DCF255
DCF255
Lecture 5 | Internet Layer Layer
Agenda
Internet Layer Functions
Dual Stack Environment IPv4/v6
IPv4 Addressing
IPv4 Changes to Preserve the Address Space
IPv6 Addressing
Tunneling
Scoped Addresses
IPv6 From a Programming Perspective
User Interface Design
IP Family Independence
Determine IP Family Before Creating Socket
May require more than one slide
2
Internet Layer
Functions
3
Internet Layer Functions
Internet Layer accepts all content from the Transport Layer as Data
Responsible for adding header containing the source and destination IP addresses
Responsible for making Routing Decisions to decide the best route
For a smooth transition to IPv6 which commenced in 2012, all new hardware most be dual protocol stack enabled called IPv4/v6
4
IPv4 Addressing
Classful addressing
Ipv4 addresses are 32-bit long, separated by a dot and written in dotted decimal notation
Total address space is 232 = 4.3 billion addresses
Prefix
Suffix
32 bits
n-bits
32-n bits
Network
Defines node
Subnet Mask- Hides, or “masks,” the network part of a system’s IP address and leaves only the host part as the machine identifier.
Class Binary Dotted Decimal Prefix/CIDR
A 1111111.00000000.00000000.00000000 255.0.0.0 /8
B 11111111.11111111.00000000.00000000 255.255.0.0 /16
C 11111111.11111111.11111111.00000000 255.255.255.0 /24
Default Mask of Classful Addressing
Hierarchy of Ipv4 Addressing
5
IPv4 and Changes to Preserve the Address Space
IPv4 32 bit address space, each octet can contain a value from 0-256
Maximum address size is 256 X 256 X 256 X256 or 4,294,967,296 addresses (4.3 billion)
With growth of WWW in 1991, and development of smartphones, tablets, gaming systems and IP enabled devices such as phones and VoIP systems
Address space quickly became depleted, running out in fall 2015
To preserve the address space as long as possible the IETF instituted changes
The IPv4 address space, which we are all familiar with like, 192.168.0.1, is based on 4 octets, or 32 bit address. Each octet has a range of values from 0-255; thus the maximum size of the address space is 256 X 256 X 256 X 256 or 4.3 billion addresses. The 32 bits can be divided into different classes to allocate network and host addresses. With the development of the World Wide Web, the growth of PCs, the use of smartphones, tablets, gaming systems, and VoIP systems, far more IP addresses were necessary than the founders envisaged. The new address space IPv6 uses 128-bit addresses and is capable of 340 trillion, trillion, trillion addresses. The depletion of IPv4 addresses was predicted in 1993 and steps where take to preserve the space as long as possible. The IETF instituted the following changes
6
IPv4 and Changes to Preserve the Address Space
Networks were allowed to create Private address spaces.
NAT, Network Address Translator, was created to act as a proxy gateway converting private host addresses to public addresses
DHCP, Dynamic Host Configuration Protocols was created to act as a server to allocate addresses from a pool of available LAN addresses.
Internet address were assigned using CIDR, Classless Inter-Domain Routing which uses the address space more efficiently
All of these preservatives have given us the network structure we are familiar with at home and at Seneca.
Private address spaces where created to allow networks to create LAN addresses with approval of the Internet registry. However, hosts on the LAN can’t communicate with the public Internet except through a proxy gateway.
NAT, Network Address Translator, was created to act as a proxy gateway converting private host ddresses to public addresses to access the Internet. Thus, many LAN hosts can share a single Internet address.
DHCP, Dynamic Host Configuration Protocols was created to act as a server to allocate addresses from a pool of available LAN addresses. The address assigned to the host is “leased” from the server for a time, and can be reallocated to another host when the lease expires. Thus, many hosts can share a pool of addresses .
CIDR, Classless Inter-Domain Routing was a fundamental change in how IP addresses were assigned. The old class based system of allocating IPv4 addresses was discontinued for a classless system which used the 32 bit address space more efficiently, avoiding wasted IP addresses
All of these network technologies we have heard before and are currently implemented on our home and Seneca networks. In North America, IPv4 will continue be used for a long time. Networks, won’t convert to IPv6 until new hardware is required.
7
IPv6
Addressing
8
IPv6 Addressing – 3 Types
1. Unicast
3. Multicast
2. Anycast
IPv6 uses three types of addresses — unicast, multicast, and anycast. Unicast and multicast addresses also existed in IPv4, but Anycast is a new type of address defined by IPv6.
Unicast: A unicast address is a one-to-one address. Packets send to a unicast address travel between two hosts on a single interface.
Multicast: A multicast address is a one-to-many address. Packets sent to a multicast address travel to all interfaces identified by the multicast group address.(this replaces the broadcast address used in IPv4)
Anycast: A anycast address is a one-to-one address sent to the nearest host. Packets sent to a anycast address are sent to a single interface of the nearest host identified by the address.
9
IPv6
Both IPv4 and IPv6 are connectionless protocols
Both IPv4 and IPv6 are connectionless protocols. This means that every data packet that is sent across the network is treated as an independent unit. IP does not maintain the details of the connection between the server and the client and does not guarantee reliable delivery. It is a “best effort” delivery system, trying to avert data loss as much as possible. If the host is located on the same network, this is called “local delivery” and if the host is on a different network, it is called “remote delivery”. With remote delivery, the data will be handled by intermediate devices called routers which will forward the data based on the destination address. The sender is unaware of how the data is transmitted to the destination. This is similar to when you mail a letter. You address the letter and you are ignorant of the number of intermediate steps Canada Post carries out to forward the letter to its destination.
IP works with ICMP, (Internet Control Message Protocol) which is responsible for generating error messages when an error occurs during data transmission. The Transport layer protocols, namely TCP and UDP, decide to retransmit data based on the error message that is received. The table below is a comparison of the IPv4 and IPv6 layers and the protocol specifications of each layer.
When you ping a host. The message is an ICMP echo request packet which the receiving host returns an ICMP echo reply packet, or “host unreachable” if the host is offline. IGMP, Internet Group Management Protocol is used for grouping multicast hosts. ARP, Address Message Protocol, is used by IP to resolve MAC addresses of a host, when the IP address is known. An ARP request packet is broadcast to all hosts, saying “Whoever has this IP address, please send me your MAC address”. The receiving host, who has that particular IP address, then returns a unicast ARP reply to the sending host, so that the data link layer frame can be completed. IPv6 has new protocols, but serve the same function. ICMPv6 is the error message protocol. MLD, Multicast Listener Discovery is an improved version of IGMP used for multicasting and ND, Neighbor Discovery replaces ARP. With IPv6, all devices will be connected to the public network, which will make it easier for users to manage home automation, file sharing, online gaming, etc. without complex settings on their routers.
10
IPv6
Inevitability
Efficiency
Security
The dual stack approach to IPv6 means that IPv4 will be around for a long time. IPv4 devices will continue to work in the foreseeable future. However, there are 3 reasons why businesses should plan to change to IPv6.
Inevitability: At some point in the future, IPv4 will be no longer supported. Moving to IPv6 when hardware needs to be changed is a good approach
Efficiency: IPv6 is better protocol than IPv4, with faster routing by removing the need to check packet integrity and fragment a packet. In IPv6, only the sending host performs fragmentation. If an IPv6 router cannot forward a packet because it is too large, the router sends an ICMPv6 Packet Too Big message to the sending host and discards the packet. NAT will no longer be needed, because each host will have a unique IP address on the public network, unless the network continues to use private addressing.
Security: IPv6 has been built from the ground up with security in mind with builtin encryption.IPv6 encrypts traffic and checks packet integrity to provide VPN-like protection for standard Internet traffic.
11
IPv6 Address Space
Network Bits
48 bit assigned
Prefix Bits
16 bits self-assigned
Host Bits
64 bits
Network address of 48 bits which is assigned by the Internet Society
Network prefix 16 bits used by businesses to divide address space along organizational structure
Host address 64 bits.
Total 128 bits – 340 trillion, trillion, trillion addresses
How big is this number?
If you allocated an IPv6 address to every atom on earth, you would still have enough addresses for about 100 more Earths. Before we run out of addresses the human race will be extinct!
IPv6 has a network address of 48 bits which is assigned by the Internet Society. Adjacent to the network bits are network prefix bits which businesses can use to divide their address space to match organizational needs. These bits use CIDR notation to determine which bits have fixed values and which represent the subnet identifier. The remaining 64 bits are host bits.
For IPv6, the 128-bit address is divided along 16-bit boundaries. Each 16-bit block is converted to a 4-digit hexadecimal number and separated by colons. The resulting representation is known as colon-hexadecimal.
12
IPv6 Address Space
Network Bits
Prefix Bits
Host Bits
128-bit address is divided along 16-bit boundaries. Each 16-bit block is converted to a 4-digit hexadecimal number and separated by colons. The resulting representation is known as colon-hexadecimal
IPv6 Address in binary form:
Divided into 16 bit blocks:
Each 16 bit block converted to hexadecimal and separated by colons:
13
IPv6 Address Space – Simplification
Network Bits
Prefix Bits
Host Bits
IPv6 representation removes leading zeros within each 16-bit block
Each block must have at least a single digit.
14
IPv6 Address Space – Simplification
Network Bits
Prefix Bits
Host Bits
IPv6 representation also allows for the compression of zeros if the address has long strings of zeros
Missing zeros represented by a double colon “::”
Can only be used once in an address
Compressing Zeros
Some types of addresses contain long sequences of zeros. To further simplify the representation of IPv6 addresses, a contiguous sequence of 16-bit blocks set to 0 in the colon-hexadecimal format can be compressed to “::,” known as double-colon.
For example, the link-local address of FE80:0:0:0:2AA:FF:FE9A:4CA2 can be compressed to FE80::2AA:FF:FE9A:4CA2. The multicast address FF02:0:0:0:0:0:0:2 can be compressed to FF02::2.
Zero compression can be used to compress only a single contiguous series of 16-bit blocks expressed in colon-hexadecimal notation. You cannot use zero compression to include part of a 16-bit block. For example, you cannot express FF02:30:0:0:0:0:0:5 as FF02:3::5.
To determine how many 0 bits are represented by the double colon, you can count the number of blocks in the compressed address, subtract this number from 8, and then multiply the result by 16. For example, the address FF02::2 has two blocks (the “FF02” block and the “2” block.) The number of 0 bits expressed by the double colon is 96 (96 = (8 – 2)×16).
Zero compression can be used only once in a given address. Otherwise, you could not determine the number of 0 bits represented by each double colon.
Zero compression can be used to compress only a single contiguous series of 16-bit blocks expressed in colon-hexadecimal notation. You cannot use zero compression to include part of a 16-bit block.
For example, you cannot express FF02:30:0:0:0:0:0:5 as FF02:3::5.
15
IPv6 Prefix and Dual environments
128 bits must show network and host addresses
Within a network all hosts will have same network prefix
Prefix indicated by “/” followed by the number of bits used for the network portion of the address
Host portion of address ranges from
The 128 bits of the IPv6 address must denote the network address and the host address for packets to be correctly delivered. IPv6 uses CIDR notation to denote the number of bits used for the network. Within a network all network hosts will have the same network prefix. The prefix is indicated as a “/” followed by the number of bits. For example, 2001:cdba:9abc:5678::/64 denotes the network address 2001:cdba:9abc:5678. Thus the host addresses range from 2001:cdba:9abc:5678:0000:0000:0000:0000 up to 2001:cdba:9abc:5678:ffff:ffff:ffff:ffff.
16
IPv6 Prefix and Dual environments
For dual environments a special syntax is permitted
“X” represent first 6 high order 16 bit pieces of the address (96 bits)
“d” represent the decimal values of the four low order 8 bit pieces (32 bits)
For dual environments a special notation is permitted, using the syntax x:x:x:x:x:x:d.d.d.d where the “x”s are the hexadecimal values of the six high-order 16-bit pieces of the address, and the “d”s are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation) with a prefix length of 96. For example, the IPv4 address 126.101.64.1 can be represented as ::126.101.64.1/96.
The exception to this rule is the 127.0.0.1 loop back address to test if TCP/IP is properly installed on the local interface. This address has an IPv6 representation of ::1/128.
17
IPv6 Tunnelling: Dual Environments
Packets travelling on the Internet will meet routers that are not IPv6 capable
To ensure compatibility IETF created IPv6 over IPv4 Tunneling
The dual stack approach is an important feature to ensure compatibility between IPv4 and IPv6 hosts. However, it is possible that packets will arrive at routers that are not IPv6 enabled. To solve this problem a process can IPv6 over IPv4 tunneling has been defined.
Suppose you are at work and have a dual stack host and you want to send a file to your home, which also has a dual stack. However, the upstream ISP is not IPv6 enabled. How can you send this file? The Internet layer of PC A will encapsulate the IPv6 address inside an IPv4 address, so the packet can travel over the ISP network and then PC B’s Internet layer will de-encapsulate the address.
How would a router or host know which protocol to use? This would be determined by the DNS records.
18
IPv6 Tunnelling: Dual Environments
To determine which protocol to use a router will use DNS records
If IPv4 DNS database record is:
www.senecacollege.ca. IN A 142.204.0.0
If IPv6 address, DNS database record is::
www.senecacollege.ca. IN AAAA FE80:DC28:ffff::1234
If multiple IPv4/v6 addresses, IPv6 addresses will be tried first, and then IPv4 addresses will be tried.
Connecting to FE80:DC28:ffff::1234, then
www.senecacollege.ca IN AAAA FE80:DC28:ffff::1234
www.senecacollege.ca IN AAAA FE80:DC28:ffff::5678
www.senecacollege.ca IN A 142.204.0.0
How would a router or host know which protocol to use? This would be determined by the DNS records.
Users communicate on the Internet using fully qualified domain names (FQDN), not IP addresses. DNS records map the IP address to the domain name. Thus, the transition from IPv4 to IPv6, from a user’s point of view will be invisible. For instance, assume that we have a dual stack host, and we want to access the URL https://www.senecacollege.ca. A dual stack node will behave as follows:
If www.senecacollege.ca resolves to an IPv4 address, connect to the IPv4 address. In such a case, the DNS database record for www.senecacollege.ca will be as follows:
www.senecacollege.ca. IN A 142.204.0.0
If www.senecacollege.ca resolves to an IPv6 address, connect to the IPv6 address.
www.senecacollege.ca. IN AAAA FE80:DC28:ffff::1234
If www.senecacollege.ca resolves to multiple IPv4/v6 addresses, IPv6 addresses will be tried first, and then IPv4 addresses will be tried. For example, with the following DNS records, we will try connecting to FE80:DC28:ffff::1234, then
www.senecacollege.ca IN AAAA FE80:DC28:ffff::1234
www.senecacollege.ca IN AAAA FE80:DC28:ffff::5678
www.senecacollege.ca IN A 142.204.0.0
Since we assume that IPv6 hosts will be able to use IPv4 as well, the Internet will be filled with IPv4/v6 dual stack devices for the near future, until the use of IPv6 becomes dominant
19
IPv6
Programming Perceptive
20
IPv6 – Programming Perspective
User Interface Design
IP Family Independent
Determine IP Family before Creating Socket
From a programmer’s perspective IPv6 is very different that IPv4 programming and will present some new challenges.
21
IPv6 – Programming Perspective
User Interface Design
IPv6 address space is much larger and simplification standards require extra programming.
GUI applications which supply text boxes, for users to change address should be avoided, except in administrative applications
Programmers need to ask the following questions:
Should number based (IP) or name based (DNS) notation be used?
Should the truncated addresses be used in the interface? The double colon is an optional methods of notation to simplify the address, not a specification.
Does the user need specific parts of the address, such as the subnet prefix, scope identifier or other subfields?
IPv6 specification requires the address to be enclosed in square brackets when part of a URL: For example: http://[F380:DC28:ffff::1]:80/64
IPv4 addresses provided a rigid format: 10.0.10.1. IPv6 addresses are less rigid because of the convention of using a double colon to provide a truncated address, such 1004:0:0:0:0:0:0:10, can be written as 1004::1. This requires programmers to take this capacity into account when creating user interfaces which display the IPv6 address. Also, the text box must be capable of supporting the IPv6 address with the embedded IPv4 address, such as 0000:0000:0000:0000:0000:0000:ffff:10.0.10.1. An if the scope idenitifer is added to the address the length could be increased by another eleven characters.
Addressing in IPv6, due to many factors such as length, complexity, and the significance of sections within the IPv6 address space, is not conducive to modification or specification by users. Therefore, the need to provide users with the capability of specifying their own address is reduced. Additionally, due to the complexity associated with IPv6 addressing, providing administrators with the capability of specifying IPv6 address information is not likely to occur on a per-node basis.
Displaying an IPv6 address in the UI is not inconceivable, and therefore developers should consider the variability in the size of an IPv6 address when modifying an application to support IPv6.
The rest of this section discusses the difference between IPv4 address length predictability and IPv6 address length considerations. This section presumes IPv6 addresses are being displayed in their hexadecimal representation.
IPv4 addresses are predictable in size, because they rigidly follow dotted decimal notation, as the following address example illustrates:
10.10.256.1
With the complexities of the IPv6 format and the difficulty in associating it with a host, it is more likely that the user will rely on name based notation rather than number based notation. It is predicted that with IPv6 DNS will play a greater role in dynamically allocating addresses. In which case, a text box in the user interface may not be necessary ( unless the application is an administrative program). Here are the following topics programmers need to consider:
Should number based or named base notation be used?
Should the truncated addresses be used in the interface? The double colon is an optional method of notation to simplify the address, not a specification.
Does the user need specific parts of the address, such as the subnet prefix, scope identifier or other subfields?
Lastly, if the user is to enter an IPv6 address as part of the URL, the address must be enclosed in square brackets to avoid ambiguity with the port number which is also separated by a colon. For example: http://[F380:DC28:ffff::1]:80/64..
22
IPv6 – Programming Perspective
IP Family Independent
Avoid:
Hardcoding the address family will make interoperability difficult.
Family dependent applications will need to be changed if new protocol developed
A device that is IPv4 specific will not know how to tunnel a IPv6 address inside of an IPv4 packet.
We use a simple switch statement to determine if the address family and handle it in dotted decimal notation or IPv6 and handle it in hexadecimal notation. Unfortunately, the answer is not as simple. Code like the above must be avoided for the following reasons:
We use a simple switch statement to determine if the address family and handle it in dotted decimal notation or IPv6 and handle it in hexadecimal notation. Unfortunately, the answer is not as simple. Code like the above must be avoided for the following reasons:
1. Hardcoding the address family must be avoided because the application will not function unless the operating system supports the address family. For the near future, there will be devices that are IPv4 specific, IPv6 specific, or IPv6/v4 dual stack. Hardcoding the address will make interoperability difficult.
If a new protocol is developed applications which are family independent will not need to be written. On the other hand, a family dependent application will need to be changed
A device that is IPv4 specific will not know how to tunnel a IPv6 address inside of an IPv4 packet.
Interoperability will be increased if family independent structures and functions are used.
To ensure IPv6 interoperability, review the IPv4 code base looking for inappropriate controls. If checking UNIX applications use grep to check for any family specific functions listed below.
Windows has provided a tool called Checkv4.exe available in the Microsoft SDK or a web download. When you run your code through the utility it alerts you of any IPv4 specific data structures and function calls. Alternatively, you can search your code base for instances of the sockaddr and sockaddr_in structures, and change all such usage (and other associated code, as appropriate) to the SOCKADDR_STORAGE structure.
23
IPv6 – Programming Perspective
Avoid: Family Specific APIs
Microsoft has a SDK utility called Checkv4.exe which will check for family dependent function calls in your code
UNIX use grep to search for the above function calls
The following APIs that take struct in_addr or struct in6_addr, should be avoided.
inet_addr,
inet_aton,
inet_lnaof,
inet_makeaddr,
inet_netof,
inet_network,
inet_ntoa,
inet_ntop,
inet_pton,
gethostbyname,
gethostbyname2,
gethostbyaddr,
getservbyname,
getservbyport
24
Scoped IPv6 Addresses
The IPv6 address is tied to the “interface” not the host
The 128 bit address alone does not uniquely identify a host
To communicate with hosts A or C, PC B must use the “link-local” address to specify the NIC to use: fe80::1%ether1
Sockaddr_in6 has a member sin6_scope_id to add the scope identifier of the interface
Another important reason for using sockaddr, is due to the scoped IPv6 addresses. Unlike IPv4 where the address was tied to a host, the IPv6 address is tied to an interface and a host can have several interfaces. Thus the 128 bits does not uniquely identify the peer. In diagram below, from PC B, we can see two hosts with fe80::1: one on Ethernet segment 1, another on Ethernet segment 2. To communicate with host A or C, PC B has to disambiguate between them with a link-local address—specifying the outgoing interface to use, called the link-local address –a 128-bit address is not enough. Sockaddr_in6 has a member named sin6_scope_id to disambiguate destinations between multiple scope zones. String representation of a scoped IPv6 address is augmented with a scope identifier after the % sign, such as fe80::1%ether1.
25
Determine IP Family Before Creating Socket:
IPv4 common practice to create socket first using AF_INET address family and then use gettaddrinfo and gethostbyname functions
IPv6 the address resolution using getaddrinfo function by be completed FIRST to determine the IP address and address family of the remote host
Only then can the socket function be called to open a socket
If the name resolution returns bot IPv4 and IPv6 addresses, then separate IPv4 and IPv6 sockets must be used
Windows applcations can use the agnostic WSAConnectByName
In IPv4, socket programming the getddrinfo and the gethostbyname are commonly used after the socket is created using the AF_INET address family. On dual stack hosts, however, this approach will not work because the address family of the remote host name is not known. So address resolution using the getaddrinfo function must be completed first to determine the IP address and the address family of the remote host. Only then, can the socket function be called to open a socket of the address family returned by getaddrinfo. This is a fundamental change in how socket applications are written, since many IPv4 applications tend to use a different order of function calls. Also, if the name resolution returns both IPv4 and IPv6 addresses, then separate IPv4 and IPv6 sockets must be used to connect to these destination address.
If writing a Windows socket application these complexities can be avoided using the new WSAConnectByName function (available on Windows Vista and later)
The following code example shows the proper sequence for performing name resolution first (performed in the fourth line in the following source code example), then opening a socket (performed in the 19th line in the following code example).
26
The following code example shows the proper sequence for performing name resolution first (performed in the fourth line in the following source code example), then opening a socket (performed in the 19th line in the following code example).
C++
27
Summary
The Internet layer is responsible for determining the IP address of the remote host and adding the sending and receiving IP addresses to the header. As the message is forwarded to the receiving host the Internet layer makes routing decisions
The depletion of the IPv4 address space led to the creation of private addresses, CIDR, DHCP and NAT technologies which have created the present network landscape. Although IPv6 was launched in 2012, if is expected that IPv4 will be around for a long time in North America. Companies should change to IPv6 for better performance and security
For a smooth transition to IPv6 it is mandated that all hardware be able to handle IPv4/v6 dual environments. These devices will be able to Tunnel IPv6 addresses inside IPv4 addresses for IPv4 specific devices. . IPv6 addresses are assigned to an interface and not the host, therefore there is a link-local address which allows the 128 address to be assigned with a scope identify to avoid ambiguity.
IPv6 address space uses 3 types of addressing unicast, multicast and anycast. The address space is 128 bits long and is in hexadecimal format. A number of techniques are allowed to simplify the address.
The use of IPv6 has made fundamental changes in how programmers design user interfaces, and write socket programs. Given the size and complexities of displaying IPv6 addresses programmers must decide if they want to use a name based system. Also, in writing programs the socket address type must be determined before opening the socket.