book

IPv6 Essentials

Name: IPv6 Essentials
Author: Silvia Hagen
ISBN: 9780596001254

by Silvia Hagen

July 2002

Beginner

360 pages

11h 19m

English

O'Reilly Media, Inc.

Read now

Unlock full access

IPv6 Essentials
Preface
Audience
About This Book
Organization
Conventions Used in This Book
Comments and Questions
Acknowledgments
1. IPv6 Versus IPv4
The History of IPv6
Overview of Functionality
Transition Aspects

IPv6 Alive
The 6BoneStructure of the 6BoneAddressingGrowthJoining the 6BoneIPv6 Commercial NetworksvBNS+Telia SwedenInternet Initiative JapanNTT Communications CorporationLinks to Other IPv6 Networks
2. The Structure of the IPv6 Protocol
General Header Structure
The Fields in the IPv6 Header
Version (4 Bits)Traffic Class (1 Byte)Flow Label (20 Bits)Payload Length (2 Bytes)Next Header (1 Byte)Hop Limit (1 Byte)Source Address (16 Bytes)Destination Address (16 Bytes)
Extension Headers
Hop-by-Hop Options HeaderRouting HeaderFragment HeaderDestination Options Header
3. IPv6 Addressing
Address TypesUnicast, Multicast, and Anycast AddressesSome General Rules
Address Notation
Prefix Notation
Format Prefixes
Address Privacy
Link- and Site-Local Addresses
Aggregatable Global Unicast Address
International Registry Services and Current Address AllocationsSpecial AddressesIPv6 addresses with embedded IPv4 addresses6to4 addressesISATAP addresses
Anycast Address
Multicast Address
Well-Known Multicast AddressesSolicited-Node Multicast Address
Required Addresses
4. ICMPv6
General Message FormatType (1 Byte)Code (1 Byte)Checksum (2 Bytes)Message Body (Variable Size)
ICMP Error Messages
Destination UnreachablePacket Too BigTime ExceededParameter Problem
ICMP Informational Messages
Echo Request MessageEcho Reply
Processing Rules
The ICMPv6 Header in a Trace File
Neighbor Discovery
Router Solicitation and Router AdvertisementNeighbor Solicitation and Neighbor AdvertisementThe ICMP Redirect MessageNeighbor Discovery OptionsNeighbor Cache and Destination Cache
Autoconfiguration
Path MTU Discovery
Multicast Group Management
5. Security in IPv6
Types of Threats
Basic Security Requirements and Techniques
Security in the Current Internet Environment
Current Solutions
Packet Filters and FirewallsTransport Layer ProtectionApplication Security
Open Security Issues in the Current Internet
The IPSEC Framework
IPv6 Security Elements
Security AssociationsAuthentication in IPv6Payload authenticationHeader and payload authenticationEncryption in IPv6Payload encryptionHeader and payload encryptionCombining Authentication and Encryption
Security Association Negotiation and Key Management
Interworking of IPv6 Security with Other Services
Open Issues in IPv6 Security
6. Quality of Service in IPv6
QoS ParadigmsEnd System-Based QoSService-Based QoSClass/Priority-Based QoSResource Reservation-Based QoS
Quality of Service in IPv6 Protocols
IPv6 Base HeaderFlowsFlow LabelsPriority/ClassIPv6 Extension HeadersRSVP
QoS Architectures
Traffic PolicingIntegrated Services ArchitectureDifferentiated Services Architecture
Mapping IP QoS to Underlying Transmission Networks
Further Issues in IP QoS
7. Networking Aspects
Layer 2 Support for IPv6Ethernet (RFC 2464)FDDI (RFC 2467)Token Ring (RFC 2470)Point-to-Point Protocol (RFC 2472)ATM (RFC 2492)Frame Relay (RFC 2590)
Multicasting
Mobile IP
Network Designs
8. Routing Protocols
RIPngDistance-Vector Algorithm for RIPngLimitations of the ProtocolChanges in Topology and Preventing InstabilityRoute poisoning and the hold-down timerSplit horizon, with or without poison reverseTriggered updatesMessage FormatNext HopAddressing Considerations and the Default RouteTimersPacket ProcessingRequest messageResponse messageControl Functions and Security
OSPF for IPv6 (OSPFv3)
Overview of OSPF for IPv6Differences between OSPF for IPv4 and OSPF for IPv6Link state-based protocolOSPF areas and external routesAuthentication and securityOSPF Areas and External RoutesThe backbone areaNon-backbone areasVirtual linksExternal routesStub areasNot-so-stubby areasMessage Format of OSPF for IPv6Encapsulation in IP datagramsOSPF headerProcessing OSPF packetsForming AdjacenciesThe Hello packetElection of DR/BDRProcessing of Hello packetsDatabase description exchangeThe loading phaseThe Link State DatabaseContents of the LSDBLSAsLSA headerRouter-LSA (Type 0x2001)Network-LSA (Type 0x2002)Inter-Area-Prefix-LSA (Type 0x2003)Inter-Area-Router-LSA (Type 0x2004)AS-External-LSA (Type 0x4005)Link-LSA (0x0008)Intra-Area-Prefix-LSA (Type 0x2009)Calculation of the OSPF Routing Table (Dijkstra Algorithm)Step 1: Intra-area routesStep 2: Inter-area routesStep 3: External routesLSA FloodingAging an LSASelf-originating LSAsHandling of unknown LSAs
BGP Extensions for IPv6
BGP-4 OverviewEstablishing a BGP connectionRoute storage and policiesBGP Message HeaderOPEN MessageUPDATE MessageBGP AttributesNOTIFICATION and KEEPALIVE MessagesBGP Extension for IPv6MP_REACH_NLRI path attributeMP_UNREACH_NLRI path attribute
Other Routing Protocols for IPv6
Routing IPv6 with IS-ISIntegrated IS-ISRouting IPv6 with IS-ISEIGRPv6
9. Upper-Layer Protocols
UDP/TCP
DHCP
Draft of DHCPv6Dynamic Updates to DNS
DNS
AAAA Records (RFC 1886)DNAME and A6 Records (RFC 2672, RFC 2874)DNS ServersResolversDNS Lookup
SLP
FTP
Telnet
Web Servers
Browser Support
10. Interoperability
Dual-Stack Techniques
Tunneling Techniques
How Tunneling WorksAutomatic Tunneling (RFC 2893)Configured Tunneling (RFC 2893)Combination of Automatic and Configured TunnelingEncapsulation with IPv6 (RFC 2473)6to4 (RFC 3056)ISATAPTeredoA Sample Network Design
Network Address and Protocol Translation
NATHow Packets TranslateLimitationsStateless IP/ICMP TranslationTranslating IPv4 to IPv6Translating ICMPv4 to ICMPv6Translating IPv6 to IPv4Translating ICMPv6 to ICMPv4
Comparison
Dual StackTunnelingNATWhen to Choose IPv6
Vendor Support
11. Get Your Hands Dirty
Sun SolarisEnable IPv6 and Get StartedUtilities
Linux
Where to Get LinuxInstallationUtilities
Microsoft
Windows NT 4.0 and Windows 2000InstallationUtilitiesWindows XPInstallation and configurationUtilities6to4ISATAP
Applications
Cisco Router
Description of the Tests
Pinging with IPv6Pinging the 6Bone over the IPv4 InfrastructureTraceroute with IPv6Browsing with IPv6
Vendor Support
A. RFCs
StandardsGeneral RFC InformationRFC Index for IPv6General IPv6 RFCsRFCs referring to topologies
B. IPv6 Resources
Ethertype Field
Next Header Field Values (Chapter 2)
Reserved Anycast IDs (Chapter 3,RFC 2526)
Values for the Multicast Scope Field (Chapter 3, RFC 2373)
Well-Known Multicast Group Addresses (Chapter 3, RFC 2375)
ICMPv6 Message Types and Code Values (Chapter 4, RFC 2463)
Multicast Group Addresses and Token Ring Functional Addresses (Chapter 7)
Multicast Addresses for SLP over IPv6 (Chapter 9)
Protocol Translation (Chapter 10, RFC 2765)
Current Prefix Allocations
Vendor Support
C. Recommended Reading
Index
Colophon

Content preview from IPv6 Essentials

Open Issues in IPv6 Security

Although security was one of the foremost concerns after address-space enlargement when IPv6 was designed, it appears that some ad hoc solutions, such as NAT and CIDR, as well as the availability of security elements such as SSL (standardized by IETF as TLS), SSH, and secure email (S/MIME, PGP) in IPv4 networks, have delayed the deployment of IPv6. While this delay leaves the Internet open for attacks for a longer period of time and leads to additional complexity and management overhead, it has given protocol designers more time to improve their plans.

While the base standards for IPSEC are considered stable and will be extended mostly in the area of allowing additional encryption or authentication algorithms, more work remains to be done in the IKE area and in improving protection mechanisms against traffic analysis and denial-of-service/flooding attacks. The full deployment of IPSEC will also largely depend on the availability of a technically, organizationally, and politically acceptable and workable PKI capable of handling a large number of user or software process certificates.

A final issue for IPSEC is the management of its complexity. Many IPSEC mechanisms and their consequences are no longer easy to understand and are thus error-prone in implementation and operation, even though “intuitive” user interfaces for end-system configuration (e.g., for applying ESP or AH security to connections specified by port numbers, IP addresses, etc.) ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596001258Catalog Page Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

IPv6 Essentials

by Silvia Hagen

Open Issues in IPv6 Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.