|
|
|
|
31.2 IPv6—The Next Generation Internet
IMPORTANT: IBM System z: IPv6 Support
IPv6 is not supported by the CTC and IUCV network connections of the IBM
System z hardware.
Due to the emergence of the WWW (World Wide Web), the Internet has
experienced explosive growth with an increasing number of computers
communicating via TCP/IP in the past fifteen years. Since Tim Berners-Lee
at CERN (https://public.web.cern.ch) invented the WWW in
1990, the number of Internet hosts has grown from a few thousand to about
a hundred million.
As mentioned, an IPv4 address consists of only 32 bits. Also, quite a few
IP addresses are lost—they cannot be used due to the way in which
networks are organized. The number of addresses available in your subnet
is two to the power of the number of bits, minus two. A subnetwork has,
for example, 2, 6, or 14 addresses available. To connect 128 hosts to the
Internet, for example, you need a subnetwork with 256 IP addresses, from
which only 254 are usable, because two IP addresses are needed for the
structure of the subnetwork itself: the broadcast and the base network
address.
Under the current IPv4 protocol, DHCP or NAT (network address
translation) are the typical mechanisms used to circumvent the potential
address shortage. Combined with the convention to keep private and public
address spaces separate, these methods can certainly mitigate the
shortage. The problem with them lies in their configuration, which is a
chore to set up and a burden to maintain. To set up a host in an IPv4
network, you need a number of address items, such as the host's own IP
address, the subnetmask, the gateway address, and maybe a name server
address. All these items need to be known and cannot be derived from
somewhere else.
With IPv6, both the address shortage and the complicated configuration
should be a thing of the past. The following sections tell more about the
improvements and benefits brought by IPv6 and about the transition from
the old protocol to the new one.
31.2.1 Advantages
The most important and most visible improvement brought by the new
protocol is the enormous expansion of the available address space. An
IPv6 address is made up of 128 bit values instead of the traditional 32
bits. This provides for as many as several quadrillion IP addresses.
However, IPv6 addresses are not only different from their predecessors
with regard to their length. They also have a different internal
structure that may contain more specific information about the systems
and the networks to which they belong. More details about this are found
in Section 31.2.2,
Address Types and Structure.
The following is a list of some other advantages of the new protocol:
- Autoconfiguration
-
IPv6 makes the network plug and play capable, which
means that a newly set up system integrates into the (local) network
without any manual configuration. The new host uses its automatic
configuration mechanism to derive its own address from the
information made available by the neighboring routers, relying on a
protocol called the neighbor discovery (ND)
protocol. This method does not require any intervention on the
administrator's part and there is no need to maintain a central
server for address allocation—an additional advantage over
IPv4, where automatic address allocation requires a DHCP server.
- Mobility
-
IPv6 makes it possible to assign several addresses to one network
interface at the same time. This allows users to access several
networks easily, something that could be compared with the
international roaming services offered by mobile phone companies:
when you take your mobile phone abroad, the phone automatically logs
in to a foreign service as soon as it enters the corresponding area,
so you can be reached under the same number everywhere and are able
to place an outgoing call just like in your home area.
- Secure Communication
-
With IPv4, network security is an add-on function. IPv6 includes
IPSec as one of its core features, allowing systems to communicate
over a secure tunnel to avoid eavesdropping by outsiders on the
Internet.
- Backward Compatibility
-
Realistically, it would be impossible to switch the entire Internet
from IPv4 to IPv6 at one time. Therefore, it is crucial that both
protocols are able to coexist not only on the Internet, but also on
one system. This is ensured by compatible addresses (IPv4 addresses
can easily be translated into IPv6 addresses) and through the use of
a number of tunnels. See Section 31.2.3,
Coexistence of IPv4 and IPv6.
Also, systems can rely on a dual stack IP
technique to support both protocols at the same time, meaning that
they have two network stacks that are completely separate, such that
there is no interference between the two protocol versions.
- Custom Tailored Services through Multicasting
-
With IPv4, some services, such as SMB, need to broadcast their
packets to all hosts in the local network. IPv6 allows a much more
fine-grained approach by enabling servers to address hosts through
multicasting—by addressing a number of
hosts as parts of a group (which is different from addressing all
hosts through broadcasting or each host
individually through unicasting). Which hosts
are addressed as a group may depend on the concrete application.
There are some predefined groups to address all name servers (the
all name servers multicast group), for example,
or all routers (the all routers multicast
group).
31.2.2 Address Types and Structure
As mentioned, the current IP protocol is lacking in two important
aspects: there is an increasing shortage of IP addresses and configuring
the network and maintaining the routing tables is becoming a more
complex and burdensome task. IPv6 solves the first problem by expanding
the address space to 128 bits. The second one is countered by
introducing a hierarchical address structure, combined with
sophisticated techniques to allocate network addresses, as well as
multihoming (the ability to assign several
addresses to one device, giving access to several networks).
When dealing with IPv6, it is useful to know about three different types
of addresses:
- Unicast
-
Addresses of this type are associated with exactly one network
interface. Packets with such an address are delivered to only one
destination. Accordingly, unicast addresses are used to transfer
packets to individual hosts on the local network or the Internet.
- Multicast
-
Addresses of this type relate to a group of network interfaces.
Packets with such an address are delivered to all destinations that
belong to the group. Multicast addresses are mainly used by certain
network services to communicate with certain groups of hosts in a
well-directed manner.
- Anycast
-
Addresses of this type are related to a group of interfaces. Packets
with such an address are delivered to the member of the group that is
closest to the sender, according to the principles of the underlying
routing protocol. Anycast addresses are used to make it easier for
hosts to find out about servers offering certain services in the
given network area. All servers of the same type have the same
anycast address. Whenever a host requests a service, it receives a
reply from the server with the closest location, as determined by the
routing protocol. If this server should fail for some reason, the
protocol automatically selects the second closest server, then the
third one, and so forth.
An IPv6 address is made up of eight four-digit fields, each
representing 16 bits, written in hexadecimal notation. They are also
separated by colons (:). Any leading zero bytes
within a given field may be dropped, but zeros within the field or at
its end may not. Another convention is that more than four consecutive
zero bytes may be collapsed into a double colon. However, only one such
:: is allowed per address. This kind of shorthand
notation is shown in Example 31-3, where all
three lines represent the same address.
Example 31-3
Sample IPv6 Address
fe80 : 0000 : 0000 : 0000 : 0000 : 10 : 1000 : 1a4
fe80 : 0 : 0 : 0 : 0 : 10 : 1000 : 1a4
fe80 : : 10 : 1000 : 1a4
Each part of an IPv6 address has a defined function. The first bytes
form the prefix and specify the type of address. The center part is the
network portion of the address, but it may be unused. The end of the
address forms the host part. With IPv6, the netmask is defined by
indicating the length of the prefix after a slash at the end of the
address. An address, as shown in Example 31-4,
contains the information that the first 64 bits form the network part of
the address and the last 64 form its host part. In other words, the
64 means that the netmask is filled with 64 1-bit
values from the left. Just like with IPv4, the IP address is combined
with AND with the values from the netmask to determine whether the host
is located in the same subnetwork or in another one.
Example 31-4
IPv6 Address Specifying the Prefix Length
fe80::10:1000:1a4/64
IPv6 knows about several predefined types of prefixes. Some of these are
shown in Table 31-4.
Table 31-4 Various IPv6 Prefixes
00
|
IPv4 addresses and IPv4 over IPv6 compatibility addresses. These
are used to maintain compatibility with IPv4. Their use still
requires a router able to translate IPv6 packets into IPv4 packets.
Several special addresses, such as the one for the loopback device,
have this prefix as well.
|
2 or
3 as the first digit
|
Aggregatable global unicast addresses. As is the case with IPv4, an
interface can be assigned to form part of a certain subnetwork.
Currently, there are the following address spaces:
2001::/16 (production
quality address space) and
2002::/16 (6to4 address
space).
|
fe80::/10
|
Link-local addresses. Addresses with this prefix should not be
routed and should therefore only be reachable from within the same
subnetwork.
|
fec0::/10
|
Site-local addresses. These may be routed, but only within the
network of the organization to which they belong. In effect, they
are the IPv6 equivalent of the current private network address
space, such as 10.x.x.x.
|
ff
|
These are multicast addresses.
|
A unicast address consists of three basic components:
- Public Topology
-
The first part (which also contains one of the prefixes mentioned
above) is used to route packets through the public Internet. It
includes information about the company or institution that provides
the Internet access.
- Site Topology
-
The second part contains routing information about the subnetwork to
which to deliver the packet.
- Interface ID
-
The third part identifies the interface to which to deliver the
packet. This also allows for the MAC to form part of the address.
Given that the MAC is a globally unique, fixed identifier coded into
the device by the hardware maker, the configuration procedure is
substantially simplified. In fact, the first 64 address bits are
consolidated to form the EUI-64 token, with the
last 48 bits taken from the MAC, and the remaining 24 bits containing
special information about the token type. This also makes it possible
to assign an EUI-64 token to interfaces that do
not have a MAC, such as those based on PPP or ISDN.
On top of this basic structure, IPv6 distinguishes between five
different types of unicast addresses:
- ::
(unspecified)
-
This address is used by the host as its source address when the
interface is initialized for the first time—when the address
cannot yet be determined by other means.
- ::1 (loopback)
-
The address of the loopback device.
- IPv4 Compatible Addresses
-
The IPv6 address is formed by the IPv4 address and a prefix
consisting of 96 zero bits. This type of compatibility address is
used for tunneling (see
Section 31.2.3,
Coexistence of IPv4 and IPv6) to allow IPv4 and
IPv6 hosts to communicate with others operating in a pure IPv4
environment.
- IPv4 Addresses Mapped to IPv6
-
This type of address specifies a pure IPv4 address in IPv6 notation.
- Local Addresses
-
There are two address types for local use:
- link-local
-
This type of address can only be used in the local subnetwork.
Packets with a source or target address of this type should not be
routed to the Internet or other subnetworks. These addresses
contain a special prefix
(fe80::/10) and the
interface ID of the network card, with the middle part consisting
of zero bytes. Addresses of this type are used during automatic
configuration to communicate with other hosts belonging to the
same subnetwork.
- site-local
-
Packets with this type of address may be routed to other
subnetworks, but not to the wider Internet—they must remain
inside the organization's own network. Such addresses are used for
intranets and are an equivalent of the private address space
defined by IPv4. They contain a special prefix
(fec0::/10), the
interface ID, and a 16 bit field specifying the subnetwork ID.
Again, the rest is filled with zero bytes.
As a completely new feature introduced with IPv6, each network interface
normally gets several IP addresses, with the advantage that several
networks can be accessed through the same interface. One of these
networks can be configured completely automatically using the MAC and a
known prefix with the result that all hosts on the local network can be
reached as soon as IPv6 is enabled (using the link-local address). With
the MAC forming part of it, any IP address used in the world is unique.
The only variable parts of the address are those specifying the
site topology and the public
topology, depending on the actual network in which the host
is currently operating.
For a host to go back and forth between different networks, it needs at
least two addresses. One of them, the home address,
not only contains the interface ID but also an identifier of the home
network to which it normally belongs (and the corresponding prefix). The
home address is a static address and, as such, it does not normally
change. Still, all packets destined to the mobile host can be delivered
to it, regardless of whether it operates in the home network or
somewhere outside. This is made possible by the completely new features
introduced with IPv6, such as stateless
autoconfiguration and neighbor
discovery. In addition to its home address, a mobile host
gets one or more additional addresses that belong to the foreign
networks where it is roaming. These are called
care-of addresses. The home network has a facility
that forwards any packets destined to the host when it is roaming
outside. In an IPv6 environment, this task is performed by the
home agent, which takes all packets destined to the
home address and relays them through a tunnel. On the other hand, those
packets destined to the care-of address are directly transferred to the
mobile host without any special detours.
31.2.3 Coexistence of IPv4 and IPv6
The migration of all hosts connected to the Internet from IPv4 to IPv6
is a gradual process. Both protocols will coexist for some time to come.
The coexistence on one system is guaranteed where there is a
dual stack implementation of both protocols. That
still leaves the question of how an IPv6 enabled host should communicate
with an IPv4 host and how IPv6 packets should be transported by the
current networks, which are predominantly IPv4 based. The best solutions
offer tunneling and compatibility addresses (see
Section 31.2.2,
Address Types and Structure).
IPv6 hosts that are more or less isolated in the (worldwide) IPv4
network can communicate through tunnels: IPv6 packets are encapsulated
as IPv4 packets to move them across an IPv4 network. Such a connection
between two IPv4 hosts is called a tunnel. To
achieve this, packets must include the IPv6 destination address (or the
corresponding prefix) as well as the IPv4 address of the remote host at
the receiving end of the tunnel. A basic tunnel can be configured
manually according to an agreement between the
hosts' administrators. This is also called static
tunneling.
However, the configuration and maintenance of static tunnels is often
too labor-intensive to use them for daily communication needs.
Therefore, IPv6 provides for three different methods of
dynamic tunneling:
- 6over4
-
IPv6 packets are automatically encapsulated as IPv4 packets and sent
over an IPv4 network capable of multicasting. IPv6 is tricked into
seeing the whole network (Internet) as a huge local area network
(LAN). This makes it possible to determine the receiving end of the
IPv4 tunnel automatically. However, this method does not scale very
well and is also hampered by the fact that IP multicasting is far
from widespread on the Internet. Therefore, it only provides a
solution for smaller corporate or institutional networks where
multicasting can be enabled. The specifications for this method are
laid down in RFC 2529.
- 6to4
-
With this method, IPv4 addresses are automatically generated from
IPv6 addresses, enabling isolated IPv6 hosts to communicate over an
IPv4 network. However, a number of problems have been reported
regarding the communication between those isolated IPv6 hosts and the
Internet. The method is described in RFC 3056.
- IPv6 Tunnel Broker
-
This method relies on special servers that provide dedicated tunnels
for IPv6 hosts. It is described in RFC 3053.
IMPORTANT: The 6bone Initiative
In the heart of the old-time Internet, there is already
a globally distributed network of IPv6 subnets that are connected
through tunnels. This is the 6bone network
(https://www.6bone.net), an IPv6 test environment that
may be used by programmers and Internet providers who want to develop
and offer IPv6-based services to gain the experience necessary to
implement the new protocol. More information can be found on the
project's Internet site.
31.2.4 Configuring IPv6
To configure IPv6, you do not normally need to make any changes on the
individual workstations. However, IPv6 support must be loaded. To do
this, enter modprobe ipv6 as
root.
Because of the autoconfiguration concept of IPv6, the network card is
assigned an address in the link-local network.
Normally, no routing table management takes place on a workstation. The
network routers can be queried by the workstation, using the
router advertisement protocol, for what prefix and
gateways should be implemented. The radvd program can be used to set up
an IPv6 router. This program informs the workstations which prefix to
use for the IPv6 addresses and which routers. Alternatively, use zebra
for automatic configuration of both addresses and routing.
Consult the ifup(8) man page to get information about how to set
up various types of tunnels using the
/etc/sysconfig/network files.
31.2.5 For More Information
The above overview does not cover the topic of IPv6 comprehensively. For
a more in-depth look at the new protocol, refer to the following online
documentation and books:
- https://www.ngnet.it/e/cosa-ipv6.php
-
An article series providing a well-written introduction to the basics
of IPv6. A good primer on the topic.
- https://www.bieringer.de/linux/IPv6/
-
Here, find the Linux IPv6-HOWTO and many links related to the topic.
- https://www.6bone.net/
-
Visit this site if you want to join a tunneled IPv6 network.
- https://www.ipv6.org/
-
The starting point for everything about IPv6.
- RFC 2640
-
The fundamental RFC about IPv6.
- IPv6 Essentials
-
A book describing all the important aspects of the topic is
IPv6 Essentials by Silvia
Hagen (ISBN 0-596-00125-8).
|
|
|