Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Samuel Sotillo
East Carolina University
ss0526@ecu.edu
3. IPv6 in a nutshell
1
Actually, the amount of available IPv4 addresses is
First of all, it is important to emphasize that IPv6 is not considerably smaller. Unfortunately, the initial class-based
a superset of IPv4 but an entirely new suite of protocols. scheme used to assign IP addresses resulted in a very inefficient
For that reason, and because of space limitations, we will use of the original 4,294,967,296 addresses, contributing to the
only summarize some of IPv6 most interesting features [1] ultimate depletion problem we face today [4].
2 128
[2]: 2 represents about 3.4028236692093846346337460743177
× 1038 unique addresses (theoretically).
a router process IPv6 header options, increasing 1sec ond 1 min ute
the network overall performance. 2 8 hosts 4.267 minutes
Mobility: IPv6 provides mechanisms that allow 1host 60 sec onds
mobile nodes to change their locations and
addresses without loosing the existing In IPv6 networks, the landscape is radically different.
connections through which those nodes are IPv6 subnets use 64 bits for allocating host addresses.
communicating. This service is supported at the Consequently, a typical IPv6 subnet requires:
1sec. 1year
Internet level and therefore is fully transparent to 264hosts 584,942,417,355years
upper-layer protocols. 1host 31,536,000sec.
4.2. IPSec
Mobility is a totally new feature of IPv6 that was not [6] Sierra, J.M.; Ribagorda, A.; Munoz, A.; Jayaram, N.,
available in its predecessor. Mobility is a very complex "Security protocols in the Internet new framework,"
function that raises a considerable amount of concern Proceedings IEEE 33rd Annual 1999 International
when considering security. Mobility uses two types of Carnahan Conference on Security Technology, 1999.
addresses, the real address and the mobile address. The vol., no.pp.311-317, 1999.
first is a typical IPv6 address contained in an extension
header. The second is a temporary address contained in [7] Bradner, S., “The End-to-End Security,” IEEE
the IP header. Because of the characteristics of this Security & Privacy, vol., no.pp., 76-79, Mar.-Apr. 2006.
networks (something more complicated if we consider
wireless mobility), the temporary component of a mobile [8] Hiromi, R.; Yoshifuji, H., “Problems on IPv4-IPv6
node address could be exposed to spoofing attacks on the network transition,” Proceedings of the International
home agent. Mobility requires special security measures Symposium on Applications and the Internet Workshop,
and network administrators must be fully aware of them Saint 2005, vol., May 2005.
[2] [4] [6].
[9] Deering, S.; Hinden, R., “Internet Protocol Version 6
(IPv6) Specification,” RFC 2460, Dec. 1998,
5. Conclusion http://www.ietf.org/rfc/rfc2460.txt.
Without doubt, IPv6 represents a considerable [10] Kent, S.; Seo, K., “Security Architecture for the
improvement if compared to the old IPv4 protocol stack. Internet Protocol,” RFC 4301, Dec. 2005,
The new suite of protocols provides innumerable features http://tools.ietf.org/html/4301.
that improve both the overall functionality as well as some
specific security functions. However, it is far from being a [11] Smith, M.; Hunt, R., "Network security using NAT
panacea. Although IPv6 offers better security (larger and NAPT," 10th IEEE International Conference on
address space and the use of encrypted communication), Networks, 2002. ICON 2002, vol., 355- 360, 2002.
the protocol also raises new security challenges.
Ultimately, the new protocol creates as many new security [12] Campbell, P.; Calvert, B.; Boswell, S., Security+
problems as it solves old ones. And if that is not enough, Guide to Network Security Fundamental, Thomson,
the transition from the old protocol stack to the new one Canada, 2003.
may present even more challenges, something that will
guarantee plenty of fun for security network professionals [13] Ford, M., “New Internet Security and Privacy Models
in the foreseeable future. Enabled by IPv6,” The 2005 Symposium on Applications
and the Internet Workshops, 2005. Saint Workshops 2005,
7. References vol., no.pp. 2-5, 31-04 Jan. 2005.
[1] Davies, J., Understanding IPv6, Microsoft Press, [14] Karve, A., “IP Security,” IT Architect, Jan. 1998,
Redmond, WA, 2003. http://www.itarchitect.com/shared/article/showArticle.jht
ml?articleId=17600993.
[2] Popoviciu C.; Levy-Avegnoli, E.; Grossetete, P.,
Deploying IPv6 Networks, Cisco Press, Indianapolis, IN, [15] Friedl, S., “An illustrated Guide to IPSec,”
2006. Unixwiz.net, Aug. 2005,
http://www.unixwiz.net/techtips/iguide-ipsec.html.
[3] W. Treese, “The State of Security on the Internet”,
Communications of the ACM, September 2004. 8. Copyright Notice
[4] Szigeti, S.; Risztics, P., "Will IPv6 bring better © 2006 Samuel Sotillo
security?,” Proceedings 30th Euromicro Conference,
2004, vol., 532- 537, 31 Aug.-3 Sept. 2004.