Successor to IPv4 featuring a larger address space (128bit address), simpler routing and simpler address management. All modern OS since Microsoft Vista has it enabled by default.
- Version: IP version (6 for IPv6)
- Traffic Class and Flow label: used for QoS
- Payload Length: Lenght of IPv6 data (not including the header)
- Next header: Nexte embdedded protocol header
- Hop Limit: To end routing Loops
IPv6 Addresses and Autoconfiguration
IPv6 hosts can statelessly autoconfigure unique IPv6 address, ommitting the need for static addressing or DHCP. IPv6 stateless autoconfiguration takes the host’s MAC address and uses it to configure the IPv6 address.
- Global address – used for communication beyond local network – IPv6 hosts rely on IPv6 routing advertisements to assign global address
- Link Local Address – System assigned – Used for local network communications.
Example Global address – fc01::20c:29ff:feef:1136/64
- Take mac address: 00:0c:29:ef:11:36
- Embed “fffe” in the middle – 00:0c:29:ff:fe:ef:11:36 (to make it 64bits long)
- Set “Universal bit” : 02:fc:29:ff:fe:ef:11:36 (Universal/Local bit used to determine MAC address unique
- Prepend network prefix & convert to “:” format: fc01:0000:0000:0000:020c:29ff:feef:11:36
- Convert “one” string of repeating zeros to “::” : fc01::20c:29ff:feef:1136
– DHCP maybe used with IPv6 for “Stateful autoconfiguration”
– Systems may use dual stacks for both IPv4 and IPv6 addresses
– Hosts may use tunneling by accessing IPv6 via IPv4
– IPv6 loop back is “::1” == 127.0.0.1 for IPv4
IPv6 Security Challenges
IPv6 is often enabled by default and administrators are unaware. Since autoconfiguration assigns link local fe80:… addresses they can automatically communicate with other IPv6 devices on the network. ISPs are also enabling IPv6 services where professionals have limited understanding of it and hardware such as IDS are often not configured to look at IPv6. The advice is to disable IPv6 when it is not required.
Classless Inter-domain routing
Network Address Translation
NAT is used to translate RFC1918 addresses to publically routable IP addresses.
- Static NAT – one to one translation
- Pool NAT (dynamic NAT) – reserves a range of IPs to be mapped by another range
- PAT (NAT Overload) – many to one translation
ARP and RARP
Address resolution protocol that is used to translate a layer2 mac to a layer 3 IP address.
- ARP – Resolves IP to MACs
- RARP (reverse ARP) – Resolves MAC to IPs – used by diskless workstations to determine it’s IP address handed the RARP server
Unicast, Multicast, and Broadcast
- Unicast – one to one traffic.
- Mulitcast – one to many traffic, uses class D IP addresses over IPv4 – commonly used to stream audio or video
- Broadcoast – one to all traffic
Limited and Directed Broadcast
- Limited broadcast – 255.255.255.255 sent to all stations on a LAN and never across a router
- Directed broadcast – ie 18.104.22.168 – broadcast IP is 22.214.171.124. Sent to all stations on the same subnet. May be sent to from remote networks
Layer 2 Broadcast
Reaches all nodes in a broadcast domain using FF:FF:FF:FF:FF:FF layer 2 MAC address.
Promiscuos Network Access
Accessing unicast ALL unicast traffic. Requires both a NIC in promiscous mode and access to other unicast traffic (ie using SPAN, hub and TAP)