Essay, Pages 13 (3006 words)
Connected device enabling those devices to communicate with each other . With more and more devices access the internet the need arises for more and more IP address. most IP address uses IPv4 which has been around 1941 and it can only support only 420000000 IP address and the world is running out of IPv4 address . All new devices will require their own unique IP address which will b accommodated byIPv6 , the successor to IPv4 . IPv6 supports approximately 340 undellicion IP addressInternet protocol version 6 is a specification set of internet engineering task force(IETF) that upgraded from version 4.
It was develploped to accomodate the dramatice growth of internet and the increasing rate in depletion . Since 1998, internet protocol version 6 has be defined and it is yet to become the powerhouse that analysts predicts.IPv6 is slight variation from IPv4, it uses the similar devices as source and destination address to forward packets over networks and tools for network testing such as ping is quite as same as version 4 (Neill, 2000)
Even though IPv6 is more advanced and upgraded but it is still regarded as infant as it has not come into contact with the real world yet.
The packet structure of version 6 consist of controlled address route and payload information of user data that are subdivide in mandatory fixed headers. The packet is a datagram or a segment of a higher level of transport layer protocol that is typically transmitted over link layer network namely known as ethenet. Routers do not fragment IPv6 as they worked for IPv4 (wikipedia, 2019).
when it comes to packet sixe, IPv6 has 8 field with a fixed length of 40 octets and each field is 128 bits whereas IPv4 had 20 octets with 32bits long making IPv6 modification omit IPv4 IP Header length field. iPv6 changed IPv4’s Time to Live field to the Hop Limit field. Thus, IPv6 applications use only hops to express TTL and has also renamed and enhanced version 4 protocol to the next header field that can insert extension header between IP v6 header to transport data. Its 6 extension headers include: Hop-by-Hop Option, Destination Option, Fragment, routing, Authentications, and Encapsulating Security Payload. IPv6, routers do not handle data fragmentation and reassembly. Fragmentation is carried out only at the source host, and reassembly is carried out only at the destination host. This change in IPv6 leads to better router performance. (Zhao, 1998)
To add on, the IPv6 security introduced mainly by way of two dedicated extension headers: the Authentication Header (AH) and the Encrypted Security Payload (ESP). The AH header was intended to guarantee legitimacy and uprightness of the IP bundle. Its essence makes preparations for two dangers: unlawful adjustment of the fixed fields and parcel ridiculing. On the other hand,the ESP header gives information encapsulation with encryption to guarantee that just the destination node can read the payload passed on by the IP packet. The two headers can be utilized together to give all the security features simuntancsly. (Security Features of IPv6, 1997)Both the AH and the ESP headers misuse the idea of security affiliation (SA) to concede to the security calculations and parameters between the sender and the collector. When all is said in done, each IPv6 node deals with a set of SAs, one for each protected active communication . The Security Parameters Index (SPI) is a parameter contained in both the AH furthermore, ESP headers to determine which SA is to be utilized in decoding or authenticate the packet. (Security Features of IPv6, 1997)n unicast transmissions, the SPI is ordinarily picked by the destination node and sent back to the sender when the communication is set up. In multicast transmissions, the SPI must be normal to every one of the individuals of the multicast gathering. Every node must almost certainly recognize the correct SA accurately by consolidating the SPI with the multicast address. The exchange of a SA (and the related SPI) is a vital piece of the convention for the trading of security keys. (Security Features of IPv6, 1997)
Furthermore, Authentication header, as defined by the IPv6 as one of the general extension headers as its identified by 51 in Next Header Field, it inserted between IPv6 header and upper level payload.Format of AH is simple as it comporises of 64-bit fixed part together with a 32-bit block of variable number. The fixed part contains value of the next type of payload in the daisy chain of headers (8 bits),The Payload Length that is, the total length of the authentication data expressed as a multiple of 32-bit words (8 bits), A reserved field (16 bits) and lastly SPI used by this header (32 bits) (Security Features of IPv6, 1997) The variable piece of the AH header is made out of a variable number of 32-bit block, which contain authenticated data. Since the Payload Length is communicated as a 8-bit number, a limit of 255 32-bit block can be utilized that is, 1020 bytes. As an outcome, the accurate length of this header relies upon the chose authenticated algorithm. At the point when the destination node gets a packet with an AH header, the authencation and honesty can be checked . For the primer advance, care ought to be taken in normalizing the got packet, to dispose of all the variable parts and accurately compute the authentication value just on the fixed parts. (Security Features of IPv6, 1997)The Encrypted Security Payload, which is one of the general extension headers characterized in IPv6, . Whenever utilized, this block should continuously be the last one in the header chain since it totally covers up both the upper dimension payload and all the next headers and Even the ESP header itself is only partly in the clear ; it consists of an integer number of 32-bit blocks, with the first one containing the SPI to select the SA to be used in decrypting all other blocks in the packet. The precise configuration of the encryption part relies upon the encryption calculation utilized. The default encryption system in IPv6 is DES-CBC9,which is the DES is algorithm calculation connected in Cipher Block Chaining (CBC) mode. DES is a private key encryption alogorithm that is regularly connected to 64-bit information hinders with a 56-bit key (stretched out to 64 bits by including one equality bit for every 7 bits of the key). Different systems have been proposed to apply the DES change to block greater than 64 bits. The CBC mode isolates the information stream into a succession of 64-bit block, and each block is EX-ORed with the aftereffect of the past encryption previously being encoded itself. Let E(d,k) be the encryption task connected to the information square d with key k; at that point the CBC mode can be portrayed by the following change to create the I-th encrypted block (Security Features of IPv6, 1997)
Furthermore, the application of IPv6 securities demonstatrtes that AH and ESP headers can be used in a different manner for protectinh the IP communication with aspect to private virtual networs,These days, specialized and practical reasons are pushing execution of corporate wide territory systems to move from devoted connections and restrictive system advancements to arrangements dependent on open shared connections and open system architectures.This relocation makes a few focal points yet right now shows a genuine downside: There is an uncommon decrease in characteristic framework security, because of the utilization of shared channels and gadgets. To recover the equivalent past dimension of system security while keeping up the financial preferences offered by open systems, an association needs to prevail with regards to isolating and ensuring its own information packets inside the bulk of packets travelling in the open connections. As a rule, this outcome is accomplished by setting up a Virtual Private Network (VPN). In IPv4, this is finished by utilizing the IP tunneling Technique : IP packets to be secured are enclosed by a security envelope and encapsulated inside typical IP packets that are utilized just to transport the first packet over the open system to their last goal. Regularly, the endpoints of an IP tunnel are not the hosts needing to trade the information; rather they are two firewalls that shield the LANs from outer assaults
Networked applications executing on top of an IPv6 stack may choose to require the use of a communication channel with specific features. To avoid duplication of functionality (and hence performance degradation), being able to specify, at the transport layer, the security attributes of the channel being created is useful. In the first BSD-UNIX implementations of IPv6, this effect can be obtained by properly using the setsocketoption() system call. Anyway, this solution is not complete for application-level security because only partial protection is obtained. AH provides host-based authentication only; whereas applications usually require user-based authentication. Moreover, AH and ESP protect the data only during their transmission along the channel. After the data have been received, they are no longer protected in any way. This fact may not be relevant if the receiving host is a secure one, but there is the additional implication that origin authentication and data integrity properties are lost as well, so formal nonrepudiation cannot occur after the data have been extracted from the secure channel. Router security implies just Because IP addresses in IPv6 are quite often dynamically assigned, it is of the utmost importance that this process be done in a secure fashion. Moreover, as different security properties are available through a proper combination of AH and ESP headers, it is highly desirable that they be applied to the messages exchanged by routers to prevent attacks aiming to subvert the logical architecture of the network. The following types of communications should be protected:
- The routing advertisement messages, to ensure that they are originated by an authorized router
- The neighbor advertisement messages, to ensure that they come from authorized hosts and to avoid the risk of somebody attaching a new host to the network without proper authorization
- The ICMP messages related to an unreachable host or network (destination unreachable) or to a better route (redirect), to ensure that these messages come from hosts or routers that were on the original path of the packets
Securing these types of messages is surely not trivial. For example, the routing advertisements are sent to a multicast group; therefore, all the routers in the group must know the (common) secret key to be used to verify and/or decrypt the messages. In turn, this fact implies that they can forge messages and impersonate any router in the group!
Interne protocol version 6 address are represented in adiffrent manner since they are much lenghty the Ipv4. It has a 128 bit number and the address space upto 340 trillion, trillion trillion eg: FE38:DCE3:124C:C1A2:BA03:6745:EF1C:683D and it is shown as sequences of hexadecimal digits, separated by a colon character ( : ). Each group is up to four hexadecimal digits long, and each address is made of up to eight groups. (APNIC, 2019) T he benefits of using 128 bit network as it caters more space with level of structual hierarchy and route aggregation with quicker and simple address mamangement and delegation then Ipv4. It has expanded address capacities with trouble free address configuration and also shows the ability to locate end to end iPsec. (APNIC, 2019)
Organisationa that uses IPV6
India and Unites states are ranked as the most users of Ipv6 (Internet Society, 2018)
In September, 2016 Reliance jio started deploying and offering IPv6 service in India wih almost 90% Jio LTE 4G subscribers (Torikonda, 2018).It opted for IPv6 due to many reasons including, more number of IP address then IPv4, it has the ability to prove unique IP for individual users,it does not require networking data translation(NAT), well data packet and traffic data handling with better network monitors. With large number of advantage , it assigns more then 5 trillion devices over internet wherrby IPv4 cant. (Sawant, 2018) . Reliance activated over 200 million subscribers of IPv6 durimg the 9 moth period from sempter 2016 to June 2017. Jio uses Ipv6 on 4GVoLTE Wireless Technology (Torikonda, 2018) it incorporates little with IPv4 to provide service
“Comcast Coperation is one of the worlds largest enertainement companies and is an ameican telecommunication and media conglomerate. In 2002 it became the largest U,S cable provider when it purchased AT &t Broardband” (Reiff, 2019). Comcast has made a lot of progress on IPv6 and its quite useable.IPv6 address is a lot, it has 128 bit with 64 minimum subnet size yielding 40 quintillion address per subnet whereas version 4 has 32 bit and NAT is used as it allows a non -routable address to be used on the customer side “The way comcast allocated IPv6 to customer devices used DHCP-PD and details may be non-obvious. The cable modem uses DHCP-PD to request a prefix for the customer side. If the CM is given a /56 IPv6 prefix it automatically creates a /64 using the lowest address in the /56. The customer equipment finds out about this /64 and gets an address using SLAAC (IPv6 Stateless Address Autoconfiguration). The CM then requires the customer equipment to make DHCP-PD requests to use other parts of the /56 address space.” (Reiff, 2019)”Business customers have to lease the CM from Comcast and use either SMC SMCD3G-CCR (use is being discontinued), or Netgear CG3000DCR, or one of three Cisco routers. IPv6 doesn’t work at all on the SMC CM. The Netgear works well, allowing 16 /64 DHCP prefix delegations however there have been some reports that it tries to do something with VOIP (SIP) traffic that messes up VOIP (not confirmed by me, not discussed in a while so might be fixed?). The Cisco CM are DPC3008, DPC3939B, and DPC3941B.” (Reiff, 2019) Comcast has basically designed the IPv6 set to meet its customers needs (Reiff, 2019)
AT&T Inc. is an American multinational conglomerate holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. Its has been deploying IPv6 capabilities for many years in fact they started rolling out gateways and modems that supports IPv6 since 2011. It is a network providing entity and they use wireless device such as netgear DSL to enable its customers to get access to internet AAT supports directly to the interent. AT&T’s vast network might be IPv6 compatible but if the consumers’ home networks only operate on IPv4 then the change is hardly worth it from a business standpoint. (Latif, 2011)
have deployed IPv6 across our fixed line broadband network*, providing full IPv6 and IPv4 dual stack access to customers with compatible hardware. With popular internet conetct such as facebook google amd Netflix are IPv6 compatible and directly connected by using IPv6. Its DNS server can be reached through IPv4 or IPv6.; it implement dualsack that version 4 and 6 are both used. Vodafone does not a wholely support IPv6 as there ae issues when it comes to pinging and version 6 address is not found (Internet Society, 2018)
“Idea Cellular is an Aditya Birla Group Company, India’s first truly multinational corporation. Idea is a pan-India integrated wireless broadband operator offering 2G, 3G and 4G services, and has its own NLD and ILD operations, and ISP license. Idea is one of the top three mobile operators in India, with an annual revenue in excess of USD 5 billion and a revenue market share of 19%. With nearly 200 million subscribers, Idea ranks sixth in the global rankings of operators in subscriber terms, for single country operations.” (india brand equity foundation, 2018) . with regards to IPv6, idea celluar uses dual stack as it solves most of the problrm relating to increase rate in ip address. Idea celluar uses wireless mobile networks (Internet Society, 2018)
Moreover,IPv6 is meant to be the next generation internet protocol that wills supplementary or eventually replace IPv4.IPv6 seems to increase dramatically after the launch 7 years ago and researchers show that over 25% all internet connection advertise IPv6 connectivity and 49 countries deliver more then 5% traffic over Ipv6. The leading countries adopting IPv6 are from India, U.S and Japan..Organisations now believe that purchasing Ipv4 is a unnecessary cost as it is not the value, however it fund ipv6 deployment as he IPv4 price turns to drop.Ipv4 will never be completely shut off as its address will be sold out and re used and the left over address will be used by IPv6 so users must not worry about one day their internet access going away bur when more network transition and content site supports IPv6 and when the end users upgrade their equipment capabilities from IPv4 to IPv6, the entire globe will slowly move away from version 4.According to John Koetsier “At our current rate of progress, IPv6 will be fully implemented on May 10, 2048” that is exactly 29 years from today. (Koetsier, 2013) I agree with that years as through my research in the topic I came to know that not all organisation turns to quickly adopt to the new IP address as they do not want to take risk with their resources as for example, Vodafone India IPv6 does not work on LAN and also AT&T also encountered some issues with their support sever for which they requested their customers to switch back to Ipv4 till they work out the solution. We can assume that switching to new IP address is not wise until proper test and research are done and also need to ensure that old devices are compatible with IPv6 before implementing it full.
To conclude, IPv6 has many advantages over IPv4 and it has brought about drastic changes in many organisations and more of them are now adopting the new IP address.IPv6 is launched in 1996, consisting of more then 340 decellion indentifies which is more than enough and offers features of multitasking, more secure and less private internet, large processing speed and quick I delivery is what the twenty-first century asks for.