IPV6 Tutorial 3 New features:ipsec and LAN features

Source: Internet
Author: User

https://4sysops.com/archives/ipv6-tutorial-part-3-new-features-ipsec-and-lan-features/

The Last post of this series, I discussed the new IPV6 features quality of Service (QoS), hierarchical addressing, and The new address space. In this post, I talk about some of the new IPV6 features that is most relevant for Windows admins.

IPsec is short for Internet Protocol securityipsec

Mandatory IPsec Support

The IPV6 specification mandates support for IPSEC (Internet Protocol security). IPV6 supporters often claim that this would improve overall security on the Internet. Since IPsec for IPv4 was optional, proprietary VPN solutions is ubiquitous. However, I believe, the main reason why IPSEC deployments was rare is because configuration is relatively complicated. Thus, I doubt somehow that we'll see significantly more IPsec deployments because of IPV6.

But what's most disappointing for me is the IPv6 doesn ' t encrypt all kinds of IP traffic. while IPSec implementation was mandatory for IPV6, IPSec deployment wasnot. Besides, IPsec is essentially a solution for securing connections among sites; It's not a peer-to encryption solution

In my view, it's unbelievable that we were now introducing a new network protocol with a huge amount of effort but would St Ill send data in clear text across the Internet. The inventors of IPv4 couldn ' t foresee that secure data transmission would is an issue since their protocol was just Inten Ded to allow data transfers between educational institutions. No One really could imagine that the whole planet would use this form of communication in the future.

The IPV6 creators had the chance to correct this shortcoming of the Internet protocol and ensure so any kind of the network Traffic is encrypted by default. It is really a pity the they didn ' t use this once-in-a-lifetime chance.

DHCP is short for Dynamic host Configuration Protocol

(Simplified) Automatic address assignment

This was perhaps one of the features that would affect the work of Windows admins the most. Much of the documentation talks of "simplified" address assignment, but I somehow think this new feature would cause Confus Ion among admins in the beginning. In the IPV4 network, a computer ' s automatic address assignment means. A DHCP server is involved.

IPv6 still knows dhcp-based address assignment (also called stateful address configuration), but now hosts can also config Ure themselves with IPV6 addresses (stateless address configuration). There is types of stateless configurations. Hosts can derive an IP address from a prefix (the first part of a IPv6 address, belongs to your organization) Adverti Sed by a local router, and they can assign themselves so-called link-local addresses (addresses that is not rout ED), which they can use-communicate with other nodes on the link (local network). Scary, isn ' t it?

Neighbor Discovery

The Internet Control Message Protocol for IPv6 (ICMPV6) would replace the Address Resolution Protocol (ARP) .

You probably know that ARP was used to determine the link Layer address (MAC address in the case of Ethernet) from the IP a Ddress.

The main problem of ARP is so it uses broadcasts, which disturbs all hosts on the link (LAN).

By contrast, IPV6 uses Neighbor solicitation multicast messages for Neighbor discovery.

Instead of sending a broadcast message to all nodes on the link, only the so-called solicited node multicast IPV6 address Is contacted.

The first 104 bits of the solicited node multicast is fixed (ff02::1:ff00:0/104), and the last bits is E Quivalentto the last bits of the IP address that have to is resolved.

Since only nodes this share the last bits in their IP address would listen to the solicited node address, fewer hosts AR E Disturbed.

Extensibility

This is my favorite new IPv6 feature.

While the IPv4 headerhas only supports-bytes for options, the size of the IPv6 extensions are only constrained by the size of the IPV6 packet.

IPV6 supports multiple so-called extensions headers that can is added after the IPV6 header.

These extensions headers has no maximum size, which makes future enhancements of the Protocol quite flexible.

My Hope is the This feature would be used for mandatory encryption of all IP packets.

Next, I'll introduce the IPV6 address syntax.

IPV6 Tutorial 3 New features:ipsec and LAN features

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.