IPV6 TECHNOLOGY AND DNS SETUP

Transcription

1 IPV6 TECHNOLOGY AND DNS SETUP Except where reference is made to the work of others, the work described in this report is my own or was done in collaboration with my advisory committee. Xiaozheng Lin W. Homer Carlisle, Chair Associate Professor Computer Science and Software Engineering Kai-Hsiung Chang Professor Computer Science and Software Engineering Chung-Wei Lee Assistant Professor Computer Science and Software Engineering John F. Pritchett Dean Graduate School I

2 IPV6 TECHNOLOGY AND DNS SETUP Xiaozheng Lin In Partial Fulfillment of the Requirements for the Degree of Master of Software Engineering Auburn University Auburn, Alabama February 2003 II

3 IPV6 TECHNOLOGY AND DNS SETUP Xiaozheng Lin Master of Software Engineering, February 2003 Directed by Dr. W. Homer Carlisle ABSTRACT Over the past few years, based on a concern that the Internet address space would soon be exhausted, a new version of Internet Protocol (IP), called IP Version 6 (IPv6) is in the process of standardization, and is expected to supersede the current IP version IPv4 in the near future. This report first introduces some Internet standards-based IPv6 concepts: the features of IPv6, IPv6 addressing, IPv6 address autoconfiguration. Then it describes proposed transition strategies from IPv4 to IPv6: Dual IP Layer Operation for communication between IPv6 and IPv4 nodes, some proposed tunneling mechanisms for communication of IPv6 islands over IPv4 routing infrastructure, and some other proposed mechanisms such as DSTM, NAT-PT, SOCKS, and BIS. Finally, this report gives a brief introduction to the IPv6 project in Auburn University. Because of the prevalent use of the names (rather than addresses) to refer to network resources in these days, DNS upgrading is an urgent and important task for the smoothing transition from IPv4 to IPv6, this report gives a brief introduction to the DNS, and detailed description for DNS server setting up and test to support IPv6. Key Word: IPv6, IPv4, Autoconfiguration, Tunneling, Dual IP, DNS, BIND, HTTP2, Linux III

4 ACKNOWLEDGMENTS I would like to express my deepest appreciation to Dr. Carlisle for his tremendous support and guidance on this project. I would also like to thank my committee members, Dr. Chang and Dr. Lee for their useful comments on the report, assistance in scheduling the defense date. Also, thanks to Mr. Kelly Price for his help with the project. Without their assistance, this valuable educational experience at Auburn University would not have been possible! IV

5 TABLE OF CONTENTS LIST OF FIGURES...VII LIST OF TABLES...VIII 1 INTRODUCTION Features of IPv Expanded Addressing Capabilities Scalable Routing and Addressing Infrastructure Automatic Configuration Header Format Simplification Flow Labeling Capability Security IPv6 Addressing IPv6 Address Allocation and Representation IPv6 Unicast Addresses Multicast IPv6 Addresses Anycast IPv6 Addresses A Node s IPv6 Addresses Address Autoconfiguration Stateless Address Autoconfiguration Stateful Address Autoconfiguration TRANSITION FROM IPV4 TO IPV Dual IP Layer Operation IPv6 over IPv4 Tunneling Mechanisms Configured Tunneling Automatic Tunneling to over IPv6 Tunnel Broker Summary of Transition Mechanisms DNS and IPv Introduction to DNS and DNS Server Resource Record in DNS Zone Files DNS to Support IPv6 Addresses Lookup IPV6 PROJECT IN AUBURN Introduction to IPv6 Project in Auburn...35 V

6 4 PROJECT REPORT IPV6 Ready Test DNS Setup To Support Both IPv4 and IPv Package Build DNS Setup Put Named into Chroot Jail Apache Web Server Setup and Configuration System Test DNS Server Test Script Apache Web Server and Virtual Host Test CONCLUSIONS AND FUTURE WORKS REFERENCE VI

7 LIST OF FIGURES Figure 1 IPv6 and IPv4 Header Format...4 Figure 2 IPv6 Aggregatable Global Unicast Address Structure...8 Figure 3 The Site-local Address Format...10 Figure 4 The IPv6 Multicast Address...11 Figure 5 The Subnet-Router Anycast Address...13 Figure 6 A Dual IP Layer Architecture...17 Figure 7 The Dual Stack Architecture for the Windows.NET Server 2003 Family...17 Figure 8 DSTM Architecture...18 Figure 9 NAT-PT Architecture...19 Figure 10 Using IPv4 Applications over an IPv6 network by BIS...20 Figure 11 6to4 Tunneling Mechanism...24 Figure 12 Tunnel Broker Model...25 Figure 13 Resource Record Components...29 Figure 14 Screen Capture for Figure 15 Screen Capture for ns.ipv6.auburn.edu...54 VII

8 LIST OF TABLES Table 1 Current Allocation of the IPv6 Address Space...6 Table 2 Special IPv6 Addresses...7 Table 3 Defined Values for the Scope Field...11 Table 4 Summary and Comparison of different transition mechanisms...26 Table 5 Resource Record Type List...29 Table 6 RDATA for Different Resource Records...30 VIII

9 1 INTRODUCTION In 1993, based on a concern that the Internet address space would soon be exhausted, the Internet Engineering Task Force (IETF) created the Internet Protocol Next Generation (IPNG) work group to study and recommend a next generation Internet protocol IPv6. IPv6 means IP version 6, it is selected to supersede the current IP version (IPv4). IPv6 is designed to address several problems: running out of IPv4 addresses; support streaming sources (flows), such as audio, video etc.; improve router efficiency and so on. IPv4 has not been substantially changed since RFC 791 was published in IPv4 is robust, easily implemented and interoperable, and has stood the test of scaling an Internet to a global utility the size of today s Internet. However, since the recent exponential growth of the Internet, IPv4 addresses have become relatively scarce. The IPv4 address space can theoretically support about 4 billion hosts, but because of the hierarchical structure imposed by the routing system, lots of addresses are being wasted. At the same time, another problem has been caused by not having enough structure. Since an IPv4 network (class A, B or C) can be located anywhere in the world, backbone routers must maintain a record for every active network. This leads to the huge size of routing tables in the "core gateways", and is on the way to exhausting the maximum table capacity of these routers. Obviously IPv4 was never intended for the Internet that we have today, either in terms of the numbers of hosts, types of applications, or security concerns [1][2]. Several enhancements have been developed for IPv4. Classless Inter-Domain Routing (CIDR) was deployed in 1992 to relieve pressure on the IPv4 address space as well as help alleviate problems associated with increasing size of the core routing tables. CIDR uses a technique that allows routers to group routes together to cut down on the quantity of routing information carried by core routers. Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT) also give effective ways to resolve address assignment limitations and portability. DHCP helped to solve the problem of assigning addresses to hosts. NAT only allocates addresses to active Internet users and allows an internal private network to use any available private addressing scheme. Since the private network is isolated from the Internet, it makes the internal network a truly autonomous system. All 1

10 these enhancements extended the useful lifetime of IPv4. Nevertheless, despite the enhancements to IPv4, it is estimated the IPv4 address space will be exhausted by year Nomadic personal computing devices, network entertainment, mobile devices, and device control may possibly drive the next phase of the Internet growth. These systems all have the characteristic that they are expected to be extremely large in number. Growth of these markets will drive the need and use of IPv6 [3][5][6]. 1.1 Features of IPv6 Growth is the basic issue that asked the need for IPv6. IPv6 is designed as an evolution from IPv4 rather than a radical change. IPv6 carries over useful features of IPv4 and drops its less useful features. The following are the primary features of the IPv6 protocol: [1][2][4][7] Expanded Addressing Capabilities The address size is increased 4 times from 32 bits to 128 bits in IPv6, allowing more nodes and more levels of addressing hierarchy. A 128-bit address space allows for (about ) possible addresses. It also means about addresses for every square meter of the Earth s surface, or about addresses per person on the planet. IPv6 allows multiple IP address for a single network interface, so it also makes it possible for simpler auto-configuration of addresses. Even though only a small number of the possible addresses are currently allocated for use by hosts, there are plenty of addresses available even for foreseeable future use. This address space is more enough to connect all of a company's equipment (e.g., computers, printers, pagers) to the Internet without address conflicts Scalable Routing and Addressing Infrastructure Unlike the current IPv4-based Internet, which is a mixture of both flat and hierarchical routing, the IPv6-based Internet has been designed from its foundation to support efficient, hierarchical addressing and routing. Because there is much more available address space in IPv6 than in IPv4, many levels of routing structure may be defined and routing tables can be far more effectively distributed. For example, IPv6 aggregatable global unicast addresses are designed to be aggregated or summarized to produce an efficient routing infrastructure. 2

11 The IPv6 routing option makes it possible for a mixture of "loose" and strict source routing in a single packet. In "loose" routing, only nodes that must be traversed are defined in a path, it allows other unmentioned node between these points to be traversed. In "strict" routing, an exact path is defined, a packet must follow the defined points step by step, and any unmentioned hops are illegal. In IPV6, multicast addresses are more flexible and powerful; we can define different scope to multicast addresses and make it more efficient and scalable in multicast group routing. Broadcast is no more supported and multicast in IPv6 replaces it Automatic Configuration Network addresses management is not an easy job for network administration of a large network. There are some solutions such as Dynamic Host Configuration Protocol (DHCP) for IPv4. In IPv6, however, things can be even simpler. IPv6 supports stateless address configuration, in which, an IPv6 node can obtain its IPv6 address (called site-local addresses) by combining a network prefix that it learns from a local router with its layer-2 MAC address in the absence of a DHCP server. Even in the absence of a router, hosts on the same link can automatically configure themselves with link-local addresses and communicate with each other without any manual configuration. This greatly simplifies the assignment of a complex address space and is touted as a major advantage or feature of IPv6. IPv6 also supports stateful automatic configuration, namely hosts can get their IPv6 addresses through DHCPv6 (IPv6 version of DHCP) server. Address configuration is more flexible in IPv6. Stateful and stateless automatic configuration can be applied to IPv6 host simultaneously, since different IPv6 addresses can be assigned to the same network interface. Autoconfiguration, together with multiple prefixes in IPv6 also make network renumbering much easier Header Format Simplification The IPv6 header has a new format that is designed to keep header overhead to a minimum. The IPv6 header is simpler and far more streamlined than that of IPv4, as shown in figure 1 [4]. All Variable-length headers are gone, some IPv4 header fields have been dropped, and extension headers now handle formerly optional features in IPv4. There are several extensions headers defined 3

12 currently, including Fragment and Authentication Encapsulating Security Payload extension. Generally, routers do not examine extension headers as the packet is forwarded so they reduce packet processing time and bandwidth consumption. Figure 1 IPv6 and IPv4 Header Format IPv6 headers and IPv4 headers are not interoperable. A host or router must use an implementation of both IPv4 and IPv6 in order to process both header formats Flow Labeling Capability IPv6 defines the concept of a "flow" which identifies a packet as part of a ongoing stream data. Flow labeling allows routers to identify and provide special handling for packets belonging to a flow, it ensures better QOS control and provides better support for real-time traffic such as videoconference. Using a flow label, a router can know which end-to-end flow a packet belongs to, and then find out the packets that belong to real-time traffic. The flow label field is in the IPv6 header, so support for QOS can be achieved even when the packet payload is encrypted through IPSec Security The IPv4 specification does not explicitly include any security. The IPv6 basic specification 4

13 includes security, so support for IPSec is an IPv6 protocol suite requirement. Extensions to support security options, authentication, data integrity, and data confidentiality are built into IPv6. Those extension headers related to security include packet encryption (Encapsulated Security Payload), and source authentication (Authentication Header). 1.2 IPv6 Addressing As in IPv4, IPv6 addresses are assigned to interfaces, not computer hosts. In IPv6, one interface can have multiple addresses. Renumbering in IPv6 is designed to happen, so renumbering to IPv6 is much easier than to IPv4. IPv6 addresses can be divided into three types: unicast IPv6 addresses, multicast IPv6 addresses and anycast IPv6 addresses. A unicast address is for a single interface, and some special addresses are also assigned out of the unicast address space. A multicast address is for a set of interfaces that are on the same physical medium. When a packet is sent to a multicast address, the packet is sent to all of the interfaces associated with the multicast address. An anycast address is for a set of interfaces on different physical mediums. A packet sent to an anycast address is only received by one of the interfaces associated with this address (namely the nearest interface) [4]. IPv6 unicast and multicast addresses support scope. There are several types of scope for IPv6 unicast addresses: global scope addresses, link-local addresses and site-local addresses. IPv6 multicast addresses also support many different types of scope, including node scope, link scope, site scope, organization scope, and global scope. Currently, there are no broadcast addresses in IPv6. All types of IPv4 broadcast addressing are replaced in IPv6 by using multicast addresses IPv6 Address Allocation and Representation Similar to the way in which IPv4 address space is divided, the IPv6 address space is divided based on the value of high order bits. The specific type of an IPv6 address is also defined based on the value of high order bits. The variable-length high order bits and their fixed values are known as a Format Prefix (FP). Table 1 shows the current allocation of the IPv6 address space according to Format Prefix [9][10]. 5

14 Allocation FP & Size FP range in Hex Reserved (1/256) FF Unassigned (1/256) FF Reserved for NSAP allocation (1/128) FF Unassigned (1/128) FF Unassigned (1/128) FF Unassigned (1/32) FFF Unassigned 0001 (1/16) FFF Aggregatable global unicast addresses 001 (1/8) FFF Unassigned 010 (1/8) Unassigned 011 (1/8) Unassigned 100 (1/8) 4000-DFFF Unassigned 101 (1/8) Unassigned 110 (1/8) Unassigned 1110 (1/16) E000-EFFF Unassigned (1/32) F000-F7FF Unassigned (1/64) F800-FBFF Unassigned (1/128) FC00-FDFF Unassigned (1/512) FE00-FE7F Link-local unicast addresses (1/1024) FE80-FEBF Site-local unicast addresses (1/1024) FEC0-FEFF Multicast addresses (1/256) FF00-FFFF Table 1 Current Allocation of the IPv6 Address Space This allocation supports the direct allocation of different scope aggregation addresses, multicast addresses. More address space (85%) is unassigned. In the future, this space can be used for expansion of existing address types, or address types for new purposes. IPv4 addresses are divided along 8-bit boundaries and are represented in dotted-decimal format. While in IPv6, the 128-bit address is divided along 16-bit boundaries and each 16-bit block is converted to a 4-digit hexadecimal number and separated by colons. The leading zeros within each 16-bit block are optional and can be removed. The following IPv6 address in binary form can be represented as 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A. In order to simplify the IPv6 addresses representation, a contiguous sequence of 16-bit blocks of 0s can be compressed and represented as double colon "::. However, zero compression can only be used once in order to avoid ambiguity. For example, IPv6 localhost address 0:0:0:0:0:0:0:1 can be compressed to ::1, and the multicast address FF02:0:0:0:0:0:0:2 can be compressed to FF02::2. An alternative form that is sometimes more convenient when dealing with a mixed environment of IPv4 and IPv6 nodes is x:x:x:x:x:x:d.d.d.d, 6

15 where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are the decimal values of the four low-order 8-bit pieces of the address. This form is used in situations such as IPv4-mapped IPv6 address or IPv4-compatible IPv6 address and so on. In a URL, an IPv6 address is enclosed in brackets, for example Parsers have to be modified or upgraded to recognize IPv6 addresses [1][4] IPv6 Unicast Addresses IPv6 unicast addresses are aggregatable with contiguous bit-wise masks similar to IPv4 addresses under CIDR (classless Interdomain Routing). There are several forms of unicast address assignment in IPv6, and additional address types can be defined in the future. IPv6 Special Unicast Addresses There are some special Unicast Addresses assigned. Unspecified address 0:0:0:0:0:0:0:0 and Special address Representation Comments Localhost address ::1 To identify the interface itself, equivalent to loopback address in IPv4 Unspecified address IPv4-mapped IPv6 address IPv4-compatible address :: Equivalent to the IPv4 unspecified address It is used as a placeholder when no address is available. For example used as source address in initial DHCP request and Duplicate address detection. It can t be assigned to an interface or used as a destination address. ::ffff:a.b.c.d/96 ::a.b.c.d/96 a.b.c.d stands for the IPv4 address. It is used to represent an IPv4-only node to an IPv6 node. It is used only for internal representation. The IPv4-mapped address is never used as a source or destination address of an IPv6 packet. [1] a.b.c.d stands for the IPv4 address. It is used in automatic tunneling by IPv6/IPv4 nodes that want to transfer IPv6 packets over IPv4 routing infrastructure. 6to4 address 2002:a.b.c.d/48 a.b.c.d stands for the IPv4 address, it is used for tunneling between two nodes running both IPv4 and IPv6 over an IPv4 routing infrastructure Table 2 Special IPv6 Addresses loopback address ::1 are assigned out of the address space. Special IPv6 addresses also include some addresses defined to aid in the migration from IPv4 to IPv6, such as IPv4-compatible address, IPv4-mapped address, 6to4 address. Table 2 shows these special IPv6 addresses [1][10]. Aggregatable Global Unicast Addresses 7

16 Aggregatable global unicast addresses, also known as global addresses are identified by the FP of 001 and are equivalent to public IPv4 addresses. They are globally routable and reachable on the IPv6 portion of the Internet. A unicast address is designed to support both the current provider-based aggregation and a new type of exchange-based aggregation. The combination will allow efficient routing aggregation for sites that connect directly to providers and for sites that connect to exchanges. Sites will have the choice to connect to either type of aggregation entity. The fields within the aggregatable global unicast address also create a three-level structure as shown in Figure 2: public topology, site topology, and interface identifier [1][4][11]. The aggregatable global unicast address structure is also shown in Figure 2. The fields in the aggregatable global unicast address are: 3 bits 13 bits 8 bits 24 bits 16 bits 64 bits FP TLA ID RES NLA ID SLA ID Interface ID Public Topology Site Interface Identifier Topology Figure 2 IPv6 Aggregatable Global Unicast Address Structure FP: Format Prefix (for aggregatable global unicast addresses is 001) TLA ID: Top-Level Aggregation Identifier, size of the field is 13 bits, RES: Reserved for future use, size of the field is 8 bits, NLA ID: Next-Level Aggregation Identifier, size of the field is 24 bits, SLA ID: Site-Level Aggregation Identifier, size of the field is 16 bits, Interface ID: Interface Identifier, size of the field is 64 bits. TLA ID The Top-Level Aggregation Identifier is the top level in the routing hierarchy. Default-free routers must have a routing table entry for every active TLA, and will probably have additional entries providing routing information for the TLA ID in which they are located. A 13-bit field TLA ID allows up to 8,192 different TLA IDs. The routing topology at all levels is designed to minimize the number of additional entries fed into the default free routing tables. 8

17 Additional TLA ID's may be added by either growing the TLA field to the right into the reserved field or by using this format for additional format prefixes. RES The Reserved field is 8 bits reserved for future use in expanding the size of either the TLA ID field or the NLA ID field. At this time, it must be set to zero. NLA ID - The Next-Level Aggregation Identifier field is used by organizations assigned a TLA ID to create an addressing hierarchy and to identify sites. Each organization assigned a TLA ID receives 24 bits of NLA ID space. The NLA ID allows an ISP to create multiple levels of addressing hierarchy within a network to both organize addressing and routing for downstream ISPs and identify sites. The structure of the ISP s network is invisible to the default-free routers. For example, the organization can assign the top part of the NLA ID in a manner to create an addressing hierarchy appropriate to its network. It can use the remainder of the bits in the field to identify sites it wishes to serve. This NLA ID space allows each organization to provide service to approximately as many organizations as the current IPv4 Internet can support total networks. The combination of the 001 FP, the TLA ID, and the NLA ID form a 48-bit prefix that is assigned to an organization's site that is connecting to the IPv6 portion of the Internet. SLA ID - The Site-Level Aggregation Identifier field is used by an individual organization to create its own local addressing hierarchy and to identify subnets within its site. This is analogous to subnets in IPv4 except that each organization has a much greater number of subnets. The organization can use these 16-bit SLA ID within its site to create 65,536 subnets or multiple levels of addressing hierarchy and an efficient routing infrastructure. The structure of the customer s network is not visible to the ISP. Organizations may choose to either route their SLA ID "flat" (no more logical relationship between the SLA identifiers and results in larger routing tables), or to create a two or more level hierarchy (that results in smaller routing tables) in the SLA ID field. Interface ID Interface ID is used to identify interfaces on a link or a specific subnet. They are required to be unique on that subnet. They may also be unique over a broader scope. Interface IDs used in the aggregatable global unicast address format are required to be 64-bit long and to be constructed in IEEE EUI-64 format. In many cases an interfaces identifier will be the same or be based on the interface's link-layer address. 9

18 Local-Use IPv6 Unicast Addresses There are two types of local-use unicast addresses defined. They are link-local addresses and site-local addresses. Link-local addresses are used for addressing on a single link for purposes such as auto-address configuration, neighbor discovery when no routers are present. They are identified by the FP of On a single link IPv6 network with no router, link-local addresses are used to communicate between hosts on the same link. The scope of a link-local address is the local link. A link-local address is required for neighbor discovery processes and is always automatically configured, even in the absence of all other unicast addresses. The prefix for link-local addresses is always FE80::/64. An IPv6 router must not forward any packets with link-local source or destination addresses beyond the link. Site-local addresses are used for addressing inside of a site without the need for a global prefix. They are identified by the FP of The scope of a site-local address is within the site. Site-local addresses are configured either through stateless or stateful address configuration processes. Site-local addresses have the format shown in figure 3: 10 bits 38 bits 16 bits 64 bits Subnet ID Interface ID Figure 3 The Site-local Address Format The first 48 bits are always fixed for site-local addresses, beginning with FEC0::/48. And they share the same structure with the aggregatable global unicast address beyond the first 48 bits of the address. So a subnetted routing infrastructure can be created and used for both site-local and aggregatable global unicast addresses Multicast IPv6 Addresses An IPv6 multicast address is an identifier for a group of nodes. A node may belong to any number of multicast groups. IPv6 multicast addresses have the FP of , so it always begins with FF. Multicast addresses cannot be used as source addresses or as intermediate destinations in 10

19 a Routing header. Multicast addresses have the format shown in Figure 4. The fields in the multicast address are FP (which is ), Flags, Scope, and Group ID. 8 bits 4 bits 4 bits 112 bits Flags Scope Group ID Figure 4 The IPv6 Multicast Address Flags the field of Flags indicates flags set on the multicast address. The size of this field is 4 bits. Currently, the only flag defined is the fourth bit: Transient (T) flag. The high-order 3 flags are reserved, and must be initialized to 0. When the T flag is set to 0, it indicates that the multicast address is a permanently assigned (well-known) multicast address allocated by the Internet Assigned Numbers Authority (IANA). When set to 1, it indicates that the multicast address is a transient (non-permanently-assigned) multicast address. Scope the field of scope is also 4 bits in size. The multicast scope value is used to limit the scope of the multicast group. In addition to information provided by multicast routing protocols, routers use the multicast scope to determine whether multicast traffic can be forwarded. Table 3 lists the values for the Scope field defined in [10]. Value Scope 0 Reserved 1 Node-local scope 2 Link-local scope 5 Site-local scope 8 Organization-local scope E Global scope F Reserved 3,4,6,7,9,A,B,C,D Unassigned Table 3 Defined Values for the Scope Field Multicast addresses from FF01:: through FF0F:: are reserved, well-known addresses. For example, traffic with the multicast address of FF02::2 has a link-local scope. An IPv6 router never forwards this traffic beyond the local link. Group ID - Identifies the multicast group, either permanent or transient. It is unique within the scope. The size of this field is 112 bits. The meaning of a permanently assigned group IDs is independent of the scope. For example: FF01:0:0:0:0:0:0:101 means all NTP servers on the same 11

20 node as the sender. FF02:0:0:0:0:0:0:101 means all the NTP servers on the same link as the sender. FF05:0:0:0:0:0:0:101 means all the NTP servers at the same site as the sender. Different from permanently assigned group IDs, transient group IDs are only relevant to a specific scope and are meaningful only within the given scope. For example, a group identified by the non-permanent, site-local multicast address FF15:0:0:0:0:0:0:101 at one site has no relationship to a group using the same address at a different site, nor to a non-permanent group using the same group ID with different scope, nor to a permanent group with the same group ID. Multicast addresses must not be used as source addresses in IPv6 packets or appear in any routing header. There are several useful multicast addresses. For example, To identify all nodes for the node-local and link-local scopes, the following multicast addresses are defined: FF01::1 (node-local scope all-nodes multicast address) and FF02::1 (link-local scope all-nodes multicast address). To identify all routers for the node-local, link-local, and site-local scopes, the following multicast addresses are defined: FF01::2 (node-local scope all-routers multicast address), FF02::2 (link-local scope all-routers multicast address), and FF05::2 (site-local scope all-routers multicast address) Anycast IPv6 Addresses An IPv6 anycast address is assigned to more than one interface (typically belonging to different nodes). Packets addressed to an anycast address are forwarded by the routing infrastructure to the nearest interface to which the anycast address is assigned. Anycast addresses are allocated from the unicast address space, using any of the defined unicast address formats.in order to facilitate delivery, the routing infrastructure must be aware of the interfaces assigned anycast addresses and their distance in terms of routing metrics. There is little experience with widespread, arbitrary use of Internet anycast addresses. At present, anycast addresses are only used as destination addresses and are only assigned to routers. The subnet-router anycast address is predefined and required. It is created from the subnet prefix for a given interface. To construct the subnet-router anycast address, the bits in the subnet prefix are fixed at their appropriate values and the remaining bits are set to 0. Figure 5 shows the 12

21 format of the subnet-router anycast address [1][10]. n bits 128-n bits Subnet Prefix Figure 5 The Subnet-Router Anycast Address All router interfaces attached to a subnet are assigned the subnet-router anycast address for that subnet. The subnet-router anycast address is used for communication with one of multiple routers attached to a remote subnet A Node s IPv6 Addresses An IPv4 host with a single network adapter typically has a single IPv4 address assigned to that adapter. An IPv6 host, however, usually has multiple IPv6 addresses - even with a single interface. A typical IPv6 host is required to recognize the following addresses as self-identification. [9][10] A link-local Address for each interface Assigned unicast addresses (which could be a site-local address and one or multiple aggregatable global unicast addresses) for each interface The loopback address (::1) for the loopback interface All-node multicast addresses Solicted-node multicast address for each unicast address on each interface Multicast addresses of all other groups to which the host belongs Typical IPv6 hosts are logically multihomed because they have at least two addresses with which they can receive packets-- a link-local address for local link traffic and a routable site-local or aggregatable address. As a router, it is required to recognize all addresses that a host is required to recognize. In addition, an IPv6 router also must be able to recognize the following addresses to identify itself. The subnet-router anycast addresses for the interfaces it is configured to act as a router on. All other anycast addresses with which the router has been configured. 13

22 All-routers multicast addresses Multicast addresses of all other groups to which the router belongs. 1.3 Address Autoconfiguration One of most useful features of IPv6 is its ability to configure itself even without the use of a stateful protocol such as DHCP server as in IPv4. In IPv6, equipment newly added to a network can automatically configuring its network addresses. Any IPv6 host can obtain its link-local, site-local and global addresses via stateless address with no manual configuration of hosts, minimal (if any) configuration of routers, and no need for additional servers. IPv6 allows a host to generate its own addresses using a combination of locally available information and information advertised by routers [1][12]. IPv6 also supports stateful address autoconfiguration mechanism. The above-mentioned stateless address autoconfiguration approach is used when a site is not particularly concerned with the exact addresses the hosts use, so long as they are unique and properly routable. The stateful approach is used when a site requires tighter control over exact address assignments. In IPv6, Both stateful and stateless address autoconfiguration may be used simultaneously Stateless Address Autoconfiguration In stateless address autoconfiguration, nodes (both hosts and routers) begin the process by generating a link-local address for the interface. A link-local address is formed by appending the interface's identifier (Interface ID) to the well-known link-local prefix (FE80::/64). However, before the link-local address can be assigned to an interface and used, a node must attempt to verify that this "tentative" address is not already in use by another node on the same link. Once a node knows that its tentative link-local address is unique, it assigns it to the interface, and now this node has IP-level connectivity with neighboring nodes with the newly assigned link-local address. Then for an Ipv6 host, the next phase of stateless address autoconfiguration involves obtaining a router advertisement or determining that no routers are present. If there are no routers available, the host has to use other mechanism such as stateful autoconfiguration to obtain other IPv6 addresses and configuration 14

23 parameters. If routers are present, routers will send Advertisements contains prefix Information options that contain information used by stateless address autoconfiguration to generate site-local and global IPv6 addresses, and other configure parameters. For safety, all addresses must be tested for uniqueness prior to their assignment to an interface [12] Stateful Address Autoconfiguration Stateful configuration is based on the use of a stateful address configuration protocol to obtain addresses and other configuration options. It offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. A host will use a stateful address configuration protocol when there are no routers present on the local link or when it receives Router Advertisement Messages without prefix options. A new protocol, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is one way to perform stateful autoconfiguration. In some documents, stateful autoconfiguration means the configuration that the IPv6 addresses and other configuration parameters are obtained through DHCPv6 server. DHCPv6 is the IPv6 equivalent of DHCP in IPv4. It is used to pass out addressing and service information in the same way that DHCP is used in IPv4. This is stateful because the DHCP server and the client must both maintain state information to keep addresses from conflicting, to handle leases, and to renew addresses over time. DHCPv6 is not yet standardized, although there are several drafts available, which are expected to move to proposed standard status shortly [13]. One of the advantages of DHCPv6 is that it does more than handle IP address allocation. For example, DHCPv6 can also be used to let end systems discover their DNS servers. Thus, large networks will likely use a combination of stateless autoconfiguration to discover their address, and DHCPv6 servers to pass out other network information, such as DNS servers, with a third mechanism for the system to register its name in the DNS. 15

24 2 TRANSITION FROM IPV4 TO IPV6 Because of the huge size and coverage of the Internet, it is expected that the transition from IPv4 to IPv6 will need a long time. It is impossible to expect a fast, centrally coordinated cutover. So it is very import to maintaining compatibility with IPv4 while deploying IPv6 and transitioning the Internet to IPv6. The key to a successful IPv6 transition is how to maintain compatibility of IPv6 equipment with the large installed base of IPv4 hosts and routers. The coexistence of both IPv4 and IPv6 must be arranged in a practical and simple way. For smooth, stepwise and independent transition, a set of techniques has been specified. They implement mechanisms for the true internetworking, coexistence, easy address mapping and name service migration. To allow seamless interoperation, all hosts running IPv6 must still be able to communicate with the IPv4 hosts. The IETF specifications for IPv6 contain a lot of information concerning the transition issues. [15][24][25] Lots of transition mechanisms are proposed, most of them are related with Communication between IPv4 and IPv6 nodes Connecting IPv6 islands isolated in the IPv4 world. The basic transition mechanisms for IPv6 hosts and routers including Dual IP Layer Operation and IPv6 over IPv4 Tunneling. Dual stack nodes will be able to interoperate directly with both IPv4 and IPv6 nodes. Tunnel mechanisms provide ways about how IPv6 islands can communicate with each other over the cloud of IPv4 infrastructure. 2.1 Dual IP Layer Operation In order that IPv6 and IPv4 nodes can communicate with each other, the most straightforward way for IPv6 nodes is to provide a complete IPv4 implementation. Dual IP layer operation provides complete support for both IPv4 and IPv6 in hosts and routers, as shown in figure 6 [20]. By providing a complete IPv4 implementation, IPv6 nodes can remain compatible with IPv4-only nodes. This is the dual IP layer technique, and nodes that implements both IPv4 and IPv6 are called dual nodes (IPv6/IPv4 nodes). The dual IP layer technique may or may not be used in conjunction with the 16

25 tunneling techniques. Figure 6 A Dual IP Layer Architecture There are some variations to the dual IP layer operation mechanism. The IPv6 protocol for the Windows.NET Server 2003 family is such an example. The IPv6 protocol driver, Tcpip6.sys, also contains a separate implementation of TCP and UDP and is sometimes referred to as a dual-stack implementation. Figure 7 shows the dual stack architecture of the IPv6 protocol for the Windows.NET Server 2003 family [20]. Figure 7 The Dual Stack Architecture for the Windows.NET Server 2003 Family In order to support bother protocols, IPv6/IPv4 nodes may be configured with both IPv4 and IPv6 addresses. Although the two addresses may be related to each other, this is not required. And 17

26 those IPv6/IPv4 nodes can acquire their IPv4 addresses by using IPv4 mechanisms such as DHCP, or acquire their IPv6 addresses by IPv6 protocol mechanisms such as stateless address autoconfiguration or DHCP v6. For Dual Nodes, the Domain Naming System (DNS) must provide a resolver library capable of dealing with the IPv4 A records as well as new records type for IPv6. So the Domain Name System will be an important component during the transition process to support both IPv4 and IPv6. Apparently, the Dual IP approach brings about some inconvenience. It has some drawbacks and may cause some problem. For example, Dual IP has the need to maintain a multi-protocols, it may introduces more instability and workload to an administrator. In addition, each Dual IP host needs an IPv4 address, so the use of this mechanism will not be possible if the address space of IPv4 is exhausted to the point that new addresses can no longer be assigned. Several solutions are proposed to relieve these problems, for example, DSTM [23] and some translation type transition mechanisms NAT-PT [21], SOCKS [18], and BIS [22] and so on. DSTM (the Dual Stack Transition Mechanism): DSTM proposes to use the dual stack IP approach. With DSTM, IPv4 addresses are assigned dynamically only when needed. So the use of IPv4 global addresses is reduced. DSTM is targeted to help the interoperation of IPv6 newly deployed networks with existing IPv4 networks. Figure 8 is the architecture shows how DSTM works [26]. Figure 8 DSTM Architecture As shown in figure 8, there are 3 different types of device, an IPv6-only host, a DSTM server and a DSTM gateway. DSTM server administrates the IPv4 address pool. Whenever a host in the IPv6 domain needs to communicate with an IPv4 host, it first asks the DSTM server for a temporary 18

27 IPv4 address, and the DSTM server then will reserve one for the IPv6 host. And also tell the IPv6 host information about the DSTM gateway. Following this message exchange, IPv6 host can configures its IPv4 stack with the allocated address, and from now on, all IPv4 packets from the host are tunneled to the DSTM gateway. NAT-PT (Network Address Translator Protocol Translator): As shown in figure 9 [44], a NAT-PT device resides at the borders between an IPv6 and IPv4 network. It makes address and protocol translation at the IP level. NAT-PT allows native IPv6 hosts to communicate with native IPv4 hosts and vice versa. Similar to DSTM, NAT-PT allocates an IPv4 pool addresses to identify the IPv6 hosts and handles the mapping of the IPv4 pool address to the IPv6 host. In addition, header translation is also performed by NAT-PT. Figure 9 NAT-PT Architecture In NAT-PT, the communication between IPv6 and IPv4 relays on a NAT box that translates between IPv4 and IPv6. So NAT-PT will cause performance degradation, and the NAT-PT device is a single point of failure. NAT-PTs are just a temporary solution. The NAT-PT box may be removed after the transition has been completed. SOCKS: SOCKS: provides a way for a gateway named SOCKS Server to act as a relay of TCP and UDP connections between two end hosts. A small or medium sized IPv4 network can provide access to an external IPv6 network using a SOCKS Server in a dual stack machine which can have access to both networks. An IPv4 host connects to an IPv6 host by sends a request to the 19

28 SOCKS Server using the Full Qualified Domain Name (FQDN) of the IPv6 host. The SOCKS Server resolves the FWDN to an IPv6 address and sends a fake IPv4 address back to IPv4 host. So two connections are established: one connection between the IPv4 host with SOCKS Server, and the other connection between the SOCKS Server and the IPv6 host. However, all these processes are invisible to applications, since they make socket calls with the usual socket API [18]. BIS (Bump in the Stack): BIS allows the hosts to communicate with other IPv6 hosts using existing IPv4 applications. It is highly desirable since the low availability of existing IPv6 applications. As shown in Figure 10 [44], BIS inserts modules into the hosts. The modules snoop the data flowing between a TCP/IPv4 module and network card driver modules and translate the IPv4 into IPv6 and vice versa, to act as translators, like NAT-PT implemented within the host. When they communicate with the other IPv6 hosts, pooled IPv4 addresses are assigned to the IPv6 hosts internally, but the IPv4 addresses never flow out from them. Moreover, since the assignment is automatically carried out using DNS protocol, users do not need to know whether target hosts are IPv6 ones or not. Through BIS, existing IPv4 applications can communicate with IPv6 hosts (looking like they were dual stack hosts for both IPv4 and IPv6). BIS expands the territory of dual stack hosts. BIS can co-exist with other translators because their roles are different. Figure 10 Using IPv4 Applications over an IPv6 network by BIS 2.2 IPv6 over IPv4 Tunneling Mechanisms The mechanisms described here are designed to enable IPv6 communication between IPv6 20

29 islands isolated in the IPv4 world. All of these rely on tunnels. A tunnel is a link between two IPv4 end-points that must be configured by specifying the IPv6 destinations for which the packets are to be encapsulated, and the remote IPv4 end-point to which they must be sent. The IPv6 routing infrastructure will be built up over time. While the IPv6 infrastructure is being deployed, the existing IPv4 routing infrastructure can be used to carry IPv6 traffic. IPv6 nodes (or networks) that are separated by IPv4 infrastructures can build a virtual link by configuring a tunnel. Tunneling provides a way to make use of IPv4 routing infrastructure to carry IPv6 traffic. IPv6/IPv4 dual nodes can tunnel datagrams over regions of IPv4 routing topology by encapsulating IPv6 packets within IPv4 packets. Tunneling can be used in a variety of ways: Router-to-Router, Host-to-Router, Host-to-Host, and Router-to-Host. The first two tunneling methods listed above are called "configured tunneling, the endpoint of this type of tunnel is an intermediary router. When tunneling to a router, the endpoint of the tunnel is different from the destination of the packet being tunneled. Since the addresses in the IPv6 packet being tunneled cannot provide the IPv4 address of the tunnel endpoint, the tunnel endpoint address is determined from configuration information on the node performing the tunneling. The last two tunneling methods are called "automatic tunneling". In automatic tunneling, the IPv6 packet is tunneled all the way to its final destination. In this case, the destination address of both the IPv6 packet and the encapsulating IPv4 header identify the same node. This fact can be exploited by encoding information in the IPv6 destination address that will allow the encapsulating node to determine the IPv4 address of the tunnel endpoint automatically [15]. Other tunneling mechanisms including 6over4, 6to4 and tunnel broker. They are described in more detail in the following paragraphs Configured Tunneling In configured tunneling, the tunnel endpoint address is determined from configuration information in the encapsulating node. For each tunnel, the encapsulating node must store the tunnel endpoint address. When an IPv6 packet is transmitted over a tunnel, the tunnel endpoint address configured for that tunnel is used as the destination address for the encapsulating IPv4 header. The 21

30 determination of which packets to tunnel is usually made by routing information on the encapsulating node. This is usually done via a routing table, which directs packets based on their destination address using the prefix mask and match technique. In the simplest case, the network administrator configures tunnels manually by agreement with the administrator of the network where the remote IPv4 end-point resides. Most of the interconnections between IPv6 networks used in the worldwide are initially set up through manually configured tunneling. However, having to deal with large numbers of tunnels is necessary for interconnections between IPv6 and IPv4. Configured tunneling will cause an enormous administrative workload for network managers and makes it necessary to deploy automatic tunneling configuration mechanisms. A number of other tunneling mechanisms also have been proposed, such as 6over4, 6to4, tunnel broker, and so on Automatic Tunneling IPv6/IPv4 nodes that perform automatic tunneling are assigned an IPv4-compatible address. IPv4-compatible addresses are assigned exclusively to nodes that support automatic tunneling. A node should be configured with an IPv4-compatible address only if it is prepared to accept IPv6 packets destined to that address encapsulated in IPv4 packets destined to the embedded IPv4 address. In automatic tunneling, the tunnel endpoint address is determined from the packet being tunneled. If the destination IPv6 address is IPv4-compatible, then the packet can be sent via automatic tunneling. If the destination is IPv6-native, the packet cannot be sent via automatic tunneling. A routing table entry can be used to direct automatic tunneling. An implementation can have a special static routing table entry for the prefix 0:0:0:0:0:0/96. (That is, a route to the all-zeros prefix with a 96-bit mask.) Packets that match this prefix are sent to a pseudo-interface driver that performs automatic tunneling. Since all IPv4-compatible IPv6 addresses will match this prefix, all packets to those destinations will be auto-tunneled. Once it is delivered to the automatic tunneling module, the IPv6 packet is encapsulated within an IPv4 header. The destination IPv4 address is put as low-order 32-bits of IPv6 destination address 22

31 and the source IPv4 address is the IPv4 address of interface the packet is sent via. The automatic tunneling module always sends packets in this encapsulated form, even if the destination is on an attached datalink. This mechanism is proposed in [15], it was not widely accepted, as the fact that it calls for importing IPv4 routing tables into the IPv6 routing infrastructure effectively precludes optimal hierarchical routing, and it can be used only between individual hosts to4 6to4 is an optional method of connecting IPv6 domains via IPv4 clouds. The objective of this method is to allow isolated IPv6 sites (or hosts), which are attached to an IPv4 network which has no native IPv6 support, to communicate with other IPv6 domains. As shown in Figure 11 [45], the router on the border of the IPv6 domain creates a tunnel to the other domain, and the IPv4 endpoints of the tunnel are identified in the prefix of the IPv6 domain. 6to4 provides a mechanism to construct IPv6 addresses automatically from IPv4 addresses. This technique makes it extremely easy to extract the embedded IPv4 address. The whole IPv6 packet can be delivered over an IPv4 network encapsulated in an IPv4 packet. Thus, no configured tunnels are needed to send packets between 6to4 capable IPv6 sites situated anywhere in IPv4 Internet. In this way IPv6 gains considerable independence of the underlying wide area network and can step over many hops of IPv4 subnets. Applying the rules defined in [25] a site may migrate from IPv4 to 6to4 and then to native IPv6, without having to cease any of the previous mechanisms/protocol. We may stop the use of IPv4 only when there is no more need for the addresses. 23