Traffic engineering in multihomed sites

It is expected that IPv6 multihomed sites will obtain as many global prefixes as direct providers they have, so traffic engineering techniques currently used in IPv4 multihomed sites is no longer suitable. However, traffic engineering is required for several reasons, and in particular, for being able to properly support multimedia communications. In this paper we present a framework for traffic engineering in IPv6 multihomed sites with multiple global prefixes. Within this framework, we have included several tools such as DNS record manipulation and proper configuration of the policy table defined in RFC 3484. To provide automation in the management of traffic engineering, we analyzed the usage of two mechanisms to configure the policy table.This work has been partly supported by the European Union under the E-Next Project FP6-506869 and by the OPTINET6 project TIC-2003-09042-C03-01.Publicad

Operating System Response to Router Advertisement Packet in IPv6.

With growth of internet IPv4 address will run out soon. So the need of new IP protocol is indispensable. IPv6 with 128-bit address space is developed and maintain the support of IPv4 protocols with some upgrades such as BGP, OSPF and ICMP. ICMP protocol used for error reporting, neighbor discovering and other functions for diagnosis, ICMP version 6 has new types of packets to perform function similar to address resolution protocol ARP called Neighbor Discovery Protocol NDP. NDP is responsible for address auto configuration of nodes and neighbor discovery. It define new packets for the purposes of router solicitation, router advertisement and others discovery functions

Development of a Graduate Course on the Transition to Internet Protocol Version 6

Internet and mobile connectivity has grown tremendously in the last few decades, creating an ever increasing demand for Internet Protocol (IP) addresses. The pool of Internet Protocol version 4 (IPv4) addresses, once assumed to be more than sufficient for every person on this planet, has reached its final stages of depletion. With The Internet Assigned Numbers Authority’s (IANA) global pools depleted, and four of the five Regional Internet Registries (RIR) pools down to the their last /8 block, the remaining addresses will not last very long. In order to ensure continuous growth of the internet in the foreseeable future, we would need a newer internet protocol, with a much larger address space. Specifically, with that goal in mind the Internet Protocol version 6 (IPv6) was designed about two decades ago. Over the years it has matured, and has proven that it could eventually replace the existing IPv4. This thesis presents the development a graduate level course on the transition to IPv6. The course makes an attempt at understanding how the new IPv6 protocol is different than the currently used IPv4 protocol. And also tries to emphasize on the options existing to facilitate a smooth transition of production networks from IPv4 to IPv6

Internet-wide geo-networking problem statement

This document describes the need of specifying Internet-wide location-aware forwarding protocol solutions that provide packet routing using geographical positions for packet transport

IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks

How to Deploy IPv6 Protocol in a LAN Network

Cílem práce bylo vytvořit ucelený přehled o stavu a možnostech nasazení IPv6 protokolu ve firemní LAN síti. Zmapoval jsem možnosti a implementace nejpoužívanějších operačních systémů MS Windows XP, Linux, FreeBSD, směrovačů Cisco, služeb DNS a DHCPv6. Součástí práce je návrh a realizace způsobu rozdělení IPv6 adres pro lokální sít s připojením IPv6 sítě k internetu. Práce zahrnuje průzkum trhu ISP v ČR, schopnost komunikace v novém IPv6 protokolu.The goal of this thesis is to make the overview in status and possibilities to use IPv6 protocol in companies LAN networks. I maped possibilities to implement most used operational systems MS Windows XP, Linux, FreeBSD, Cisco routers, DNS and DHCPv6 services. The part of this thesis is design and realization way of IPv6 address distribution for local network with connection of IPv6 network to Internet. The thesis includes the ISP market research at CR, further ability and interest to communicate in new IPv6 protocol.

IETF standardization in the field of the Internet of Things (IoT): a survey

Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there have been many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. In this paper, we will briefly review the history of integrating constrained devices into the Internet, followed by an extensive overview of IETF standardization work in the 6LoWPAN, ROLL and CoRE working groups. This is complemented with a broad overview of related research results that illustrate how this work can be extended or used to tackle other problems and with a discussion on open issues and challenges. As such the aim of this paper is twofold: apart from giving readers solid insights in IETF standardization work on the Internet of Things, it also aims to encourage readers to further explore the world of Internet-connected objects, pointing to future research opportunities

Analysis of security impact of making mShield an IPv4 to IPv6 converter box

info:eu-repo/semantics/acceptedVersio

Correlating IPv6 addresses for network situational awareness

The advent of the IPv6 protocol on enterprise networks provides fresh challenges to network incident investigators. Unlike the conventional behavior and implementation of its predecessor, the typical deployment of IPv6 presents issues with address generation (host-based autoconfiguration rather than centralized distribution), address multiplicity (multiple addresses per host simultaneously), and address volatility (randomization and frequent rotation of host identifiers). These factors make it difficult for an investigator, when reviewing a log file or packet capture ex post facto, to both identify the origin of a particular log entry/packet and identify all log entries/packets related to a specific network entity (since multiple addresses may have been used). I have demonstrated a system, titled IPv6 Address Correlator (IPAC), that allows incident investigators to match both a specific IPv6 address to a network entity (identified by its MAC address and the physical switch port to which it is attached) and a specific entity to a set of IPv6 addresses in use within an organization\u27s networks at any given point in time. This system relies on the normal operation of the Neighbor Discovery Protocol for IPv6 (NDP) and bridge forwarding table notifications from Ethernet switches to keep a record of IPv6 and MAC address usage over time. With this information, it is possible to pair each IPv6 address to a MAC address and each MAC address to a physical switch port. When the IPAC system is deployed throughout an organization\u27s networks, aggregated IPv6 and MAC addressing timeline information can be used to identify which host caused an entry in a log file or sent/received a captured packet, as well as correlate all packets or log entries related to a given host