The 128-bit address length of the IPv6 address length IPv6 forms a huge address space. In the foreseeable period, it can provide a global unique address for all IMB devices that can be imagined. The 128-bit address space contains the number of accurate addresses of 340, 282, 366, 920, 938, 463, 463, 374, 607, 431, 768, 211, 456. These addresses provide a separate IP address for each sand on the Earth. IPv6 can provide different types of addresses to the host interface to configure a Global Address (ON-Site) regional address (Link local address) area local address (SITE LOCAL Address) broadcast address ( Broadcast) Multicast Group Address Another Basic Features of the Home Address Transfer Address (CARE-OF Address) Auto Configuring IPv6 is that it supports stateless And there are two ways of automatic configuration. The stateless address automatic configuration is the key to obtaining the address. In this manner, a node that requires an address is required to use a neighbor discovery mechanism to obtain a local connection address. Once you get this address, it uses another plug-and-play mechanism, where there is no artificial intervention, get a global unique routing address. There is a state configuration mechanism, such as DHCP (Dynamic Host Configuration Protocol), requires an additional server, so many additional operations and maintenance are required. Service Quality Service (QoS) contains several aspects. From an agreement, the advantage of IPv6 is reflected in providing different levels of services. This is mainly due to the new field "Business Level" and "Drain" in the IPv6 header. With them, during the transmission process, each node in the middle can identify and separate any IP address streams. Although the accurate application of this stream has not yet set relevant standards, it will be used in the new billing system based on the service level. In other aspects, IPv6 also helps improve service quality. This is mainly manifested in supporting "always online" connection, preventing service interruptions and improving network performance. From another perspective, better network and service quality improve the customer's expectations and satisfaction, so that our relationships with our customers have a higher level. Mobility Mobile IPv6 (MIPv6) provides greater flexibility in new features and new services. Each mobile device has a fixed home address, which is independent of the location where the device is currently connected to the Internet. When the device is used outside the hometown, the current location information of the mobile node is provided by a CARE-OF Address. Each time the mobile device changes, it is necessary to tell its transfer address to the hometown address and the communication node therefor. Where to hometown, mobile devices transmit packets when the mobile device is transmitted, usually in the IPv6 header as the source address. When the mobile node sends a packet outside the hometown, use a hometown address target option. The aim is to tell the recipient of the hometown of the mobile node through this option. Due to the options in this packet contain hometown addresses, the receiving communication node can use this packet to replace the packet in this hometown address. Therefore, the IPv6 package transmitted to the mobile node is transparently selected to the transfer address of the node.
Optimization of routing between communication nodes and transformed addresses makes the network utilization. IP layer mobile features based on mobile IPv6 protocols are important. In particular, today, these advantages have been highlighted today. Although there is a similar mobile protocol in IPv4, there is an essential difference between the two: The mobile IPv4 protocol does not apply to a large number of mobile terminals. Mobile IP needs to provide a global unique IP address for each device. IPv4 does not have sufficient address space to assign one such address for each mobile terminal running on the public Internet. From another perspective, mobile IPv6 can meet the needs of large-scale mobile users through simple expansion. In this way, it can solve mobility issues between networks and access technologies. For the use of mobile IPv6 globally, a security layer is added based on IPv6 networks. For example, if an ISP network is stopped, or the network has blocked, then the mobile IPv6 terminal can connect with its hometown agent through other ISP networks, so that the optional router is allowed to use an optional router. Added a layer of reliability. It also improves the robustness of the network. 3GPP is a standardized organization of mobile networks, IPv6 has been adopted by the organization, and IPv6 (IMCN) will be used in the IP Multimedia core network. This core network will process multimedia packets in all 3G networks. Built-in security feature IPv6 protocol has a built-in security mechanism and has been standardized. It supports seamless remote access to the enterprise network. For example, the company's virtual private network connection. This security mechanism is also possible even if the end user is "always online" access enterprise network. This type of service type of "Time Online" cannot be implemented in IPv4 technology. For those who engage in mobility, IPv6 is the guarantee of IP-level enterprise networks. In terms of security, IPv6 is consistent with the IP Security (IPSec) mechanism and services. In addition to providing network layers, IPSec also provides two services. Certification header (AH) is used to ensure the consistency of data, while the packaged secure load header (ESP) is used to ensure the confidentiality and data of the data. In the IPv6 package, both AH and ESPs are extended headers, which can be used simultaneously or one of them alone. As an important application of IPSec, IPv6 integrates the function of virtual private network (VPN). The evolution from IPv4 to IPv6 from IPv4 to IPv6 is a gradually evolved process, not a process of thorough changes. Once IPv6 technology is introduced, you need to achieve global IPv6 interconnection, you still take a while to make all services to achieve global IPv6 interconnections. In the first evolutionary stage, you can access the IPv6 service through existing networks as long as the small-scale IPv6 network is connected to the IPv4 internet. But IPv4-based services are already mature, they will not disappear immediately. It is important to continue to maintain these services on the one hand, while also supporting interoperability between IPv4 and IPv6. Features IPv6IPv4 address space is large enough to be 4 billion, actually more mobile IP built-in security; can meet the need for a limited number of mobile terminals to meet the needs of a limited number of mobile terminals, can be applied to Global Enterprise Network Access, such as virtual private networks, there are several ways to choose, but there is no comprehensive standard solution for automatic configuration of the IPv6 standard for development networks that cannot be adapted to network scale.
The next generation of Internet is the high point of information society. IPv6 is the foundation and soul of the next generation of Internet. It will replace a simple and efficient engine for the Internet, which can not only solve the problem of IPv4 address shortage, but also make the Internet get rid of increasingly complex , Difficult to manage and control, so that the Internet becomes more stable, reliable, efficient and secure.
The current Internet protocol is developed approximately 30 years ago, where the network layer protocol is IPv4 (Internet Protocol Version 4). The address space of IPv4 is 32, theoretically supports the interconnection of 4 billion terminal devices. However, due to the division of the address types such as A, B, C, and many other special provisions and uses, the actual number of addresses is much less. In general, the utilization rate of the entire address space can only reach around 10%. In practical applications, IPv4 has achieved huge success. However, with the rapid development of the Internet, the defects brought about when designing IPv4, the defects brought about by no circumference, mainly in two aspects: the exertion of the address space and the sharp expansion of routing tables. These issues have become an obstacle to the development of the Internet, which leads to a wide range of applications of ClassSs Interdomain Routing, CIDR Technical and Network Address Translation (NAT) technology. But these two technologies can only delay the process of exhausted IPv4 address space, and cannot fundamentally solve the problem of insufficient IPv4 address.
IPv6 generation
In order to solve the problems encountered in the Internet development, early in the early 1990s, the Internet Engineering Task Group IETF began to start the next generation of Internet protocol IPNG (IP - the next generation). IETF has made a call for new IP protocols in RFC 1550 and published the main objectives that need to be implemented in the new protocol:
◆ Support almost unlimited address space;
◆ Reduce the size of the routing table, so that the router can process the packet faster;
◆ Provide better security and implement the IP level;
◆ Support multiple service types and support multicast;
◆ Supports automatic address configuration, allowing the host to do not change the address to achieve a different place;
◆ Allow new, old agreements to coexist from a period of time;
◆ The protocol must support removable hosts and networks.
After IETF proposes the design principle of IPNG, many proposals for IPNG are present, including a proposal called SIPP (Simple IP Plus, described by RFC1710). The SIPP removes some of the fields of the IPv4 header, making the header smaller and uses a 64-bit address. Unlike IPv4, the option is different as the basic components of the IP header, and the SIPP isolates the IP option to the header, and the option is placed in the packet after the header and located before the Transport Layer Protocol. After using this method, the router will only process the option header when necessary, so that the ability to process all data is improved.
In July 1994, IETF decided to increase the number of IPNG as IPNG, while adding the number of addresses from 64 bits to 128 bits. The new IP protocol is called IPv6, and its version is RFC1752 approved by IETF in 1994. Experts develop IPv6 summarize the early experience of IPv4, as well as the development and market demand of the Internet, and believe that the next generation of Internet protocols should focus on network capacity and network performance. IPv6 inherits the advantages of IPv4, abandoning the shortcomings of IPv4. IPv6 is incompatible with IPv4, but IPv6 is compatible with all other protocols in all TCP / IP protocols, i.e., IPv6 can replace IPv4.
IPv6 technical characteristics
Compared with IPv4, IPv6 has obvious improvements in address capacity, security, network management, mobility and service quality, which is a relatively reasonable protocol that the next generation of Internet can use.
Simplify header structure
The structure of IPv6 headers is much simpler than IPv4, and IPv6 headers delete many uncommonly used domains in IPv4 headers, which are optional, which have more stringent definitions. The header structure of IPv4 and IPv6 is shown in Figures 1 and 2, respectively. There are 10 fixed lengths in IPv4, 2 address spaces, and several options, only 6 fields and 2 address spaces in IPv6. Although IPv6 headers account for 40 bytes, it is 1.6 times of 24-byte IPv4 headers, but due to its length (IPv4 header is growing), there is no need to consume too much memory capacity. All extensions in IPv6 use extension header implementation. The extended header is based on the principle: Most packets only need to be simple processing, and the information with basic headers is enough; the information package that requires additional information on the network layer can encode the information to the extended header. This treatment improves the processing efficiency of the packet.
Provide almost unlimited address space
IPv6 provides 128-bit address space, which can be provided by the huge address capacity available from the following aspects:
◆ There are 2128 different IPv6 addresses, that is, the number of mobilized addresses is 340, 282, 366, 920, 938, 463, 463, 374, 607, 431, 768, 211, 456;
◆ Deduce special provisions on some address usage, IPv6 can make each person on the Earth have a valid available address of about 16 million;
◆ If allocated according to the land area, 2.2 × 1020 addresses can be obtained per square centimeter.
The opportunity of IPv6 addresses is very small. In the foreseeable period of time, IPv6's 128-bit address length formed huge address space, which provides a global unique address for all imaginary network devices. IPv6's sufficient address space will greatly meet the demand for address growth with address intelligence devices.
Provide security guarantees for network layers
IPv6 adds IPSec as a must-have protocol, solves the security issues of network-layer-to-end data transmission. IPsec is a new generation of Internet security standards, which is IETF to make special formation for improving the security of IP protocols. In fact, IPsec is a protocol kit that provides security features for "seamless", such as providing access control, authentication, data integrity check, confidentiality assurance, and anti-replay attacks. The IPSec protocol mainly includes: Verify Head (AH), Package Safety Load (ESP), Internet Key Exchange (IKE), and related components such as enforcement types.
IPSec can provide a variety of security services to network layer data transfer in IPv6 network environments. Communication two sides must maintain the security strategy and security alliance required for communication. Any third party does not have a security parameter on this communication, it is impossible to fake or voken to communicate data. The negotiation and acquisition of safety parameters can be performed by manual use, or the key exchange protocol can be used automatically. The improvement of the network infrastructure can ensure the reliable negotiation of security parameters, which in turn can maximize communication security of the network layer.
Support plug and play function
"Plug and Play" means that you can insert a node into the IPv6 network without any manual intervention and start it in the network. IPv6 uses two different mechanisms to support "Plug and Play" network connection: Start Protocol (BootP) and Dynamic Host Configuration Protocol (DHCP). Both mechanisms allow IP nodes to get configuration information from a special BOOTP server or DHCP server. These protocols use "Stateful Auto-Configuration", that is, the server must maintain status information for each node and manage these saved information. The problem of state automatic configuration is that the user must maintain and manage special automatic configuration servers to manage all "status", that is, the allowed connection and current connection information.
In addition to the state automatic configuration, IPv6 also uses an automatic configuration service called stateless auto-configuration. There is a stateless automatic configuration requires local link supports multicast, and the network interface can send and receive multicast packages. The stateless automatic configuration process requires the following steps: ◆ Automatic configuration node must determine your own link local address;
◆ Must verify the uniqueness of the link local address on the link;
◆ The node must determine the information you need to configure, which may be the IP address of the node, or other configuration information, or both. If you need IP addresses, the node must be determined to use the stateless automatic configuration process or the status automatic configuration process is used.
Provide higher service quality assurance
IPv4-based Internet In the beginning of the design, there is only one simple service quality, that is, the use of "do the best" transmission. In principle, text transmission, static image, etc. have no requirements for service quality QoS, so QoS is not guaranteed. With the increase in the IP online multimedia business, such as IP phones, video on demand (VOD), TV conferences, etc., have strict requirements for transmission delays and delay jitter.
The IPv6 packet format contains an 8-bit business stream category (Class) and a new 20-bit stream label (Flow Label). The first four-bit priority fields were first defined in RFC1883, which can distinguish between 16 different priorities. Later, in RFC2460, it is changed to 8-bit category fields, and its value and how it is not defined. Its purpose is to allow the source node of the sending traffic stream and the router for forwarding traffic streams to add marks on the packet and perform different processing other than default processing. In general, on the selected link, the data packet can be performed on the overhead, bandwidth, delay, or other characteristics.
A stream is a series of packets associated with some way, and the IP layer must treat them in a related manner. The decision information package belongs to the same stream including: source address, destination address, QoS, identity authentication, and security. The introduction of the concept of IPv6 medium flow is still on the basis of connectionless protocol. A stream can include several TCP connections, and its destination address can be a single node, or a set of nodes. When the intermediate node of IPv6 receives a packet, you can determine which stream it belongs to it, then you can know the QoS requirements of the packet and fast forwarding.
Support real mobility
Mobility is undoubtedly one of the most exciting services on the Internet. Mobile IPv6 protocols provide users with removable IP data services, allowing users to use the same IPv6 address around the world, which is very suitable for future wireless Internet access.
Mobile IPv6 operations include: hometown agents registration, triangle route, routing optimization, binding management, mobile testing, and hometown agents discovery. The working mechanism of mobile IPv6 is shown in Figure 4. There are 3 links and 3 systems in the figure. There is a router on the link A to provide a hometown agent service. This link is a hometown link of the mobile node, and the mobile node moves from link A to the link B. There is a communication node on the link C, which can be moved or stationary. The workflow of mobile IPv6 includes the following parts:
◆ When the mobile node is connected to the field link, in addition to the hometown address, it can communicate through one or more transformed addresses. The transfer address is the IP address when the mobile node is in the field link.
◆ Mobile IPv6 is implemented in the hometown of hometown in the link. The hometown agent adopts a proxy neighbor discovery to intercept the packet of the mobile node hometown address on the hometown link, and then send the intercepted data package to the main translation address of the mobile node through the tunnel.
◆ In IPv6, the mobile node tells each of the communication nodes to make the communication node and mobile nodes directly route the triangular routing problem.
In summary, for the mobility of the Internet, the advantage of IPv6 will be fully reflected. As the core of the next generation, IPv6's own power and many advantages have been highly valued globally. After applying IPv6, the Internet will become more simplified and provide users with more efficient service quality. Related Links IETF (Internet Engineering Task Force, Internet Engineering Task Group) was founded in 1986 and is an organization that developed technology standards in the world. The first meeting of IETF has 13 people, and the participants are all American technical researchers, and the content discussed at the time is mainly in technology research. With the development of the Internet, IETF is no longer just a US research organization, and people who participate in meetings are also from all industries worldwide, have research institutions, equipment manufacturers, service providers, government and education sectors, and users. There are two files released by the IETF, one called Internet Draft, the "Internet draft", and the other is RFC.
RFC (Request for Comments "means" Subjects "or" Request Note "contains almost all important text information about Internet. Typically, when agency or group has developed a set of standards or proposes a standard idea, it will issue an RFC on the Internet, and people who are interested in this issue can be Read this RFC and put forward your own opinions. The development of the vast majority of network criteria is started in the form of RFC. After a large number of arguments and modifications, the main standardization organization is released. However, the documents included in the RFC are not all being used or recognized by everyone, and a large part is only used in a part of a local area, or is not used. An RFC is specifically in which states are made in a clear identification.
Second, technical principles
IPv6 is an abbreviation for Internet Protocol Version 6, also known as the next-generation Internet protocol, which is a new IP protocol for replacing the current IPv4 protocol by IETF (The Internet Engineering Task Force).
1, address format M
Compared with the 32 address of IPv4, IPv6 has a long address. IPv6 has a total of 128-bit addresses and is four times the IPv4. Like IPv4, a field consists of 16-bit binary numbers, so IPv6 has 8 fields. The maximum value of each field is 16384, but the four-digit hexadecimal number is represented when writing, and the field and field is separated, not the original ".". Moreover, the values of the front in the field may be omitted, and if the entire field is zero, then it can be omitted. The address space formed by the 128-bit address is in a foreseeable period of time, it can provide a global unique address for all the IMB devices that can be imagined. The 128-bit address space contains the number of accurate addresses of 340, 282, 366, 920, 938, 463, 463, 374, 607, 431, 768, 211, 456.
The address of IPv6 is as shown above. "Fp" is that the address prefix (also known as "format prefix") is used to distinguish other address types. Subsequently, the 13-bit TLA ID (top aggregate ID number), 8-bit RES (reserved bit, is used in future TLA or NLA expansion.), 24-bit NLA ID (secondary aggregate ID number), 16-bit SLA ID (Node ID) and 64-bit Interface ID (Host Interface ID). TLA, NLA, SLA constitute three network hierarchies arranged under the top of the top, and apply for the ID number to the first level. The bottom layer of the hierarchical structure is the network host. 2, address classification
IPv6 defines three different address types. The Unicast Address, multicast address, and any point transmit address (Anycast Address). All types of IPv6 addresses are interfaces instead of nodes (NODE). An IPv6 single-point transmit address is assigned to an interface, and an interface can only belong to a particular node, so the single-point transmission address of any interface of one node can be used to indicate the node.
The single-point transmission address in IPv6 is continuous, the mask address in the bit unit is similar to the IPv4 address with CIDR, and one identifier only identifies the case of an interface. There are a variety of single-point transmission address forms in IPv6, including single-point transmission addresses based on global providers, geographic single-point transmission address, NSAP address, IPX address, node local address, link local address, and compatible IPv4. Host address, etc.
Multi-point delivery address is a case where an address identifier corresponds to multiple interfaces (usually different nodes). The IPv6 multi-point transmit address is used to represent a set of nodes. A node may belong to several multi-point transmission addresses. This feature is widely used by the multimedia application, which requires a node to multiple nodes. The RFC-2373 has made more detailed descriptions for multi-point transmission addresses and gives a series of predefined multi-point transmission addresses.
Any point transmit address is also a case where an identifier corresponds to multiple interfaces. If a message requires transferred to an arbitrary point transmission address, it will be transmitted to the most recent one in a set of interfaces identified by the address (determined according to the routing protocol distance metrics). Any point delivery address is divided from a single point transmitting address space, so it can use any form that represents a single point transmit address. From the grammatical view, it is not different from the single-point transmission address. When a single transmission address is pointed to more than one interface, the address is an arbitrary point transmitting address and is explicitly indicated. When the user sends a packet to this arbitrary point transmitting address, a server closest to the user will respond to the user. This is beneficial to a network user that is often moved and changed.
Then, from the interface host (mainly from the function), IPv6 can also perform address configuration of the host interface type: Global Address (Unicast), ON-Site, Location Link local address, region local address, broadcast address, multicast group address, anycast address, mobile address (Mobility), hometown address (Home Address, Care-of Address.
3, address configuration
One basic feature of IPv6 is to support the stateless and state of both address automatic configuration. The stateless address automatic configuration is the key to obtaining the address. IPv6 uses functions that automatically assign IP addresses to users as standard functions. As long as the machine is connected to the network, the address can be automatically set. It has two advantages. First, the end user does not need to spend an address setting, and the other is to greatly reduce the burden on the network manager. IPv6 has two automatic settings. One is the same name "full state automatic setting" function as the IPv4 automatic setting function. The other is the "stateless automatic setting" function.
In IPv4, Dynamic Host Configuration Protocol, DHCP implements automatic settings for host IP addresses and their related configurations. A DHCP server has an IP address pool that rents the IP address from the DHCP server and obtains configuration information (such as default gateways, DNS servers, etc.), which reaches the purpose of automatically setting the host IP address. IPv6 inherits this automatic configuration service of IPv4 and referred to as a full state autoconfigure.
During the stateless autoconfiguration process, the host first generates a link local single point transmission address by adding its NIC MAC address to 1111111010 after the link local address prefix 1111111010. The host then issues a request called neighbor discovery to verifying the uniqueness of the address. If the request does not get a response, the link locally single-point transmission address of the host's self-setting is unique. Otherwise, the host will make a new link local single point transmit address using a randomized interface ID. Then, with the address as the source address, the host transmits a multipoint of all routers in the local link multi-point configuration information called the router request (Router Solicitation). The router responds to a router announcement in a router containing a gathering global single point to transmit an address prefix and other related configuration information. The host uses it from the global address prefix from the router to the interface ID, automatically configure the global address, and then communicate with other hosts in the Internet. Using stateless automatic configuration, you can change the IP address of all hosts in the network without manual intervention. For example, when a company replaces the ISP coupled to the Internet, a new ISP is obtained from the new ISP. ISP transmits this address prefix from its router to the enterprise router. Since enterprise routers will receive a routine annotation to all hosts in the local link, all hosts in the enterprise network will receive a new address prefix through the router announcement. Since then, they will automatically generate new IP addresses. And override the old IP address.
4, quality of service
Quality Of Severs contains several aspects. From an agreement, the advantage of IPv6 is reflected in providing different levels of services. This is mainly due to the new field "Business Level" and "Drain" in the IPv6 header. With them, during the transmission process, each node in the middle can identify and separate any IP address streams. Although the accurate application of this stream has not yet set relevant standards, it will be used in the new billing system based on the service level. In other aspects, IPv6 also helps improve service quality. This is mainly manifested in supporting "always online" connection, preventing service interruptions and improving network performance.
The IPv6 packet format contains an 8-bit business stream category (Class) and a new 20-bit stream label (Flow Label). The first four-bit priority fields were first defined in RFC1883, which can distinguish between 16 different priorities. Later, changed to 8-bit categories fields in RFC2460. Its value and how to use have not been defined, the purpose is to allow the source node of the sending service stream and the router that forwarding traffic streams plus marks on the packet, and performs different processing other than default processing. In general, on the selected link, a special process can be performed on the overhead, bandwidth, delay, or other characteristics. A stream is a series of packets associated with some way, and the IP layer must treat them in a related manner. The decision information package belongs to the same stream including: source address, destination address, QoS, identity authentication, and security. The introduction of the concept of IPv6 is still on the basis of the connection protocol, and a stream can contain several TCP connections, and the destination address of a stream can be a single node or a set of nodes. When IPv6 intermediate nodes receive a packet, by verifying his stream tag, it can determine which stream it belongs to, and then you can know the QoS requirements of the packet, fast forwarding.
Based on IPv4 Internet In the beginning of the design, there is only one simple service quality, which is transmitted by "Best Effort". It is not guaranteed from the principle of service QoS. Text transmission, static images, etc. Transfer have no requirements for QoS. With the increase in the IP online multimedia business, such as IP telephony, VOD, TV conference, etc., have strict requirements for transmission delay and delay jitter.
5, mobile connection
IP layer mobile features based on mobile IPv6 protocols are important. In particular, today, these advantages have been highlighted today. Although there is a similar mobile protocol in IPv4, there is an essential difference between the two: The mobile IPv4 protocol does not apply to a large number of mobile terminals. Mobile IP needs to provide a global unique IP address for each device. IPv4 does not have sufficient address space to assign one such address for each mobile terminal running on the public Internet. From another perspective, mobile IPv6 can meet the needs of large-scale mobile users through simple expansion. In this way, it can solve mobility issues between networks and access technologies. For the use of mobile IPv6 globally, a security layer is added based on IPv6 networks.
One of the important functions of IPv6, more detailed mobile connection content will also be introduced later.
6, the head is simplified
IPv6 simplifies the data header to reduce processor overhead and save network bandwidth. The IPv6 header consists of an essential header and multiple extended header. The basic header has a fixed length (40 bytes) (of course, due to the length of the field, in general, the basic header length of IPv4 is short. Multiple), put all routers need to process information. Since most of the packages on the Internet are just simple forward by the router, the fixed header length helps speed up the routing speed. There are 15 domains of IPv4, while only 8 domains of IPv6, IPv4's header length is specified by the IHL domain, and IPv6 is fixed 40 bytes. This makes the router look more easily when handling the IPv6 header. At the same time, IPv6 also defines a variety of expansion headers, which makes IPv6 extremely flexible, providing strong support for multiple applications, while providing a possible possible to support new applications. These headers are placed between IPv6 headers and upper headers, each with a unique "next header" value confirmation. In addition to the segment option header (it carries information that must be processed on each node on the transmission path), the extended header is only processed when it reaches the target node specified in the IPv6 header (when When multi-playback, it is the specified each target node). There, the standard decoding method used in IPv6's next newspaper field calls the corresponding module to process the first extension header (if there is no extended header, proceed to the upper header). The content and semantics of each extended header determine whether to deal with the next header. Therefore, the extended header must be processed in sequence according to their order in the package. A complete IPv6 implementation includes the implementation of these extended headers: Take a header segment option, destination option header, routing header, segment header, identity authentication header, payload safety package header, ultimate head. 7, security features
Security issues are always Internet and later. Since security is not considered at the beginning of the IP protocol design, there is often a unfortunate thing such as enterprises or agency networks that have been attacked and confidential data. In order to enhance the security of the Internet, from 1995, IETF started research to develop an IP security (IPSec) protocol for protecting IP communication. IPSec is an optional extension protocol for IPv4, which is a must part of IPv6.
IPv6 protocol has a built-in security mechanism and has been standardized. The main function of IPsec is to provide security services such as encryption and authentication on the network layer, which provides two security mechanisms: authentication and encryption. The authentication mechanism allows the data receiver of IP communication to confirm that the authenticity identity of the data sender and whether the data is changed during transmission. The encryption mechanism ensures the confidentiality of the data to ensure that the data is intercepted by others during transmission. IPSecation Header (AH) protocol defines an application method for authentication, an ENCAPSULATING PAYLOAD, and ESP protocol defines an application method of encryption and optional authentication. When IP communication actually performs IP communication, one of these two protocols or choices are used simultaneously according to safety needs. AH and ESP can provide authentication services, but the certification service provided by AH is stronger than ESP.
As an integral part of IPv6, IPsec is a network layer protocol. It starts a security policy from the underlying to avoid security issues in data transmission (until application layer). However, it is only responsible for the network security of its underlying, is not responsible for the safety of its upper application, such as web, email and file transfer.
As an important application of IPsec, IPv6 integrates the function of virtual private network (VPN), using IPv6, can be easier to implement a more secure and reliable virtual private network. 8, domain analysis
In IPv6, the architecture of the domain name still maintains the hierarchical principle of IPv4. Moreover, the IPv6 address itself has more supported address agglomeration and address changes in the domain name resolution system. Similarly, positive parsing and reverse analysis is included in the domain name resolution of IPv6. Positive parsing is an explanation from the domain name to IP address. The forward parsing of IPv6 addresses currently has two resource records, ie "AAAA" and "A6" records. The "AAAA" proposed earlier, it is a simple extension of the IPv4 protocol "A" ", since the IP address is extended from 32 bits to 128 bits, the resource record is expanded from" A "to 4" A ". But" AAAA "is used to represent the correspondence between the domain name and IPv6 address, and the hierarchics of the address are not supported." A6 "is proposed on the basis of RFC2874. It is a hierarchical decomposition of an IPv6 address according to its own. Then multiple "A6" records establish contact, each "A6" record contains only part of the IPv6 address, which is combined to assemble into a complete IPv6 address. Reverse resolution is an explanation from the IP address to the domain name. It The IPv4 "PTR" is the same, but the address representation has two in the form of "." Separated half-byte 16-based digital format (NIBBLE FORMAT), the low address is before, the high address is after, the domain suffix is "Ip6.int.". The other is the biting string format, with "/ [" start, 16-in-service address (no sanker, high in front, low in post), addresses " ], The domain suffix is "IP6.ARPA.".
DNS in the mobile process is also divided into "stateless" and "state" in the "stateless" and "state". In a stateless manner, it is necessary to configure any current address within the site range within the Subnet DNS server. To perform the auto-configured node sends a server discovery request as the destination address, ask DNS server address, domain name, and search path. This request arrives at the nearest DNS server, the server answers DNS information, the DNS server unicast address, the domain name, and the search path according to the request, the domain name, and the search path. The node is configured with the server DNS information based on the server's response, and the subsequent DNS request is sent directly to the DNS server with the unicast address. Of course, it is also possible to take advantage of the method of any of the new address, but relatively, from security issues, this approach is generally taken. In a stateful DNS server discovery method, DNS server addresses, domain names, and search paths such as DNS server addresses, domain names, and search paths are told to nodes by similar servers like DHCP.
