资源描述
按一下以編輯母片,第二層,第三層,第四層,第五層,#,6,技術理論與實務研習班,按一下以編輯母片標題樣式,96,1,Content,Introduction,IPv6 Addressing,IPv6 Header,ICMPv6,Neighbor Discovery,Address Autoconfiguration,Addressing Allocation Policy,Global IPv6 actions,1ContentIntroduction,2,Content,Introduction,IPv6 Addressing,IPv6 Header,ICMPv6,Neighbor Discovery,Address Autoconfiguration,Addressing Allocation Policy,Global IPv6 actions,2ContentIntroduction,3,IPv4,定址,IPv4,以32,bit,來做定址空間,共四十億個,IPv4,位址可用,IPv4,位址表示方式為,xxx.xxx.xxx.xxx,例如211.72.211.1,IPv4,定址架構(,classfull),如下,001 - 126 =,Class A,128 - 191 = Class B,192 - 223 = Class C,224 - 239 = Class D,240 - 254 = Class E,3IPv4定址IPv4以32bit來做定址空間,4,Problems with IPv4(1/2),Address depletion/ exhaustion and its implications,NAT (Network Address Translation),CIDR,IPv4 address allocation rate,4Problems with IPv4(1/2)Addres,5,Problems with IPv4(1/2),Scaling problems with Inter- domain routing,CIDR (Classless Inter-Domain Routing),Manual configuration required,DHCP (Dynamic Host Configuration Protocol),Multicast, Security, Quality of Service and Mobility,IP multicast, IPSec, DiffServ and IP mobility,Header and format limitations that limit future flexibility,5Problems with IPv4(1/2)Scalin,6,NAT,Network Address Translation allows a site to use private addresses behind a NAT gateway/ firewall when communicating locally,and then automatically get a global IPv4 address assigned from a smaller pool when needed for Internet communication,which requires changing the IPv4 header,s source address on the fly, which has a few problems.,6NATNetwork Address Translatio,7,Potential IPv6 Services,Broadband Access Subscribers,95% FTTH coverage by 2008,6 millions by 2008,3,G and WLAN Services,3G services to be launched in 4Q 2003,Public Hotspots deployment plan to make Taiwan a,“,Wireless Island,Home network and IA Services,e-Taiwan Projects will catalyze the development of home & IA,More IP addresses will be consumed,2. More advanced features (e.g. Mobility, Auto-configuration, QoS, Security) will be required,IPv6,7Potential IPv6 ServicesBroadb,8,Content,Introduction,IPv6 Addressing,IPv6 Header,ICMPv6,Neighbor Discovery,Address Autoconfiguration,Addressing Allocation Policy,Global IPv6 actions,8ContentIntroduction,9,Address Notation,以16進位,每16位元為單位並以,:,為區隔來表示,3,FFE:3600:4368:1234:0008:AB12:98CE:1000,IPv4,以十進位,每8位元為單位並以,為區隔來表示,如202.39.157.141,為使標示簡潔,位於一單位內前方之0可省略,3,FFE:3600:4368:1234:,8,:AB12:98CE:1000,為使標示簡潔,若有連續為0 之位元,可以,“,:,”,表示,但一個位址中只能使用一次,3,FFE:3600:1,與 3,FFE:3600:0000:0000:0000:0000:0000:0001,3FFE:3600:3:0000:1,與3,FFE:3600:0000:0000:0000:0003:0000:0001,9Address Notation以16進位,每16位元為單,10,IPv6 - Addressing Model,Addresses are assigned to interfaces,No change from IPv4 Model,Interface expected to have multiple addresses,Addresses have scope,Link Local,Site Local,Global,Addresses have lifetime,Valid and Preferred lifetime,Link-Local,Site-Local,Global,10IPv6 - Addressing Model Add,11,Basic Address Types,Unicast,Address of a single interface,Delivery to single interface,for one-to-one communication,Multicast,Address of a set of interfaces,Delivery to all interfaces in the set,for one-to-many communication,Anycast,Address of a set of interfaces,Delivery to a single interface in the set,for one-to-nearest communication,Nearest is defined as being closest in term of routing distance,M,M,M,A,A,A,U,11Basic Address TypesUnicastMM,12,Address Type Prefixes,Address type,Binary prefix,IPv4-compatible0000.0 (96 zero bits),global unicast001,link-local unicast1111 1110 10,site-local unicast1111 1110 11,multicast1111 1111,all other prefixes reserved (approx. 7/8ths of total),anycast addresses allocated from unicast prefixes,12Address Type Prefixes Addre,13,Aggregatable Global Unicast Addresses,TLA(Top Level Aggregator) = 13 bits,TLA routers(default-free router) do not have a default route, only route with 16 bits prefix,may be assigned to providers or exchanges,Res= 8 bits,Reserved for future use in expanding the size of either the TLA or NLA,NLA(Next Level Aggregator)= 24 bits,SLA(Site level Aggregator)= 16 bits,Public topology,Collection of larger and smaller ISP,Site topology,Collection of subnets within an organization,s site,site,topology,(16 bits),interface,identifier,(64 bits),public,topology,(45 bits),interface ID,subnet,NLA,TLA,001,Res,13Aggregatable Global Unicast,14,Link-Local Unicast Addresses,meaningful only in a single link zone, and may be re-used on other links,Link-local addresses for use during auto-configuration and when no routers are present,Required for Neighbor Discovery process, always automatically configuration,An IPv6 router never forwards link-local traffic beyond the link,Prefix= FE80:/64,interface ID,0,1111111010,10,bits,54,bits,64,bits,14Link-Local Unicast Addresse,15,Site-Local Unicast Addresses,meaningful only in a single site zone, and may be re-used in other sites,Equivalent to the IPv4,private address,space,Address are not automatically configured and must be assigned,Prefix= FEC0:/48,subnet ID,interface ID,0,1111111011,10,bits,38,bits,64,bits,16,bits,15Site-Local Unicast Addresse,16,Special IPv6 address,Unspecified address(0:0:0:0:0:0:0:0 or :),Indicate the absence of an address,Equivalent to IPv4 0.0.0.0,Never assigned to an interface or used as a destination address,Loopback address (0:0:0:0:0:0:0:1 or :1),Identify a loopback interface,IPv4-compatible address (0:0:0:0:0:0:w.c.x.z or :w.c.x.z),Used by dual-stack nodes,IPv6 traffic is automatically encapsulated with an IPv4 header and send to the destination using the IPv4 infrastructure,IPv4 mapped address (0:0:0:0:0:FFFF:w.c.x.z or :FFFF:w.c.x.z),Represent an IPv4-only node to an IPv6 node,Never used as a source or destination address of IPv6 packet,NSAP(Network Service Access Point) address(FP=0000001),IPX(Internetwork Packet Exchange) address (FP=0000010),16Special IPv6 addressUnspecif,17,Multicast IPv6 addresses,Multicast address can not be used as source or as intermediate destination in a Routing header,low-order Transient(T) flag indicates permanent (T=0) / transient(T=1) group; three other flags reserved,Scope field,1: node-local,2: link-local,5: site-local,8: organization-local,E: global,Others: reserved,4,112,bits,8,group ID,scope,flags,11111111,4,17Multicast IPv6 addressesMult,18,Other IPv6 addresses,Solicited-node address,Facilitates the efficient query of network node during address resolution,Prefix= FF02:1FF00/104 and the last 24-bits of IPv6 address,Anycast IPv6 address,Assigned to multiple interface,Only used as destination address,Only assigned to router,anycast addresses are indistinguishable from unicast,Subnet-router anycast address is predefined and requires,n bits,128 -,n bits,000000,Subnet Prefix,18Other IPv6 addressesSolicite,19,IPv6 interface identifier,Lowest-order 64-bit field of unicast address,Globally unique or locally unique within a subnet,Future higher-layer protocols may take advantage of globally-unique interface IDs to identify nodes independently of their current location,Configure interface identifier,manual configuration,DHCPv6 (configures whole address),automatic derivation from MAC address or other hardware serial number,pseudo-random generation (for client privacy),the latter two choices enable,“,serverless,”,or,“,stateless,”,autoconfiguration, when combined with high-order part of the address learned via Router Advertisements,19IPv6 interface identifierLow,20,The conversion of a universally administered, unicast IEEE 802 address to an IPv6 interface identifier,20The conversion of a universa,21,Content,Introduction,IPv6 Addressing,IPv6 Header,ICMPv6,Neighbor Discovery,Address Autoconfiguration,Addressing Allocation Policy,Global IPv6 actions,21ContentIntroduction,22,IPv6 vs. IPv4 Packet Data Unit,minimum,20 octets,maximum,65535 octets,IPv4 PDU,Fixed,40 octets,maximum,65535 octets,IPv6 PDU,0,or more,IPv4 Header,Data Field,Transport-level PDU,IPv6 Header,Extension,Header,Extension,Header,22IPv6 vs. IPv4 Packet Data Un,23,Comparison of IPv4 and IPv6 Header,Destination Address,Source Address,Ver,IHL,Service,Type,Identification,Flags,Offset,TTL,Protocol,Header Checksum,Source Address,Destination Address,Options + Padding,Total Length,Ver,Flow Label,Payload Length,Next Header,Hop Limit,Traffic Class,IPv4 Packet Header,IPv6 Packet Header,32,bits,23Comparison of IPv4 and IPv6,24,Summary of Header Changes between IPv4 & IPv6,Streamlined,Fragmentation fields moved out of base header,IP options moved out of base header,Header Checksum eliminated,Header Length field eliminated,Length field excludes IPv6 header,Alignment changed from 32 to 64 bits,Revised,Time to Live,Hop Limit,Protocol,Next Header,Precedence & TOS,Traffic Class,Addresses increased 32 bits,128 bits,Extended,Flow Label field added,24Summary of Header Changes be,25,IPv6 extension header,Hop-by-hop options header,Routing header,Fragment header,Authentication header,Encapsulating security payload header,Destination options header,IPv6 PDU general form,Transport-level PDU,IPv6 Header,Extension,Header,Extension,Header,40,octets,0,or more,25IPv6 extension headerHop-by-,26,IPv6 extension header(cont.),IPv6 specification recommended order,:,IPv6 header,Hop-by-hop options header,Destination options header(for intermediate destination when the routing header is present),Routing header,Fragment header,Authentication header,Encapsulation security payload header,Destination options header(for final destination),IPv6 packet with all extension headers,Octets:,40,Variable,Variable,Variable,Variable,Variable,Variable,8,=,Next header field,IPv6 header,Hop-by-hop options header,Routing header,Fragment header,Authentication header,Encap security payload header,TCP header,Application data,26IPv6 extension header(cont.),27,Hop-by-Hop option header,Specify delivery parameters at each hop on the path to the destination,Header Extension Length,No of 8-byte block in Hop-by-Hop option header,Not including first 8 bytes,Option,Type-Length-Value(TLV) format,0: Pad1,insert single byte of padding,1: PadN,insert 2 or more byte of padding,5: Router Alert,indicate to the router the packets require additional processing(MLD and RSVP),194: Jumbo Payload,indicate payload size over 65,535 (65,535232-1),27Hop-by-Hop option headerSpec,28,Destination option header,Specify packet delivery parameter for either intermediate destinations or final destinations,If Routing header exists, it specifies delivery or processing options at each intermediate destination,28Destination option headerSpe,29,Routing header,Similar to the source routing in IPv4,Use of Routing header with anycast addresses allows routing packets through particular regions,e.g., for provider selection, policy, performance, etc.,29Routing headerSimilar to the,30,Example: Header when S to A,S,A,B,D,30Example: Header when S to AS,31,Example: Header when A to B,S,A,B,D,31Example: Header when A to BS,32,Example: Header when B to D,S,A,B,D,32Example: Header when B to DS,33,Fragment header,Fragmentation and reassembly services is an end-to-end function; routers do not fragment packets en-route if too bigthey send ICMP “packet too big” instead,Support only on source nodes,33Fragment headerFragmentation,34,Authentication header,Provide data authentication,verification of the node that sent the packet,Provide data integrity,verification that the data was not modified in transit,Provide anti-replay protection,assurance that captured packets cannot be retransmitted and accepted as valid data,34Authentication headerProvide,35,Encapsulating security payload(ESP) header and trailer,Provides data confidentiality, data authentication, and data integrity,35Encapsulating security paylo,36,Content,Introduction,IPv6 Addressing,IPv6 Header,ICMPv6,Neighbor Discovery,Address Autoconfiguration,Addressing Allocation Policy,Global IPv6 actions,36ContentIntroduction,37,Features of ICMPv6,An integral part of IPv6 and MUST be fully implement by every IPv6 node (RFC 2463),Next Header value= 58,Report delivery or forwarding errors,Provide simple echo service for troubleshooting,Multicast Listener discovery(MLD),3 ICMP messages,Neighbor Discovery(ND),5 ICMP messages,37Features of ICMPv6An integra,38,ICMPv6 message format,38ICMPv6 message format,39,Two types of ICMP messages,Error messages,Report error in the forwarding or delivery,Informational messages,Provide diagnostic function, MLD, and ND,39Two types of ICMP messagesEr,40,Error message(Destination Unreachable),Send by router or destination host,40Error message(Destination U,41,Error message(Packet Too Big),Send when link MTU is smaller than the size of packet,Used for IPv6 Path MTU Discovery process,41Error message(Packet Too Bi,42,Error message(Time Exceeded),Send by router when Hop limit field is zero,Code field:,0: Hop limit= 0,Hop limit of outgoing packets is not large enough to reach destination, or,Routing loop exist,1: fragmentation reassembly time of destination host is exceeded,42Error message(Time Exceeded,43,Error message(Parameter Problem),Send by router or destination host when errors of IPv6 header or extension header,43Error message(Parameter Pro,44,Informational message,Echo Request message,Echo Reply message,Identifier and Sequence Number are send by host and used to match incoming Echo Reply with corresponding Echo Request(same as IPv4),Multicast Listener Query messages:,Query, Report, done(like IGMP for IPv4),44Informational messageEcho Re,45,Minimum MTU,Link MTU,A link,s maximum transmission unit(ex: the max IP packet size that can be transmitted over the link),Path MTU,The minimum MTU of all the links in a path between a source and a destination,Minimum link MTU for IPv6 is 1280 octets vs 68 octets for IPv4,On links with MTU 1280, link-specific fragmentation and reassembly must be used,On links that have a configurable MTU, it,s recommended a MTU of 1500 bytes,45Minimum MTULink MTU,46,Path MTU Discovery,RFC 1981,Implementations are expected to perform path MTU discovery to send packets bigger than 1280 octets,For each destination, start by assuming MTU of first-hop link,If a packet reach a link in which it can,t fit, will invoke ICMP,“,packet too big,”,message to source, reporting the link,s MTU; MTU is cached by source for specific destination,Occasionally discard cached MTU to detect possible increase,Minimal implementation can omit path MTU discovery as long as all packets kept = 1280 octets,Ex: in a boot ROM implementation,46Path MTU DiscoveryRFC 1981,47,Content,Introduction,IPv6 Addressing,IPv6 Header,ICMPv6,Neighbor Discovery,Address Autoconfiguration,Addressing Allocation Policy,Global IPv6 actions,47ContentIntroduction,48,Neighbor Discovery(ND),RFC 2461,Node(Hosts and Routers) use ND to determinate the link-layer addresses for neighbors known to reside on attached links and quick purge cached valued that become invalid,Hosts also use ND to find neighboring router that willing to forward packets on their behalf,Nodes use the protocol to actively keep track of which neighbors are reachable and which are not, and to detect changed link-layer addresses,Replace ARP, ICMP Router Discovery, and ICMP Redirect used in IPv4,48Neighbor Discovery(ND)RFC 24,49,IPv6 ND processes,Router discovery,Discover the local hosts on an attached link,Equivalent to ICMPv4 Router Discovery,Prefix discovery,Discovery the network prefix,Equivalent to ICMPv4 Address Mask Request/Reply,Parameter discovery,Discovery additional parameter(ex: link MTU, default hop limit for outgoing packet),Address autoconfiguration,Configure IP address for interfaces,Address resolution,Equivalent to ARP in IPv4,49IPv6 ND processesRouter disc,50,IPv6 ND processes(cont.),Next-hop determination,Destination address, or,Address of an on-link default router,Neighbor unreachable detection(NUD),Duplicate address detection(DAD),Determine that an address considered for use is not already in use by a neighboring node,First-hop Redirect function,Inform a host of a better first-hop IPv6 address to reach a destination,Equivalent to ICMPv4 Redirect,50IPv6 ND processes(cont.)Next,51,ND message format,5,ND messages:,Router solicitation,Router Advertisement,Neighbor Solicitation,Neighbor Advertisement,Redirect,All ND message are send with hop limit= 255.,If it is not set to 255, the message is silently discarded,Provide Protection from ND-based network attacks launched from off-link nodes,Router can not have forwarded the ND message from an off-link node,51ND message format5 ND messag,52,Neighbor Discovery options,Source/Target link-layer address option,Source link-layer address,Indicate the link-layer address of the ND sender,Included in Neighbor Solicitation, Router Solicitation, and Router Advertisement,Type = 1,Target link-layer address,Indicate the link-layer address of the neighbor node,Included in Neighbor Advertisement and Redirect,Type = 2,Example for Ethernet,52Neighbor Discovery optionsSo,53,Neighbor Discovery options(cont.),Prefix information option,Indicate both address prefixes and information about address autoconfiguration,Included in Router Advertisement,Can be multiple prefix information options in Router Advertisement message,Autonomous flag: stateless address configuration,53Neighbor Discovery options(c,54,Neighbor Discovery options(cont.),Redirect header option,MTU option,54Neighbor Discovery options(c,55,ND Autoconfiguration, Prefix & Parameter Discovery,Router solicitation are sent by booting nodes to request RAs for configuring the interfaces.,1. RS:,ICMP Type = 133,Src = :,Dst = All-Routers multicast Address,query= please send RA,2. RA,2. RA,1. RS,2. RA:,ICMP Type = 134,Src = Router Link-local Address,Dst = All-nodes multicast address,Data= options, prefix, lifetime, autoconfig flag,55ND Autoconfiguration, Prefix,56,ND Address Resolution & Neighbor Unreachability Detection,ICMP type = 135 (NS) Src = A Dst = Solicited-node multicast of B Data = link-layer address of AQuery = what is your link address?,A,B,ICMP type = 136 (NA) Src = B Dst = A Data = link-layer address of B,A and B can now exchange packets on this link,56ND Address Resolution & Neig,57,ND Redirect,Redirect is used by a router to signal the reroute of a packet to an onlink host to a better router or to another host on the link,Redirect:,Src = R2,Dst = A,Data = good router = R1,3FFE:B00:C18:2:/64,R1,R2,A,B,Src = A Dst IP = 3FFE:B00:C18:2:1 Dst Ethernet = R2 (default router),57ND RedirectRedirect is used,58,Content,Introduction,IPv6 Addressing,IPv6 Header,ICMPv6,Neighbor Discovery,Address Autoconfiguration,Addressing Allocation Policy,Global IPv6 actions,58ContentIntroduction,59,Address autoconfiguration,The autoconfiguration for link-local addresses is only specified for hosts. Routers must obtain through manual configuration,Three type of autoconfiguration,Based on receipt Router Advertisement message,Stateless,and one or more prefix information,Both Managed address configuration and Other stateful configuration flag=1,Stateful,no prefix information,Either Managed address configuration or Other stateful configuration flag=1,DHCPv6,Both,and one or more prefix information,Either Managed address configuration or Other stateful configuration flag=1,59Address autoconfigurationThe,60,Serverless Autoconfiguration(,“,Plug-n-Play,”,),Hosts can construct their own addresses:,subnet prefix(es) learned fr
展开阅读全文