Development of a Graduate Course on the Transition to Internet Protocol Version 6

Internet and mobile connectivity has grown tremendously in the last few decades, creating an ever increasing demand for Internet Protocol (IP) addresses. The pool of Internet Protocol version 4 (IPv4) addresses, once assumed to be more than sufficient for every person on this planet, has reached its final stages of depletion. With The Internet Assigned Numbers Authority’s (IANA) global pools depleted, and four of the five Regional Internet Registries (RIR) pools down to the their last /8 block, the remaining addresses will not last very long. In order to ensure continuous growth of the internet in the foreseeable future, we would need a newer internet protocol, with a much larger address space. Specifically, with that goal in mind the Internet Protocol version 6 (IPv6) was designed about two decades ago. Over the years it has matured, and has proven that it could eventually replace the existing IPv4. This thesis presents the development a graduate level course on the transition to IPv6. The course makes an attempt at understanding how the new IPv6 protocol is different than the currently used IPv4 protocol. And also tries to emphasize on the options existing to facilitate a smooth transition of production networks from IPv4 to IPv6

Correlating IPv6 addresses for network situational awareness

The advent of the IPv6 protocol on enterprise networks provides fresh challenges to network incident investigators. Unlike the conventional behavior and implementation of its predecessor, the typical deployment of IPv6 presents issues with address generation (host-based autoconfiguration rather than centralized distribution), address multiplicity (multiple addresses per host simultaneously), and address volatility (randomization and frequent rotation of host identifiers). These factors make it difficult for an investigator, when reviewing a log file or packet capture ex post facto, to both identify the origin of a particular log entry/packet and identify all log entries/packets related to a specific network entity (since multiple addresses may have been used). I have demonstrated a system, titled IPv6 Address Correlator (IPAC), that allows incident investigators to match both a specific IPv6 address to a network entity (identified by its MAC address and the physical switch port to which it is attached) and a specific entity to a set of IPv6 addresses in use within an organization\u27s networks at any given point in time. This system relies on the normal operation of the Neighbor Discovery Protocol for IPv6 (NDP) and bridge forwarding table notifications from Ethernet switches to keep a record of IPv6 and MAC address usage over time. With this information, it is possible to pair each IPv6 address to a MAC address and each MAC address to a physical switch port. When the IPAC system is deployed throughout an organization\u27s networks, aggregated IPv6 and MAC addressing timeline information can be used to identify which host caused an entry in a log file or sent/received a captured packet, as well as correlate all packets or log entries related to a given host

D3.6.1: Cookbook for IPv6 Renumbering in SOHO and Backbone Networks

In this text we present the results of a set of experiments that are designed to be a first step in the process of analysing how effective network renumbering procedures may be in the context of IPv6. An IPv6 site will need to get provider assigned (PA) address space from its upstream ISP. Because provider independent (PI) address space is not available for IPv6, a site wishing to change provider will need to renumber from its old network prefix to the new one. We look at the scenarios, issues and enablers for such renumbering, and present results and initial conclusions and recommendations in the context of SOHO and backbone networking. A subsequent deliverable (D3.6.2) will refine these findings, adding additional results and context from enterprise and ISP renumbering scenarios

An investigation into Off-Link IPv6 host enumeration search methods

This research investigated search methods for enumerating networked devices on off-link 64 bit Internet Protocol version 6 (IPv6) subnetworks. IPv6 host enumeration is an emerging research area involving strategies to enable detection of networked devices on IPv6 networks. Host enumeration is an integral component in vulnerability assessments (VAs), and can be used to strengthen the security profile of a system. Recently, host enumeration has been applied to Internet-wide VAs in an effort to detect devices that are vulnerable to specific threats. These host enumeration exercises rely on the fact that the existing Internet Protocol version 4 (IPv4) can be exhaustively enumerated in less than an hour. The same is not true for IPv6, which would take over 584,940 years to enumerate a single network. As such, research is required to determine appropriate host enumeration search methods for IPv6, given that the protocol is seeing increase global usage. For this study, a survey of Internet resources was conducted to gather information about the nature of IPv6 usage in real-world scenarios. The collected survey data revealed patterns in the usage of IPv6 that influenced search techniques. The research tested the efficacy of various searching algorithms against IPv6 datasets through the use of simulation. Multiple algorithms were devised to test different approaches to host enumeration against 64 bit IPv6 subnetworks. Of these, a novel adaptive heuristic search algorithm, a genetic algorithm and a stripe search algorithm were chosen to conduct off-link IPv6 host enumeration. The suitability of a linear algorithm, a Monte Carlo algorithm and a pattern heuristics algorithm were also tested for their suitability in searching off-link IPv6 networks. These algorithms were applied to two test IPv6 address datasets, one comprised of unique IPv6 data observed during the survey phase, and one comprised of unique IPv6 data generated using pseudorandom number generators. Searching against the two unique datasets was performed in order to determine appropriate strategies for off-link host enumeration under circumstances where networked devices were configured with addresses that represented real-word IPv6 addresses, and where device addresses were configured through some randomisation function. Whilst the outcomes of this research support that an exhaustive enumeration of an IPv6 network is infeasible, it has been demonstrated that devices on IPv6 networks can be enumerated. In particular, it was identified that the linear search technique and the variants tested in this study (pattern search and stripe search), remained the most consistent means of enumerating an IPv6 network. Machine learning methods were also successfully applied to the problem. It was determined that the novel adaptive heuristic search algorithm was an appropriate candidate for search operations. The adaptive heuristic search algorithm successfully enumerated over 24% of the available devices on the dataset that was crafted from surveyed IPv6 address data. Moreover, it was confirmed that stochastic address generation can reduce the effectiveness of enumeration strategies, as all of the algorithms failed to enumerate more than 1% of hosts against a pseudorandomly generated dataset. This research highlights a requirement for effective IPv6 host enumeration algorithms, and presents and validates appropriate methods. The methods presented in this thesis can help to influence the tools and utilities that are used to conduct host enumeration exercises

IPv6 Neighbor Discovery for Vehicular Networks

Vehicular Communication Networks (VCN) are critical enabling technologies that contribute to the advancement of Intelligent Transportation Systems. Although initially VCN were thought with a focus on safety, there is a myriad of IP-based applications for information and entertainment systems to be deployed in vehicular scenarios. To support IP-based applications, standard protocol stacks, including IEEE WAVE and the recent 3GPP C-V2X architectures, define the transport of IPv6 and related protocols on top of the specific wireless access technologies. One of the fundamental protocols for the use of IPv6 is Neighbor Discovery (ND), defined in RFC 4861. In this work, we evaluate the performance of the standard ND protocol and compare it to recent works, including several IETF Internet-drafts, that propose enhancements for the IP registration and duplicate detection processes in the dynamic environment of VCN.Sociedad Argentina de Informática e Investigación Operativ