Previous | Table of Contents | Next |
The second mechanism is the IP encapsulating security payload (ESP, described in RFC 1827), an extension header that can provide integrity and confidentiality for IP packets. Although the ESP definition is algorithm-independent, the DES-CBC is specified as the standard encryption scheme to ensure interoperability. The ESP mechanism can be used to encrypt an entire IP packet (tunnel-mode ESP) or just the higher-layer portion of the payload (transport-mode ESP).
These features add to the secure nature of IP traffic while actually reducing the security effort; authentication performed on an end-to-end basis during session establishment provides more secure communications even in the absence of firewall routers.
The ICMP provides error and information messages that are beyond the scope of IP. ICMPv6 is functionally similar to ICMPv4 and also uses a similar message format and forms an integral part of IPv6. ICMPv6 messages are carried in an IPv6 datagram with a next header field value of 58.
ICMPv6 error messages include:
ICMPv6 informational messages are echo request and echo reply (used by IPv6 nodes for diagnostic purposes), as well as group membership query, group membership report, and group membership reduction (all used to convey information about multicast group membership from nodes to their neighboring routers).
When IPv4 became the official ARPANET standard in 1983, use of previous protocols ceased and there was no planned interoperability between the old and the new. This is not the case with the introduction of IPv6.
Exhibit 7. Common Short-Term Scenario where an IPv4 Network Interconnects IPv6 Networks.
Although IPv6 is currently being rolled out for the Internet backbone, there is no scheduled date of a flash cut from one to the other; coexistence of IPv4 and IPv6 is anticipated for many years to come. The sheer number of hosts using IPv4 today suggests that no other policy even begins to make sense. IPv6 will appear in the large ISP backbones sooner rather than later, and some smaller service providers and local network administrators will not make the conversion quickly unless they perceive some benefit from IPv6.
The coexistence of IPv4 and IPv6 in the network means that different protocols and procedures need to be accommodated. In one common short-term scenario, IPv6 networks will be interconnected via an IPv4 backbone (see Exhibit 7). The boundary routers will be IPv4-compatible IPv6 nodes and the routers interfaces will be given IPv4-compatible IPv6 addresses. The IPv6 packet is transported over the IPv4 network by encapsulating the packet in an IPv4 header in a process is called tunneling. Tunneling can also be performed when an organization has converted a part of its subnet to IPv6. This process can be used on host-host, router-router, or host-router links.
Although the introduction of IPv6 is inevitable, many of the market pressures for its development have been rendered somewhat unnecessary because of parallel developments that enhance the capabilities of IPv4. The address limitations of IPv4, for example, are minimized by use of CIDR. Nomadic user address allocation can be managed by the DHCP servers and relay agents. QOS management can be handled by the RSVP protocol. And the IP authentication header and encapsulating security payload procedures can be applied to IPv4 as well as to IPv6.
This is not meant to suggest that IP vendors are waiting. IPv6 has already started to appear in many new products and production networks. Support for IPv6 on several versions of UNIX have been announced by such organizations as Digital Equipment Corp., IBM Corp., INRIA, or The French National Institute for Research in Computer Science and Control), Japans WIDE Project, Sun Microsystems, Inc., the SICS, and the U.S. Naval Research Laboratory.
Other companies have announced support for IPv6 in other operating environments, including Apple Computer, Inc.s MacOS, FTP Software, Inc.s DOS/Windows, Mentats STREAMS, Novell, Inc.s NetWare, and Siemens Nixdorf, Inc.s BS2000. Major router vendors that have announced support for IPv6 include Bay Networks, Inc., Cisco Systems, Inc., Digital Equipment Corp., Ipsilon Networks, Penril Datability Networks, and Telebit Corp.
One of the important proving grounds of IPv6 is the 6bone, a testbed network spanning North America, Europe, and Japan, which began operating in 1996. The 6bone is a virtual network built on top of portions of todays IPv4-based Internet, designed specifically to route IPv6 packets. The goal of this collaborative trial is to test IPv6 implementations and to define early policies and procedures that will be necessary to support IPv6 in the future. In addition, it will demonstrate IPv6s new capabilities and will provide a basis for user confidence in the new protocol.
For most users, the transition from IPv4 to IPv6 will occur when the version of their hosts operating system software is updated; in some cases, it means running dual-stacked systems with both versions of IP. For larger user networks, it may make sense to follow the model of the larger global Internet in particular, to predesign the IPv6 network topology and addressing scheme, to build a testbed IPv6 network with routers and a DNS, and then slowly to migrate applications, users, and subnetworks to the new backbone. The lessons learned from the 6bone activity are useful for individual networks as well as for the Internet backbone.
The transition to IPv6 has already started, even though most Internet and TCP/IP users have not yet seen new software on their local systems or on local networks. Before IPv6 can be widely deployed, the network infrastructure must be upgraded to employ software that accommodates the new protocol.
In addition, the new address format must be accommodated by every TCP/IP protocol that uses addresses. The DNS, for example, has defined an AAAA resource record for IPv6 128-bit addresses (IPv4s 32-bit addresses use an A record) and the IP6.INT address domain (IPv4 uses the ARPA address domain). Other protocols that must be modified for IPv6 include DHCP, the ARP family, and IP routing protocols such as the RIP, OSPF protocol, and the BGP. Only after the routers and the backbones are upgraded will hosts start to transition to the new protocol and applications be modified to take advantage of IPv6s capabilities.
Previous | Table of Contents | Next |