3.6Mobility
IPv6 has to support mobile nodes since they are expected to be very common in the future. A method for accomplish this is defined in [20] as Mobile IPv6 and is currently under study. Mobile IPv6 has much in common with Mobile IP for IPv4. Some improvements should however be mentioned:
-
The care-of address is used as source instead of the home address.
-
Route Optimization is built-in eliminating “triangle routing”.
-
Simplified routing of multicast packets with the care-of address as source.
-
Foreign agents defined in Mobile IPv4 are no longer needed since the autoconfiguration mechanisms are built into IPv6.
-
IPsec is used for all security instead of special solutions as in Mobile IPv4.
-
IPv6 Routing headers can often be used instead of tunneling between the home agent and the mobile node to minimize overhead.
-
Using Neighbor Discovery instead of ARP eliminates link layer consideration issues.
3.7Security
With IPv6 comes security. Every IPv6 node is required to handle encryption and authentication according to the specification. Although IP security is available for IPv4, it is far from commonly used. The security is made possible by introducing two extension headers.
The Authentication Header (AH) [22] makes it possible for a receiving host to guarantee whether the sender is authentic or not, and that the received packet has not been altered on its way. Introducing authentication in a network prevents spoofing attacks from hackers where packets are sent from a hackers computer while using a trusted computers address as a source address. Authentication is also important since the autoconfiguration mechanisms introduced in IPv6 otherwise would let any computer join the network, get a valid IPv6 address, and thereby access to the network.
The Encapsulated Security Payload (ESP) header [23] is used to encrypt packets. This assures that only legitimate receivers will be able to read the contents. Intervening users trying to read the packets for valuable information will only see a garbled version, which prevents another known hacker attack: snooping.
T he two headers could be used either separately or combined to make a secure connection between two hosts, or a steel pipe between two networks as illustrated in Figure 3 .7.
Figure 3.7 Network and header configuration for a steel pipe
4Using IPv6 at Home
Home networking and IPv6 are both hot topics today. They are both designed to meet the new demands and services developing around the corner for the next millenium. So, why not test the combination of the two together? In fact, it is quite easy to match the features provided by IPv6, with the demands appearing in a home-networking scenario.
In brief, IPv6 provides the following enhancements over IPv4 in home networking:
-
Better addressing and routing using larger address space and flexible header structure
-
Built-in autoconfiguration of hosts for easier installation and administration
-
Low-level authentication and encryption security for safe transactions
-
Mobility support for using future devices which most likely will be portable
-
Real-time traffic support with multicasting for broadcasting media etc.
All of these enhancements conform to the needs in a home network very well. In fact, home networking was one of the driving forces when considering IPv6 as a replacement for IPv4. The goal is to revolutionize the usage of IP networks to the extents that everything may be transmitted using it, anytime and everywhere.
In the following, the enhancement areas will be covered and discussed from a home networking perspective using real-world examples and applications.
4.1Addressing
The most important and critical factors when considering the new Internet protocol was the addressing issue. Every node in an IP network needs at least one unique address to communicate. Based on elementary arithmetic the IPv4 address space will be exhausted sometime between the years 2005 and 2015 [19]. That is, no globally unique addresses will then be available. Home networking will dramatically make this problem even more critical since every connected device preferably should get a globally unique address for seamless Internet access. Just imagine every mains socket or light bulb having their own IP addresses in every connected household in the world. In Sweden alone with about 4.3 million households and, let’s say, 30 connected appliances, this would make up to nearly 130 million IP-addresses. This is about three percent of the total (theoretical) number of addresses available in the IPv4 address space. When considering the loss for hierarchy and other ineffective address allocation factors, this clearly shows the urgent need for a larger address space.
4.1.1Node Naming
With addresses such as 3ffe:2100:1da7:5c3:5633:4011:2ab:23, typing complete IPv6 addresses will be a very tedious and error prone thing to do. It would be much more convenient to reference the front door at home by using a common name instead such as frontdoor.smith.stockholm.se as the destination. Of course, DNS is already being used with IPv4, but it will become even more important in IPv6. That is why IPv6 will rely on the use of Domain Name System (DNS) more heavily than IPv4, even in small LANs such as a home network. As mentioned in Section 3.3.7 there are already DNS extensions developed for use with IPv6 to handle the new addressing space.
When home networking is to be introduced using IPv6, DNS has to be implemented somewhere in the home LAN. The most feasible place to locate the DNS server would be in the home server (e.g. Residential Gateway or e-box). This would make it possible for the end users to assign names to all connected devices within the residence. However, including DNS functionality in the home server would increase the price and administration needs of the server. Another alternative could therefore be to let multiple home networks share one DNS server located at the network provider. While simplifying construction and administration of the home servers, this solution could limit the users’ possibility of updating the DNS server.
4.1.2Eliminating the NAT
To prevent the IPv4 address space from being exhausted, or at least doing it at a more moderate rate, temporary solutions have been developed. The most common solution today is by using Network Address Translation (NAT). NAT lets a local network connected to the Internet use its own local address space, completely different from the global address space. These is done by placing the NAT machine between the Internet and the local network and then apply the appropriate mapping between the internal local addresses into global addresses. This is very useful for small offices or homes using a dial-up connection to the Internet where only a limited number of globally unique addresses are available. There are, however, disadvantages when using a NAT. It could easily become a performance bottleneck since it has to replace the address fields inside every IP packet. Also, certain protocols that embeds the source and destination address inside the packet will not work without especially configured NAT machines.
W hen IPv6 is fully deployed, the need for NAT will be eliminated. The home network will be able to use global addresses such as the aggregatable unicast addresses described in Section 3.3.4 and thereby provide every node with a globally unique IP address. The IPv4 NAT may then be replaced by a simple IPv6 router as illustrated in Figure 4.1. However, during the transition period NAT may be very useful as will be described in Section 5.2.1.
Figure 4.8: Eliminating the IPv4 NAT
With a modem and dial-up connectivity, the customer can easily choose which service provider to use simply by dialing the appropriate telephone number. With a broadband connection directly to your house always connecting you to the Internet, the choice will no longer be so obvious.
The Global Aggregatable Unicast addressing scheme described in Section 3.2 was previously known as provider based addressing. The reason for this is that the address hierarchy defined in the scheme permits a site, or residence, to change service provider easily. It is also possible to have multiple providers at the same time since each IPv6 interface may be assigned multiple addresses with different prefixes. The user may then choose the source address for outgoing packets depending on the application.
The renumbering of sites involved with changing provider is taken care of by the IPv6 autoconfiguration mechanism. A new prefix caused by the renumbering propagates throughout the network as the old addresses and routes on the hosts eventually time out when no router advertisements for that address/route are received. This will help providers and network administrators when introducing new network topologies. With today’s trends of opening up the market with many competing providers, this feature is also most welcome for the customer!
Share with your friends: |