Presentation title - University of Kansas

IPv6 Overview Brent Frye EECS710 Overview Google Drive Microsoft Cloud Drive

Dropbox Paid-for alternatives 2 Larger Address Space IPv4 has 4.3 billion unique addresses IPv6 has 340 trillion trillion trillion (undecillion) addresses or 3.4 x 10^38. That is enough for a billion billion IP addresses for every person in the world for every second of their life.

No Network Address Translation (NAT) required. 3 New Header Format Header overhead is minimized, even though address is 4 times as long as IPv4 the header is only twice as long. Not backward compatible with IPv4 Header information contains Source Address, Destination Address, and Hop Limit. 4

Hierarchical Addressing and Routing Infrastructure

IPv6 uses unicast address routing topology to make a simple hierarchical infrastructure that is more efficient and requires smaller routing tables on backbone routers. Aggregatable global unicast addresses (highest level, public facing) Link-local addresses (Communicate with neighboring nodes on same link, FP 1111 1110 10, auto configured) Site-local addresses (similar to IPv4 private addresses, assigned through stateless or stateful configuration.) Special addresses (Unspecified address 0:0:0:0:0:0:0:0 or ::, Loopback address 0:0:0:0:0:0:0:1 or ::1) Compatibility Addresses (6to4 addresses, IPv4-mapped address) NSAP addresses (Network Service Access Point)

5 Stateless and stateful address configuration Stateful address configuration is with a DHCP server Stateless configuration is without a DHCP server. Link-local auto configuration. Combined: configuration based on Router Advertisement messages. Stateless prefixes that host stateful address protocol.

6 Built-in security Confidentiality IPSec encryption of all traffic Authentication IPSec traffic digitally signed for sender verification Data integrity IPSec traffic includes crypto checksum to validate integrity. IPSec is not enabled by default but requires configuration by the network administrator

7 Built-in security cont. Optional security feature Moving Target IPv6 Defense (MT6D) allows dynamic obscuring of the sender and reciever addresses MT6D is possible because of the large address space allowed in IPv6 can provide and because of stateless address configuration (SLAAC) Packets are encrypted and tunneled end-to-end so that source and destination address can be changed without breaking the session.

8 Better Quality of Service (QoS) IPv6 can use flows to provide special handling to a packet. New IPv6 header Flow Label field in the header means that QoS works even when the payload of the packet is encrypted. 9

Neighboring node interaction IPv6 Neighbor Discovery (ND) replaces ARP and ICMP Hosts use ND to discover neighboring routers and to discover addresses, address prefixes, and other parameters. Routers use ND to advertise their presence, configure host parameters, inform hosts of next-hop address and on-link prefixes. Nodes use ND to resolve link-layer address of a neighboring node to see if it has changed and to determine if IPv6 packets can be sent to or received from the neighbor. 10

Extensability Added support for extension headers not limited to size of packet instead of 40 bytes like IPv4 Current defined extension headers for: Hopby Hop option, routing, fragmentation, authentication, encapsulation, destination options. 11 Threats

Many new operating systems have IPv6 enabled but uncontrolled by default when using IPv4 IPSec is not mandatory and requires configuration IPv6 using ND is vulnerable to man-in-the-middle attacks (route advertisement can expose all local assets to the global IPv6 network) 12 Conclusions IPv6 is more than just extended address space.

Potential for more security challenges as well as improved security features. 13 Links Microsoft overview http://technet.microsoft.com/en-us/library/cc738636(v=ws.1 0).aspx IPv6 white paper -http://140.116.82.38/members/html/ms03/dclin/technique_ paper/IPv6/IPv6%20Features%20and%20Benefiits.pdf IPv6 Security Fallacies http://www.networkcomputing.com/ipv6/4-ipv6-securityfallacies/240159771

14