Operating System Response to Router Advertisement Packet in IPv6.

With growth of internet IPv4 address will run out soon. So the need of new IP protocol is indispensable. IPv6 with 128-bit address space is developed and maintain the support of IPv4 protocols with some upgrades such as BGP, OSPF and ICMP. ICMP protocol used for error reporting, neighbor discovering and other functions for diagnosis, ICMP version 6 has new types of packets to perform function similar to address resolution protocol ARP called Neighbor Discovery Protocol NDP. NDP is responsible for address auto configuration of nodes and neighbor discovery. It define new packets for the purposes of router solicitation, router advertisement and others discovery functions

D3.6.1: Cookbook for IPv6 Renumbering in SOHO and Backbone Networks

In this text we present the results of a set of experiments that are designed to be a first step in the process of analysing how effective network renumbering procedures may be in the context of IPv6. An IPv6 site will need to get provider assigned (PA) address space from its upstream ISP. Because provider independent (PI) address space is not available for IPv6, a site wishing to change provider will need to renumber from its old network prefix to the new one. We look at the scenarios, issues and enablers for such renumbering, and present results and initial conclusions and recommendations in the context of SOHO and backbone networking. A subsequent deliverable (D3.6.2) will refine these findings, adding additional results and context from enterprise and ISP renumbering scenarios

Implementation of IPv6

On 14 September 2012 last block of IPv4 has been allocated from the Regional Internet Register (RIR) across the Europe, Middle East and Asia. In addition, the demand of further addresses, security and efficient routing across Internet has been increasing every day. Hence, to provide the abundant IP addresses and also to overcome the shortcoming of IPv4, IETF developed a new protocol IPv6. IPv6 overcome the limitations of IPv4 and integrate advance feature. These advanced improvements include larger address space, more efficient addressing and routing, auto-configuration, security, and QOS. The main objective of this project was to implement IPv6 network in Cisco laboratory of Rovaniemi University of Applied Sciences (RAMK). Cisco 2800 and 1700 Series routers, 3500 series Cisco Catalyst Switches, Microsoft Server 2012, Windows 7, Windows 8 and finally Mac OS X were used during implementation process. This project covers the implementation of IPv6, DHCPv6, DNS, Routing Protocols EIGRP, and Security. The goal of the project was to implement IPv6 to existing IPv4 network without affecting the running services. Furthermore, this project was implementation in Local Area Network (LAN) only

NAT64/DNS64 in the Networks with DNSSEC

Zvyšuj?c? se pod?l resolverů a aplikac? použ?vaj?c? DNS-over-HTTPSvede k vyš?mu pod?lu klientů použ?vaj?c?ch DNS resolvery třet?chstran. Kvůli tomu ovšem selhává nejpouž?vanějš? NAT64 detekčn?metoda RFC7050[1], což vede u klientů použ?vaj?c?ch přechodovémechanismy NAT64/DNS64 nebo 464XLAT k neschopnosti tytopřechodové mechanismy správně detekovat, a t?m k nedostupnostiobsahu dostupného pouze po IPv4. C?lem této práce je navrhnoutnovou detekčn? metodu postavenou na DNS, která bude pracovati s resolvery třet?ch stran, a bude schopná využ?t zabezpečen? DNSdat pomoc? technologie DNSSEC. Práce popisuje aktuálně standardizovanémetody, protokoly na kterých závis?, jejich omezen?a interakce s ostatn?mi metodami. Navrhovaná metoda použ?vá SRVzáznamy k přenosu informace o použitém NAT64 prefixu v globáln?mDNS stromu. Protože navržená metoda použ?vá již standardizovanéprotokoly a typy záznamů, je snadno nasaditelná bez nutnostimodifikovat jak DNS server, tak s?t'ovou infrastrukturu. Protožemetoda použ?vá k distribuci informace o použitém prefixu globáln?DNS strom, umožňuje to metodě použ?t k zabezpečen? technologiiDNSSEC. To této metodě dává lepš? bezpečnostn? vlastnosti nežjaké vykazuj? předchoz? metody. Tato práce vytvář? standardizačn?bázi pro standardizaci v rámci IETF.The rising number of DNS-over-HTTPS capable resolvers and applicationsresults in the higher use of third-party DNS resolvers byclients. Because of that, the currently most deployed method of theNAT64 prefix detection, the RFC7050[1], fails to detect the NAT64prefix. As a result, clients using either NAT64/DNS64 or 464XLATtransition mechanisms fail to detect the NAT64 prefix properly,making the IPv4-only resources inaccessible. The aim of this thesisis to develop a new DNS-based detection method that would workwith foreign DNS and utilize added security by the DNS securityextension, the DNSSEC. The thesis describes current methods ofthe NAT64 prefix detection, their underlying protocols, and theirlimitations in their coexistence with other network protocols. Thedeveloped method uses the SRV record type to transmit the NAT64prefix in the global DNS tree. Because the proposed method usesalready existing protocols and record types, the method is easilydeployable without any modification of the server or the transportinfrastructure. Due to the global DNS tree usage, the developedmethod can utilize the security provided by the DNSSEC and thereforeshows better security characteristics than previous methods.This thesis forms the basis for standardization effort in the IETF.

Efficient IPv6 Neighbor Discovery in Wireless Environment

As the address space of IPv4 is being depleted with the development of IoT (Internet Of Things), there is an increasing need for permanent transition to the IPv6 protocol as soon as possible. Nowadays, many 3GPP (3rd Generation Partnership Project) Networks have implemented or will implement IPv6 in the near future for Internet access. These networks will also use NDP (Neighbor Discovery Protocol), which is the IPv6 tailored version of ARP (Address Resolution Protocol). The protocol is responsible for address auto-configuration, maintaining lists of all neighbors connected to a network, verifying if they are still reachable, managing prefixes and duplicate address detection. The protocol is defined in RFC 4861 and although it works fine for wired connected devices, it has been proven highly inefficient in terms of battery lifetime saving, when wireless networks came to the market and its use increased tremendously. This thesis work is a continuation of a previous master thesis and complements the work done previously by showing how the solutions suggested in the new draft can be implemented at the router and host side and practically confirms the previous results of the theoretical analysis through simulation scenarios of sleep and wake-up of the nodes, performed in OMNeT++. Subsequently, the scalability of the system as a whole was analyzed with a simulation model containing a range of hosts from 1 to 100, and shows it can operate efficiently on a larger scale, reducing multicast messaging by almost 100%, presumably saving their battery power.The introduction and rise of Internet of Things (IoT), and the use of more and more wireless devices in the communication between users, has depleted the available addresses of IPv4. The introduction of the new IPv6 protocol solves the address depletion problem, but on the other hand, many of the existing protocols have to be redesigned. This thesis is based on RFC 4861’s NDP (Neighbor Discovery Protocol for IPv6 Networks, the equivalent protocol of ARP (Address Resolution Protocol) for IPv4 Networks. Like ARP, NDP is used in all Networks, wired or wireless, and it’s main feature is to check and update periodically the state of the Network, provide L2 addresses to hosts in the same Network and verify their reachability. While wired devices experience no issues regarding power supply, as they are constantly hooked to a power source and rarely experience network failures, wireless devices have limited power, as they rely on battery lifetime. This is also the case of machines running NDP - the protocol relies on periodic exchange of multicast ICMPv6 (Internet Control Message Protocol version 6) control messages, creating unnecessary traffic overhead in the Network, as all hosts in a Network would receive those messages, regardless if they are meant for them or not. As a general working mode of a battery operated device, one enters predefined sleeping cycles (stand-by), which are designed by each manufacturer in different ways. Therefore, multicast signaling inside Networks disrupt those sleeping cycles, causing increased battery consumption, as a result of more required processing power and more consumed bandwidth. RFC 6775, together with [3], propose updates to NDP, which would solve the problems mentioned above. The major update is that each host can update the router about its state, by sending unicast messages, without involving the other hosts in the Network. The router, instead of sending periodic control messages to every host, it sends control messages to each host separately in specific time intervals. Only when a major change occurs in the Network, for instance an addition of a new host, or when a host leaves the Network, multicast messages are sent to every host to update their state. Together with the establishment of unicast signaling, a new method of address registration is introduced in the documents cited above, called Address Registration Option. This registration method is fully compatible with the two standard mechanism which provide the L3 addresses to hosts - Stateless Address Autoconfiguration (SLAAC) and Dynamic Host Configuration Protocol (DHCP). The previous thesis work took the first steps in implementing the proposed protocol changes, by investigating functions inside RADVD - the Router Advertisement Daemon, run on all routers and responsible for sending the multicast periodic control messages to the hosts (Router Advertisements). A full implementation of the proposed changes require covering both sides of the Network, i.e Host and Router. While RADVD is handling the Router side, the implementation at the Host side needs to be done inside the Linux Kernel. In this thesis work, the RADVD implementation was completed and possible implementation methods were shown inside the Linux Kernel. Due to the overall complexity of the Linux Kernel, while the proposed code could cover most aspects from RFC 6775, it wasn’t possible to test it, in order to conclude how much workload is left. Simulations took place to compare the two protocols and verify, in what extend these proposed changes can potentially improve battery lifetime. So, sleep and wake up scenario was tested in same time intervals in order to observe Network traffic. The goal was to have a decrease in control messages in the case where the suggested changes were applied. Different number of hosts were selected to see if these changes can be applied to larger network. In both cases, the best case scenario was tested and parameters which would normally hinder network performance were neglected. This decision was made to reduce the complexity of the Network as well. The results of the simulations indicated that there could be a decrease in control messages and the Network seems stable and scalable as number of host increases

Neighbor Discovery Proxy-Gateway for 6LoWPAN-based Wireless Sensor Networks

El propósito de este trabajo es el estudio de métodos para la interconexión de redes personales inalámbricas de área local de bajo consumo y redes de computadores tradicionales. En particular, este proyecto analiza los protocolos de red involucrados así como las posibles formas de interoperabilidad entre ellos, teniendo como meta la integración de redes inalámbricas de sensores IEEE 802.15.4 basadas en 6LoWPAN (una capa de adaptación que hace posible el transporte de paquetes IPv6 sobre IEEE 802.15.4) en redes Ethernet ya existentes, sin necesidad de cambios en la infraestructura de red. Dicha integración permitiría el desarrollo y expansión de aplicaciones de usuario utilizando la tradicional pila de protocolos TCP/IP en sistemas compuestos por dispositivos empotrados de bajo coste y bajo consumo. Para probar la viabilidad de los métodos desarrollados, se diseña, implementa y evalúa un sistema empotrado cuya función es llevar a cabo las tareas de integración descritas

Analysis of security impact of making mShield an IPv4 to IPv6 converter box

info:eu-repo/semantics/acceptedVersio

IPv4 to IPv6 transition : security challenges

Tese de mestrado integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 201

Temporal and Spatial Classification of Active IPv6 Addresses

There is striking volume of World-Wide Web activity on IPv6 today. In early 2015, one large Content Distribution Network handles 50 billion IPv6 requests per day from hundreds of millions of IPv6 client addresses; billions of unique client addresses are observed per month. Address counts, however, obscure the number of hosts with IPv6 connectivity to the global Internet. There are numerous address assignment and subnetting options in use; privacy addresses and dynamic subnet pools significantly inflate the number of active IPv6 addresses. As the IPv6 address space is vast, it is infeasible to comprehensively probe every possible unicast IPv6 address. Thus, to survey the characteristics of IPv6 addressing, we perform a year-long passive measurement study, analyzing the IPv6 addresses gleaned from activity logs for all clients accessing a global CDN. The goal of our work is to develop flexible classification and measurement methods for IPv6, motivated by the fact that its addresses are not merely more numerous; they are different in kind. We introduce the notion of classifying addresses and prefixes in two ways: (1) temporally, according to their instances of activity to discern which addresses can be considered stable; (2) spatially, according to the density or sparsity of aggregates in which active addresses reside. We present measurement and classification results numerically and visually that: provide details on IPv6 address use and structure in global operation across the past year; establish the efficacy of our classification methods; and demonstrate that such classification can clarify dimensions of the Internet that otherwise appear quite blurred by current IPv6 addressing practices