Internet Protocol version 6 (IPv6) is the set of protocols that will replace today's IPv4. IPv6 offers many benefits necessary to support the Internet's continuing expansion—most notably an expanded address space that overcomes pressures in regions such as Africa, Asia, China, and the Middle East. Temporary solutions such as Network Address Translation (NAT)—although effective in the short term—won't provide long-term help. Recognizing that IPv6 is the future, many governments are mandating that their systems and networks support IPv6, including the US government, which has set a transition date of June 30, 2008. If your company does business with entities that use (or plan to use) IPv6, you'll feel the pressure to support IPv6, if only to support communications between your company and your partners. Simply put, IPv6 might become a competitive advantage.
In this first part of a three-part series, I describe IPv6 addressing in detail, focusing on how its addressing scheme works. I also describe some of the new features of IPv6, as well as some of the reasons you should care about it—even if you don't plan on implementing it in the near future. In two future articles, I'll describe how to install IPv6 onto Windows Server 2003 and Windows XP, and how to configure interfaces with addresses and enable DNS resolution. I'll also describe in detail how to configure your systems and networks to use IPv6 and IPv4 together while you transition to an all-IPv6 network. Finally, I'll look into strategies for using IPv6 over the IPv4 Internet if your ISP doesn't support IPv6. But first, we need to lay down a foundation.
Windows Support for IPv6
Almost every modern OS supports IPv6 out of the box. In fact, you're probably running IPv6 on your networks without even realizing it. Microsoft supports IPv6 in Windows Vista, Windows 2003, XP SP1 and later, and Windows CE .NET 4.1 and later.
Windows Server 2008 will also support IPv6. Microsoft Research produced an IPv6 stack for Windows 2000 and Windows NT, but it isn't supported. To obtain the stack, see the Learning Path online.
Only Vista has IPv6 enabled "out of the box." If you have Vista installed on your network, you're running IPv6. Vista will configure link-local addresses in the absence of IPv6 infrastructure hardware such as DHCP servers, IPv6-capable routers, and so on. Once enabled, XP will function as an IPv6 client, letting you conduct many common communications (e.g., Web browsing using HTTP or HTTPS) over IPv6. Windows 2003 also supports IPv6 in most communications.
IPv6 Addressing
IPv6 gives you a whole new means of uniquely addressing a node (or end system). In IPv6, there are 128 bits available to uniquely identify a node. IPv4 offers 32 bits, for a total of more than 4 billion possible combinations, but far fewer are practically available because of the way address space has been organized.With 128 bits, we'll have sufficient addresses for the next millennium—even given the way addresses are allocated.
Before I discuss the allocation and use of IPv6 addresses, it's helpful to understand the format that's used to represent them. Whereas IPv4 uses a dotted-decimal system (e.g., 192.168.16.10), IPv6 uses a different format. An IPv6 address is split into eight 16-bit blocks: Each block is represented by four hexadecimal digits, and each block is separated by a colon (:)—for example, 2001:0000:0000:e388:0092: fb7f:a827:fad6. Within each block, leading zeroes can be omitted so that the address can be read as 2001:0:0:e388:92: fb7f:a827:fad6. Also, blocks of zeroes can be omitted, so that the address can be further simplified as 2001::e388:92:fb7f:a827:fad6. Note the use of the double colon to represent the blocks of zeroes. If you have more than one block of consecutive zeroes in an address, only one block can be omitted. (Otherwise, it would be impossible to reconstruct the original address.)
Currently, three types of IPv6 addresses can be allocated to a node: unicast, multicast, and anycast. A unicast address uniquely identifies a single interface (or network connection) on a node (or a virtual interface on clustered systems). A multicast address is similar to an IPv4 multicast address and can be shared by several interfaces on several nodes. A packet with a multicast destination address is delivered to all interfaces on all nodes that share the address. However, a packet with an anycast destination address is delivered to only one interface: the nearest interface to the sending interface. Regardless of type, the address identifies an interface on a node—not the node itself. A node will likely have multiple IPv6 addresses, even if it has only one interface.
Unicast Addresses
Each interface can have more than one unicast address. A unicast address can be an Aggregatable Global Unicast Address (aka global address), or a LocalUse Unicast Address.
Global address. A global address is unique to the interface it's assigned to and can be used to reach that interface from any other interface. Global IPv6 addresses are hierarchical and contain routing information. Figure 1 shows the format of a global address. A unicast address's first three bits—called the Format Prefix (FP)—are always 001. FPs can be of varying length (e.g., the multicast FP is eight bits in length). The next thirteen bits comprise the TopLevel Aggregation Identifier (TLA ID). This ID is allocated to top-level ISPs, of which there can be 8,192.
Next in the address is a reserved field— eight bits in length and designed for future expansion of the TLA ID. The next field in the address, the Next-Level Aggregation Identifier (NLA ID), is 24 bits in length and is used by the top-level ISP to organize networks or to support second-tier ISPs, each of which would have one or more NLA IDs assigned to them.
These combined 48 bits uniquely identify a site belonging to the top-level or second-tier ISP's customer. Sites are determined by geography. For example, an international company might have many sites. Each site's IPv6 connection will have a 48-bit address unique to the site. Each site can use the next sixteen bits in the address—called the Site-Level Aggregation Identifier (SLA ID)—to divide the site into subnets. Each site can have 65,535 subnets. Alternatively, if a company has multiple sites but only one IPv6 connection via an ISP, it can use the SLA ID to route between the sites and to the connection. The last field in the global address is the Interface ID, which is 64 bits in length. This field is similar to IPv4's host identifier, which uniquely identifies the host on the network.
Local-Use Unicast Address. There are two types of Local-Use Unicast Addresses. The first is called a link-local address, which is used to communicate between interfaces belonging to nodes on a single link. The second is called a site-local address, which is used to communicate between interfaces belonging to nodes in a site. Both are viable alternatives to a global address, depending on the scope. Figure 2 shows the scope of a link and a site.
Link-local addressing is similar to IPv4's Automatic Private IP Addressing (APIPA). Linklocal addresses begin with an FP of FE80:—the last 64 bits of a link-local address are the Interface ID, and the bits in between the FP and the Interface ID are zeroed out. As with APIPA, link-local addresses are automatically configured without the need for a DHCP server or manual configuration. In fact, every IPv6capable interface automatically has a linklocal address configured for it. If you have any nodes on your network that support interfaces with IPv6, they'll have a link-local address and might be sending packets onto your network as part of Neighbor Discovery. Two nodes on the same link with interfaces that support IPv6 will automatically be able to communicate with each other, without any further configuration or management. However, communication using link-local addresses is restricted to a link—IPv6-aware routers should never forward packets with link-local source or destination addresses.
Site-local addresses are similar to the IPv4 private addresses, which have the network identifiers 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Site-local addresses always begin with an FP of FEC0:. As with link-local addresses, the last 64 bits of the address comprise an Interface ID. The lower 16 bits of the top 64 bits—called the Subnet ID field— uniquely identify subnets in the site, the same as the SLA ID field in a global address. The bits between the FP and the Subnet ID field are zeroed out.
IPv6 uses two special constant addresses. The first is called the unspecified address and is always set to 0:0:0:0:0:0:0:0, or just :: for short. This address—similar to the IPv4 address 0.0.0.0—functions as a source address when no other address is available (e.g., when requesting an IP address from an IPv6-capable DHCP server). The second address is the loopback address and is always 0:0:0:0:0:0:0:1, or simply ::1. This address—equivalent to the IPv4 loopback address 127.0.0.1—can be used for local testing of applications and configuration. Every interface will respond to the loopback address.
The Interface ID
The Interface ID in a unicast address is always 64 bits in length. It was designed this way to support 48-bit MAC addresses of current 802.x LAN technologies such as Ethernet, and wireless technologies such as Bluetooth and Wi-Fi, as well as the 64-bit addresses that FireWire uses. Future 802.x series LAN and wireless technologies will also use 64-bit addressing. The requirement to support 48-bit and 64-bit MAC addresses comes from the requirement that the Interface ID in a unicast address can be derived from a MAC address using an Extended Unique Identifier (EUI) 64 address. The Interface ID can also be assigned manually or by an IPv6-capable DHCP server.
In the most common scenario, the Interface ID is derived from the 48-bit MAC address of an Ethernet card. A 48-bit MAC address is split into two 24-bit halves. The IEEE assigns the first 24 bits to manufacturers. The manufacturer uses the second 24 bits to uniquely identify the card. Although it's possible to override the MAC address of an Ethernet card, let's assume that it hasn't been overridden. To convert a 48bit MAC address to a 64-bit Interface ID, the system first copies 24 bits of the MAC address to the first 24 bits of the Interface ID. Bits 17 and 16 of the first 24 bits representing the manufacturer (reading from right to left, starting at 0) are always set to 00. During the copy, the system sets them to 10. After the 24 bits are copied over, 16 bytes are added, and they're always 0xFFFE. The system then copies 24 bits in the second half of the MAC address to produce the 64-bit Interface ID.
In dial-up scenarios, the Interface ID can be generated using a process designed to guarantee the anonymity of the user. If not for this provision, a system could be tracked as it used the Internet, regardless of the ISP used, because the Interface ID would be unique to the computer regardless of the ISP.
Multicast Addresses
IPv6 multicasting is similar to IPv4 multicasting. A node that wants to listen for multicast traffic will set the IPv6 address of an interface to the multicast address that the traffic is being sent to. Multicast addresses have an FP of 0xFF. The next four bits of the multicast address comprise the Flags field. The lowest bit in the Flags field is called the Transient flag. If set to 0, the multicast address is a well-known address set by IANA; if set to 1, it's a non-permanent or transient multicast address. The next four bits of the multicast address comprise the Scope field. The purpose of this field is to identify the scope of the multicast traffic, and to identify the traffic as node-local, link-local, site-local, organization-local, or global. Routers use this field to determine whether to forward traffic. The last field in the multicast address is the Group ID, which is 112 bits in length. The Group ID identifies the multicast group. As with unicast addresses, there are predefined multicast addresses. Table 1 lists the three most common ones.
When using multicasting in IPv6, you should use only the bottom 32 bits of the Group ID field and zero out the top 80 bits. Doing so eases conversion support of the multicast address to an Ethernet multicast address. An Ethernet multicast address takes the form 33:33:xx:xx:xx:xx. Using the recommended multicast addressing format, the bottom 32 bits of the Group ID create the Ethernet multicast address.
IPv6 also uses multicast addresses to support link address resolution. Every interface adds a multicast address for each of its unicast addresses. The multicast address takes the form FF02::1:FFxx:xxxx. The system copies the last 24 bits of the unicast address to the multicast address to replace the xx:xxxx. The system then maps the IPv6 multicast address to the MAC multicast address, as described above. This scheme reduces the number of nodes that have to process address-resolution requests. In IPv4, when one node wants to obtain another node's interface MAC address, the system sends a broadcast message to the broadcast MAC address. Therefore, every interface on the link is forced to process the request—even if it's not intended for it. In IPv6, a node that wants to find another node's interface MAC address will send a broadcast message to the multicast address FF02::1:FF:xx:xxxx, where xx:xxxx is the bottom 24 bits of the interface ID. This, in turn, is translated into a MAC multicast address 33:33:FF:xx:xx:xx. Only those interfaces on the link with matching lower 24 bits in their Interface ID need to respond to the address-resolution request.
IPv6 Features
There's more to IPv6 than simply an expanded address space. IPv6 includes a new header format, improved support for extensions and options, flow-labeling capabilities, and authentication and privacy capabilities.
New header format. IPv6's new header format minimizes the overhead often spent processing fields or information in packet headers. In IPv4, routers and end systems are required to examine packets in detail, looking for information necessary to determine whether the packet should be processed further. With IPv6, you'll now find those fields (when required) after the main packet header in Extension Headers. The new header format makes header processing much more efficient at routers, which can ignore information in any Extension Headers— with the exception of a Hop-by-Hop Extension Header, which must immediately follow the IPv6 header. The Hop-by-Hop Extension Header might contain information necessary for a router, such as a warning that a packet is a Jumbo packet (greater than 65,535 bytes), or that a router must perform additional processing on the packet.
Improved support for extensions and options. The change in the IPv6 packet header format and the use of Extension Headers facilitate this new feature. Options in Extension Headers have fewer limitations on size than in IPv4, and IPv6 is extensible by adding more defined Extension Headers over time. In IPv6, if a destination node receives an IPv6 packet containing an Extension Header that it doesn't recognize, it informs the source node via Internet Control Message Protocol version 6 (ICMPv6) that it can't process the packet. This feature lets nodes implement IPv6 extensions independently of each other and still communicate.
Flow-labeling capabilities. IPv6 uses flow labeling for Quality of Service (QoS). Flow labeling lets a source node define a priority (e.g., real time), which might be used in Voice over IP (VoIP) or video-over-IP solutions to guarantee delivery of a packet within a certain time window. In IPv4, QoS often requires a router or node to look beyond a packet's header for information. In IPv6, all necessary information is in the header.
Authentication and privacy. IPv6's authentication and privacy capabilities are, essentially, IPSec. IPSec is now a requirement in IPv6 implementations, whereas in IPv4 it's an optional component. IPSec supports Authenticated Headers, which authenticate nodes to each other and ensure the integrity of data exchanged between them, and Encapsulating Security Payload (ESP), which has similar functionality but also includes the ability to encrypt data for confidentiality.
Unlike IPv4, in which different implementations of the protocol by different vendors could—and would—result in an inability of nodes to communicate with each other, in IPv6 interoperability is almost guaranteed, thanks to the underlying standards.
Stay Tuned
We've only just started. Now that you've got some solid foundational knowledge about IPv6, you're primed to dive into the actual installation and use of the protocol. Get ready to make it work on Windows 2003 and XP, and prepare yourself for configuring interfaces with addresses and enabling DNS resolution. In a later article, I'll also describe talk about enabling IPv6 and IPv4 interoperability on your way to an all-IPv6 network.
|
FUN FACTS
|