
to the same link.
IPv6 Address Leases
IPv6 addresses are leased to an interface
– For a fixed length of time.
– May be infinite
An address is valid within its lease time.
Invalid otherwise.
For graceful lease expiration the address goes through
2 phases
– Preferred
– Deprecated
IPv6 Address Generation
Required when:
•
•
•
•
The interface is initialized at system startup
Reinitialized after failure
Reinitialized after sys mgnt disables
Interface attaches to a link for the first time
IPv6 Address Generation
Prepend the link-local prefix to the EUI-64 interface identifier.
FE80:0:0:0:Interface ID
Link-local addresses have infinite preferred and valid lifetimes
IPv6 Address Uniqueness
Ipv6 addresses should be unique.
The Duplicate Address Detection Algorithm is used.
The Duplicate Address Detection Algorithm uses
– Neighbor Solicitation
– Neighbor Advertisement
Possible DoS
– Claim every address is a duplicate
IPv6 Addresses
Privacy Considerations
Certain amount of surveillance can be performed if
Some part of your address remains constant over time.
Privacy advocates say bad, bad, bad.
Are you at the office or are you at home on a dialup, etc.
IPv6 Addresses
Randomized
1) Take the history from the previous iteration and append it to the
interface ID (IEEE 802 MAC address). If there is no previous
history generate a random number
2) Compute the MD5 hash of the above.
3) Take the left-most 64-bits. Set bit 6 to zero thus setting the
local/global bit indicating local. This is the interface ID.
4) Take the right-most 64-bits of the hash is step 2) and sve them in
the history value for the next iteration.