Lecture #20 - Internet Protocol Version 6: Part 2
ICMPv6
Like IPv4, IPv6 requires a control protocol for exchanging information regarding the operation of the network layer. IPv6 has its own version of the Internet Message Control Protocol (ICMP), commonly known as IPv6-ICMP or ICMPv6 for short. ICMPv6 is not too dissimilar from IPv4's ICMP. The protocol number (or next header value) for ICMPv6 is 58.
The format of an ICMPv6 message is as follows:
ICMPv6 Types and Codes
ICMPv6 has support for the following types and codes. Note that a number of ICMP messages that are available in ICMPv4 (eg. source quench) no longer exist in ICMPv6.
| Type | Code | Message |
|---|---|---|
| 1 | Destination Unreachable | |
| 0 | No route to host | |
| 1 | Administratively prohibited | |
| 2 | Not a neighbor | |
| 3 | Address unreachable | |
| 4 | Port unreachable | |
| 2 | 0 | Packet Too Big |
| 3 | Time Exceeded | |
| 0 | Hop limit exceeded | |
| 1 | Fragmentation reassembly | |
| 4 | Parameter Problem | |
| 0 | Erroneous header field | |
| 1 | Unknown next header | |
| 2 | Unknown IPv6 option | |
| 128 | 0 | Echo Request |
| 129 | 0 | Echo Reply |
| 130 | 0 | Group Membership Query |
| 131 | 0 | Group Membership Report |
| 132 | 0 | Group Membership Reduction |
Additional ICMPv6 messages are used for the Neighbour Discovery Protocol (NDP), see next slide.
Neighbour Discovery Protocol (NDP)
As mentioned in the previous lecture, one of the significant benefits of IPv6 relate to its network discovery and autoconfiguration features. This is achieved through the use of the Neighbour Discovery Protocol or NDP, defined in RFC2461.
NDP allows for:
- Router discovery.
- Prefix discovery.
- Parameter discovery.
- Address autoconfiguration.
- Address resolution.
- Next-hop determination.
- Neighbour unreachability detection.
- Duplicate address detection.
- Redirection.
NDP Messages
In order to achieve its discovery, detection and configuration functions, NDP uses the following messages:
- Router Advertisement (RA) - messages originated by routers on a periodic basis to advertise their presence and link-specific parameters (eg. prefix, MTU, etc).
- Router Solicitation (RS) - sent by a host in order to request an immediate RA response from any available routers.
- Neighbor Solication (NS) - sent by a host in order to request another node's link-layer address. NS messages are also used to perform Duplicate Address Detection (DAD) and neighbour unreachability detection.
- Neighbor Advertisement (NA) - sent by a host in response to receiving a NS message. Unsolicited NA messages can also be sent if a host changes its link-layer address.
- Redirect - sent by a router to indicate that a host should be using another router as the next hop for the given traffic.
Address Autoconfiguration
One of the nicest features of IPv6 is its stateless address autoconfiguration. In the case of IPv4 either a IP address must be assigned manually or a DHCP server can be used to provide automatic assignment - either way either a human or a server must be involved.
With IPv6 a host can self-configure its own interface address as soon as it is connected to a network. Firstly a 64-bit interface ID needs to be generated - in the case of Ethernet networks this is done using a process known as MAC-to-EUI64, which converts the 48-bit MAC address by inserting 0xfffe in between the two 24-bit values (vendor and device ID).
Obviously this interface ID is only half the size of an IPv6 address. This can now be prefixed with the link-local prefix extended to a /64 length, resulting in a 128-bit IPv6 link-local address that is almost certain to be unique.
Stateless autoconfiguration can now be performed by acquiring a link prefix via a RA message. This prefix can then be added to the previously generated interface ID resulting in a globally unique IPv6 address.
IPsec
IPsec is a suite of protocols designed to secure IP datagrams, either in terms of confidentiality (hiding the contents of the datagram from eavesdroppers) and/or data integrity (ensuring that the messages haven't been tampered with during transmission). Whilst IPsec can be readily used with IPv4, it is even more integrated with IPv6 due to the header "chaining" approach.
As a result an IPv6 base header may be followed by a IPsec Encapsulating Security Payload (ESP) header, followed by a protected payload (for example, an encrypted TCP segment). IPsec is almost outside the scope of this subject, however it deserves a brief mention and we will return to it when we look at Virtual Private Networks (VPNs).
IPv4 to IPv6 Transitioning
One of the more interesting challenges with the deployment of IPv6 is that of communicating using existing IPv4 infrastructure. One approach is to use IPv6-to-IPv4 tunnelling, more commonly known as 6to4. This mechanism is detailed in RFC3056.
An additional IPv4 protocol type has been defined (type 41) which indicates that an IPv4 packet encapsulates an IPv6 datagram. In many ways the process is similar to that used by VPNs - an IPv6 capable gateway must encapsulate the IPv6 traffic inside an IPv4 datagram and send it to a IPv4-to-IPv6 capable router, which will in term decapsulate the IPv6 datagram and route it into the IPv6 network.
Another approach to this problem is to use IPv6 over top of a Multi-Protocol Label Switching (MPLS) network, which is protocol independent. MPLS in turn can make use of underlying IPv4 infrastructure if it needs to do so.
Routing Protocols
Routing protocols also need to be capable of supporting IPv6. As a result OSPFv3 has been designed to support IPv6 only, rather than OSPFv2 which operates with IPv4. OSPF for IPv6 is detailed in RFC2740.
For exterior routing, BGP4 has been modified via the use of a multiprotocol extension for IPv6. RFC2545 defines an additional two BGP attributes which allow for the annoucement and withdrawal of IPv6 network layer reachability information.
References
RFCs
RFC2461 - Neighbor Discovery for IPv6.
RFC3056 - Connection of IPv6 domains via IPv4 clouds.
RFC2545 - Multiprotocol Extensions for BGP4.