Presentation title - University of Kansas

Presentation title - University of Kansas

IPv6 Overview Brent Frye EECS710 Overview Google Drive Microsoft Cloud Drive

Dropbox Paid-for alternatives 2 Larger Address Space IPv4 has 4.3 billion unique addresses IPv6 has 340 trillion trillion trillion (undecillion) addresses or 3.4 x 10^38. That is enough for a billion billion IP addresses for every person in the world for every second of their life.

No Network Address Translation (NAT) required. 3 New Header Format Header overhead is minimized, even though address is 4 times as long as IPv4 the header is only twice as long. Not backward compatible with IPv4 Header information contains Source Address, Destination Address, and Hop Limit. 4

Hierarchical Addressing and Routing Infrastructure

IPv6 uses unicast address routing topology to make a simple hierarchical infrastructure that is more efficient and requires smaller routing tables on backbone routers. Aggregatable global unicast addresses (highest level, public facing) Link-local addresses (Communicate with neighboring nodes on same link, FP 1111 1110 10, auto configured) Site-local addresses (similar to IPv4 private addresses, assigned through stateless or stateful configuration.) Special addresses (Unspecified address 0:0:0:0:0:0:0:0 or ::, Loopback address 0:0:0:0:0:0:0:1 or ::1) Compatibility Addresses (6to4 addresses, IPv4-mapped address) NSAP addresses (Network Service Access Point)

5 Stateless and stateful address configuration Stateful address configuration is with a DHCP server Stateless configuration is without a DHCP server. Link-local auto configuration. Combined: configuration based on Router Advertisement messages. Stateless prefixes that host stateful address protocol.

6 Built-in security Confidentiality IPSec encryption of all traffic Authentication IPSec traffic digitally signed for sender verification Data integrity IPSec traffic includes crypto checksum to validate integrity. IPSec is not enabled by default but requires configuration by the network administrator

7 Built-in security cont. Optional security feature Moving Target IPv6 Defense (MT6D) allows dynamic obscuring of the sender and reciever addresses MT6D is possible because of the large address space allowed in IPv6 can provide and because of stateless address configuration (SLAAC) Packets are encrypted and tunneled end-to-end so that source and destination address can be changed without breaking the session.

8 Better Quality of Service (QoS) IPv6 can use flows to provide special handling to a packet. New IPv6 header Flow Label field in the header means that QoS works even when the payload of the packet is encrypted. 9

Neighboring node interaction IPv6 Neighbor Discovery (ND) replaces ARP and ICMP Hosts use ND to discover neighboring routers and to discover addresses, address prefixes, and other parameters. Routers use ND to advertise their presence, configure host parameters, inform hosts of next-hop address and on-link prefixes. Nodes use ND to resolve link-layer address of a neighboring node to see if it has changed and to determine if IPv6 packets can be sent to or received from the neighbor. 10

Extensability Added support for extension headers not limited to size of packet instead of 40 bytes like IPv4 Current defined extension headers for: Hopby Hop option, routing, fragmentation, authentication, encapsulation, destination options. 11 Threats

Many new operating systems have IPv6 enabled but uncontrolled by default when using IPv4 IPSec is not mandatory and requires configuration IPv6 using ND is vulnerable to man-in-the-middle attacks (route advertisement can expose all local assets to the global IPv6 network) 12 Conclusions IPv6 is more than just extended address space.

Potential for more security challenges as well as improved security features. 13 Links Microsoft overview http://technet.microsoft.com/en-us/library/cc738636(v=ws.1 0).aspx IPv6 white paper -http://140.116.82.38/members/html/ms03/dclin/technique_ paper/IPv6/IPv6%20Features%20and%20Benefiits.pdf IPv6 Security Fallacies http://www.networkcomputing.com/ipv6/4-ipv6-securityfallacies/240159771

14

Recently Viewed Presentations

  • 2016 FLORIDA YOUTH SUBSTANCE ABUSE SURVEY Duval County

    2016 FLORIDA YOUTH SUBSTANCE ABUSE SURVEY Duval County

    high school. drinkers, Duval County and Florida Statewide, 2016. Duval County. Florida Statewide. Percentage County 2016 Bought in a store Bought in a restaurant, bar, or club Bought at a public event Someone bought it for me Someone gave it...
  • Social Media and Its Effect on Education - ICASE

    Social Media and Its Effect on Education - ICASE

    Origins of ESSA. The resulting law dramatically increases state and local flexibility, while continuing to require that state and local officials establish standards, test annually at certain grade levels, set long-term and interim goals, and intervene in schools where students,...
  •  Mycobacteria By Prof. Fouad Elkenawy Mycobacteria  Obligate aerobe.

    Mycobacteria By Prof. Fouad Elkenawy Mycobacteria Obligate aerobe.

    Small , straight or slightly curved bacilli , non motile , non sporulated . Occur singly, in pairs or in masses . Acid & alcohol fast (resist decolurization with acid & alcohol) . Not stained by Gram. Mycobacteria. Different types...
  • Components of Differentiated Instruction - CIRCLE

    Components of Differentiated Instruction - CIRCLE

    respectful tasks. flexible grouping. ongoing assessment and adjustment. Respectful. Tasks . meaning a deep respect for the identity of the individual and how she or he learns. Meaning that we as teachers honor both the commonalities and the differences of...
  • eliscuola.files.wordpress.com

    eliscuola.files.wordpress.com

    C'è persino un flebile ma suggestivo filo che lega il cardinale di Cusa alla scoperta dell'America: Cristoforo Colombo, infatti, copiò di suo pugno una lettera, fornita di calcoli e mappe, scritta ai reali di Spagna dal grande cartografo Paolo Dal...
  • Communities & Roles Two types ways of identifying

    Communities & Roles Two types ways of identifying

    * The art analogy I have in mind is the contrast of, say, painting to music - music is creative within levels of constraint - defined by key, time signature, rule of harmony, etc. These can be violated, but the...
  • ECE 331 - Digital System Design

    ECE 331 - Digital System Design

    ECE 331 - Digital System Design Basic Logic Operations and Standard Logic Gates (Lecture #1) * * * * * Morgan Kaufmann Publishers Chapter 3 — Arithmetic for Computers Spring 2011 ECE 301 - Digital Electronics * Questions?
  • Sector Skills Agreement  Identified Skills Need 10, 000

    Sector Skills Agreement Identified Skills Need 10, 000

    CASE STUDY . Craft apprentice who . completes . his/ her craft apprenticeship with a National Certificate and NVQ level 3 He /she transfers to Higher Apprenticeship in Engineering Technology (Year 2) which includes the NVQ 4 and Foundation Degree,...