Term
| What are some reasons why IPv6 was deployed? |
|
Definition
- Exhaustion of IPv4 address space
- Enabling end-to-end global addressing
- Securing IPv6 in your own "IPv4 only" network
- Simplify ability for early adopter-only access networks to reach your content
- New applciations: sensors, logistics, transport, etc
|
|
|
Term
| What are the Benefits of IPv6 |
|
Definition
- Architectural
- 128-bit addresses
- Support for billions more devices online
- Potential to restore end-to-end capability
- Removal of the need for NAT
- Technical
- Network (IP configuration) plug and play
- Stateless Address Autoconfiguration
- Steamlined, extensible IPv6 header
- Fragmentation only at sender
|
|
|
Term
| Draw a diagram the IPv6 header |
|
Definition
|
|
Term
| What are the benefits of IPv6 over IPv4 headers? |
|
Definition
- Less fields, with a fixed header size
- Concept of a chain of headers
- One header per function e.g:
- Authentication header
- Fragmentation header
- The 'next header' field links headers together
- In theory, one cen define new headers
- In practice, tricky due to firewall considerations
|
|
|
Term
| What are the features of IPv6 addressing? |
|
Definition
- Unicast: one to one
- Multicast: one to many
- New. Various scopes of addresses are defined
- Link-local addresses - used only on local subnets
- Uses prefix fc00::/7
- Global addresses - globally unique and routable
|
|
|
Term
| What are Unique Local Addresses (ULA)? |
|
Definition
- An IPv6 address in the block fc00::/7.
- Approximate counterpart of the IPv4 private address
- Not accessible in the global IPv6 Internet
- In IPv6 hosts may routiney be multi-addressed
- One or more global IPv6 address(es)
- One IPv6 link-local address
- Possibly a ULA
|
|
|
Term
|
Definition
- IPv6 has enough address space not to require Network address translation purely for address conservation
- MIght still be implemented for 'Security benefits'
- Using ULAs doesn't imply you have to use IPv6 NAT
- If hosts have global address from ISP and ULA:
- They can use their ULA to talk internally
- Can use their global address to talk externally
- If they change ISP, and their global address has to change, the use of ULAs keeps internal communications stable
|
|
|
Term
| What are host configuration tools? |
|
Definition
- For both IPv4 or IPv6
- An IP address to use
- The size of the local subnet (prefix size)
- The default router to use on the local subnet
- DNS server(s)/resolver(s) to use
- In IPv4 you can use
- Manual configuration (Typically for servers)
- or Dynamic Host Configuration Protocol (DHCP)
|
|
|
Term
| What are the principles of Stateless Address Autoconfiguration (SLAAC) |
|
Definition
- IPv6 hosts can also autoconfigure basic network settings without the need for a stateful DHCP server
- IP address
- Default gateway
- An IPv6 Host using SLAAC by default builds its address from:
- An advertised 64-bit(/64) network prefix
- A 64-bit host part generated based on MAC
- Prefix information is advertised by a router, either
- Periodically (Typically every 600 seconds)
- Request (node sends Router Solicitation request)
- The Advertisement is multicast on the local subnet
|
|
|
Term
| What are the characteristics of an IPv6 Router Advertisement? |
|
Definition
Host sees or solicits a RA from router - the response includes:
- RA message carries the network prefix to use
- RA (link-local) source address implies default router
- RA can indicate if a DHCPv6 service is available
- DNS server information can be included in RA
|
|
|
Term
| Give an example of an IPv6 autoconf |
|
Definition
- Host's Ethernet (MAC) address is 08:00:20:9c:14:66
- The network prefix in the RA is 2001:630:80:200::/64
- Address is 2001:630:80:200:0a00:20ff:fe9c:1466
- A MAC address is 48 bits, ehnce the fffe 16-bit padding
- the "0a" is the globally unique EUI-64 bit being set
|
|
|
Term
| What are some IPv6 privacy issues and extensions? |
|
Definition
- MAC address is being embeded in the autoconfigured IPv6 address
- If device moves between networks, its prefix changes but the 64-bit identifier part remains the same
- Device can be tracked over time
- Privacy extensions instead use a random host part
- Generated when device joins network - and changes over time
- Also applies to static hosts - generates new privacy address periodically
- Increases complexity
|
|
|
Term
| What are the main functions of IPv6 Neighbour Discovery? |
|
Definition
- Router Advertisements
- Neighbour solicitation/advertisements
|
|
|
Term
| What are some characteristics of port-scanning resilience of IPv6? |
|
Definition
- Post-scanning is common in IPv4
- In IPv4 one port per subnet is 5 minutes (256 addresses)
- In IPv6 it is 500 billion years (2^64 hosts per subnet)
- There are ways to narrow search space
- 'Security through obscurity'
|
|
|
Term
| What are dual-stack subnets? |
|
Definition
| Hosts that have both an IPv6 and IPv4 address |
|
|
Term
| What are the approaches to introduce IPv6? |
|
Definition
- Dual Stack
- Translation Methods (IPv4-only to IPv6-only)
- Rewriting IP header information
- Application layer gateways (ALGs)
- Tunnels
- IPv6 traffic encapsulated in IPv4 packets
- router-to-router or host-to-router
|
|
|
Term
| What are the main characteristics of Dual Stack Systems? |
|
Definition
- Run both protocols on same equipment
- May need to rewrite/port existing applications
- Need to choose when to use IPv4 or IPv6
- Assumes enough IPv4 addresses are available
- Need to secure both protocols
|
|
|
Term
| What is tunnelling between sites? |
|
Definition
Encapsulate IPv6 packet as payload/data of an IPv4 packet, usually manually configured on two routers
IPv4 packets carry IPv6 packets as their data |
|
|
