IPv 6 Protocol&Features

IPv6教育訓練課程大綱
時間課程內容
08:40-09:00 報到
IPv6協定與特性介紹
IPv6新功能介紹(Mobile IPv6及網路安全
09:00-10:20 IP 協定與特性介紹
的支援)
IPv6 Addressing, 與IPv4之比較及其特性
10:20-10:40 中場休息
Transition 技術簡介
10:40-12:00 IPv6/IPv4 Transition 機制
Transition 網路架構設計及應用
12:00-13:30 中午休息 (自行用餐)
IPv6測試標準簡介
13:30-14:50 IPv6測試標準與設備支援現況介紹
IPv6設備軟硬體支援現況說明
14:50-15:10 中場休息
Windows Based IPv6 WEB Server之設定
IPv6 service之支援與設定
15:10-16:30 與示範
IPv6建置發展計畫成果介紹
IPv6建置發展計畫執行現況與成果介紹
16:30-16:40 Q&A
1
NICI IPv6 Standard & Interoperability Testing Laboratory
IPv6通訊協定與特性介紹
NICI IPv6標準測試分組
2007年08月3日
2 NICI IPv6 Steering Committee

Standard & Testing Division
1
IP的角色
網路的門牌號碼：IP，位於網路堆疊的中心
位置，兼容不同的網路介面，對Transport
Protocol或Application提供統一的通訊方
式。
3
IP位址分配的組織
以紐約的IANA為中心，其下再依區域分成四個區
域註冊中心(Regional Internet Registries)，
– 歐洲地區：RIPE NCC
• Réseaux IP Européens Network Coordination Centre
– 北美地區：ARIN
• American Registry for Internet Numbers
– 亞太地區：APNIC
• Asia Pacific Network Information Centre
– 拉丁美洲：LACNIC
• Latin American and Caribbean Internet Addresses
Registry
4
2
IP位址申請單位介紹
5
IPv4 位址的分配類別
類網路主機最多主機可分配的
別位址位址數量組織數
A 8位元 24位元 16,777, 214 128
B 16位元 16位元 65,534 16,384
C 24位元 8位元 254 2,097,152
6
3
Class-ful IPv4 Address
bits 01234 8 16 24 31
1.0.0.0 to
Class A 0 Network Host 127.255.255.25
128.0.0.0 to
Class B 1 0 Network Host
191.255.255.25
192.0.0.0 to
Class C 1 1 0 Network Host
223.255.255.25
224.0.0.0 to
Class D 1 1 1 0 Multicast address 239.255.255.25
240.0.0.0 to
Class E 1 1 1 1 Reserved
255.255.255.25
7
Problems with IPv4(1/2)

Address depletion/exhaustion and its
implications
– NAT (Network Address Translation)
– CIDR
IPv4 address allocation rate 8

4
Problems with IPv4(2/2)
Scaling problems with Inter- domain routing

– CIDR (Classless Inter-Domain Routing)
Manual configuration required
– DHCP (Dynamic Host Configuration Protocol)
Multicast, Security, Quality of Service and
Mobility
– IP multicast, IPSec, DiffServ and IP mobility
Header and format limitations that limit future
flexibility
9
Potential IPv6 Services

Broadband Access Subscribers
– 95% FTTH coverage by 2008
– 6 millions by 2008
3G and WLAN Services
– 3G services to be launched in 4Q 2003
– Public Hotspots deployment plan to make Taiwan a
“Wireless Island”
Home network and IA Services
– e-Taiwan Projects will catalyze the development of
home & IA
1.
1. More
MoreIP IPaddresses
addresseswill willbe beconsumed
consumed
2.
2. More advanced features (e.g.Mobility,
More advanced features (e.g. Mobility,Auto-
Auto- IPv6
IPv6
10
configuration, QoS, Security)
configuration, QoS, Security) will be required
NICI IPv6 Standard & Interoperability Testing Laboratory will be required
5
全球IPv4 Address發展預估
• ITU by JPNIC IP Department, July 31,2006.
報告發表發行日期作者預測條件國際IP位址

pool (IANA*)預
計用完時間
The ISP Column July 2003 Geoff 依據最近10年發 2021
Huston 展趨勢
Internet Protocol Sep. 2005 Tony Hain 依據最近5年發展 2009~2016
Journal (Cisco) 趨勢
IPv4 Address Dec. 2005 Geoff 依據最近10年發 Jan 2013
Report Huston 展趨勢
IPv4 Address July 2007 Geoff 依據最近1200 March, 2010
Report Huston days發展趨勢
(daily update) predictive model：
quadratic equation
IANA：Internet Assigned Numbers Authority
11
IPv4位址配發趨勢預估
Source: http://www.potaroo.net/tools/ipv4/
July 18, 2007 updated
IANA : Internet Assigned Numbers Authority

RIR : Regional Internet Registry 12
6
IPv6的發展(1)
1992年，IETF之IPv4的Address空間不足的問題開
始被檢討。
1994年，下一代的網際網路協定開始被提案，
CATNIP (Common Architecture for the Internet)、
TUBA (TCP/IP with Bigger Addresses)、SIPP
(Simple Internet Protocol Plus)三個提案中出線。
1995年，SIPP被更名為IPv6，IPv6的規範將被
RFC1752(The Recommendation for the IP Next
Generation Protocol)公開。
13
IPv6的發展(2)
1998年，IPv6之位址架構與通訊協定之規範分別在
RFC2373 (IP Version 6 Addressing Architecture)與
RFC2460 (Internet Protocol Version 6(IPv6)
Specification)公開。
1999年，全球第一個業界團體(共有42個單位加盟)
成立了「IPv6 Forum」。ARIN 將全球第一個之
IPv6 Prefix：2001:400::/35授予給ESnet。
2002年，全球各區域性的Internet Registry
RIR(Regional Internet Registries)實施新的「IPv6
Address Allocation and Assignment Global
Policy」。
14
7
主要國家IPv6發展趨勢摘要
日本：IPv6為e-Japan及u-Japan重點發展項目，目前已有超過11家
SP提供IPv6商用服務。
美國：聯邦政府明定在2008年6月時，各部門的網路均需支援
IPv6。(美國國家標準實驗室NIST已著手研擬政府設備IPv6採購
規範)
中國：建置全球最大的IPv6骨幹網路，並希望在2008年北京奧運
會場上展示IPv6相關關鍵技術的實力與成果。
韓國：IPv6列為韓國IT839戰略計畫的三大基礎建設發展項目之
一。KT將全力推廣ubiquitous網路。 (現階段重點放在與WiBro
Mobile Internet 及 Home network結合。)
歐洲：
– 英國電信（BT）BT 21 Century Network計畫。BT在選商時即
將廠商提供IPv6的能力列為重要項目之一。
– 法國電信 (FT) 在所有 IP PoPs提供速率至少為155Mbps的
IPv4/IPv6 dual stack商用服務。 15
Differences between IPv4 and IPv6

Feature IPv4 IPv6
Source and 32 bits 128 bits

destination address
IPSec Optional required
Payload identification No identification Using Flow label field

for QoS in the header
Fragmentation Both router and the Only supported at the
sending hosts sending hosts
Checksum of header included Not included
Resolve address to a broadcast ARP Multicast Neighbor

link layer address request Solicitation message
16
8
Differences between IPv4 and
IPv6(Cont.)
Feature IPv4 IPv6
Determine the address ICMP Router ICMPv6 Router
of the best default Discovery(optional) Solicitation and Router
gateway Advertisement
(required)
Send traffic to all nodes Broadcast Link-local scope all-
on a subnet nodes multicast address
Payload identification No identification Using Flow label field
for QoS in the header
Configure address Manually or DHCP autoconfiguration
Map hosts name to A AAAA
addresses
Manage local subnet (IGMP) Multicast Listener
group membership Discovery (MLD)
17
IPv6 Addressing

9
IPv6 位址表示法 (native)
IPv6使用128Bit的位址空間，也就是最高可有2^128的位址空
間，以16進位(2^4)表示，可寫成32組十六進位數字
如二進位0010在十六進位中即為2
0010 0000 0000 0011 即為2003
用以下位址為例
20030000000000B30000000000001234 (太長容易記錯)
>2003:0000:0000:00B3:0000:0000:0000:1234(分為八段，以冒
號分隔)
>2003:0:0:B3::1234(簡寫)
簡寫規則:
每32Bit如開頭之4bit表示為0，即可省略
若32Bit全為0，則可簡寫為0
若連續完整之32Bit段落皆為0000，則可全省略，簡寫
為::，但以一次為限 19
IPv6位址表示法(IPv4 Embedded)
IPv6 Address 可使用IPv4位址作為其位址的末

32bit
例如:
1. 2003:0:0:B3::192.168.0.1=2003:0:0:B3::C0A8:1
2. 2003:0:0:B3:0:ffff:172.16.0.1
3. 2003:0:0:B3:0:5efe:10.10.0.1
注意，IPv4部份用句點分隔，IPv6部份用冒號分隔
20
10
Basic Address Types
Unicast (點對點傳輸)
– Address of a single interface
– Delivery to single interface
– for one-to-one communication
Multicast (群播傳輸)
– Address of a set of interfaces
– Delivery to all interfaces in the set
– for one-to-many communication
Anycast (多點備援傳輸，運作機制尚在制
定中)
– Address of a set of interfaces
– Delivery to a single interface in the set
– for one-to-nearest communication
– Nearest is defined as being closest in
term of routing distance
引用自TWNIC IPv6技術理論與實務研習班講義
21
Unicast Address Scoping

Link Local Scope:
所有在同一個Layer2網路下的Host所使用
的位址空間，其位址稱為Link-Local
Addresses
Global Site-Local Link-

Site- Link-Local
Unique-Local Scope (類似IPv4的Private

Address) : Unique-
Unique-Local
所有在一個網路管理機制下之私用網路位
址空間，其位址稱為 Unique-Local
Addresses
Global Scope:
可在Internet上互連之位址空間，其位址稱
為Global Unicast Addresses
無IPv4 broadcast addresses 22
11
Link-Local Address
•Meaningful only in a single link zone, and may be re-used on

other links
•Link-local addresses for use during auto-configuration and when
no routers are present
•Required for Neighbor Discovery process, always automatically
configuration
•An IPv6 router never forwards link-local traffic beyond the link
•Prefix= FE80::/64
1111111010 0 interface ID
10 bits 54 bits 64 bits

23
Unique-Local Address (全新制定)

meaningful only in a single site zone, and can not be re-used in other sites
Equivalent to the IPv4 private address space
Replace Site-Local Addresses
L identifies the assignment policy. Only value 1 (FD00::/8) is currently in use
designating a local assignment*
Global ID is a 40-bit identifier that ensures the global uniqueness of the address.
It is generated pseudo-randomly and must not be sequential. Because ULAs
should not be globally routed, they do not need to be aggregated, so sequential
global IDs are not necessary *
Prefix= FC00::/7
– FD00::/8 is currently in use designating a local assignment
– FC00::/8 reserved
L=1 表示Local
L=0 保留中
1111110 L Global ID subnet ID interface ID
7 bits 1 bits40 bits 16 bits 64 bits

*引用自Deploying IPv6 Network, Cisco Press 2006
24
12
Global Unicast Address
Global routing prefix A service provider is assigned a portion of this
prefix by the Internet Assigned Numbers Authority (IANA), and it then
allocates a subspace to its customers. Its length is 48 bits or shorter based
on the RFC 3177 recommendations.*
Subnet ID An organization receives a prefix from its service provider
where the global routing prefix identifies the service provider (SP) and
the organization inside the SP, and the subnet ID identifies the
organizational structure of its network.*
Interface ID The low-order 64 bits of the address are used to identify the
interfaces of nodes on a link. *
001 Global Routing Prefix subnet interface ID
public site interface

topology topology identifier
(45 bits) (16 bits) (64 bits)
*引用自Deploying IPv6 Network, Cisco Press 2006
25
Unicast Address Structure
2003:0:0:B3::1234/64
網路位址部份 2003:0:0:B3
Interface 位址部份: 非簡寫樣式 :0:0:0:1234
簡寫樣式 ::1234
Network位址基本上由網路設備發送
Interface位址基本上由Host端決定
26
13
IPv6 Prefix 表示法
CIDR-Like notation used to specify prefix length
IPv6完全使用 /X 取代IPv4 Subnet mask之表示方式 X 可由0至127

例如:
1. 2003:1234:3344::34ff:2314/64 代表了Network ID部份為 64bit
2. 2003:1234:3344::34ff:2314/60 代表了Network ID的部份為60bit
3. 2003:1234:3344::34ff:2314/127 代表了Network ID的部份為127bit
於2003:1234:3344::34ff:2314/127中有更多的意義:
其中Network ID 部份為2003:1234:3344::34ff:2314
此網段僅包含了兩個Host，與IPv4不同的是這兩個Host皆可使用，如
2003:1234:3344::34ff:2314/127 與2003:1234:3344::34ff:2315/127
在同一個網段之中，通常/127會用來作為路由器或Access Server用來與其他
設備對接點之IP位址
(此為早期作法，目前不採用)
27
Interface ID
Unique to the link

Identifies interface on a specific link
Can be automatically derived
- IEEE addresses use MAC-to-EUI-64
conversion
- Other addresses use other automatic means
Can be used to form link-local address
Can be used to form global address with
stateless autoconfiguration
引用自RING LINE Corporation IPv6 Addressing 講義by Leo.T.Chiang
28
14
Interface ID 產生方式
1. 採用modified EUI-64 演算法，經由MAC
Address計算出Interface 位址
2. 作業系統自動產生隨機位址
3. 手動設定
4. Tunnel Server系統自動產生或指定
5. 經由加密機制產生之虛擬位址(IPv6 IP Sec)
6. DHCPv6伺服器指定(Stateful)
29
Network ID 設定與配送機制
1. 採用Neighbor Discovery (ND)，播放Router

Advertisement
2. DHCPv6 – Prefix-Delegation
3. 手動設定
4. Tunnel Server 系統自動產生或指定 (IPv4下)
5. VPN Server (IPv4 and/or IPv6)
30
15
Global Unicast Address 分配表部份
Prefix 說明
2001::/16 IPv6 Internet, ARIN, RIPE NCC,
LACNIC
2002::/16 6to4 Tunnel 專用
2003::/16 IPv6 Internet RIPE NCC
2400:0000/19 IPv6 Internet APNIC
2400:2000::/19
2400:4000::/21
詳細內容請至 http://www.ripe.net/rs/ipv6/stats/index.html
31
SPECIAL-USE Addresses
Unspecified address(0:0:0:0:0:0:0:0 or ::)
– Indicate the absence of an address
– Equivalent to IPv4 0.0.0.0
– Never assigned to an interface or used as a destination address
Loopback address (0:0:0:0:0:0:0:1 or ::1) 相當於 IPv4 127.0.0.1
– Identify a loopback interface
IPv4-compatible address (0:0:0:0:0:0:w.c.x.z or ::w.c.x.z) (不再使用)
– Used by dual-stack nodes
– IPv6 traffic is automatically encapsulated with an IPv4 header and
send to the destination using the IPv4 infrastructure
IPv4 mapped address (0:0:0:0:0:FFFF:w.c.x.z or ::FFFF:w.c.x.z)
– Represent an IPv4-only node to an IPv6 node
– Never used as a source or destination address of IPv6 packet
32
16
IPv6 Multicast Addresses
Multicast address can not be used as source or as intermediate destination in a Routing
header
Flag field 0RPT 4bits
– The low-order Transient(T) flag indicates permanent (T=0) / transient(T=1) group
– The P bit is defined in RFC 3306, and it indicates whether the multicast address is built
based on a unicast prefix (set to 1) or not (set to 0).
– The R bit defined in RFC 3956, if set to 1, indicates that the multicast group address
contains the unicast address of the RP servicing that group.
Scope field
– 1: node-local
– 2: link-local
FF02::/16 表示為Multicast 位址區段，Flag標示此為永
– 3: Subnet-local scope 久group ID，不使用unicast prefix也不包含RP資訊，
– 4: Admin-local Scope 其Scope為link-local
– 5: site-local
– 8: organization-local
– E: global
– Others: reserved
11111111 flags scope group ID

33
8 4 4 112 bits
Unicast Prefix Based Multicast Addresses

The Reserved bits must be set to zero
Unicast Prefix 來自Global unicast Address的網路部份
當Perfix length與Unicast Perfix length 均設為零時，為PIM-SSM Multicast
Addresses
例如：於 Unicast Prefix網段 2001:ed8:32:1::/64 播放Multicast影音節目

其Scope為Global: E，選擇了Group ID: 11AA:11BB 作為Group ID
則Multicast Address 為 FF3E:0040:2001:ed8:32:1:11AA:11BB
如配合PIM-SSM使用則為FF3X::[Group ID,32bit]
11111111 flags scope Reserved
8 4 4 8 104 bits
FF 3 X 00 Prefix length Unicast Prefix group ID
8 64 32
34
17
Solicited-Node Multicast Addresses
用來連結Global Unicast Address 與Link Local Address之重
要工具
由Interface自動產生，僅存在於Link-Local Scope中
IPv6最基本的定址工具, 進行Layer2-Layer3 Mapping 與
Duplicate Address Detection (DAD)均使用此位址運作
例如:2001:ed8:32:1:0:0:aabb:ccdd
其Solicited-Node Multicast Address 將為FF02::1:FFbb:ccdd
Global Unicast Address

Network ID Interface ID
64 bits Copy
FF02 0000 0000 0000 0000 0001 FF
FF02::1:FF00:0000/104 24 bits 35
IPv6 Multicast Address Allocation
用來保留給特殊的應用與服務，由IANA分
配，請參考
http://www.iana.org/assignments/ipv6-
multicast-addresses
其中包含了二種型式
Variable-Scope Multicast addresses: 如 NTP
Fixed-Scope multicast addresses :如DHCPv6
36
18
IPv6 Anycast Address
Assigned to multiple interface
Only used as destination address
Only assigned to router
anycast addresses are indistinguishable from unicast
Subnet-router anycast address is predefined and required
IPv6 reserved anycast address for future use
Anycast ID: 0-125, 127(00-7D, 7F)為保留數值
Anycast ID:126 (7E)，目前訂為Mobile IPv6 home agent’s
anycast addresses
Unicast Address with EUI-64 Interface ID (保留給未來全球公認之Anycast服務使用)
Subnet Prefix 000…000 Anycast ID
64 bits 57 bits 7 bits 37

IPv6 Interface必須支援的位址
為確保IPv6通訊協定能夠正常運作，每個Interface均必須擁
有以下位址
1. Loopback address (自動)
2. Link-Local address (自動)
3. Unicast or anycast address if configured (半自動，手動)
4. Subscribe to the all-nodes multicast address (自動)
5. Multicast address of all the groups it subscribes to (自動)
6. Subscribe to its own solicited-node multicast address (第三步完
成後自動)
Router必須再support以下三種位址 (以下位址，Router均會自動
產生)
1. Subnet-router anycast address
2. All configured anycast addresses
3. The all routers multicast address 38
19
IPv6與Layer 2位址的關係
IPv6可使用Layer 2位址產生Layer 3 Interface

ID (IPv6 Only)
IPv6可以將Layer 3 Multicast位址mapping至
Layer 2 multicast位址 (與IPv4相同)
39
由MAC Address 產生Interface ID

1. First three octets of MAC is Company-ID
2. Last three octets of MAC is Node-ID
3. 將 FFFE置入Company ID與Node-ID間
4. Company ID 2進位表示法之第7碼為Univeral/Local-Bit，
設為1表示Global Scope
如: MAC Address為 00-C0-3F-BB-93-91
則
1. Company ID 為00-C0-3F, node id為BB-93-91
2. 00-C0-3F-FF-FE-BB-93-91
3. Company ID 2進位表示法為00000000 11000000 00111111
4. 將第7bit改為1，為00000010 11000000 001111111
5. 重組為02-C0-3F
6. Interface ID為 2C0:3FFF:FEBB:9391
40
20
The conversion of a universally administered, unicast
IEEE 802 address to an IPv6 interface identifier
41
IPv6 Multicast 位址對應

MAC Address 的前16 bit標示為3333時，指
Layer 3 為Multicast IPv6之封包
將IPv6 multicast address 的末32 bit Copy至
剩餘的32bit MAC Address，就行成了IPv6
Multicast 位址對應之Layer 2 MAC address
Multicast Address
64 bits
FF02 0000 0000 0000 0000 0001 FF3A F041
32bits
Copy
Multicast Layer2 Address 3333 FF3A F041
48bits 42
21
在Cisco Router上設定IPv6 位址
config terminal
interface F0/1
ipv6 enable
ipv6 address 2003:0:0:B3::1/64 (and/or)
手動設定位址
ipv6 address 2003:0:0:B4::/64 eui-64 (and/or)
EUI-64產出位址
ipv6 address 2003:0:0:B5::1/64 anycast (and/or)
啟用Anycast位址
ipv6 nd prefix 2003:0:0:B6::/64 infinite infinite
發送Router Advertisement 使Host能進行stateless auto-
configuration，產生Global Unicast IPv6 Address，且此
發送有效期限為無限 43
IPv6 Header

22
IPv6 vs. IPv4 Packet Data Unit
maximum
65535 octets
minimum
20 octets
IPv4 Header Data Field
IPv4 PDU
maximum
65535 octets
Fixed
40 octets 0 or more
Extension Extension
IPv6 Header Transport-level PDU
Header Header
IPv6 PDU
45
IPv6 與IPv4 Header 比較

IPv4 Packet Header IPv6 Packet Header
Ver 4 IHL 4 Service Traffic
Total Length 16 Ver 4 Class 8 Flow Label 20
Type 8
Next Hop
Identification 16 Flags 3 Offset 13 Payload Length 16 Header 8 Limit 8
TTL 8 Protocol 8 Header Checksum 16
Source Address 32
Source Address 128
Destination
DestinationAddress
Address32
Options + Padding
32 bits
Destination Address 128
引用自TWNIC IPv6技術理論與實務研習班講義 46
23
Summary of Header Changed
Streamlined (六個欄位被移除)
– Fragmentation fields moved out of base header Changed Removed
0 bits 4 8 16 24 31
– IP options moved out of base header
– Header Checksum eliminated Ver IHL Service Type Total Length
– Header Length field eliminated Identifier Flags Fragment Offset

– Length field excludes IPv6 header Time to Live Protocol Header Checksum
– Alignment changed from 32 to 64 bits
32 bit Source Address
Revised (三個欄位被重新命名)
– Time to Live t Hop Limit 32 bit Destination Address
– Protocol t Next Header Options and Padding

– Precedence & TOS t Traffic Class
– Addresses increased 32 bits t 128 bits
Extended (新增一個欄位)
– Flow Label field added
*引用自Introduction to IPv6, Cisco 2001

47
IPv6 extension header

40 octets 0 or more
Extension Extension
IPv6 Header Transport-level PDU
Header Header
IPv6 PDU general form
Hop-by-hop options header

Routing header
Fragment header
Authentication header
Encapsulating security payload header
Destination options header
48
24
Extension Header Order
Order Header Type Next Header Code
1 Basic IPv6 Header
2 Hop-by-Hop Options 0
3 Destination Options (with Routing Options) 60
4 Routing header 43
5 Fragment header 44
6 Authentication header 51
7 Encapsulation Security Payload header 50
8 Destination Options 60
9 Mobility header 135
No Next header 59
Upper layer TCP 6
Upper layer UDP 17
Upper layer ICMP 58 49
IPv6 封包延伸標頭的例子
50
25
IPv6 Core Protocols

Dualstack TCP/IP Protocol Suite
引用自TCP/IP Fundamentals for Microsoft Windows Chapter 2

52
26
IPv6 Core Protocols
為核心之通訊協定，缺少一項機制，IPv6就無法運作
Core Protocols 說明
IPv6 於IPv4的類似機制雖然可在IPv4找出類似的機制，但IPv6
Core Protocols的功能強大許多
IPv6 is a routable protocol that addresses, routes,
IPv6 IPv4 fragments, and reassembles packets
ICMPv6 provides diagnostic functions and reports
ICMPv6 ICMP errors when IPv6 packets cannot be delivered.
ND manages interaction between neighboring
ND ARP nodes, including automatically configuring
addresses and resolving next-hop IPv6
addresses to MAC addresses.
MLD manages IPv6 multicast group membership.
MLD IGMP
53
引用自TCP/IP Fundamentals for Microsoft Windows Chapter 2
ICMPv6
An integral part of IPv6 and MUST be fully
implement by every IPv6 node (RFC 2463 RFC
4443)
Internet Control Message Protocol For IPv6
Next Header value= 58
Report delivery or forwarding errors
Provide simple echo service for troubleshooting
Multicast Listener Discovery (MLD) – 3 ICMP
messages
Neighbor Discovery (ND) – 5 ICMP messages
引用自TWNIC IPv6技術理論與實務研習班講義 54
27
ICMPv6 message format
55
Neighbor Discovery (ND)

RFC 2461(Updated by RFC4311)
Nodes (Hosts and Routers) use ND to determinate the
link-layer addresses for neighbors known to reside on
attached links and quick purge cached valued that become
invalid
Hosts also use ND to find neighboring router that willing
to forward packets on their behalf
Nodes use the protocol to actively keep track of which
neighbors are reachable and which are not, and to detect
changed link-layer addresses
Replace ARP, ICMP Router Discovery, and ICMP
Redirect used in IPv4
56
28
Neighbor Discovery (ND)
ICMP message types:
– router solicitation
– router advertisement
– neighbor solicitation
– neighbor advertisement
– redirect
Functions performed:
– router discovery
– prefix discovery
– autoconfiguration of address & other parameters
– duplicate address detection (DAD)
– neighbor unreachability detection (NUD)
– link-layer address resolution
– first-hop redirect *引用自Introduction to IPv6, Cisco 2001
57
ND Autoconfiguration, Prefix &

Parameter Discovery
1. RS 2. RA 2. RA
1. RS: 2. RA:
ICMP Type = 133 ICMP Type = 134
Src = :: Src = Router Link-local Address
Dst = All-Routers multicast Dst = All-nodes multicast address
Address
Data= options, prefix, lifetime,
query= please send RA autoconfig flag
Router solicitation are sent by booting nodes to

request RAs for configuring the interfaces.
58
29
ND Address Resolution &
Neighbor Unreachability Detection
A B
ICMP type = 135 (NS)

Src = A
Dst = Solicited-node multicast of B
Data = link-layer address of A
Query = what is your link address?
ICMP type = 136 (NA)
Src = B
Dst = A
Data = link-layer address of B
A and B can now exchange

packets on this link
59
ND Redirect
A B R2
R1 Src = A
Dst IP = 3FFE:B00:C18:2::1
Dst Ethernet = R2 (default router)
Redirect:
Src = R2
3FFE:B00:C18:2::/6 Dst = A
4 Data = good router = R1
Redirect is used by a router to signal the reroute of a
packet to an onlink host to a better router or to another
host on the link 60
30
Neighbor Cache Entry States
NO ENTRY
send multicast Neighbor Solicitation
EXIST INCOMPLETE
multicast Neighbor Solicitation retry exceeded
received unsolicited Neighbor

Advertisement
received solicited
Neighbor
REACHABLE Advertisement
reachablility
reachable Time reachablility confirmed by sending
exceeded confirmed by unicast Neighbor Solicitation
upper layer protocol and receiving unsolicited
delay time exceeded Neighbor Advertisement
send packet
STALE DELAY PROBE
unicast Neighbor Solicitation retry exceeded
61
Minimum MTU
Link MTU
– A link’s maximum transmission unit (ex: the max IP packet
size that can be transmitted over the link)
Path MTU
– The minimum MTU of all the links in a path between a
source and a destination
Minimum link MTU for IPv6 is 1280 octets vs 68
octets for IPv4
On links with MTU < 1280, link-specific
fragmentation and reassembly must be used
On links that have a configurable MTU, it’s
recommended a MTU of 1500 bytes
62
31
Path MTU Discovery
RFC 1981
Implementations are expected to perform path MTU discovery to
send packets bigger than 1280 octets
– For each destination, start by assuming MTU of first-hop link
– If a packet reach a link in which it can’t fit, will invoke ICMP
“packet too big” message to source, reporting the link’s MTU;
MTU is cached by source for specific destination
– Occasionally discard cached MTU to detect possible increase
Minimal implementation can omit path MTU discovery as long as
all packets kept <= 1280 octets
– Ex: in a boot ROM implementation
63
Multicast Listener Discovery (MLD)

MLDv1
– RFC 2710, RFC3590
MLDv2
– RFC 3376, RFC 3810, RFC4604
ICMP Messages Types
– Multicast Listener Query
– Multicast Listener Report
– Multicast Listener Done
– MLDv2 Multicast Listener Report
功能:
– enabling routers to discover the set of IPv6 multicast addresses
for which there are listening nodes for each attached interface.
– Like IGMPv2, MLD discovers only those multicast addresses
that include at least one listener, not the list of individual
multicast listeners for each multicast address.
Windows Vista 將支援MLDv2.
64
32
SCOPE
Multicast Routing
DVMRP
(Distance Vector Multicast Routing Protocol)
MOSPF
PIM (Protocol Independent Multicast) Link
BGMP
OSPFv3
PIMv2 (RFC 4601) IPv6
(RFC 4601) IPv6Network
Network
(Thousands of Nodes)
Router
(Thousands of Nodes)
Link
IGMP
(Internet Group Management Protocol) for V4
ICMPv6 for V6
65
IPv6 特性

33
IPv6 特性
提供新的定址方式
可擴充新的通信協定
– IPv4使用Option 欄位，但只限於這一個標頭
– IPv6除基本標頭外，可再加上一或多個延伸標頭來形成
– IPv6 Basic 標頭 + Extension 標頭(s) + Data
減輕網路中路由器的負擔
– IPv6的基本標頭從可變長度變更成固定長度
– 取消路由器對封包的分割處理
– 刪除Checksum 機制
即插即用
– DHCPv6 – Stateful自動設定
– Stateless自動定址
可並存於原有IPv4的環境下進行通信
強化的安全性
– 內建 IPsec
更好的品質管控(QoS) 67
位址空間的擴充
版本位元數位址數量
IPv4 32 4,294,967,296個
340,282,366,920,938,463,46
IPv6 128 3,374,607,431,768,211,456
個(≒3.4x1038)
68
34
Why not > 128 bits?
考慮到IP 標頭處理所造成的浪費。
位址空間擴充了，但標頭浪費卻幾乎不變，可以
判斷這樣的位址長為128bits是妥當的
協定標頭長度 MTU 標頭浪費
IPv4 20bytes 576bytes 3.5%

IPv6 40bytes 1,280bytes 3.1%
69
支援多樣化的網路拓樸環境(一)
單一Interface 可支援多個Interface ID
不同的應用程式，可使用不同的Interface
ID對外連線。但目前尚無網路應用使用此
功能 SIP 2001:e10:201:1::333
FTP 2001:e10:201:1::444
Internet
Print 2001:e10:201:1::555
WebServer 2001:e10:201:1:2c0:8fff:fe03:8372
70
35
支援多樣化的網路拓樸環境(二)
單一Interface 可支援多個Network ID (Multi-
Homing)
同一Interface可使用二家以上不同ISP的
Public IPv6 Address。但目前Multi-homing
尚無測試及驗證標準
ISP1
2001:e10:201 WebServer 2001:e10:201:1:2c0:8fff:fe03:8372
Internet
ISP2
2040:e32:411 WebServer 2040:e32:411:1:2c0:8fff:fe03:8372
71
IPv6 Security
All implementations required to support

authentication and encryption headers (“IPsec”)
Authentication separate from encryption for
use in situations where encryption is prohibited
or prohibitively expensive
Key distribution protocols are under
development (independent of IPv4/v6)
Support for manual key configuration required
72
36
IPSec Document Roadmap
Architecture
RFC 2406 RFC 2402
ESP Protocol AH Protocol
Encryption Authentication
Algorithm Algorithm
HMAC-MD5 DES-Detroit (RFC 2451)
(RFC 2403) CBC(RFC 2405)
HMAC-SHA-1 DOI ….
(RFC 2404) RFC 2407
….
Key
Management ISAKMP, Oakley, ….
73
Transport-Mode vs. Tunnel-Mode

Encryption
Internal External
Network Network
Encrypted TCP Session
(a) Transport-level security
Corporate Corporate
Network Network
Encrypted tunnels Internet

carrying IP traffic
Corporate Corporate
Network Network
(b) A virtual private network via Tunnel Mode 74

37
Authentication Header
Destination Address + SPI identifies security

association state (key, lifetime, algorithm, etc.)
Provides authentication and data integrity for all
fields of IPv6 packet that do not change en-route
Default algorithm is Keyed MD5
75
AH Authentication with IPv6

new IP extension headers TCP Data
hdr (if present)
Before applying AH
Authenticated except for mutable fields
orig IP Hop-by-hop, dest,

AH dest TCP Data
hdr routing, fragment
Transport mode
Authenticated except for mutable fields

in the new header
new IP ext. AH orig IP ext
TCP Data
hdr headers hdr headers
Tunnel mode
76
38
Encapsulating Security Payload (ESP)
77
ESP with IPv6

Authenticated
Encrypted
orig IP Hop-by-hop, dest, ESP ESP ESP
dest TCP Data
hdr routing, fragment hdr trlr auth
Transport mode
Authenticated
Encrypted
New IP ext ESP orig IP ext ESP ESP
TCP Data
hdr headers hdr hdr headers trlr auth
Tunnel mode
78
39
安全性之強化
主要採用兩種Header：
– 認証用之Authentication Header
– 資料加密用之Encapsulating Security Payload
Header，簡稱ESP Header
IPv6內建IPSec加密機制(未來Windows Vista
將可支援)
由於執行IPv6內建之IPSec加密機制，需耗
費大量的計算資源，在可見的未來內PDA等
移動裝置支援之可能性不高
79
移動性之強化
Mobile IPv6 可提供較Mobile IPv4更強大的移動性，解決以
往跨網段漫遊所發生的連線障礙。
– 局端設備為Home Agent 簡寫HA，Cisco Router已支援HA之功能。
– 移動端為Mobile Node簡寫MN，目前Windows尚無法支援MN之功
能。
– 資源端為Correspondent Node，簡寫為CN。
MN在變動IP後，會告知HA新IP位址。
資源端回應MN時，會被HA攔截並將封包轉送至MN之真實
IP位址。
如資源端安裝了CN，HA可告知CN，可直接與MN互連，不
需要透過HA與MN連線。
若MN再發生移動，會主動通知HA與CN，讓CN立刻使用新
IP與MN連線。
80
40
Comparisons of Mobile IPv4
and Mobile IPv6
Compared Items Mobile IPv4 Mobile IPv6
Foreign Agent YES NO
Care-of address FA or CCoA CCoA only
Obtaining Care-of By FA or DHCPv4 IPv6 stateless and
address stateful mechanisms
Route Option Mandatory
Optimization
Packet tunnel Require packet Forward packets
during route tunneling between with no tunneling
optimization MN and CN
HA involves route YES NO
optimization
MIP messages ICMP and UDP IP headers and ICMP
format packets packets
MIP messages Reg. Req, Bing Reduced and allow
Update, … piggybacked in
header
Smooth hand-over Option Mandatory
Reverse tunneling Solve ingress No ingress
filtering filtering problem
81
Mobile IPv6的目前應用上的問題
1. Client需具備MN程式，而目前Windows尚未支
援。
2. 移動性之AAA認証機制，是否可以完全自動
化。
3. 目前大部份的資源端均不支援CN，容易造成
Triangle Data Path 。
4. Mobile IP的應用，大部份會在無線上網的環境
下，而Mobile IPv6與IPSec或其他安全機制之整
合，需要的計算資源非目前手持式裝置可以負
荷。
82
41
QoS 機制之強化
IPv6之QoS運作機制主要為接受上層Application所下的指
示而運作，在第三層內網路設備原則上不會主動進行
QoS Policy之設定，但目前IPv6 QoS機制尚未被啟用，未
來是否能被廣泛運用仍待觀察
IETF提出兩種QoS機制
分別為
1. “Integrated Service” (int-serv)
– fine-grain (per-flow), quantitative promises (e.g., x bits per second),
uses RSVP signaling
2. “Differentiated Service” (diff-serv)
– coarse-grain (per-class), qualitative promises (e.g., higher priority),
no explicit signaling
*引用自Introductio to IPv6, Cisco 2001

83
在IPv6 Header 中的QoS 參數
Inter-Serv
– 20-bit Flow Label field to identify specific flows needing
special QoS
Diff-Serv
– 與IPv4相同機制
– 8-bit Traffic Class field to identify specific classes
of packets needing special QoS
84
42
IPv6 Routing

Routing in IPv6(一)
As in IPv4, IPv6 supports IGP and EGP routing

protocols:
– IGP for within an autonomous system are
• RIPng (RFC 2080)
• OSPFv3 (RFC 2740)
• Integrated IS-ISv6 (draft-ietf-isis-ipv6-06.txt)
– EGP for peering between autonomous systems
• MP-BGP4 (RFC 4271, RFC 4760 and RFC 2545)
IPv6 still uses the longest-prefix match routing
algorithm
86
43
Routing in IPv6(二)
RIPng
– RIPv2, supports split-horizon with poisoned reverse
– RFC2080
IS-ISv6
– Shared IGP for IPv4 & IPv6
– Route from A to B same for IPv4 & IPv6
– Separate SPF may provide SIN routing
OSPFv3
– « Ships in the Night » routing
– Need to run OSPFv2 for IPv4
– Route from A to B may differ for IPv4 & IPv6
87
Routing in IPv6(三)
BGP4+
– Added IPv6 address-family
– Added IPv6 transport
– Runs within the same process - only one AS
supported
– All generic BGP functionality works as for IPv4
– Added functionality to route-maps and prefix-lists
88
44
IPv6 相關網路學習資源

IPv6 Resources On Internet

Microsoft IPv6 http://www.microsoft.com/technet/itsolutions/network/ipv6/default.mspx
Cisco IPv6
http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html
Cisco IOS IPv6 Configuration Library
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_book09
186a00801d65f9.html
HP IPv6
http://h71000.www7.hp.com/doc/732final/6645/6645pro.html#bottom_main
The IPv6 Portal
http://www.ipv6tf.org/
IPv6 Style
http://www.ipv6style.jp/jp/statistics/ipv6win/index.shtml
The Join Project
http://www.join.uni-muenster.de/Join/index_join.php?lang=en
IPv6 Forum Taiwan
http://www.ipv6.org.tw/
Deep Space 6
http://www.deepspace6.net/
Hexago
http://www.hexago.com/
90
45
謝謝大家

IPv6移轉機制之介紹
NICI IPv6標準測試分組
2007年8月3日

46

IPv 6 Protocol&Features

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IPv 6 Protocol&Features

Uploaded by

Copyright:

Available Formats

IPv6教育訓練 課程大綱

2 NICI IPv6 Steering Committee

B 16位元 16位元 65,534 16,384

C 24位元 8位元 254 2,097,152

Problems with IPv4(1/2)

IPv4 address allocation rate 8

Scaling problems with Inter- domain routing

Potential IPv6 Services

報告發表 發行日期 作者 預測條件 國際IP位址

IANA : Internet Assigned Numbers Authority

Differences between IPv4 and IPv6

Source and 32 bits 128 bits

Payload identification No identification Using Flow label field

Resolve address to a broadcast ARP Multicast Neighbor

18 NICI IPv6 Steering Committee

IPv6 Address 可使用IPv4位址作為其位址的末

Unicast Address Scoping

Global Site-Local Link-

Unique-Local Scope (類似IPv4的Private

•Meaningful only in a single link zone, and may be re-used on

10 bits 54 bits 64 bits

Unique-Local Address (全新制定)

1111110 L Global ID subnet ID interface ID

7 bits 1 bits40 bits 16 bits 64 bits

001 Global Routing Prefix subnet interface ID

public site interface

Unicast Address Structure

IPv6完全使用 /X 取代IPv4 Subnet mask之表示方式 X 可由0至127

Unique to the link

1. 採用Neighbor Discovery (ND)，播放Router

11111111 flags scope group ID

Unicast Prefix Based Multicast Addresses

例如：於 Unicast Prefix網段 2001:ed8:32:1::/64 播放Multicast影音節目

11111111 flags scope Reserved

FF 3 X 00 Prefix length Unicast Prefix group ID

Global Unicast Address

IPv6 Multicast Address Allocation

Unicast Address with EUI-64 Interface ID (保留給未來全球公認之Anycast服務使用)

Subnet Prefix 000…000 Anycast ID

64 bits 57 bits 7 bits 37

IPv6可使用Layer 2位址產生Layer 3 Interface

由MAC Address 產生Interface ID

IPv6 Multicast 位址對應

44 NICI IPv6 Steering Committee

IPv4 Header Data Field

IPv6 與IPv4 Header 比較

TTL 8 Protocol 8 Header Checksum 16

Destination Address 128

– Header Length field eliminated Identifier Flags Fragment Offset

– Protocol t Next Header Options and Padding

*引用自Introduction to IPv6, Cisco 2001

IPv6 extension header

IPv6 PDU general form

Hop-by-hop options header

51 NICI IPv6 Steering Committee

Dualstack TCP/IP Protocol Suite

引用自TCP/IP Fundamentals for Microsoft Windows Chapter 2

Neighbor Discovery (ND)

ND Autoconfiguration, Prefix &

Router solicitation are sent by booting nodes to

ICMP type = 135 (NS)

A and B can now exchange

received unsolicited Neighbor

IPv6教育訓練課程大綱

報告發表發行日期作者預測條件國際IP位址