Unit-2 (Internetworking Protocol, version 6) Roll no.

2510731

SEMINAR ON
IPV6
 IPV4 VERSUS IPV6

 BASIC PROTOCOL

 HEADER EXTENSION AND OPTIONS

 SUPPORT FOR QOS

 SECURITY

Submitted to: Submitted by :

Er. Ajay Jangra Shruti Sangwan

Lecturer in CSE Deptt. 2510731

Mtech. (CE)-1 st

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

Introduction :

The internet protocol version 4 is the delivery mechanism used by the TCP/IP protocols. It is an
unreliable and connectionless datagram protocol and a best-effort delivery service. The term
best –effort means that IPv4 provides no error control or flow control. Packets in the IPv4 layer
are called datagrams. IPv4 is a connectionless protocol which uses a datagram approach. This
means that each datagram is handled independently, and each datagram can follow a different
route to destination. This implies that datagrams send by the same source to the same
destination could arrive out of order.

Rest of the fields are same as that of IPv4, except flow label and priority field, which offers a
quality-of-service to IPv6 protocol.

Flow label can be used to speed up the processing of the packet by a router. When a router
receives a packet, instead of consulting the routing table and going through a routing algorithm
to define the address of the next hop it simply look in a flow label table for the next hop. Flow
label can be used to support the transmission of real time audio and video. Real time audio or
video particularly in digital form requires resources such as high bandwidth, large buffers, long
processing time and so on. A process can make reservation of its resources beforehand to
guarantee that real time data will not be delayed due to lack of resources. The use of real time
data and the reservation of these resources require protocols such as RTP (Real Time Protocol)
and RSVP (Resource Reservation Protocols).

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

TABLE OF CONTENTS

S.no. Topic Page No.

1 IPv4 Header Format 1-3
2 IPv6 Header Format 3-4
3 Transition from IPv4 to IPv6 5
4 Comparison between IPv4 option and IPv6 extension header 6
5 Comparison between IPv4 and IPv6 7
6 IPv6 Securities Issues 8
7 IPv6 Security Improvements 9
8 IPv6 Quality of Service Capabilities 10-11

TABLE OF FIGURES

S.no. Caption Page No.

1 IPv4 Header Format 1
2 Options in IPv4 3
3 IPv6 Header and Payload 3
4 IPv6 Datagram 4
5 Extension Header types 4
6 Dual Stack 5
7 Tunneling 5
8 Header Translation 5

9 Traffic Classification 10

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

IPv4 Header Format

20-65536 BYTES
20-60 BYTES

HEADER DATA

VER HLEN SERVICES TOTAL LENGTH

4 BITS 4 BITS 8 BITS 16 BITS

IDENTIFICATION FLAGS FRAGMENTATION OFFSET

16 BITS 3 BITS 13 BITS
TIME TO LIVE PROTOCOLS HEADER CHECKSUM
8 BITS 8 BITS 16 BITS

SOURCE IP ADDRESS

DESTINATION IP ADDRESS
OPTIONS

32 BITS

FIG.1. IPv4 Header Format

The internet protocol version 4 is the delivery mechanism used by the TCP/IP protocols. It is an
unreliable and connectionless datagram protocol and a best-effort delivery service. The term
best –effort means that IPv4 provides no error control or flow control.

DATAGRAM:

Packets in the IPv4 layer are called datagrams. Fig.1. shows the IPv4 datagram format. IPv4 is a
connectionless protocol which uses a datagram approach. This means that each datagram is
handled independently, and each datagram can follow a different route to destination. This
implies that datagrams send by the same source to the same destination could arrive out of
order.

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

1
Header Description

 Version (VER): Tells the IPv4 software running in the processing machine that the
datagram has the format of version 4.

 Header length(HLEN) : When there is no option then the header length is 20 bytes
(5x4=20) when option field is at its maximum size, the value of this field is 15(15x4=60).

 Services: The first 3 bits are called precedence bits. The next 4 bits are called TOS (type
of service). And the last bit is not used.

 Total length: Length of data=total length –header length. This field defines the total
length of the datagram including the header. When a machine decapsulates the datagram
it needs to know how much is the padding and how much is the real data.

 Identification : It helps the destination in reassembling the datagram. It knows that all the
fragments having the same identification value must be reassembled into one datagram.

 Flags: The first bit is reserved. The second bit is called the do not fragment bit. The third
bit is called the more fragment bit.

 Fragmentation offset: This field shows the relative position of this fragment with respect
to the whole datagram. It is the offset of the data in the original datagram measured in
units of 8 bytes.

 Checksum: First the value of the checksum field is set to zero. Then the entire header is
divided into 16 bits section and then added, the result is complemented and inserted into
the checksum field.

 Time to live (TTL): This field is used to control the number of hops visited by the
datagram.

 Protocols: This field specifies the final destination protocol to which the IPv4 datagram is
delivered. This field helps the receiving network layer to know which protocol the data
belong.

 Source address: 32 bit field and remain constant during the time the IPv4 datagram
travels from the source host to the destination host.

 Destination address: 32 bit field and remain constant during the time the IPv4 datagram
travels from the source host to the destination host.

 Options: These can be used for network testing and debugging.

University Institute of Engineering and Technology, KUK.

ti
p
O
ig
S
s
ln
u
M
e
t
y
b
o
Unit-2 (Internetworking Protocol, version 6)

FIG. 2. OPTIONS IN IPv4

IPV6 datagram header and payload

40 bytes

BASE HEADER

EXTENSION
HEADER
OPTIONAL
2

UPTO 65535 BYTES

PAYLOAD

DATA PACKET FROM UPPER

LAYER

FIG.3.IPv6 HEADER AND PAYLOAD

Roll no. 2510731

Each packet in IPv6 protocol is composed of a mandatory base header followed by a payload.
The payload consists of two parts: original extension header and data from upper layer. The base
header occupies 40 bytes whereas the extension header and data from upper layer contain up to
65535 bytes of information.

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

Format of IPV6 Datagram

4 BITS 4 BITS 8 BITS 8 BITS 8 BITS

VER PRI FLOW LABEL

PAYLOAD LENGTH NEXT HEADER HOP LIMIT

SOURCE ADDRESS

DESTINATION ADDRESS

NEXT HEADER HEADER LENGTH

NEXT HEADER HEADER LENGTH

.
. .
.
NEXT HEADER HEADER LENGTH

FIG.4. IPv6 DATAGRAM

Rest of the fields are same as that of IPv4, except flow label and priority field, which offers a
quality-of-service to IPv6 protocol. The extension header types are as follows:

Extension header types

PAD1

HOP BY HOP
OPTION
PADN

SOURCE JUMBO
ROUTING PAYLOAD

FRAGMENTATION
Extension
header
AUTHENTICATION

ENCRYPTED SECURITY
PAYLOAD

DESTINATION
OPTION

FIG.5. EXTENSION HEADER TYPES

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

Transition from IPV4 to IPV6

TRANSPORT AND APPLICATION LAYER
DUAL STACK
IPV4 IPV6

UNDERLYING LAN OR WAN

TO IPV4 TO IPV6
SYSTEM SYSTEM
FIG.6. Dual Stack
IPV4 HEADER
IPV6 HEADER
 TUNNELING
IPV6 HEADER PAYLOAD IPV6 HEADER
PAYLOAD
PAYLOAD TUNNEL

X X X
FIG.7. Tunneling
IPV6 HOST IPV4 REGION IPV6 HOST

Transition from IPV4 to IPV6

HEADER TRANSLATION

IPV6 HEADER IPV6 HEADER IPV6 HEADER

PAYLOAD PAYLOAD PAYLOAD

X
X X

IPV6 HOST IPV6 REGION IPV4 HOST

Fig.8.Header Translation

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

Comparison between IPV4 options

and IPV6 extension header
1.The no-operation and end of option are replaced by Pad1 and PadN.

2.The record route is not implemented in IPV6.

3.The timestamp option is not used.

4.The source route option is called the source route extension header.

5.The fragmentation field in the base header section has moved to the
fragmentation extension header.
6.Authentication extension header is new in IPV6.

7.Encrypted security payload extension header is new.

University Institute of Engineering and Technology, KUK.

 Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

COMPARISION BETWEEN IPv4 AND IPv6

FEATURE IPV4 IPV6

ADDRESS 32 BITS(4 OCTETS) 128 BITS(16 OCTETS)

PACKET SIZE  65536 OCTETS  NORMAL PACKET UPTO 65536
MAXIMUM. OCTETS.
PACKET HEADER  VARIABLE SIZE  FIXED SIZE
 TIME CONSUMING TO  MORE EFFICIENT
HANDLE
IPSEC OPTIONAL AND SHOULD BE IPSEC IS NOT OPTIONAL
SUPPORTED EXTERNALLY
ADDRESS RESOLUTION ARP USES BROADCAST ARP MULTICAST NEIGHBOUR SOLICITATION
REQUEST. MESSEGES.
FRAGMENTATION MULTI STEP FRAGMENTATION DONE AT MOST ONE

QUALITY OF SERVICE DEFINED BUT NOT USED • FLOW LABELING

GENERALLY • PRIORITY
• REAL TIME DATA SUPPORT
SECURITY LIMITED;NO AUTHENTICATION;ENCRYPTION
AUTHENTICATION OR SECURITY ASSOCIATIONS TO HANDLE KEY
ENCRYPTION DISTRIBUTION
CONFIGURATION  MANUAL  AUTOMATIC CONFIGURATION OF
MANAGEMENT COMPILATION OF LINK LOCAL ADDRESSES BASED.
TABLES.  NEIGHBOUR DISCOVERY ALGO
 RELIANCE ON BUILTS ROUTING PATHS.
DEFAULT ROUTING
PATHS.

ROUTING FULL TABLES. AGGREGATE TABLES.

MANAGEMENT

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

IPv6 Security issues

Despite its innumerable virtues, IPv6 still continues to be far vulnerable. Various areas where
security continues to be an important issue are as follows:

1. Dual-stack related issues

IPv4-IPv6 dual stacks increase the potential for security vulnerabilities-as a consequence of
having two infrastructures with specific security problems. Most of the issues are not a direct
result of specifies ipv6 design flaws but mostly a result of careless configuration.

2. Header manipulation issues

One of the approaches to 6to4 transition is tunneling, which requires a protocol is encapsulated
in another which results in address spoofing-a spoofed address masquerades an external
packet as one that was originated from the network.

3. Flooding issues
Scanning for valid host addresses and services is considerably more difficult in IPv6 than it is in
IPv4 networks. To efficiently scan a whole IPv6 segment may take up to 580 billion years as the
address space is of 64 bits. But it does not mean that IPv6 is completely invulnerable to attacks,
smurf attacks are still possible in multicast traffic.

4. Mobility
Mobility uses two types of addresses- one is real address and another is mobile address. The first is
contained in the extension header and the second is a temporary address contained in the IP header.
The temporary component of a mobile node address could be exposed to spoofing attacks.

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

IPv6 Security improvements

1. Large address space

In IPv4 networks port scanning is relatively simple task. Scanning a typical IPv4 subnet at a rate of 1 host
per sec. translates into:

28 hosts x 1 second x 1 minute = 4.267 minutes

1 host 60 sec
In IPv6 networks, subnets uses 64 bits for allocating host addresses, so a subnet requires
264 hosts x 1second x 1 year =584,942,417,355 years
1 host 31,536,000 sec
Scanning such a large address space is impossible task.

2. IPSec

IPSec consists of a set of cryptographic protocols. It uses two wire level protocols,
authentication header (AH) and encapsulating security payload (ESP).

Authentication header: Provides authentication and data integrity. It provides optional

protection against replay attacks. The protocol uses a sequence number field that prevents
packet delays and malicious replays.

Encapsulating security payload : it provides data integrity, authentication , replay protection

and also provides data confidentiality, in its header SPI(security parameter index) field identifies
what group of security parameter the sender is using to secure communication. It provides data
integrity by implementing an integrity check value (ICV).

Transport and Tunnel modes: In IPv4, IPSec uses two modes of securing traffic. The first one is
tunnel mode and second is transport mode. The transport mode provides secure
communication between end points by securing only the packet payload. In tunnel mode entire
IPv4 packet is protected. In IPv6 networks there is no need for a tunnel. Protocol negotiation
and key exchange management: To keep track of all protocol and encryption algorithm
agreement, IPSec uses the SPI field, which represents a security association. When
communication is negotiated the receiver node assigns an available SPI which is not in use. It
then communicates this SPI to its communicating partner establishing a security association.

3. Neighbor discovery and address auto configuration:

It is a mechanism responsible for router and prefix discovery, duplicate address and network
unreachability detection, parameter discovery and link layer address resolution. Auto
configuration has two modes-stateful mode and stateless mode. In stateful mode configuration
information is provided selectively and in stateless mode all the nodes are provided with what
they need for global communication.

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

9
IPv6 Quality-of-Service Capabilities

A host can use the flow label and the traffic fields in the IPv6 header. A host uses these fields to
identify those packets for which the host requests special handling by IPv6 routers. For example
the host can request non-default quality of service or real time service. This important capability
enables the support of applications that require some degree of consistent throughput, delay or
jitter.

Flow Labels

Flow label can be used to speed up the processing of the packet by a router. When a router
receives a packet, instead of consulting the routing table and going through a routing algorithm
to define the address of the next hop it simply look in a flow label table for the next hop. Flow
label can be used to support the transmission of real time audio and video. Real time audio or
video particularly in digital form requires resources such as high bandwidth, large buffers, long
processing time and so on. A process can make reservation of its resources beforehand to
guarantee that real time data will not be delayed due to lack of resources. The use of real time
data and the reservation of these resources require protocols such as RTP (Real Time Protocol)
and RSVP (Resource Reservation Protocols).

Priority

The priority field of the IPv6 packet defines the priority of each packet with respect to the other
packets from the same source.

PRIORITY MEANING
0 No specific traffic
TRAFFIC 1 Background data
2 Unattended data traffic
3 Reserved
CONGESTION 4 Attended bulk data traffic
CONTROLLED 5 Reserved
TRAFFIC
6 Interactive traffic
7 Control traffic
NONCONGESTIO
N CONTROLLED
TRAFFIC Priorities for congestion controlled
traffic

Fig.9.Traffic Classification

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

10

Congestion controlled traffic Priority Meaning

Packets may arrive delayed,

8 Data with greater redundancy
lost or out of order.

Non congestion controlled …

traffic

15 Data with least redundancy

•Expects minimum delay
•Discarding is not possible
•Retransmission is impossible

Priorities for non congestion –controlled

traffic

University Institute of Engineering and Technology, KUK.

Unit-2 (Internetworking Protocol, version 6) Roll no. 2510731

11

University Institute of Engineering and Technology, KUK.