IPv6 Study Notes

IPv6 learning notes IPv6 changes are reflected in the following five important aspects: 1. Extended address. 2. simplified the Header Format. 3. Enhanced support for wide expansion and options. 4. Stream tag. 5. authentication and confidentiality. Www.2cto.com simplifies the packet header, reduces the processing process required on the router, and improves the routing efficiency. At the same time, the improvement of the first-class extension and option support means that more special requirements can be adapted without affecting the selection of common data packets and special packets; the stream marking method provides a mechanism for more efficient streams. This method is especially useful for real-time applications, improvements in identity authentication and confidentiality make IPV6 more practical for commercial applications that require special treatment of sensitive information and resources. 1. In addition to extending the 32-bit address space to 128 bits, the IPv6 address structure also makes some adjustments to the different types of addresses that the IP host may obtain. The broadcast address is removed from IPv6 and replaced by any on-demand address. 2. The simplified Baotou IPv6 contains eight fields with a total length of 40 bytes (two of them are source addresses and destination addresses). It differs from IPv4 in that, IPv4 contains at least 12 different fields, and the length is 20 bytes when no option is available, but the option can reach 60 bytes. Ipv6 uses a fixed format header, this reduces the number of fields to be checked and processed, which increases the routing efficiency. The simplification of the header changes some of the IP working methods. On the one hand, all headers have a uniform length, so they no longer need header length fields. In addition, some fields can be removed from headers by modifying packet segmentation rules. Segments in IPv6 can only be performed from the source node, and the intermediate router passing through the package cannot perform any segments. Finally, removing the IP header checksum does not affect the reliability, mainly because the header checksum will be handled by higher-level protocols (UDP and TCP. 3. You can add options at the end of the IP header in IPv4 to improve the extension and option support. In contrast, IPv6 adds options to a separate extension header. In this way, the option header must be checked and processed only when necessary. For ease of description, consider the following two types of extensions: Segment header and selection header. IPv6 segments only occur on the source node. Therefore, you must consider that only the source and target nodes of the segment extension header are nodes. The source node is responsible for segmentation and creating an extension header, which is placed between the IPv6 Header and the next high-level protocol. The target node receives the changed package and uses the extension header for reinstallation. All intermediate nodes can safely ignore this segment extension header, which improves the packet routing efficiency. In another solution. The hop-by-hop option requires that each node in the package path process the header field. In this case, each vro must process both the IPv6 packet header and the hop-by-hop option. The first hop-by-hop option is defined for ultra-long IP packets (giant net load ). Packages containing giant net loads need to be taken into special consideration. Because not all links have the ability to process such long transmission units, and the router wants to avoid sending them to a network that cannot be processed as much as possible, this requires the option to be checked on each node that passes through the package. 4. In stream IPv4, all packets are treated in the same way, which means that each packet is processed by the Intermediate router in its own way. The router does not send packets between any two hosts. Therefore, you cannot "remember" how to process future packets. A stream refers to the packet sequence from a specific source to a specific (unicast or multicast) destination. The Source Vertex wants the intermediate router to perform special processing on these packets. The router needs to track and maintain certain information about the flow process. The information remains unchanged for each packet in the flow. This method enables the vro to efficiently process the packets in the streaming mode. Packets in the stream can be processed in a different way than other packets, but in any case, the processing is faster, because the router does not need to re-process each packet header. 5. authentication and confidentiality RFC1825 (IP Security Architecture) describes the security protocol architecture of IP addresses, including IPv4 and IPv6. IPv6 using two security extensions: IP Authentication Header (AH) is first described by RFC1826 (IP Authentication Header), while IP encapsulation security net load (ESP) is first described in RFC1827 (IP encapsulation security net load (ESP )). The packet digest function provides the authentication function by checking and calculating the security and reliability of packets. The sender calculates the message digest and inserts the structure into the authentication header. The receiver recalculates the received message digest and compares the structure with the value in the header. If the two values are the same, the receiver can confirm that the data was damaged during the re-transmission or that some people intentionally modified the data. Encapsulation security provides a mechanism that can be used to encrypt the Net Load of an IP packet, or encrypt the entire IP packet and transmit it over the Internet in a tunnel mode. The difference is that, if only the packets are encrypted, other parts of the packet (headers) can be found in public transmission. This means that the attacker can determine other information related to the package between the sending host and the receiving host. Using ESP for IP tunneling means that the entire IP packet is encrypted and encapsulated in another IP packet by the system operating as a security gateway. In this way, all the details in the encrypted IP packet are hidden. This technology is the basis for creating a virtual private network (VPN). It allows organizations to use the Internet as their backbone network to share sensitive information. Www.2cto.com: the packet header is in 64 bits and the total length of the packet is 40 bytes. The IPv6 protocol defines the following fields for the package: * version. The length is 4 bits. for IPv6, this field must be of the 6. * type. The length is 8 bits, indicating that a "differentiated service" is provided for the package. Currently, the default value is all 0. * stream labels. Length: 20 characters. A packet that represents the same business flow. A node can serve as the sending source for multiple business flows at the same time. The stream tag and source node address uniquely identify a business flow. * Net charge length. The length is 16 bits. It contains the length of bytes of the Net Load. It includes the length of the bytes of the packet net load, that is, the number of bytes contained in the packet after the IPv6 Header. This means that the length of the IPv6 extension header is included in the calculation of the net Load Length. * The next header. This field indicates the protocol type in the field following the IPv6 Header. Similar to IPv6 fields. The next header field can be used to indicate whether the top layer is TCP or UDP, but it can be used to indicate the existence of the IPv6 extension header. * Hop limit. The length is 8 bits. After a node forwards packets, this field is reduced by 1. When this field is reduced to 0, the packet is discarded. In IPv4, fields with similar functions are generated, but unlike Ipv4, it is unwilling to define a maximum packet generation time limit in IPv6. This means that the timeout judgment function for expired packets can be completed by the high-level protocol. * Source Address. Length: 128. * destination address. The length is 128. It indicates the IPv6 packet receiver address, which can be a unicast, multicast, or any multicast address. If you use a routing extension header (which defines a special route that a packet must go through), the destination address can be the address of an intermediate node instead of the final address. Stream Tag: IPv4 is generally described as a connectionless protocol. Just like any packet switching network, IPv4 is designed to allow each packet to find its own path to reach its destination. Each package is processed separately. The structure is that two packages that send the same destination address from the same data element can use completely different routes to traverse the entire network. This is a good way to adapt to network emergencies, because the emergency thinks that any route may fail, but data interaction can be performed as long as there are some routes between the two hosts. Www.2cto.com, however, the efficiency of this method may not be very good, especially when packets are not isolated and are actually part of the business flow between two communication systems. Further consider what will happen on the path through which a package sends data from one host to another: the processing of each packet by each intermediate router will slightly increase latency on the link. For most traditional Internet applications, such as file transmission or interruption simulation, increasing latency only makes it inconvenient. However, for some audio and video applications that provide interoperability, even if a slight delay is added, the service quality will be significantly reduced. Another problem arising from the separate processing of IPv4 packets is that it is difficult to specify a specific business flow to a low-cost link. For example, the transmission priority of an email is not high and it is not a real-time application, but the Ipv4 network administrator has no simple way to identify these packets and transmit them to low-cost Internet links, and keep highly open links for real-time applications. The flow concept defined in IPv6 helps solve similar problems. The flow label in the Ipv6 Header field uses a single package as a part of a series of packages with the same source address and destination address. All packages in the same stream have the same stream tag. Business Flow Type: Not Defined yet. Segmentation: IPv6 segments can only be performed by source nodes and destination nodes. This simplifies the header and reduces the overhead for routing. Skip-by-Skip segmentation is considered a harmful method. First, it generates more segments in the end-to-end segmentation. In addition, the loss of a segment during transmission will lead to retransmission of all segments. IPv6 can indeed support segments through expansion headers, but as described below, understanding how IPv4 segments work will help you understand why they need to be changed. In IPv4, when a packet without segments cannot be transmitted along the network link from the sending source to the destination due to its long length, segments are required. (Here we have just obfuscated the concept that segmentation refers to the sharding. At the source time, the initial sharding will be performed, and then the route will continue the sharding based on the link status, if a part is lost, the original part needs to be re-transmitted ). The IPv4 segment is performed by the Intermediate router along the package as needed. For a segmented route, you need to modify the packet header and hold the ID of the data contained in the original package, and set the segmentation flag and segment offset value correctly, after the destination node receives the resulting segment package, the system must reorganize the original packet based on the Ipv4 segment data of each segment package. After segmentation is used, different types of network nodes can interoperate regardless of the intermediate network type. The source node does not need to know any information about the target node network, at the same time, they do not need to know their direct network information, which has always been considered a good feature. Because they do not need node and router storage information or record the entire Internet structure, the Internet can achieve better scalability. But on the other hand, it also brings performance problems to the router. Packet segmentation consumes the processing capability and time of routers and destinations along the way, understanding the IP Packet Identifier, calculating the segment offset value, and truly segmenting the data and reinstalling the data at the destination will incur additional costs. The problem is that, although the source node can understand the MTU of The Link for any specified router, it cannot know the MTU of the entire path in advance, the path MTU is the maximum package length between the source node and the target node that can traverse any network along the route without segmentation. However, there are currently two ways to reduce or eliminate requirements for segmentation. The first method is available in Ipv4. It uses a method called "path MTU discovery, the router can send a packet to the destination to report the MTU value on the router link. If a packet arrives at a link that must be segmented, the router responsible for segmentation uses ICMP to send a message indicating the MTU value of the winding route of the segmented router. This process can be repeated until the vro determines the path MTU. Another way to reduce the segmentation requirement is to require all Ip links to be able to process some reasonable minimum length packages. If we can propose a reasonable length that all network links can adapt to and set it to the absolute minimum value of the running package length, we can eliminate segments. The above two methods are actually used in IPv6. In the original RFC, IPv6 requires that each link supports a minimum MTU of 576 bytes. The Net Load Length of these packets is 536 bytes, And the other 40 bytes are used for Ipv6 headers. Since RFC1883 was published in 1995, there was a lot of debate about the larger MTU. In the latest Internet draft published in November 1997 in the domain, the MTU value was set to 1280 bytes, which is obviously focused on: those who advocate short MTU hope that those networks that cannot support long MTU will not be completely discarded. Those who advocate long MTu do not want to take care of a small portion of the network that is close to the waste, but the performance of the entire Internet is declining. To make up for the shorter MTu, Ipv6 strongly recommends that all IPv6 nodes support the path MTU discovery. The node found by running the path MTU simply sends the longest allowed packet on the network link. If a middle link cannot process a packet of this length, the router that tries to forward the packet to MTU will send an ICMPv6 error message to the source node, and the source node will send another small packet. This process will be repeated until it is no longer subject to the ICMPv6 error message location. Then, the source node can use the latest MTU as the path MTU. Note that the MTU path is not found in some rude events. For example, a terminal that uses the minimum IPv6 for remote network startup simply uses the 576-byte path MTU, and uses the IPv6 segment from the source node to the target node as an extension header. Expansion header: the problem with the IPv4 Option is that it changes the size of the IP header, so it is more like a "special column" that requires special processing. The router must optimize its performance, which means optimizing the best performance for the most common package. This causes the IPv4 Option to trigger a router to put the package containing this option aside and wait until there is time to process it. The extension headers implemented in Ipv6 can eliminate or at least reduce the impact on performance caused by the option. By moving the option from the IP header to the netcache, The vro can forward the package containing the option just like the option package. In addition to the hop-by-hop options that must be processed by each vro, the options in the IPv6 package are invisible to intermediate routes. Available options: in addition to reducing the option impact during IPv6 packet forwarding, IPv6 specifications make it easier to define new extensions and options. Other options and extensions may be defined as needed. IPv6 defines the following option Extension: * Hop-by-hop option header: This extension header must follow the IPv6 Header. It contains the option data that each node in the path must check. Because it needs to be processed by each intermediate router, the hop-by-hop option appears only when absolutely necessary. So far, two options have been defined: the giant net charge option and the router prompt option. The giant net load option indicates that the package's Net Load length exceeds the 16-bit Net Load Length Field of IPV6. This option must be included as long as the package's net load goes through 65535 bytes (including the hop-by-hop option header. If the node cannot forward the packet, an ICPMv6 error message must be sent. The router prompt option is used to notify the router that the information in the IPv6 datagram needs to be viewed and processed by the Intermediate router, even if the packet is sent to another node (for example, control datagram that includes bandwidth reserved protocol information ). * Option header: This extension header specifies the nodes that the package will go through when it reaches its destination. It contains the address list of each node along the route. The initial destination address of the IPv6 Header is the first address in a series of addresses of the Routing header, rather than the final destination address of the package. After the node corresponding to this address receives the package, it processes the IPv6 Header and the selection header, and sends the package to the second address in the option header list, know that the package reaches its final destination. * Segment header: This extension header contains a segment offset value, a "more segments" sign, and an ID field, it is used to segment packets whose source node length exceeds the MTU of the Source and Destination paths. * Destination option package: This extension header replaces the IPv4 Option field. Currently, the unique destination option is to fill the selection type with an integer multiple of 64 bits as needed. This extension header can be used to carry information checked by the destination node. * Authentication Header (AH ). This extension header provides a mechanism for calculating the encrypted checksum for IPv6, extension headers, and some parts of the Net Load. * Encapsulation security net-load (ESP) header: This is the last extension header, which is not encrypted by line. It indicates that the remaining net load has been encrypted and provides sufficient decryption information for authorized target nodes. Www.2cto.com ICMPv6: * The destination unreachable packet * packet is too long * timeout * Parameter Problem * Echo Request * echo response 1, the router or source host cannot forward a packet because of traffic congestion. This error message has five codes, including: 0: the route that does not reach the destination. This packet is generated when the router does not define the destination route of the IP package. The router uses the default route to send packets that cannot be forwarded using the router's route table. 1: the communication with the destination is forbidden by the Administrator. When a prohibited type of business flow is to reach a host inside the firewall, the packet filtering Firewall generates a message. 2: Not a neighbor. This code is used when the IPv6 option is used to expand the header and strictly limit the route. When the next destination in the list cannot share a network link with the node currently performing forwarding, a message is generated. 3. The address is inaccessible. This code points out that there are some problems encountered when parsing the high-level address to the link layer (network) address, or when the destination network link layer goes up to its destination. 4. The port is inaccessible. This happens when the high-level protocol does not listen on the traffic volume of the target port of the packet, and the transport layer protocol has no other way to handle this problem on the source node. 2. The packet is too long. When the router that receives a packet cannot forward the packet because the packet length is greater than the MTU of the link to be forwarded, a packet is too long. This ICMPv6 error message contains a field that causes the MTU value of the problematic link. This is a useful error message during MTU discovery. 3. Timeout when the router receives a packet with a hop limit of 1, it must reduce this value before forwarding the packet. If the value of the hop limit field changes to 0 after the vro reduces this value (or the vro receives a packet with a hop limit of 0), the vro must discard this packet, and sends ICMPv6 timeout messages to the source node. After receiving the report, the source node can think that the initial hop limit is too small (the package is really a longer route than the source node imagined), or the task has a routing loop, which causes the package to fail to be delivered. This packet is very useful in the "tracking routing" function. This function allows a node to identify all the routes of a package from the source node to the target node. It works as follows: first, the hop limit of a packet destined for the destination is set to 1. The router that it reaches will be reduced by 1 and a supermarket packet will be sent. As a result, the source node identifies the first vro in the path. If the package must pass through the second vro, the original electromechanical router then sends a packet with a hop limit of 2, this route reduces the hop limit to 0 and generates another timeout message. This will continue until the package finally reaches its destination. At the same time, the source node also obtains supermarket messages sent from each intermediate router. Www.2cto.com 4. When there is a problem with the IPv6 Header or some parts of the expansion header, the router will discard the packet because it cannot process the package. The implementation of the router should generate an ICMP production error report to identify the type of the problem (such as the wrong header field, the next unidentifiable header type, or the unidentifiable IPv6 option ), it also uses a pointer to indicate the number of bytes that encounter this situation. 5. ICMPv6 echo function ICMPv6 contains a function unrelated to the error. All IPv6 nodes must support two types of packets: Echo Request and echo response. Echo request packets can be sent to any correct IPv6 address and contain an echo request identifier, a sequence number, and some data. Although both are optional, the echo request identity conforms to the order and can be used to distinguish different requests from corresponding ones. Echo Request data is also an option and can be used for diagnosis. When an IPv6 node receives an echo request message, it must send an echo response message containing the same request identifier, the sequence number and the data carried in the original request message. ICMP echo requests and response packets are the basis for the ping function. Ping is an important diagnostic function because it provides a method to determine whether a specific host is connected to another host on the same network.