Standard connection and encryption methods for IPv6 Networks

The standard connection and encryption methods of IPv6 networks improve the IPv6 network standard in many aspects compared with the IPv4 version. Now we will have an in-depth discussion on the connection and network encryption methods in the IPv6 network standards. Through the article content, we hope you can master these two aspects. In the out-of-the-box connection mode, IPv6 uses the function of automatically assigning IP addresses to users as the standard function. The address can be automatically set as long as the machine is connected to the network. It has two advantages. First, end users do not need to spend time setting addresses, and second, they can greatly reduce the burden on network managers. The IPv6 network standard has two automatic setting functions. One is the "full-state automatic setting" function, which is the same as the IPv4 automatic setting function. The other is the "stateless automatic setting" function. In IPv4, the Dynamic Host Configuration Protocol (DHCP) Enables automatic settings of Host IP addresses and related configurations. A DHCP server has an IP address pool. The host rents an IP address from the DHCP server and obtains the relevant configuration information (such as the default gateway and DNS server), so as to automatically set the Host IP address. The IPv6 network standard inherits the automatic configuration service of IPv4 and calls it Stateful Autoconfiguration ). During the Stateless Autoconfiguration process, the host first generates a local spof link by appending its Nic MAC address after the local address prefix 1111111010. Then the host sends a request to this address called the neighbor discovery (neighbor discovery) to verify the uniqueness of the address. If the request does not receive a response, it indicates that the local spof address set by the host is unique. Otherwise, the host uses a randomly generated interface ID to form a new link local spof address. Then, with this address as the source address, the host sends a configuration item called router solicitation to all the routers in the local link. The vro responds to this request with a vro that contains a globally aggregated spof address prefix and other configuration information. The host uses it to add its own interface ID from the global address prefix obtained by the router, automatically configure the global address, and then it can communicate with other hosts in the Internet. With stateless automatic configuration, you can change the IP addresses of all hosts on the network without manual intervention. For example, when an enterprise changes the Internet-connected ISP, a new global address prefix is obtained from the new ISP. The ISP uploads the address prefix from its router to the enterprise router. Because the enterprise router periodically sends a vro announcement to all hosts on the local link, all the hosts in the enterprise network will receive a new address prefix through the vro announcement. After that, they will automatically generate new IP addresses and overwrite the old ones. Use DHCPv6 In the IPv6 network standard to automatically set the address. machines connected to the network need to query the DHCP server that is automatically set to obtain the address and related configurations. However, in the home network, there is usually no DHCP server, and in the mobile environment, it is often a temporary network. In these two cases, of course, it is best to use the stateless automatic setting method. Network-layer authentication and encryption security issues have always been an important topic related to the Internet. Security was not taken into account at the beginning of the design of the IP protocol. Therefore, in the early stages of the Internet, unfortunate events such as attacks on the enterprise or organization network and theft of confidential data often occur. To enhance Internet security, IETF has developed a set of IP Security (IPSec) Protocols to protect IP communication since 1995. IPSec is an optional extension protocol of IPv4 and an essential part of IPv6 network standards. The main function of IPSec is to provide security services such as encryption and authentication for data groups at the network layer. It provides two security mechanisms: authentication and encryption. The authentication mechanism enables the data receiver of IP communication to confirm the real identity of the Data sender and whether the data is changed during transmission. The encryption mechanism ensures the confidentiality of data by encoding it to prevent data being intercepted by others during transmission. The Authentication Header (AH) Protocol of IPSec defines the Authentication application method, and the Security load encapsulation (Encapsulating Security Payload, ESP) Protocol defines the encryption and optional Authentication application methods. In actual IP communication, you can use either of the two protocols or choose one of them based on security requirements. Both AH and ESP can provide authentication services. However, AH provides more authentication services than ESP. IPSec defines two types of SA: Transmission Mode SA and tunnel mode SA. Transmission Mode SA inserts an AH or ESP header after the IP header (and any optional extended header) and before any high-level protocol (such as TCP or UDP) header; tunnel mode SA puts the original IP packet into a new IP packet. When the tunnel mode SA is used, each IP packet has two IP headers: The External IP header and the internal IP header. The external IP header specifies the destination address for IPSec processing of the IP packet, and the internal IP header specifies the destination address of the original IP packet. Transport Mode SA can only be used for IP communication between two hosts, while tunnel mode SA in IPv6 network standard can be used for IP communication between two hosts, it can also be used for IP communication between two security gateways or between one host and one Security Gateway. A security gateway can be a router, firewall, or VPN device. As an IPv6 component, IPSec is a network layer protocol. It is only responsible for the network security of its lower layer, and is not responsible for the security of its upper-layer applications, such as Web, email, and file transmission. That is to say, to verify a Web session, you still need to use the SSL protocol. However, protocols in the TCP/IPv6 protocol cluster can benefit from IPSec. For example, the OSPFv6 routing protocol used for IPv6 removes the authentication mechanism used for IPv4 OSPF. As an important application of IPSec, IPv6 integrates the functions of Virtual Private Network (VPN), which makes it easier to implement a more secure and reliable virtual private network.