Internet Protocol version 6 (IPv6)

Internet Protocol version 6 (IPv6) represents the latest evolution of the Internet Protocol from version 4 (IPv4). While IPv4 has allowed the development of a global Internet, its future is limited by two factors:

• The Internet is running out of addresses to assign. In fact, the assigned address space is actually very sparsely populated but there is no satisfactory way of releasing the unused addresses without seriously complicating routing or disrupting existing networks.

• The 32-bit addresses used by IPv4 provide insufficient flexibility for global Internet routing. The deployment of Classless InterDomain Routing (CIDR) has extended the lifetime of IPv4 routing by a number of years, but the effort required to manage routing continues to increase.

IPv6 extends the maximum number of Internet addresses by using 128-bit addressing. Such a large address space should be able to handle the ever-increasing number of Internet addresses well into the future. As both IPv4 and IPv6 protocols may coexist on the same network, an orderly migration from IPv4 to IPv6 may be made without seriously disrupting an operational network.

Finally, IPv6 has been designed to provide the additional benefits over IPv4 of simplified packet header processing and improved option support.

IPv6 address notation

IPv6 addresses consist of eight 16-bit words, that together form a single 128-bit address. For comparison, IPv4 addresses consist of four 8-bit words resulting in a 32-bit address. The increased size of the IPv6 address greatly increases the number of available IP addresses.

The standard notation for IPv6 addresses is to represent the address as eight 16-bit hexadecimal words, each separated by a ``:'' (colon), for example:

2EDC:BA98:0332:0000:CF8A:000C:2154:7313

2EDC:BA98:332:0:CF8A:C:2154:7313.

   3762:0:0:0:0:B03:1:AF18            3762::B03:1:AF18
   2EDC:BA98:332:0:CF8A:C:2154:7313   2EDC:BA98:332::CF8A:C:2154:7313
   FF02:0:0:0:0:1:FF54:7313           FF02::1:FF54:7313
   FF0E:0:0:0:0:0:0:101               FF0E::101
   0:0:0:0:0:0:0:1                    ::1
   0:0:0:0:0:0:0:0                    ::

IPv4 addresses that are encapsulated within IPv6 addresses can be represented using the original IPv4 dot (.) notation, for example:

0:0:0:0:0:0:172.32.67.15
0:0:0:0:0:FFFF:172.32.67.15

::172.32.67.15
::FFFF:172.32.67.15

IPv4-mapped IPv6 addresses

In previous releases of UnixWare, the IPv6 implementation was implemented within the networking libraries over an IPv4 network stack. This meant that any IPv6 address had to be able to be mapped directly onto an IPv4 address. This is achieved using an ``IPv4-mapped IPv6 address'' with the following format:

   0000:0000:0000:0000:0000:FFFF:x1.a2x.x3.x4

   ::FFFF:x1.x2.x3.x4

In UnixWare 7 Release 7.2, the networking stack supports both IPv4 and IPv6, and frames containing both types of datagram may be transmitted across the same physical network. IPv4-mapped IPv6 addresses allow IPv6 applications on Release 7.2 systems to service requests from both IPv4 and IPv6 hosts coexisting on the same network.

All applications that use an IPv6 listening socket bound to the IPv6 wildcard address (::) will be able to respond to requests from both IPv4 and IPv6 systems on the same network. If the source address was from a system with an IPv4 address, this will be automatically converted to an IPv4-mapped IPv6 address when a connection is accepted. The stack, not the library, handles all necessary conversion between IPv4-mapped IPv6 and IPv4 addresses for transmission on the network. ``Operation of an IPv6 server on a dual-stack host'' illustrates how the kernel handles incoming requests to a server process that is listening on an IPv6 listening socket.

Operation of an IPv6 server on a dual-stack host

When an application on a dual-stack host opens a TCP socket or sends a UDP datagram, the form of the destination address determines whether an IPv4 or an IPv6 datagram is sent over the network, as illustrated in ``Operation of a dual-stack host for outgoing datagrams''.

Operation of a dual-stack host for outgoing datagrams

IPv4-compatible IPv6 addresses

IPv4-compatible IPv6 addresses are IPv4 addresses represented in IPv6 format, padded with nulls in the high-order words:

   0000:0000:0000:0000:0000:0000:x1.x2.x3.x4

   ::x1.x2.x3.x4

Expanded routing and addressing

IPv6 increases the IP address size from 32 bits to 128 bits. This allows it to support nested levels of addressing hierarchy, a much greater number of addressable hosts, and simple autoconfiguration of addresses.

IPv6 has three types of addresses (defined in RFC 2373):

• A ``unicast address'' uniquely identifies an interface and a system. A packet sent to a unicast address is delivered to the interface identified by that address.

  The format of a unicast address determines the scope in which it can be used:

  
  link-local scope

  Datagrams originating from systems with link-local unicast addresses are limited to a single subnet or ``link'', and may not be forwarded outside the link. All link-local unicast IPv6 addresses begin FE80.

  
  site-local scope

  Datagrams originating from systems with site-local unicast addresses are limited to a group of up to 2^16 (65,536) subnets and may not be forwarded outside the site. All site-local unicast IPv6 addresses begin FEC0.

  
  global scope

  Datagrams may potentially be forwarded between any systems with aggregatable global unicast addresses on the IPv6-based Internet.

  ``IPv6 unicast address scopes'' shows the address formats for the three types of scope.

  

  IPv6 unicast address scopes

  Two special unicast addresses are:

  
  ::

  Wildcard or unspecified address.

  
  ::1

  Loopback address.

  ---

  NOTE: The wildcard address only matches one address, not an entire network. Broadcast addresses do not exist in IPv6. Their function has been superseded by the multicast address.

  ---

  Other types of IPv6 addresses include IPv4-mapped and IPv4-compatible IPv6 addresses which are used during the transition from an IPv4- to an IPv6-based Internet, and 6bone IPv6 addresses used for testing IPv6 before it is fully deployed.

• A ``multicast address'' uniquely identifies a number of interfaces and systems that belong to a multicast group. A packet sent to a multicast address is delivered to all interfaces identified by that address.

  The scope field in a multicast address limits the forwarding of multicast datagrams:

  
  node-local scope

  Do not forward multicast datagrams out of any interface. Multicast IPv6 addresses with node-local scope begin FF01 (well-known) or FF11 (transient).

  
  link-local scope

  Do not forward multicast datagrams outside of the local subnet or link. Multicast IPv6 addresses with link-local scope begin FF02 (well-known) or FF12 (transient).

  
  site-local scope

  Do not forward multicast datagrams outside of a group of subnets or site. The boundary of this scope is determined by the administrator. Multicast IPv6 addresses with site-local scope begin FF05 (well-known) or FF15 (transient).

  
  organization-local scope

  Do not forward multicast datagrams outside of an organization. The boundary of this scope is determined by the administrator. Multicast IPv6 addresses with organization-local scope begin FF08 (well-known) or FF18 (transient).

  
  global scope

  Forward multicast datagrams potentially anywhere on the IPv6-based Internet. Multicast IPv6 addresses with global scope begin FF0E (well-known) or FF1E (transient).

  Well-known multicast addresses are:

  
  FF01::1

  All node-local hosts.

  
  FF02::1

  All link-local hosts.

  
  FF01::2

  All node-local routers.

  
  FF02::2

  All link-local routers.

  
  FF05::2

  All site-local routers.

  
  FF02::1:FFxx:xxxx

  Solicited-node address. A node must configure such a multicast address for each of its IPv6 unicast and anycast addresses. The address is formed from the 104-bit prefix FF02:0000:0000:0000:0000:0001:FF catenated with the final 24 bits of the unicast or anycast address.

  
  FF01::101

  All NTP servers local to a node.

  
  FF02::101

  All NTP servers local to a link.

  
  FF05::101

  All NTP servers local to a site.

  
  FF0E::101

  All NTP servers on the IPv6-based Internet.

  See RFC 2375 for more information about IPv6 multicast address assignments.

• An ``anycast address'' is an address that has a single sender, multiple listeners, and only one responder (normally the ``nearest'' one, depending on the routing protocols' measure of distance). For example, several web servers may listen on an anycast address. When a request is sent to this address, only one responds.

  An anycast address is indistinguishable from a unicast address. A unicast address becomes an anycast address when more than one interface is configured with that address.

Autoconfiguration

Mechanisms that allow a node to boot up and start communicating with other nodes over an IPv4 network include static configuration, RARP, BOOTP, and DHCP. These work fairly well, but each has its drawbacks. Static configuration makes it difficult to change addresses, RARP does not supply other useful configuration information, and RARP, BOOTP and DHCP all require that the host broadcast and are dependent on a remote server.

IPv6 introduces the concept of ``link-local scope'' to IP addresses. This allows a host to construct a valid address from the predefined ``link-local prefix'' and its local identifier. The local identifier is typically derived from the medium access control (MAC) address of the interface to be configured. Using this address, the node can multicast rather than broadcast to a server. For a fully-isolated subnet, a host may not need any other address configuration.

Meaningful addresses

With IPv4, the only generally recognizable meaning in addresses are broadcast (typically all 1's or all 0's), and classes (for example, class D is multicast). With IPv6, the prefix can be quickly examined to determine scope (for example, link-local), multicast versus unicast, and a mechanism of assignment (provider-based, geography-based, and so on).

Routing information may be explicitly loaded into the upper bits of addresses as well, but this has not yet been finalized by the IETF (for provider-based addresses, routing information is implicitly present in the address).

Duplicate address detection

When an interface is initialized or reinitialized, it uses autoconfiguration to associate a tentative link-local address with that interface (the address is not yet assigned to that interface in the traditional sense). At this point, the interface joins the all-nodes and solicited-nodes multicast groups, and sends a neighbor discovery message to these groups. By using the multicast address, the node can determine whether the link-local address has been previously assigned. If necessary, it can choose an alternative address. This reduces the chance of the common error in network management of assigning the same address to two different interfaces on the same sunbet. However, it is still possible to create duplicate global-scope addresses for nodes that are not on the same subnet.

Neighbor Discovery

The Neighbor Discovery Protocol (NDP) for IPv6 is used by nodes (hosts and routers) to determine the link-local addresses for neighbors known to reside on attached subnets. and maintain per-destination routing tables for active connections. Hosts also use Neighbor Discovery to find neighboring routers that are willing to forward packets on their behalf and detect changed link-local addresses. NDP uses the Internet Control Message Protocol version 6 (ICMPv6) which has its own unique message types. In general terms, NDP corresponds to a combination of the IP v4 Address Resolution Protocol (ARP), ICMP Router Discovery (RDISC), and ICMP Redirect (ICMPv4), but with many improvements over these IPv4 protocols.

Stateless address autoconfiguration

IPv6 defines both stateful and stateless address autoconfiguration mechanism. Stateless autoconfiguration requires no manual configuration of hosts; minimal, if any, configuration of routers; and no additional servers. The stateless mechanism allows a host to generate its own addresses using a combination of locally available information and information advertised by routers. Routers advertise prefixes that identify the subnets associated with a network, while hosts generate an interface token that uniquely identifies an interface on a subnet. An address is formed by combining the two. In the absence of routers, a host can only generate link-local addresses. However, link-local addresses are sufficient for allowing communication among nodes attached to the same subnet.

Routing simplification

To simplify routing, IPv6 addresses may be broken into two components: a prefix and an ID. This may not seem any different to the IPv4 net-host address scheme, but it does offer two advantages:

• It is classless. That is, there is no fixed number of bits for prefix or ID. This reduces the problem of loss of unassigned addresses due to over-allocation that occurred in IPv6.

• It allows nesting. An arbitrary number of hierarchical divisions can be employed by considering different numbers of bits as the prefix. This will allow the routing tables used on the IPv6-based Internet to be greatly simplified over those on the IPv4-based Internet. It also ensures that the size of the routing tables will scale logarithmically rather than linearly as the Internet grows.

``Aggregatable global unicast IPv6 address format (RFC 2374)'' illustrates how RFC 2374 breaks the globally used IPv6 address format into several hierarchical divisions.

Aggregatable global unicast IPv6 address format (RFC 2374)

The address has the following components:

001

The standard 3-bit format prefix for aggregatable global unicast IPv6 addresses. This means that all such addresses start with hexadecimal values in the range 20 through 3F.

TLA ID

Top-level aggregation identifier assigned by the Internet Assigned Numbers Authority (IANA; http://www.iana.org/) to the Regional Internet Registries (RIRs; http://www.arin.net/, http://www.apnic.net/, and http://www.rice.net/). The TLA will be used to divide the address space into geographical regions and major subdivisions of these such as countries, states, and broad organizational types. Routers at the top level will have a routing table entry for every active TLA ID as well as additional lower-level entries for their TLA. This field has room for 2^13 or 8,192 TLA IDs.

NLA ID

Next-level aggregation identifier assigned by the RIRs to service providers and large organizations. The NLA will be used to divide the address space selected by a TLA ID between Internet service providers (ISPs) and individual large organizations such as governments and multinational companies. This field has room for 2^24 or over 16 million NLA IDs per TLA ID. The first 8 bits of this 32-bit field are reserved for future expansion.

SLA ID

Site-level aggregation identifier assigned within an organization. The SLA allows each site to allocate up to 2^16 or 65,536 subnets per NLA ID. Organizations that require additional subnets can achieve this by aggregating ranges of NLA IDs. The fixed length (48 bits) of the aggregated prefix to an SLA ID allows a degree of flexibility when moving between ISPs, or when making a site accessible via several different ISPs.

Interface ID

Identifies an individual interface on a system. If a LAN interface (with a hardware MAC address) is automatically configured with an IPv6 address, the interface ID is formed from an IEEE EUI-64 64-bit global identifier:

1. A 48-bit MAC address of the form cccccceeeeee, where cccccc and eeeeee are hexadecimal strings, is transformed by inserting the string FFFE to produce an EUI-64 address with the format ccccccFFFEeeeeee.

   This step does not change the hardware address if it was already in EUI-64 form.

2. The EUI-64 address is transformed by setting bit 7 (the universal/local bit) to 1 to indicate local rather than global scope. This effectively adds 2 to the first hexadecimal digit.

For example, the 48-bit MAC address 00A0244BEA8C becomes 00A024FFFE4BEA8C in EUI-64 format. Setting bit 7 to 1 produces the value 20A024FFFE4BEA8C which corresponds to the interface ID 20A0:24FF:FE4B:EA8C when written in IPv6 notation.

Interface IDs for nodes without hardware addresses (such as PPP link endpoints) must either be statically configured in software, assigned randomly, or assigned dynamically from a pool of available IDs.

The format prefix, TLA ID, and NLA ID define the location of an address within the public topology of the IPv6-based Internet. The SLA ID defines the topology of an organization's subnetworks, although, in practice, a service provider may only make part of this space available to an individual site depending on the requirements of the organization. The first 64 bits always define the network portion of an aggregatable global unicast IPv6 address, and the final 64 bits always define the host portion. The boundary between these does not move as is the case with IPv4 addresses.

Header format simplification

IPv6 simplifies the IP header by moving some IPv4 fields to an extension header or by removing other fields entirely. It also defines a more flexible format for optional information (extension headers). The format of an IPv6 header is illustrated in ``IPv6 header format''.

IPv6 header format

Specifically, IPv6 omits the following fields:

• header length (the length is constant)

• identification

• flags

• fragment offset (this is moved into fragmentation extension headers)

• header checksum (the upper-layer protocol or security extension header handles data integrity)

IPv6 options improve over IPv4 by being placed in separate extension headers that are located between the IPv6 header and the transport-layer header in a packet. Most extension headers are not examined or processed by any router along a packet's delivery path until it arrives at its final destination. This mechanism improves router performance for packets containing options. In IPv4, the presence of any options requires the router to examine all options.

Another improvement is that IPv6 extension headers, unlike IPv4 options, can be of arbitrary length and the total amount of options that a packet carries is not limited to 40 bytes. This feature, and the manner in which it is processed, permit IPv6 options to be used for functions that were not practical in IPv4, such as the IPv6 Authentication and Security Encapsulation options.

By using extension headers, instead of a protocol specifier and options fields, newly defined extensions can be integrated more easily into IPv6.

Following are some example IPv6 extension headers defined in current specifications:

• hop-by-hop options that apply to each hop (router) along the path

• routing header for loose/strict source routing (used infrequently)

• define the packet as a fragment and contains information about the fragmentation (IPv6 routers do not fragment)

• IP Security authentication

• IP Security encryption

• destination options for the destination node (ignored by routers)

Improved quality-of-service and traffic control

While quality of service can be controlled by using a control protocol such as RSVP, IPv6 uses the priority field in the IP header to provide an explicit priority definition. A node can set this value to indicate the relative priority of a particular packet or set of packets. The node, routers, or the destination host can use the value to decide what to do with the packet, such as letting it pass or dropping it.

IPv6 specifies priorities for congestion-controlled and non-congestion-controlled traffic. No relative ordering is implied between the two types.

Congestion-controlled traffic is defined as traffic that responds to congestion through a ``back-off'' or other limiting algorithm. Priorities for congestion-controlled traffic are:

0

uncharacterized traffic

1

``filler'' traffic such as netnews

2

unattended data transfer such as electronic mail

3

reserved

4

attended bulk transfer such as FTP

5

reserved

6

interactive traffic such as telnet

7

control traffic such as routing protocols

Non-congestion-controlled traffic is defined as traffic that responds to congestion by dropping (or simply not resending) packets. Examples are video, audio, or other real-time traffic. The ordering or the priority values is similar to that for congestion-controlled traffic with the lowest and highest values being used for traffic that the source is most and least willing to have discarded respectively.

Priority control is only applied to traffic from a particular source address. For example, control traffic from one address does not have a higher priority than attended bulk transfer from a different address.

Flow labeling

Besides basic prioritization of traffic, IPv6 defines a mechanism for specifying a packet flow. A flow is defined as a sequence of packets sent from a particular source to a particular (unicast or multicast) destination for which the source desires special handling by the intervening routers.

Flow identification may be used for priority control, and it can also be used for any number of other controls.

The randomly chosen flow label does not identify any characteristic of the traffic other than the flow to which it belongs. This means that a router cannot determine the purpose of a packet (for example, one used by FTP) by reading the flow label. The router will, however, be able to determine that the packet forms part of the same sequence of packets as the previous packet that had the same label.

Jumbograms

An IPv4 packet size is limited to 64KB. Using the jumbo payload extension header, an IPv6 packet can be up to 2^32 octets (4GB) long.

Tunneling

The key to successful transition from IPv4 to IPv6 is to preserve compatibility with the existing installed base of IPv4 hosts and routers. Maintaining compatibility with IPv4 while deploying IPv6 will make the task of transitioning the Internet to IPv6 much easier.

In most cases, the IPv6 routing infrastructure will evolve over time. While the IPv6 infrastructure is being deployed, the existing IPv4 routing infrastructure can remain functional, and it can be used to carry IPv6 traffic. Tunneling allows the existing IPv4 routing infrastructure to carry IPv6 traffic.

Dual-stack hosts and routers (that support both IPv4 and IPv6) can tunnel IPv6 datagrams over regions of IPv4 routing topology by encapsulating the IPv6 datagrams within IPv4 packets. Tunneling can be used in a variety of ways:

host-to-host

Dual-stack hosts that are interconnected by an IPv4 infrastructure can tunnel IPv6 packets between themselves. In this case, the tunnel spans the entire end-to-end path that the packet takes.

In Release 7.2 the Simple Internet Transition (SIT) mechanism (see RFC 1933) is used to implement such host-to-host connections. The sit interface implements the SIT mechanism.

host-to-router

Dual-stack hosts can tunnel IPv6 packets to an intermediary dual-stack router that is reachable through an IPv4 infrastructure. This type of tunnel spans the first segment of the packet's end-to-end path.

router-to-router

Dual-stack routers interconnected by an IPv4 infrastructure can tunnel IPv6 packets between themselves. In this case, the tunnel spans one segment of the end-to-end path that the IPv6 packet takes.

router-to-host

Dual-stack routers can tunnel IPv6 packets to their final destination dual-stack host. This tunnel spans only the last segment of the end-to-end path.

Tunneling techniques are usually classified according to the mechanism by which the encapsulating node determines the address of the node at the end of the tunnel. In the router-to-router or host-to-router methods, the IPv6 packet is being tunneled to a router. In the host-to-host or router-to-host methods, the IPv6 packet is tunneled all the way to its final destination.

The entry point of the tunnel (the encapsulating node) adds the IPv4 header and transmits the encapsulated packet. The exit point of the tunnel (the decapsulating node) receives the encapsulated packet, removes the IPv4 header, updates the IPv6 header, and processes the IPv6 packet.

To process IPv6 packets forwarded into the tunnel, the encapsulating node maintains soft state information for each tunnel, such as its maximum transmission unit (MTU),

IPv6 multihomed link-local and site-local support

A host with two or more active interfaces is termed a ``multihomed host''. Each interface of a multihomed host has an associated link-local address. Link-local addresses are sufficient to allow communication among nodes attached to the same subnet.

In the IPv6 implementation in UnixWare 7 Release 7.2, link-local address resolution for multihomed hosts may be configured in one of four ways:

Option 0

No multihomed actions are taken. Packets are transmitted on the first link-local interface. When the Neighbor Discovery Protocol (NDP) needs to resolve an address (because the link-local information for the next-hop is not in the Neighbor Cache), it sends out a multicast Neighbor Solicitation message on each interface for which a link-local address is defined. NDP queues the data packet until a Neighbor Advertisement message is received on an interface. The data packet is sent out of this interface.

Option 1 (default configuration)

When NDP needs to resolve an address, it sends out a multicast Neighbor Solicitation message on each interface for which a link-local address is defined. NDP then queues the data packet until it receives a Neighbor Advertisement message for all the interfaces. This guarantees that the data packets are sent on the appropriate outgoing interfaces. If NDP did not wait, but responded to the first advertisement received, a packet might be sent out on an interface that is not associated with the packet's source address. The delay in sending the first packet will potentially be longer than for Option 0.

Option 2

Multihomed operation is allowed, but packets are only dispatched on the interface specified by the main_if6 parameter to the inconfig(1Mtcp) command. When NDP needs to resolve an address, it sends out a multicast Neighbor Solicitation message on each interface for which a link-local address is defined. NDP then queues the data packet until it receives a Neighbor Advertisement message from the main_if6 interface. On receiving this, the data packet is sent out of this interface.

Option 3

Multihomed operation is allowed, but packets are only dispatched on the interface specified by main_if6, and site-local addresses will only be routed for the interface specified by the main_site6 parameter. NDP operates as for Option 2. For applications on a multihomed host that route data packets using site-local addresses, only the site-local address specified by main_site6 will be used.