Sunday, October 30, 2011

IPv6 Extension Headers

Instead of having the Options field as in IPv4 header, IPv6 attaches extension headers to the end of a basic or extension header, with the 8-bit Next Header field specifying the next extension header if any. The use of extension headers allows faster processing and protocol evolution.

Extension headers are 64-bit in length and the number of extension headers in an IPv6 packet is variable. Extension headers are daisy-chained one after another with the Next Header field of the previous basic or extension header specifies the current extension header. The last extension header (or the basic header if extension header is not used) has a Next Header field specifies a transport layer protocol, eg: TCP, UDP.

The use of extension headers allows end-to-end security, as no firewalls and NAT are involved.

Mobility provides roaming service for mobile devices (eg: IP phones) without interrupting the current connection. The IPv6 routing header allows an end system to change its source IP address with a stable home address, and hence allows the roaming address to maintain mobility.

Cisco IOS Mobility IP is a tunneling-based solution that uses Cisco GRE or IP-in-IP tunnel. Tunneling allows a router on a device’s home subnet to transparently forward IP packets to the roaming devices. IPv4 offers Mobile IP via triangle routing, where data is tunneled back to the home network before being forwarded to the final destination. However, this approach is less efficient than Mobile IPv6.
GRE is referred to as Generic Routing Encapsulation, a Cisco-proprietary tunneling protocol. It forms (unencrypted) virtual point-to-point links which are able to encapsulate a variety of protocols inside IP packets.

IPv6 Extension Header

IPv6 has 6 types of extension headers. When multiple extension headers are used in the same packet, the order of the extension header as specified in RFC 1883 – IPv6 Specification is as below:
Note: The source node must follow this order; while the destination node may receive in any order.

Hop-by-Hop Options header (0) Used for the Router Alert (RSVP and MLDv1) and the IPv6 Jumbogram. It is being processed at all nodes along the path.
Note: MLD - Multicast Listener Discovery. IPv6 routers use MLD to discovery nodes that want to receive multicast packets destined to a specified multicast address.
Note: Jumbograms (RFC 2675 – IPv6 Jumbograms) are packets that contain payload larger than 65,535 bytes – the maximum packet size supported by the 16-bit Payload Length field as in basic IPv6 header.
Destination Options header (60) It is processed at the destination node when it follows an ESP header; or at intermediate node (eg: routers) as specified in the Routing header when it follows a hop-by-hop options header.
Routing header (43) Specify the routing path in source routing and Mobile IPv6. A source node uses the Routing header to list the addresses of routers that the packet must pass through. Intermediate routers will use the addresses as destination addresses of the packet when forwarding the packet from one router to another. The final destination host will process the next header following the routing header. When there are multiple ISPs, the Routing header allows a router to specify which ISP to use.
Fragment header (44) It is used in fragmented packets when the application does not perform PMTUD and hence the source node must fragment a packet that is larger than the MTU of the path to the destination. It contains the Fragment Offset, Identification, and More Fragment fields that were removed from the basic header. It is used in each fragmented packet.
Authentication header (AH) (51) and Encapsulating Security Payload (ESP) header (50) Used in IPsec to provide authentication, integrity, and confidentiality of IPv6 packets. These headers are identical for both IPv4 and IPv6.
Upper-Layer header Identify the transport layer header, eg: TCP (6) and UDP (17).

Note: With IPv6, only the originating nodes can fragment packets; IPv6 routers no longer perform fragmentation. Originating node must either perform Path MTU Discovery (PMTUD) to find the lowest MTU along the path to the destination or never produce packets larger than 1280 bytes. All links that support IPv6 must be able to support at least 1280-byte packet size so originators can use the minimum-packet-size option rather than performing PMTUD if intended.
Note: AH and ESP extension headers are identical for both IPv4 and IPv6 IPsec. IPsec is a network layer security mechanism.

The value of the Next Header field in the last basic or extended header is 59, which specifies that there is no extension header following it.

No comments:

Post a Comment