[IPv6] Neighbor Discovery

2009. 6. 10. 20:47 | Posted by 꿈꾸는코난

Neighbor Discovery

Internet Protocol version 6 (IPv6) Neighbor Discovery (ND) is a set of messages and processes defined in RFC 4861 that determine relationships between neighboring nodes. ND replaces Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP) router discovery, and the ICMP Redirect message used in IPv4. ND also provides additional functionality.

  * ND message format

   


    - Router Solicitation
    - Router Advertisement
    - Neighbor Solicitation
    - Router Advertisement
    - Redirect

  * Router Solicitation
The Router Solicitation message is sent by IPv6 hosts to discover the presence of IPv6 routers on the link. A host sends a multicast Router Solicitation message to prompt IPv6 routers to respond immediately, rather than waiting for an unsolicited Router Advertisement message.

For example, assuming that the local link is Ethernet, in the Ethernet header of the Router Solicitation message you will find these settings:

■ The Source Address field is set to the MAC address of the sending network
    adapter.
■ The Destination Address field is set to 33-33-00-00-00-02.
    In the IPv6 header of the Router Solicitation message, you will find the following
    settings:
■ The Source Address field is set to either a link-local IPv6 address assigned to the
    sending interface or the IPv6 unspecified address (::).
■ The Destination Address field is set to the link-local scope all-routers multicast
    address(FF02::2).
■ The Hop Limit field is set to 255.

  * Router Advertisement
IPv6 routers send unsolicited Router Advertisement messages pseudo-periodically—that is, the interval between unsolicited advertisements is randomized to reduce synchronization issues when there are multiple advertising routers on a link—and solicited Router Advertisement messages in response to the receipt of a Router Solicitation message. The Router Advertisement message contains the information required by hosts to determine the link prefixes, the link MTU, specific routes, whether or not to use address autoconfiguration, and the duration for which addresses created through address autoconfiguration are valid and preferred.

For example, assuming that the local link is Ethernet, in the Ethernet header of the Router Advertisement message, you will find these settings:

■ The Source Address field is set to the MAC address of the sending network
    adapter.
■ The Destination Address field is set to either 33-33-00-00-00-01 or the unicast
    MAC address of the host that sent a Router Solicitation from a unicast address.
    In the IPv6 header of the Router Advertisement message, you will find the
    following settings:
■ The Source Address field is set to the link-local address assigned to the sending
    interface.
■ The Destination Address field is set to either the link-local scope all-nodes
    multicast address (FF02::1) or the unicast IPv6 address of the host that sent the
    Router Solicitation message from a unicast address.
■ The Hop Limit field is set to 255.

  * Neighbor Solicitation
IPv6 nodes send the Neighbor Solicitation message to discover the link-layer address of an on-link IPv6 node or to confirm a previously determined link-layer address. It typically includes the link-layer address of the sender. Typical Neighbor Solicitation messages are multicast for address resolution and unicast when the reachability of a neighboring node is being verified.

For example, assuming that the local link is Ethernet, in the Ethernet header of the Neighbor Solicitation message, you will find the following settings:

■ The Source Address field is set to the MAC address of the sending network
    adapter.
■ For a multicast Neighbor Solicitation message, the Destination Address field is
    set to the Ethernet MAC address that corresponds to the solicited-node address
    of the target. For a unicast Neighbor Solicitation message, the Destination
    Address field is set to the unicast MAC address of the neighbor.
    In the IPv6 header of the Neighbor Solicitation message, you will find these
    settings:
■ The Source Address field is set to either a unicast IPv6 address assigned to the
    sending interface or, during duplicate address detection, the unspecified address
    (::).
■ For a multicast Neighbor Solicitation, the Destination Address field is set to the
    solicitednode address of the target. For a unicast Neighbor Solicitation, the
    Destination Address field is set to the unicast address of the target.
■ The Hop Limit field is set to 255.

  * Neighbor Advertisement
An IPv6 node sends the Neighbor Advertisement message in response to a Neighbor Solicitation message. An IPv6 node also sends unsolicited Neighbor Advertisements to inform neighboring nodes of changes in link-layer addresses or the node’s role. The Neighbor Advertisement contains information required by nodes to determine the type of Neighbor Advertisement message, the sender’s role on the network, and typically the link-layer address of the sender.

For example, assuming that the local link is Ethernet, in the Ethernet header of the Neighbor Advertisement message, you will find the following settings:

■ The Source Address field is set to the MAC address of the sending network
    adapter.
■ The Destination Address field is set, for a solicited Neighbor Advertisement, to the
    unicast MAC address of the initial Neighbor Solicitation sender. For an
    unsolicited Neighbor Advertisement, the Destination Address field is set to 33-33-
    00-00-00-01, which is the Ethernet MAC address corresponding to the link-local
    scope all-nodes multicast address.
    In the IPv6 header of the Neighbor Advertisement message, you will find
    these  settings:
■ The Source Address field is set to a unicast address assigned to the sending
    interface.
■ The Destination Address field is set, for a solicited Neighbor Advertisement, to the
    unicast IP address of the sender of the initial Neighbor Solicitation. For an
    unsolicited Neighbor Advertisement, the Destination Address field is set to the  
    link-local scope all-nodes multicast address (FF02::1).
■ The Hop Limit field is set to 255.

  * Redirect
The Redirect message is sent by an IPv6 router to inform an originating host of a better firsthop address for a specific destination. Redirect messages are sent only by routers for unicast traffic, are unicast only to originating hosts, and are processed only by hosts.

For example, assuming that the local link is Ethernet, in the Ethernet header of the Redirect message, you will find the following settings:

■ The Source Address field is set to the MAC address of the sending network
    adapter.
■ The Destination Address field is set to the unicast MAC address of the originating
    sender. In the IPv6 header of the Redirect message, you will find these settings:
■ The Source Address field is set to a unicast address that is assigned to the
    sending interface.
■ The Destination Address field is set to the unicast IP address of the originating
    host.
■ The Hop Limit field is set to 255.

  * ND messages and the options that might be included

  * IPv4 Neighbor Message and Fuctions and IPv6 Equivalents

'컴맹의 컴퓨터 이야기 > IPv6' 카테고리의 다른 글

[IPv6] ICMPv6  (1) 2009.06.10
[IPv6] IPv6 Header  (0) 2009.06.10
[IPv6] IPv6 Addressing  (0) 2009.06.09
[IPv6] Comparison of IPv4 and IPv6  (0) 2009.06.09
[IPv6] IPv6 시대가 도래할 것인가?  (0) 2009.05.28

[IPv6] ICMPv6

2009. 6. 10. 18:28 | Posted by 꿈꾸는코난
ICMPv6

Like IPv4, the specification for the Internet Protocol version 6 (IPv6) header and extension headers does not provide facilities for reporting errors. Instead, IPv6 uses an updated version of the Internet Control Message Protocol (ICMP) named ICMP version 6 (ICMPv6). ICMPv6 has the common IPv4 ICMP functions of reporting delivery and forwarding errors and providing a simple echo service for troubleshooting. ICMPv6 is defined in RFC 4443 and is required for an IPv6 implementation.

The ICMPv6 protocol also provides a packet structure framework for the following:

Neighbor Discovery     Neighbor Discovery (ND) is a series of five ICMPv6 messages that manage node-to-node communication on a link. ND replaces Address Resolution Protocol (ARP), ICMPv4 Router Discovery, and the ICMPv4 Redirect message. ND is described in more detail in Chapter 6, “Neighbor Discovery.”
Multicast Listener     Discovery Multicast Listener Discovery (MLD) is a series of three ICMPv6 messages that are equivalent to the Internet Group Management Protocol (IGMP) for IPv4 for managing subnet multicast membership.


  * ICMPv6 Header Structure

   


Type     Indicates the type of ICMPv6 message. The size of this field is 8 bits. In ICMPv6 error messages, the high-order bit is set to 0. In ICMPv6 informational messages, the high-order bit is set to 1.

Code     Differentiates among multiple messages within a given message type. The size of this field is 8 bits. For the first, or only, message for a given type, the value of the Code field is 0.

Checksum     Stores a checksum of the ICMPv6 message. The size of this field is 16 bits. The IPv6 pseudo-header is added to the front of the ICMPv6 message when calculating the checksum.

Message body     Contains ICMPv6 message-specific data.

  * ICMPv4와 ICMPv6 메시지의 비교

'컴맹의 컴퓨터 이야기 > IPv6' 카테고리의 다른 글

[IPv6] Neighbor Discovery  (0) 2009.06.10
[IPv6] IPv6 Header  (0) 2009.06.10
[IPv6] IPv6 Addressing  (0) 2009.06.09
[IPv6] Comparison of IPv4 and IPv6  (0) 2009.06.09
[IPv6] IPv6 시대가 도래할 것인가?  (0) 2009.05.28

[IPv6] IPv6 Header

2009. 6. 10. 17:28 | Posted by 꿈꾸는코난


IPv6 Header

  * Struct of an IPv6 Packet 

   



IPv6 Header     The IPv6 header is always present and is a fixed size of 40 bytes. The fields in the IPv6 header are described in the “IPv6 Header” section in this chapter.

Extension Headers     Zero or more extension headers can be present and are of varying lengths. If extension headers are present, a Next Header field in the IPv6 header indicates the first extension header. Within each extension header is another Next Header field, indicating the next extension header. The last extension header indicates the header for the upper-layer protocol—such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or Internet Control Message Protocol for version 6 (ICMPv6)—contained within the upper-layer protocol data unit.
The IPv6 header and extension headers replace the existing IPv4 header and its options. The new extension header format allows IPv6 to be enhanced to support future needs and capabilities. Unlike options in the IPv4 header, IPv6 extension headers have no maximum size and can expand to accommodate all the extension data needed for IPv6 communication.

Upper-Layer Protocol Data Unit     The upper-layer protocol data unit (PDU) typically consists of an upper-layer protocol header and its payload (for example, an ICMPv6 message, a TCP segment, or a UDP message).
The IPv6 packet payload is the combination of the IPv6 extension headers and the
upper-layer PDU. Normally, it can be up to 65,535 bytes long. IPv6 packets with
payloads larger than 65,535 bytes in length, known as jumbograms, can also be sent.

  * IPv4 Header

   



  * IPv6 header

   


  * IPv4와 IPv6 헤더의 비교

  * IPv6 Extension Header

Hop-by-Hop Options Header

The Hop-by-Hop Options header is used to specify delivery parameters at each hop on the path to the destination. It is identified by the value of 0 in the IPv6 header’s Next Header field.
The Hop-by-Hop Options header consists of a Next Header field, a Header Extension Length field, and an Options field that contains one or more options. The value of the Header Extension Length field is the number of 8-byte blocks in the Hop-by-Hop Options extension header, not including the first 8 bytes. Therefore, for an 8-byte Hop-by-Hop Options header, the value of the Header Extension Length field is 0. Padding options are used to ensure 8-byte boundaries.

Destination Options Header

The Destination Options header is used to specify packet delivery parameters for either intermediate destinations or the final destination. This header is identified by the value of 60 in the previous header’s Next Header field. The Destination Options header has the same structure as the Hop-by-Hop Options header.

The Destination Options header is used in two ways:
1. If a Routing header is present, it specifies delivery or processing options at each intermediate destination. In this case, the Destination Options header occurs before the Routing header.
2. If no Routing header is present, or if this header occurs after the Routing header, this header specifies delivery or processing options at the final destination. An example of a destination option is the Home Address destination option for Mobile IPv6.

Routing Header

IPv4 defines strict source routing, in which each intermediate destination must be only one hop away, and loose source routing, in which each intermediate destination can be one or more hops away. IPv6 source nodes can use the Routing header to specify a source route, which is a list of intermediate destinations for the packet to travel to on its path to the final destination. The Routing header is identified by the value of 43 in the previous header’s Next Header field.

The Routing header consists of a Next Header field, a Header Extension Length field (defined in the same way as the Hop-by-Hop Options extension header), a Routing Type field, a Segments Left field that indicates the number of intermediate destinations that are still to be visited, and routing type-specific data.

Fragment Header

The Fragment header is used for IPv6 fragmentation and reassembly services. This header is identified by the value of 44 in the previous header’s Next Header field. The Fragment header includes a Next Header field, a 13-bit Fragment Offset field, a More Fragments flag, and a 32-bit Identification field. The Fragment Offset, More Fragments flag, and Identification fields are used in the same way as the corresponding fields in the IPv4 header. Because the use of the Fragment Offset field is defined for 8-byte fragment blocks, the Fragment header cannot be used for jumbograms. The maximum number that can be expressed with the 13-bit Fragment Offset field is 8191. Therefore, Fragment Offset can be used to indicate only a fragment data starting position of up to 8191 × 8, or 65,528.

Authentication Header

The Authentication header provides data authentication (verification of the node that sent the packet), data integrity (verification that the data was not modified in transit), and antireplay protection (assurance that captured packets cannot be retransmitted and accepted as valid data) for the IPv6 packet including the fields in the IPv6 header that do not change in transit across an IPv6 internetwork. The Authentication header, described in RFC 2402, is part of the security architecture for IP, as defined in RFC 2401. The Authentication header is identified by the value of 51 in the previous header’s Next Header field.
The Authentication header contains a Next Header field, a Payload Length field (the number of 4-byte blocks in the Authentication header, not counting the first two), a Reserved field, a Security Parameters Index (SPI) field that helps identify a specific IP Security (IPsec) security association (SA), a Sequence Number field that provides antireplay protection, and an Authentication Data field that contains an integrity value check (ICV). The ICV provides data authentication and data integrity.

'컴맹의 컴퓨터 이야기 > IPv6' 카테고리의 다른 글

[IPv6] Neighbor Discovery  (0) 2009.06.10
[IPv6] ICMPv6  (1) 2009.06.10
[IPv6] IPv6 Addressing  (0) 2009.06.09
[IPv6] Comparison of IPv4 and IPv6  (0) 2009.06.09
[IPv6] IPv6 시대가 도래할 것인가?  (0) 2009.05.28

[IPv6] IPv6 Addressing

2009. 6. 9. 21:54 | Posted by 꿈꾸는코난
IPv6 주소 체계

IPv6 Adress는 다음과 같은 세가지 타입이 있다.

  Unicast

A unicast address identifies a single interface within the scope of the type of address. The scope of an address is the region of the IPv6 network over which the address is unique. With the appropriate unicast routing topology, packets addressed to a unicast address are delivered to a single interface. To accommodate load-balancing systems, RFC 4291 allows for multiple interfaces to use the same address as long as they appear as a single interface to the IPv6 implementation on the host.


  Multicast

A multicast address identifies zero or more interfaces on the same or different hosts. With the appropriate multicast routing topology, packets addressed to a multicast address are delivered to all interfaces identified by the address.


  Anycast

An anycast address identifies multiple interfaces. With the appropriate unicast routing topology, packets addressed to an anycast address are delivered to a single interface—the nearest interface that is identified by the address. The nearest interface is defined as being the closest in terms of routing distance. A multicast address is used for one-to-many communication, with delivery to multiple interfaces. An anycast address is used for one-to-one-of-many communication, with delivery to a single interface.


Unicast Address의 종류와 구조는 다음과 같다.

   Global Unicast Address


Link Local Address

   Site Local Address



Multicast Address의 종류와 구조는 다음과 같다.


   Solicited-Node Address


Anicast Address의 종류와 구조는 다음과 같다.

   Subnet-Router Anycast Address


IPv4 주소와 IPv6 주소의 비교




'컴맹의 컴퓨터 이야기 > IPv6' 카테고리의 다른 글

[IPv6] Neighbor Discovery  (0) 2009.06.10
[IPv6] ICMPv6  (1) 2009.06.10
[IPv6] IPv6 Header  (0) 2009.06.10
[IPv6] Comparison of IPv4 and IPv6  (0) 2009.06.09
[IPv6] IPv6 시대가 도래할 것인가?  (0) 2009.05.28

[IPv6] Comparison of IPv4 and IPv6

2009. 6. 9. 20:00 | Posted by 꿈꾸는코난

IPv4와 IPv6의 차이점을 나타낸 표

'컴맹의 컴퓨터 이야기 > IPv6' 카테고리의 다른 글

[IPv6] Neighbor Discovery  (0) 2009.06.10
[IPv6] ICMPv6  (1) 2009.06.10
[IPv6] IPv6 Header  (0) 2009.06.10
[IPv6] IPv6 Addressing  (0) 2009.06.09
[IPv6] IPv6 시대가 도래할 것인가?  (0) 2009.05.28

신문 기사를 보면 여러 보안업체에서 IPv6를 지원한다는 내용을 보게 된다. 2000년대 초중반의 형식적인 지원이 아니라 실제 운영이 가능한 형태로 말이다. 그리고 많은 운영체제(Linux, WIndows 등)이 이미 IPv6 stack을 기본적으로 탑재를 하고 있다.

IPv6 활성화에 대한 얘기는 이미 수년전부터 나왔었고 당장이라도 네트워크 환경이 IPv6로 바뀌어 나갈 것 처럼 얘기하지만 여전히 IPv6로의 전환은 느리기만 한 상황인거 같다.

주소할당공간의 부족은 이미 NAT를 많이 사용하기 있기 때문에 더이상 IPv4 주소의 부족이 IPv4 망의 한계로 보여지지는 않을 것이고, 그렇다면 어떤 계기로 IPv6 네트워크 환경으로 전환이 이루어질것인가도 유심히 지켜볼만 하다. 대략 정부 주도에 의한 반강제적인 전환말고는 알아서 IPv6망으로 바꿀 네트워크 관리자나 사업자는 별로 없는 듯 하지만 말이다.

하여튼 IPv4 환경에 익숙한 사용자도 IPv6를 사용하기에는 상당히 막막한 것이 현실이다. 일단 IP 주소를 간단히 외우기 힘들게 되었고, 네트워크 문제가 발생했을 때도 뭐가 문제인지 파악하는게 쉽지 않은 것도 원인 중의 하나로 볼 수 있다.

그래서 생각이 든 것인데 IPv6 망으로의 전환이 이루어진다고 가정했을 때 IPv6 네트워크 제품보다는 차라리 IPv4 사용자 측면에서 IPv6 네트워크 툴을 만들면 어떨까 하는 생각이 들었다. 뭐가 될지는 모르겠지만 IPv4 개념만을 가지고 있는 사용자가 IPv6에 대해 잘 모르더라도 편하게 사용할 수 있는 유틸리티 말이다. 사용자 편의성을 생각해서 좀 고민한다면 재미있는 유틸리티를 만들어 낼수 있지 않을까?

'컴맹의 컴퓨터 이야기 > IPv6' 카테고리의 다른 글

[IPv6] Neighbor Discovery  (0) 2009.06.10
[IPv6] ICMPv6  (1) 2009.06.10
[IPv6] IPv6 Header  (0) 2009.06.10
[IPv6] IPv6 Addressing  (0) 2009.06.09
[IPv6] Comparison of IPv4 and IPv6  (0) 2009.06.09
이전 1 다음