Internet Protocol version 6: Difference between revisions

	Main Article	Discussion	Related Articles  [?]	Bibliography  [?]	External Links  [?]	Citable Version  [?]
	This editable Main Article is under development and subject to a disclaimer. [edit intro]

Template:TOC-right Internet Protocol version 6 (or as it is more commonly known "IPv6") is a method of addressing hosts or nodes on a computer network, using 128 bit addresses. IPv6 was conceived as a "next generation" upgrade from the older Internet addressing scheme IPv4, which relied on a 32-bit address space and is quickly being exhausted by the continued growth of the Internet. The public address space of the Internet is becoming exhausted. ^[1]

This article deals with how IPv6 works in a pure IPv6 environment, and perhaps also assumng ideal IPv6 implementations. See Internet Protocol version 6 deployment for scenarios where there are IPv4 coexistence and transition issues. At this time, this article does consider IPv6-specific operational issues, such as IPv6 multihoming are in this article, but might well split out to an "Internet Protocol version 6 operations" article that deal with operational issues not related to IPv4 interactions.

Returning to IPv6, it is worth a note or two on the design intent(s) of IPv6, aspects that are recurring ideas that will be seen throughout the underlying protocol operation, and aren't bad things to keep in mind when trying to understand what IPv6 does, how it accomplished those things and why those things are done.

1. More addresses - obviously IPv6 gives us more addresses, 128bits vs 32bits.
2. Flexibility - The ability to readily add "stuff" (capabilities, functions, etc.) to the protocol without needing to rewrite the base protocol or necessarily re-architect our environments.
3. Scalability - Reduce overhead, distribute workload, smoother/easier processing.

One common topic of conversation is whether IPv6 be viewed as an evolutionary next-stop from IPv4, or is IPv6 a disruptive technology, a revolutionary change?

The answer is: It Depends.

In many regards IPv6 is, in fact, just a few tweaks different. This is the "96 More Bits, No Magic" view. From a purely technological perspective, this is (largely) true.

However, moving forward, the more bits may just enable radical changes. Changes in how we use our networks, what we expect (require) them to do, etc. From this "bigger picture" view we could be on the precipice of major change. (I did say "could" ... ) As the old saying goes, "May you live in interesting times".

IPv6 packet format

IPv6 is not only a matter of addressing. The packet is structured quite differently than an IPv4 packet; only the first four bits, designating the IP version number, have the same function.^[2]

Some of the goals of IPv6 included:

• Efficient hardware processing of packet headers: Some IPv4 header fields have been dropped or made optional (e.g., fragmentation), to reduce the processing cost for the most common packets, and to reduce the bandwidth cost of the IPv6 header.
• Improved Support for Extensions and Options: The encoding of headers is more efficient for hardware processing and more flexible in adding new options
• Flow Labeling Capability: the ability to label a packet as belonging to a flow or forwarding equivalent class, such as non-default quality of service or "real-time" service.
• Authentication and Privacy Capabilities: built in authentication, data integrity, and optional content confidentiality are part of the base standard.

  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |Version| Traffic Class |           Flow Label                  |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |         Payload Length        |  Next Header  |   Hop Limit   |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                                                               |
  +                                                               +
  |                                                               |
  +                         Source Address                        +
  |                                                               |
  +                                                               +
  |                                                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                                                               |
  +                                                               +
  |                                                               |
  +                      Destination Address                      +
  |                                                               |
  +                                                               +
  |                                                               |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

There are fewer fields than in the IPv4 header. Some of the fields that are not part of the header either were not often used, were obsolete, or inefficiently implemented.

Hop limit is essentially the Time To Live field of IPv4.

Traffic class and flow label are largely new capabilities, which are discussed below.

Headers and options

Think about the function of the protocol ID field in a IPv4 packet, or, for that matter, the Ethertype in an Ethernet frame or the SNAP field in IEEE 802.2 LLC headers. Other than for filtering and statistics, a router may not care about this information; it's primarily of interest to end hosts. Think of the function logically, in an IP packet carrying TCP (protocol ID 6), and having no IPv4 options. The effect of that protocol ID is

  +---------------+------------------------
  |  IPv4 header  | TCP header + data
  |               |
  | Protocol =    |
  |      TCP      |
  +---------------+------------------------

The Next Header field serves the function of the protocol identifier field and even uses the same values, in RFC1700 and later online IANA lists. In addition, however, this field more efficiently implements the Options mechanism from IPv4. While all IPv4 options are in type-length-value format, so the router has to calculate offsets, all IPv6 options are a multiple of 8 bits, and, with a few exceptions, all header types are of fixed length.

The next example shows an IPv6 packet, with a next-header field of the protocol identifier for TCP.

  +---------------+------------------------
  |  IPv6 header  | TCP header + data
  |               |
  | Next Header = |
  |      TCP      |
  +---------------+------------------------

Most headers can be ignored by other than the destination host. Routing-related headers, however, do need to be examined by each router on the path.

  +---------------+----------------+------------------------
  |  IPv6 header  | Routing header | TCP header + data
  |               |                |
  | Next Header = |  Next Header = |
  |    Routing    |      TCP       |
  +---------------+----------------+------------------------

Fragmentation

If sending hosts use Path MTU Discovery,^[3] they can set their MTU to the smallest one on the end-to-end path, and avoid fragmentation entirely. IPv6 routers do not fragment as do IPv4 routers, so fragmentation is likely to be needed only when the sending host knows that one or more media, somewhere on the path, cannot support the frame size that the sender must use. Nevertheless, if there must be fragmentation, it is supported with header option 44.

  +---------------+----------------+-----------------+-----------------
  |  IPv6 header  | Routing header | Fragment header | fragment of TCP
  |               |                |                 |  header + data
  | Next Header = |  Next Header = |  Next Header =  |
  |    Routing    |    Fragment    |       TCP       |
  +---------------+----------------+-----------------+-----------------

Routing headers

Routing headers carry out functions rarely used in IPv4, such as Source Recording.

IPv6 addresses

Notation

IPv6 principally uses hexadecimal notation, rather than the dotted decimal of IPv4. It uses the same prefix length notation as IPv4, so a /56 would mean that the high-order 56 bits need to be examined for routing decisions.

# A sample (unicast) address:
  2001:0db8:0001:1001:0000:0000:0000:0001
  -- Note the use of Hexadecimal (hex; each character == 4 bits)
  ---- 4 character (16 bits) per "chunk", 8 chunks, colon separated

  We can compress this to make our lives easier:
  -- "Drop leading zeroes" (within each chunk)
  ---- 2001:db8:1:1001:0:0:0:1
  -- "Double-colon" (Replace any number of SEQUENTIAL, ALL ZERO chunks ... one time per address)
  ---- 2001:db8:1:1001::1
  (This double-colon technique is also frequently used when representing a Prefix.  
   For example the above address is taken from the 2001:db8::/32 space - the 2001:0db8 piece 
   (the first 32 bits) is fixed ... the rest (all zeroes) is subject to change)   )
 
  Note that something like this is valid as well:
  2001:0db8:0000:0000:0000:0000:0000:0001 --> 2001:db8::1
  (This IS about making your life easier!)

Scope

See locality of networks

Types of address

IPv6 uses some familiar address types - Unicast, Multicast and Anycast.

1. Unicast: traditional one-to-one communication analogy, in which a standard phone call exists between two (unicast) telephone numbers
2. Multicast - one-to-many communication (used for efficient delivery of content) analogy - teacher in a class says something one time, everyone who is interested receives it
3. Anycast - one-to-one-of-many communication, where the one-of-many is the nearest instance analogy - a bit more complicated than unicast or multicast.

Note that IPv6 does not support "broadcast" addresses. Broadcast was really a special case of multicasting; the broadcast group was the group to which every host belonged. Think of broadcast is the kind of private club that Groucho Marx had in mind when he said "I wouldn't belong to any club that would have me as a member.

Everything IPv4 accomplished with broadcast, IPv6 has a form of multicast for. This includes a very much broadcast-like multicast, the "All Nodes" multicast address, <code.FF02::1

Addressing architecture

RFC 4291 defines the IPv6 addressing architecture, which specifies well-known types of addresses. ^[4]

Identifier structure

Too many people hand-wave and suggest that the identifier part of an IPv6 address "is a MAC address", but that is a dangerous oversimplification. The most fundamental problem, of course, is the IPv6 identifier is 64 bits long, and MAC addresses are only 48. Even if the MAC address were used, it is perfectly legal, in 802.2, to have a locally administered address rather than the "burnt-in address" in the interface read-only memory. Other types of interfaces are not MAC and have no MAC address available.

The general approach, when a MAC address is available, is to follow an algorithm to produce an IEEE-defined, 64-bit EUI64 identifier from a 48 bit IEEE MAC address. In the IETF IPv6 documentation, the general approach is described in RFC2797,^[5] although the reference to the detailed IEEE specification is a broken link; the correct link is ^[6]

When there is no available MAC address, the formation of the identifier is apt to be implementation-dependent. As long as there is no address collision, a lack of standardization may not be a problem, although it makes it even more critical that the assigned address be put into dynamic DNS. Cisco, for example, describes a number of steps it takes to create an IPv6 interface identifier when no MAC addresses are available. ^[7]

Examples of interfaces where there is no MAC address could include a router with all serial interfaces, using PPP.

Locator-Prefix structures

An earlier document, ^[8] on the IPv6 aggregatable global unicast address format document, the global routing prefix included two other hierarchically structured fields named Top-Level Aggregator (TLA) and Next-Level Aggregator (NLA). TLA and NLA have been removed because they are controlled by policies beyond the scope of the addressing architecture. The current global unicast addressing is in RFC3587^[9]

Addresses that must be recognized

All hosts

All hosts, be they end systems or router interfaces, must recognize the following addresses as identifying themselves:

• Its required Link-Local address for each interface.
• Any additional Unicast and Anycast addresses that have been configured for the node's interfaces (manually or automatically).
• The loopback address.
• The All-Nodes multicast addresses defined in Section 2.7.1.
• The Solicited-Node multicast address for each of its unicast and anycast addresses.
• Multicast addresses of all other groups to which the node belongs.

Routers

A router is required to recognize all addresses that a host is required to recognize, plus the following addresses as identifying itself:

• The Subnet-Router Anycast addresses for all interfaces for which it is configured to act as a router.
• All other Anycast addresses with which the router has been configured.
• The All-Routers multicast addresses

Hierarchical addressing

Tentatively, this section deals with concepts. Addressing is a sufficiently large issue that I'm inclined to separate it from Internet Protocol version 6 deployment into Internet Protocol version 6 address management Howard C. Berkowitz 11:58, 1 September 2008 (CDT)

IANA and address registries

Aggregation

While IPv6 creates more addresses, in its basic form, it does nothing to help the workload on routers that need to carry an appreciable amount of the global Internet routing table, or the full default-free zone. Just as CIDR was needed with IPv4, aggregation techniques are needed with IPv6.^[9]

If a relatively small number of short top-level, highly aggregated prefixes can be the only things which which major interprovider routers need be concerned, there is a potential benefit for global routing scalability. ^[14]

IPv6 and DNS

Since the Domain Name Service maps to and from names and addresses, it must be extended to map IPv6 as well as IPv4 names. ^[15] The most basic requirement is to have a Resource Record (RR) that contains the address of a host. Since the A RR holds a 32-bit IPv4 address, it was reasonable enough to name the record, which holds an address four times longer, AAAA. All other RR types that contain addresses need to be updated so their address fields can hold either an IPv4 or IPv6 address.

It is trivial to change the RR types and to recognize if an address is IPv4 or IPv6. It is decidedly nontrivial to change DNS servers and clients (i.e., resolvers) so they accept both types.

There also need to be extensions to deal with reverse mapping, especially of high-level aggregates. The IP6.ARPA domain was established to hold the reverse mappings. ^[16]

Learning addresses

An IPv4 host either is manually configured with its IP address, or learns it statefully using the Dynamic Host Configuration Protocol (DHCP). DHCP can also provide a host with the addresses of various infrastructure functions, such as the default router it is to use, a Domain Name Service (DNS) server, a Network Time Protocol server, etc. If DHCP does not provide these addresses, there are assorted, sometimes vendor-dependent techniques to find them.

One's own address

Before a host, including a router interface, can participate meaningfully in any IP services, it must know its own IP address. This is equally true in IPv4 and IPv6. There was no good and general way for an IPv4 router interface to acquire its own address, and, while some additional support is available in IPv6, routers, and some infrastructure servers, may still need manual configuration. The actual configurations, however, should be stored on server(s); while the details tend to be vendor-dependent, there is usually a technique, often using Trivial File Transfer Protocol, to obtain one's configuration.

Stateless Address Autoconfiguration

Known as SLAAC, information routinely transmitted on IPv6 media, along with host-specific information, can let it generate a working address without use of a DHCP server.^[17] Stateless autoconfiguration can be harder to manage, especially if the DNS is not dynamically updated when the address is update. If there is no database, in the Domain Name Service (DNS) or Dynamic Host Configuration Protocol (DHCP), how would the network operator send a ping or traceroute to a host in trouble, or query its SNMP MIB? Yes, some DHCP implementations, used without DNS, create databases that let a static host identifier be associated with the DHCP-assigned address, and this is sometimes necessary — albeit cumbersome. A SLAAC host can be configured to update DNS.

A host that uses SLAAC still will have to acquire certain operationally significant request. While the neighbor discovery process will allow default routers to be found, it is more of a challenge to find a Domain Name Service server. With IPv4, there are some mechanisms to discover such information with a local broadcast technique, but that has its own problems.

Within the IPv6 specifications are one that may seem contradictory: "Stateless Dynamic Host Configuration Protocol", but it is not.^[18] This specification is of a very restricted subset of DHCP: finding necessary network servers after a host has its own address. The implementation of such a subset is sufficiently lightweight that it could reasonably be implemented on local routers, which would have much more difficulty in supporting full stateful DHCP for all host address assignment.

Stateful Address Acquisition

Many network administrators, for valid reasons of network control, will prefer for hosts to obtain addresses using a stateful process, and DHCP extensions have been defined for IPv6. ^[19] There are also some changes in the way a DHCP client submits a unique identifier to the DHCP server. ^[20] Do note that "DHCP Version 4" is not DHCP for IPv4, but the version of DHCP that supports IP version 6.

Subnet-local hosts and routers

IPv6 has a method more general than the Address Resolution Protocol (ARP), which was an often-troublesome mechanism in IPv4, for finding hosts and routers on its own subnet. This is called Neighbor Discovery.^[21]

Registering the autoconfigured address with dynamic DNS

DNS can and should be updated with dynamically acquired addresses. ^[22] Such an update is an invitation to attack unless secured, so dynamic DNS update should always be associated with a specific secure update mechanism,^[23] within the DNS security architecture.^[24]

Router renumbering protocol

IPv6 does have a mechanism by which a router may discover not just interface addresses, but also the high-order bits associated with its aggregatable address.^[25] Using the Router Renumbering Protocol, a router, potentially, can be plugged into a live network and learn all relevant addresses, including its "upstream" address prefixes. Many network administrators may choose to keep router configuration a manual process, since merely acquiring the interface addresses may not be adequate to update filters, policies, etc.

This may, however, be a useful mechanism for the kind of simple router configurations needed in access from homes and small offices (SOHO)

Flows, quality of service, etc.

Some of the material in this section will make sense only if the reader has a reasonable understanding of quality of service and differentiated service, as this is a discussion of how IPv6 implements ways to support these services, which can also exist under IPv4.

Flow labels

In general, a flow is an association between a sending and a receiving address, and usually a protocol identifier and the higher-level source and destination ports (e.g., TCP port numbers). A flow also may be qualified by its quality of service requirements, and sometimes the physical interface it uses. ^[26] By using flow labels, the idea was that the router could do a single lookup to find the special handling requirements for the flow. Some routing protocol architect disagree with this, and say it is too fine-grained, where a reasonable "common fate" is closer to what MPLS calls a forwarding equivalence class (FEC). While FEC definitions are implementation-specific, a common example would be all traffic (i.e., a wild-carded source address) to a given destination address and protocols, with the same quality of service.

The original 1994 discussion that proposed flow labels in IPv6 included the QoS/priority field in the flow label, but removed it, for reasons including wanting to be less fine-grained than individual flows.

This section identifies three special cases where there may be ambiguity over the use of flow labels, on the premise that it is sometimes most important to know a question exists. The answer will depend both on the particular host and router implementations, and the policies of the network using flow labels.

1. What should a router do if a datagram with a (non-zero) Flow Label arrives and the router has no state for that Flow Label?
2. How does an internet flush old Flow Labels?
3. Which datagrams should carry (non-zero) Flow Labels?

Operational and other protocol issues

Internet Control Message Protocol version 6

An IPv4 implementation is required to support ICMP, and the same is true in IPv6. Some ICMP functionality, however, is under other specifications, such as Neighbor Discovery ^[21]

Routing

The standard routing protocols have varying levels of support for IPv6, as well as the one common proprietary routing protocol, Cisco's Enhanced Interior Gateway Routing Protocol. More complex issues are involved in Border Gateway Protocol (BGP) IPv6, and multicast routing protocols are outside the immediate scope.

• Routing Information Protocol (RIP), called RIPng for IPv6 ^[27]
• Open Shortest Path First (OSPF), called OSPF for IPv6 or OSPF Version 3 ^[28]
• Enhanced Interior Gateway Routing Protocol (EIGRP), running separate IPv4 and IPv6 domains.^[29]
• Intermediate System-Intermediate System (ISIS) remains in an IETF draft. ^[30]

Controversies

Equivalents to RFC 1918 private address space

The use of site-local addresses, analogous to RFC 1918 private address space for IPv4, is deprecated do to defects of two broad categories: ambiguity of addresses, and fuzzy definition of sites.

As currently defined, site local addresses are ambiguous: an address such as FEC0::1 can be present in multiple sites, and the address itself does not contain any indication of the site to which it belongs. This creates pain for developers of applications, for the designers of routers and for the network managers. This pain is compounded by the fuzzy nature of the site concept.^[13]

IPv6 Multihoming

For a variety of reasons, fault tolerance and load distribution, multihoming is a common, if sometimes troublesome, practice in the IPv4 Internet. Multihoming is relatively clean if a given network uses IPv4 provider-independent address space for all its hosts. With a certain amount of cooperation among multiple IPv4 providers, the current system works with PA addresses.

In IPv4 multihoming, things work because all providers, to a enterprise that uses only PA address space, cooperate such that the enterprise's addressing is all in one PA block that is advertised by all its providers. If the enterprise ends its relationship with the assigning providers, not only the enterprise needs to renumber, the other providers may have to change their configurations. While the enterprise obtaining PI space is easier in IPv6, there still may be operational reasons to use PA addresses. IPv6 autoconfiguration, in that case, causes hosts to acquire several valid PA addresses.

If connectivity to a host goes through provider 1 to enterprise customer 22, host 33, another host has no easy way to understand that "1-22-33", if provider 1 loses connectivity, that the host association can be kept up by changing the destination address to "2-47-33". It is the multiple-PA-address-per-host issue that challenges IPv6 multihoming, due to a greater flexibility leading to complexity that never existed in IPv4.

The Site Multihoming by IPv6 Intermediation (SHIM6) Working Group of the Internet Engineering Task Force has been charged with

IPv6-based site multi-homing solution that

inserts a new sub-layer (shim) into the IP stack of end-system hosts. It will enable hosts on multi-homed sites to use a set of provider- assigned IP address prefixes and switch between them without upsetting

transport protocols or applications.^[31]

As of August 2008, SHIM6 has developed working drafts, but not yet standards-track documents. One of the main drafts is for the ^[32] Shim6 protocol, the "Level 3 Multihoming Shim Protocol for IPv6".

To understand the goals of SHIM6, it is worth understanding what its developers explicitly consider "non-goals":

• The problem to be solved is multihoming to a site, with the numbering of that site changing over time
• Changes to the set of locator (think "prefix") will be relatively slow enough to allow updates to the DNS to propagate since SHIM6 ... depends on the DNS to find alternate addresses to the site.
• an explicit non-goal to make communication survive a site renumbering event (which causes all the locators of a host to change to a new set of locators).
• SHIM6 does not address the host mobility problem (see locality of networks), although it may be useful in some host mobility situations

Its goals are limited to:

• Preserve established communications in the presence of certain classes of failures defined between a pair of IPv6 addresses, such as, TCP connections and UDP streams.
• Have minimal impact on upper layer protocols in general and on transport protocols and applications in particular.
• Address the security threats to IPv6 multihoming,^[33]

}}</ref> with cryptographic techniques described here and by reference to other work in progress

• Not require an extra roundtrip up front to setup shim specific state, bit allow the upper layer traffic (e.g., TCP) to flow as normal and defer the setup of the shim state until some number of packets have been exchanged.
• Allow the use of multiple locators/identifiers on hosts, so that different sets of source-destination address pairs could spread the workload over different network paths associated with different locators. This is "load-spreading" rather than "load balancing", because there is no way to know the load will be identical on all the pairs.

References