Limitations of IPv4 - Networking Stuffs - 1

[ganeshbala]

Understanding the Limitations of IPv4

Before moving on the to an in-depth discussion of IPv6, lets first look at the limitations of IPv4:

    * The IPv4 addresses are somewhat scarce, even though it allows for 4,294,967,296 possible addresses. Because of this limitation, organizations are forced to utilize Network Address Translator (NAT) to map a public IP address to several private IP addresses. NAT typically creates performance and application bottlenecks.
    * The increase in devices that are connected to the Internet would lead to the depletion of IPv4 address space. There is a growing shortage of IPv4 addresses.
    * The majority of networks that use IPv4 manually configure addresses, or use a protocol such as Dynamic Host Configuration Protocol (DHCP). There is a need for a simpler configuration that does not require management of a DHCP infrastructure as well, and that allows for the automatic configuration of IP addresses.
    * The IPv4 Type of Service (TOS) field has limited functionality, and the need exists for enhanced quality of service (QoS).
    * Any payload identification that uses a Transmission Control Protocol (TCP) port or a User Datagram Protocol (UDP) port does not occur when the IPv4 packet payload is encrypted.
    * With more organizations connecting to the Internet, there is a need for security at the IP level. While Internet Protocol Security (IPSec) exists as an optional solution for providing security in IPv4, the proprietary security solutions are still dominant.

An Introduction to IPv6

IPv6 is defined in RFC 2460, and can be used in operating systems today. The advantages of IPv6 are listed below:

    * Large address space: Because of the larger number of available addresses, it is no longer necessary to use utilize Network Address Translator (NAT) to map a public IP address to multiple private IP addresses. IPv6 has 128-bit source and destination addresses, and is designed to allow for multiple levels of subnetting.
    * A new header format which offers less overhead: The new header format of IPv6 is designed to minimize header overhead. All optional fields which are needed for routing are moved to extension headers. These extension headers are located after the IPv6 header. The IPv6 header format is also streamlined so that it is more efficiently processed at intermediate routers. The number of bits in IPv6 addresses is four times larger than IPv4 addresses. The actual size of the IPv6 header is only twice the size of the IPv4 header.
    * An efficient hierarchical addressing and routing infrastructure: The IPv6 global addresses are designed to create an efficient routing infrastructure. The backbone routers of an IPv6 Internet have small routing tables. This is in line with the routing infrastructure of global ISPs.
    * Built in support for security - IPSec: A requirement of IPv6 is support for IPSec. IPSec contains the following components that provide security:
          o Authentication header (AH): The AH provides data authentication, data integrity and replay protection for the IPv6 packet. The only fields in the IPv6 packet that are excluded are those fields that change when the packet moves over the network.
          o Encapsulating Security Payload (ESP) header: The ESP header provides data authentication, data confidentiality, data integrity, and replay protection for ESP encapsulated payload
          o Internet Key Exchange (IKE) protocol: The IKE protocol is used to negotiate IPSec security settings.
    * Support for Stateless and stateful address configuration: IPv6 can support a stateful address configuration and a stateless address configuration. With IPv4, hosts configured to use DHCP have to wait a minute before they can configure their own IPv4 addresses. Stateless address configuration however enables a host on a link to automatically configure its own IPv6 address for the link. These addresses are called link-local addresses. A link-local address is configured automatically, even when no router exists, and in a second. This allows communication between neighboring nodes on the same link to occur immediately.
    * Support for Quality of service (QoS) header fields: There are new fields in the IPv6 header that specify the way traffic is identified and handled.
          o Traffic Class field: This field defines traffic that must be prioritized.
          o Flow Label field: This field enables the router to identify packets, and also handle packets that are part of the identical flow in a special way.
    * Unlimited extension headers: You can add extension headers after the IPv6 header if you want to extend IPv6 for any new features.
    * The Neighbor Discovery (ND) protocol for managing nodes on the same link: Neighbor Discovery is a series of Internet Control Message Protocol for IPv6 (ICMPv6) messages that are used in IPv6 environments to identify the relationships between neighboring nodes. ND enables hosts to discover routes on the same segment, addresses and address prefixes. Address Resolution Protocol (ARP), ICMPv4 Router Discovery and ICMPv4 Redirect messages are replaced with the more efficient multicast and unicast Neighbor Discovery messages.

The common IPv6 terminology and concepts used are listed below:

    * Address: This is an identifier that is used as the source of, or destination of IPv6 packets.
    * Packet: This is protocol data unit (PDU) which is found at the IPv6 layer. A packet contains the following components:
          o IPv6 header
          o Payload
    * Node: Refers to a device, such as hosts and routers, running IPv6.
    * Host: Refers to a node that has the following characteristics:
          o Cannot forward packets which are not explicitly addressed to it.
          o Discards packets which are not explicitly addressed to it.
          o A host is usually the source and destination of IPv6 packets.
    * Router: Refers to a node that has the following characteristics:
          o Can forward packets which are not explicitly addressed to it.
          o Can advertise its presence
          o Can advertise host configuration information
    * Neighbors: Refers to nodes which are connected to the same link.
    * Network: Refers to at least two subnets which are connected by routers.
    * Subnet/network segment: Refers to a link(s) that utilize the identical 64-bit IPv6 address prefix.
    * Local area network (LAN) segment: This is the portion of an IPv6 link which has a single medium bounded by Layer 2 switches or bridges.
    * Link: Refers to LAN segments which are bounded by routers.
    * Interface: Refers to the physical or logical attachment of a node to a link. A network adapter is regarded as a physical interface, while a tunnel is considered a logical interface.
    * Link maximum transmission unit (MTU): The link MTU refers to the number of bytes that can be transmitted on a link. This is the same as the maximum payload size of the link-layer technology
    * Path maximum transmission unit (MTU): This is the maximum IPv6 packet size which can be transmitted with no host fragmentation occurring between a source and destination over a path.
    * Upper-layer protocol: Refers to a protocol that uses IPv6 as its transport, and includes Internet layer protocols and Transport layer protocols.

The main differences between IPv6 and IPv4 are summarized below:

    * Source and destination addresses:
          o IPv4: 128 bits in length
          o IPv6: 32 bits in length
    * IPSec support:
          o IPv4: Optional
          o IPv6: Required.
    * Configuration of IP addresses:
          o IPv4: Manually or via DHCP
          o IPv6: Via Address Autoconfiguration - DHCP is no longer required, nor is manual configuration.
    * Packet flow identification for QoS handling in the header:
          o IPv4: No identification of packet flow
          o IPv6: Packet flow identification for QoS handling exists via the Flow Label field.
    * Broadcast addresses:
          o IPv4: Broadcast addresses are used to transmit traffic to all nodes on a specific subnet.
          o IPv6: Broadcast addresses are replaced by a link-local scope all-nodes multicast address.
    * Fragmentation:
          o IPv4: Performed by the sending host and at the routers.
          o IPv6: Performed by the sending host.
    * Reassembly:
          o IPv4: Has to be able to reassemble a 576-byte packet.
          o IPv6: Has to be able to reassemble a 1,500-byte packet.
    * ARP Request frames:
          o IPv4: Used by ARP to resolve an IPv4 address to a link-layer address
          o IPv6: Replaced with Neighbor Solicitation messages.
    * ICMP Router Discovery:
          o IPv4: Used to determine the IPv4 address of the optimal default gateway.
          o IPv6: Replaced with ICMPv6 Router Solicitation and Router Advertisement messages
    * Internet Group Management Protocol (IGMP):
          o IPv4: Used to manage local subnet group membership.
          o IPv6: Replaced with Multicast Listener Discovery (MLD) messages.
    * Header checksum:
          o IPv4: Included
          o IPv6: Excluded

An Overview of the IPv6 Address Space

One of the key features of IPv6 is its large address space. IPv4 has a 32-bit address space that provides for 4,294,967,296, possible addresses. The 128-bit address space of IPv6 provides for 2128, or 340,282,366,920,938,463,463,374,607,431,768,211,456 possible addresses. Using 128 bits for the address space allows for a hierarchical addressing and routing infrastructure. The IPv6 address space is divided on the basis of the high-order bits values. When referring to the high-order bits and its fixed values, the terminology Format Prefix (FP) is used.

The allocation of the IPv6 address space by FPs, as defined by RFC 2373, is listed below:

    * Reserved: Format Prefix: 0000 0000; Fraction of the address space: 1/256
    * Unassigned: Format Prefix: 0000 0001; Fraction of the address space: 1/256
    * Reserved for Network Service Access Point (NSAP) allocation: Format Prefix: 0000 001; Fraction of the address space: 1/128
          o Unassigned: Format Prefix: 0000 010; Fraction of the address space: 1/128
          o Unassigned: Format Prefix: 0000 011; Fraction of the address space: 1/128
          o Unassigned: Format Prefix: 0000 1; Fraction of the address space: 1/32
          o Unassigned: Format Prefix: 0001; Fraction of the address space: 1/16
          o Aggregatable global unicast addresses: Format Prefix: 001; Fraction of the address space: 1/8
          o Unassigned: Format Prefix: 010; Fraction of the address space: 1/8
          o Unassigned: Format Prefix: 011; Fraction of the address space: 1/8
          o Unassigned: Format Prefix: 100; Fraction of the address space: 1/8
          o Unassigned: Format Prefix: 101; Fraction of the address space: 1/8
          o Unassigned: Format Prefix: 110; Fraction of the address space: 1/8
          o Unassigned: Format Prefix: 1110; Fraction of the address space: 1/16
          o Unassigned: Format Prefix: 1111 0; Fraction of the address space: 1/32
          o Unassigned: Format Prefix: 1111 10; Fraction of the address space: 1/64
          o Unassigned: Format Prefix: 1111 110; Fraction of the address space: 1/128
          o Unassigned: Format Prefix: 1111 1110 0; Fraction of the address space: 1/512
          o Link-local unicast addresses: Format Prefix: 1111 1110 10; Fraction of the address space: 1/1024
          o Site-local unicast addresses: Format Prefix: 1111 1110 11; Fraction of the address space: 1/1024
          o Multicast addresses: Format Prefix: 1111 1111; Fraction of the address space: 1/256

The Components of an IPv6 Packet

An IPv6 packet has the following components:

    * IPv6 Header: The IPv6 header always exists in an IPv6 packet. The size of the IPv6 header is fixed at 40 bytes. The fields in the IPv6 header are:
          o Version: Indicates that the version of IP is version 6. This field is equivalent to the version field in IPv4.
          o Traffic Class: Indicates the class or priority of the IPv6 packet. This field is much like the Type of Service field in IPv4.
          o Flow Label: Indicates that the particular packet is part of a sequence of packets.
          o Payload Length: Indicates the length of the payload. The field includes upper-layer protocol data unit (PDU) and extension headers.
          o Next Header: Indicates the type of the first extension header, and the protocol in the upper-layer PDU. The values of the Next Header field for an IPv6 header or IPv6 extension header are:
                + 0; Hop-by-Hop Options header
                + 6; TCP
                + 17; UDP
                + 41; Encapsulated IPv6 header
                + 43; Routing header
                + 44; Fragment header
                + 50; Encapsulating Security Payload header
                + 51; Authentication header
                + 58; ICMPv6
                + 59; No next header
                + 60; Destination Options header
          o Hop Limit: Indicates the maximum number of links that the IPv6 packet can pass over, prior to it being dropped. This field is much like the TTL field in IPv4.
          o Source Address: Indicates the address of the host sending the packet.
          o Destination Address: Indicates the address of the destination node.
    * Extension Headers: The IPv4 header and its options are replaced by the IPv6 header and extension headers. IPv6 extension headers have no maximum size and can have different lengths. The Next Header field signifies the first extension header, and another Next Header field exists in each extension header. The final extension header defines the header for the upper-layer protocol.

      RFC 2460 recommends the following order for locating extension headers after the IPv6 header:
         1. Hop-by-Hop Options header: This header can be used to define delivery options at each hop to the destination. The Hop-by-Hop Options header has a Next Header, Header Extension Length, and Options field.
         2. Destination Options header: This header can be used to indicate packet options for the intermediate destinations or the final destination. The Destination Options header has a Next Header, Header Extension Length, and Options field.
         3. Routing header: The Routing header can be used to indicate a source route. This defines the intermediate destinations which the packet travels to the final destination. The Routing header has a Next Header field, Header Extension Length field, Routing Type field, Segments Left field, and routing type data.
         4. Fragment header: This header is used for fragmentation and reassembly in IPv6. Source nodes are the only nodes that can fragment packets in IPv6. The Fragment header has a Next Header field, Fragment Offset field, More Fragments flag and Identification field.
         5. Authentication header: The Authentication header provides the following essential security features for IPv6 packets: data authentication, data integrity, and anti-replay protection. The Authentication header has a Next Header field, Payload Length field, Reserved field, Security Parameters Index (SPI) field, Sequence Number field and Authentication Data field.
         6. Encapsulating Security Payload header: This header provides the following security features for the encapsulated payload: data authentication, data confidentiality, data integrity, and replay protection. The ESP header has a SPI field, Sequence Number field, and an ESP trailer. The ESP trailer contains a Padding, Padding Length, Next Header and Authentication Data field.
         7. Destination Options header: Defines the final destination.
    * Upper-layer protocol data unit (PDU): The upper-layer protocol data unit (PDU) contains the following components:
          o Upper-layer protocol header
          o Upper-layer protocol payload