Using the old Class A, B, and C addressing scheme the Internet could support the following:
Address Class # Network Bits # Hosts Bits Decimal Address Range Class A 8 bits 24 bits 1-126 Class B 16 bits 16 bits 128-191 Class C 24 bits 8 bits 192-223
Hierarchical Routing Aggregation To Minimize Routing Table Entries The CIDR addressing scheme also enables "route aggregation" in which a single high-level route entry can represent many lower-level routes in the global routing tables. The scheme is similar to the telephone network where the network is setup in a hierarchical structure. A high level, backbone network node only looks at the area code information and then routes the call to the specific backbone node responsible for that area code. The receiving node then looks at the phone number prefix and routes the call to its subtending network node responsible for that prefix and so on. The backbone network nodes only need routing table entries for area codes, each representing huge blocks of individual telephone numbers, not for every unique telephone number. Currently, big blocks of addresses are assigned to the large Internet Service Providers (ISPs) who then re-allocate portions of their address blocks to their customers. For example, Pacific Bell Internet has been assigned a CIDR address block with a prefix of /15 (equivalent to 512 Class C addresses or 131,072 host addresses) and typically assigns its customers CIDR addresses with prefixes ranging from /27 to /19. These customers, who may be smaller ISPs themselves, in turn re-allocate portions of their address block to their users and/or customers. However, in the global routing tables all these different networks and hosts can be represented by the single Pacific Bell Internet route entry. In this way, the growth in the number of routing table entries at each level in the network hierarchy has been significantly reduced. Currently, the global routing tables have approximately 35,000 entries. User Impacts The Internet is currently a mixture of both "CIDR-ized" addresses and old Class A, B and C addresses. Almost all new routers support CIDR and the Internet authorities strongly encourage all users to implement the CIDR addressing scheme. (We recommend that any new router you purchase should support CIDR). The conversion to the CIDR addressing scheme and route aggregation has two major user impacts:
CIDR Block Prefix # Equivalent Class C # of Host Addresses /27 1/8th of a Class C 32 hosts /26 1/4th of a Class C 64 hosts /25 1/2 of a Class C 128 hosts /24 1 Class C 256 hosts /23 2 Class C 512 hosts /22 4 Class C 1,024 hosts /21 8 Class C 2,048 hosts /20
16 Class C
32 Class C
64 Class C
128 Class C
256 Class C
(= 1 Class B)
512 Class C
1,024 Class C
/13 2,048 Class C 524,288 hosts
Advantages and Disadvantages of NAT
- No globally visible address
- Ports and address translation problems for many applications: e.g., H.323 or SIP
4. Solving IPv4 Address Exhaustion:Two possibilities: 1) NAT Extended Architecture - IP Next Layer (IPNL) - Preserves characteristics of IPv4 - May be acceptable 2) IPv6 - Much bigger address space - Other flexibilities as well - Need transitioning approach
1) IP Next Layer (IPNL): IPNL (for IP Next Layer), a NATextended Internet protocol architecture designed to scalably solve the address depletion problem of IPv4. A NAT-extended architecture is one where only hosts and NAT boxes are modified. IPv4 routers and support protocols remain untouched. IPNL attempts to maintain all of the original characteristics of IPv4, most notably address prefix location independence. IPNL provides true site isolation (no renumbering), and allows sites to be multi-homed without polluting the default-free routing zone with per-site prefixes. The major attributes of IPNL are as follows:
- It is a NAT-extended architecture, which means that it maximizes reuse of the existing IPv4 infrastructure, primarily by adding a new layer above IPv4 that is routed by NAT boxes.
- It utilizes Fully Qualified Domain Names (FQDNs) as an end-to-end host identifier in packets.
- It extends the IP address space such that the globally unique IP address space forms the high order part of the IPNL address, and the private IP address space forms its low order part.
- It completely isolates site addressing from global addressing.
FQDN Utilization: The motivation behind using FQDNs also derives from an assumption of lowered deployment cost. In this case, the lowered cost comes from 1) not having to define and administer a new global address space, and 2) being able to reuse much of the existing support infrastructure and applications, including host configuration infrastructure (for example, DHCP), AAA infrastructure (for example, RADIUS), and SIP, all of which use FQDNs as the primary form of host identification. The use of the FQDN in this role, however, results in a somewhat different architecture, and the costs and potential weaknesses of this change must be considered. Extended IP address space: This is a natural result of using the existing topology of private address realms connected to each other and the global IP Internet by NAT boxes. Again, by using existing addresses and topological components (realms and NAT boxes), we attempt to minimize deployment costs. Isolated site addressing: This is the only major attribute that doesn’t derive from an attempt to reduce costs. Rather, this attribute is the cornerstone of this approach to achieving global scalability in the face of multi-homed sites. The basic idea here is that if we can completely isolate site operation from issues of global connectivity, the ISPs are free to manage addresses as they see fit.IPNL- topology, addressing and routing: The IPNL topology is the same as today’s Internet topology: privately-addressed realms connected to the globally-addressed Internet, and, sometimes, to each other, by NAT boxes. The NAT boxes are called nl-routers, and the globally-addressed part of the Internet is called the middle realm. Privately addressed realms are called private realms. An nl-router that connects a private realm with the middle realm is called a frontdoor nl-router, or simply a frontdoor. An nl-router that connects two private realms is called an internal nl-router. A single physical device can be both a frontdoor and an internal nl-router. These entities are shown in Figure below.
An internal nl-router can learn of non-visiting hosts via a DNS zone transfer. Visiting hosts must register both with an nl-router in its home realm, and with an nl-router in its visited realm. When an nl-router receives such a registration, it, in turn, informs all other nlrouters attached to the realm. These neighbor nl-routers are learned through static configuration. Because nl-routers must know about every host in its attached realms as well as about every other attached nl-router, it should be clear that private realms are not expected to be very big. They should have only a fraction of the over 16 million (figure below gives the IPNL address format, including the sizes of various fields) possible hosts from the private address space. To summarize, take the case where host x.a.com in Figure 3 is sending a packet to host x.c.com. Default routing gets the packet to frontdoor M1 (or M2). DNS information gets the packet from M1 to M4 (or M3). Dynamic routing on zones gets the packet from M4 to the R5-R6 internal nl-router. Internal nl-router R5-R6’s host database gets the packet from there to host x.c.com. Routing by IPNL Address
- The FQDN and private realm IP address of all hosts in the realm, whether the host is visiting or not, and
- For each host whose home realm is the attached realm, but which is visiting another realm, the FQDN of a zone in the visited realm must be known.
Neither RNs nor EHIPs are globally unique.
- A 4-byte globally unique IP address, which is the Middle Realm IP address (MRIP) of a frontdoor that the host currently uses to reach the middle realm.
- A 2-byte Realm Number (RN) identifying the realm behind this frontdoor; because of the possibility of realm number translation (Section 3.2), the exact RN value in this field is meaningful only from the perspective of this frontdoor, and may differ from the RN value used by internal hosts within a site, and by other frontdoors.
- A 4-byte IP address, which is the End Host IP (EHIP) address of the host within the realm specified by the RN field.
Flexible Header Format
-IPv4 Internet: O(232) = 4,294,967,296 addresses
Arbitrary division into network
12.5% allocated to non-host addresses
~45% allocated to various networks
~26% advertised in today’s Internet
-IPv6 Internet: O(2128) = 3.4*1038 addresses
O(264) = 18,446,744,073,709,551,616 Networks
O(264) = 18,446,744,073,709,551,616 hosts per network
Host addresses self-allocated
IPv6 uses a flexible format for datagram. For most of the options, instead of fixed number of octets, a set of optional headers is used. As shown in the figure, an IPv6 datagram has a fixed size base header followed by zero or more extension headers, followed by data.
IPv6 Header Format
As we can see there are quite a few changes in the header format. Some of the non-address entries are removed from here (like fragmentation etc.), and are moved to the optional headers. Alignment is changed to 64-bit multiples from 32-bit multiples, keeping in view of the future machines with 64-bit architecture. And most notably, size of address fields is increased to 16-octets each.
Now we discuss the specific fields of the header format.
- Version : This contains the version of IP and its value is always 6 for IPv6.
- Traffic Class : This is equivalent to ToS field in the IPv4 header. Besides including priority it also specifies the time sensitivity of flow-controlled traffic.
- Flow Label : It is used to decide the type of flow of the the packet. A flow is the abstraction for the mechanism for resource allocation, which consists of a path through the internet along with intermediate routers to guarantee a specific quality of service.
- Payload length : It specifies the total length of the packet. So we can have at most 64kb of packet. But since IPv6 talks about lot of extensibility, there is a concept of jumbo payload which.
- Next Header : This field has replaced the protocol field in the IPv4 header. But besides specifying the underlying protocol, it also specifies the next extension header. Every extension header has this field so a chain is formed where each header specifies the next header and the last header specifies the underlying protocol.
- Hop Count : This is same as the TTL field in IPv4, only the name has been changed to reflect the actual meaning of this field.
- Addresses :As specified earlier, these are of 16-octet each making it possible to connect many more nodes. Address allocation is described later.
IPv6 extension headers works similar to IPv4 options - a sender can choose which extension header to include in a given datagram and which to drop. Also since the future cannot be predicted, this scheme ensures that headers for new facilities can also be accommodated. Currently extension headers available are described below -
- Hop-by-Hop : The Hop-by-Hop Options header is used to carry optional information that must be examined by every node along a packet's delivery path. The Hop-by-Hop Options header is identified by a Next Header value of 0 in the IPv6 header.
- Routing : The Routing header is used by an IPv6 source to list one or more intermediate nodes to be "visited" on the way to a packet's destination. This function is very similar to IPv4's Loose Source and Record Route option. The Routing header is identified by a Next Header value of 43 in the immediately preceding header.
- Fragmentation : The Fragment header is used by an IPv6 source to send a packet larger than would fit in the path MTU to its destination. But unlike IPv4, fragmentation in IPv6 is performed only by source nodes, not by routers along a packet's delivery path. The Fragment header is identified by a Next Header value of 44 in the immediately preceding header.
- Authentication : The Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams , and to provide protection against replays. The authentication header is identified by a Next header value of 51 in the immediately proceeding header.
- Privacy : The Security header is designed to provide a mix of security services in IPv6. It may be applied alone, in combination with the Authentication Header (AH), or in a nested fashion, e.g., through the use of tunnel mode. This header is identified by a Next Header value of 50 in the immediately preceding header.
- End-to-End :The Destination Options header is used to carry optional information that need be examined only by a packet's destination node(s). The Destination Options header is identified by a Next Header value of 60 in the immediately preceding header.
One can specify zero or more than zero extension headers but only in the specified order. Each extension header should occur at most once, except for the End-to-End (Destination Options) header which should occur at most twice, once before a Routing header and once before the upper-layer header i.e. in the end. This is for options to be processed by the first destination that appears in the IPv6 Destination Address field plus subsequent destinations listed in the Routing header. If, as a result of processing a header, a node is required to proceed to the next header but the Next Header value in the current header is unrecognized by the node, it should discard the packet and send an ICMP Parameter Problem message to the source of the packet.
We can group these headers under three headings according to where these can be processed. First one (Hop-by-Hop) is processed by every intermediate node, second (Routing header) is processed by only those which are listed there, and remaining four are processed only at destination. If and when other extension headers are defined, their ordering constraints relative to the above listed headers must be specified.
Allowing two End-to-End headers in the same packet, introduces the problem that how can the final destination will distinguish for the intermediate end-to-end header with the last one. For this there are certain fields in this header, so that destination can distinguish between the two.
Addressing Mechanism in IPv6
- First three bits signify Format Prefix. Depending upon this value, an IPv6 address can be either Unicast, Cluster, or Multicast.
- Next thirteen bits signify Global hierarchy. Default free routers (earlier called gateways) must have a routing table entry for every active address specified here. This addressing supports 8192 Top level addresses.
- Next 32 bits are for local/regional hierarchy. This signifies ISPs in a country or a region. So first 48bits can uniquely identify an ISP.
- Next 16 bits are for Organizational hierarchy. This field is used by an individual organization to create its own local addressing hierarchy and to identify subnets. This is analogous to subnets in IPv4 except that each organization has a much greater number of subnets. The 16 bit field support 65,535 individual subnets.
- Finally last 64 bits signifies Node id.They are required to be unique for a node. They may also be unique over a broader scope. In many cases an interfaces identifier can be the same or be based on the interface's link-layer address.
Motivation behind using 128 bit addressing, when going for IPv6, instead of 64, 96, or 160 bits can be summarized as follows :
- 64 bits would have been enough if there would have been no multiple hierarchy in addressing.
- 96 bits would not be able to align with future 64-bit architecture machines.
- 160 bits are used by some OSI protocols but again these will not be aligned with 64-bit architecture machines.
So 128 bit addressing have been chosen for the IPv6 addressing.