https://4sysops.com/archives/ipv6-tutorial-part-3-new-features-ipsec-and-lan-features/

In the last post of this series, I discussed the new IPv6 features Quality of Service (QoS), hierarchical addressing, and the new address space. In this post, I talk about some of the new IPv6 features that are most relevant for Windows admins.

IPsec is short for Internet Protocol SecurityIPsec

Mandatory IPsec support

The IPv6 specification mandates support for IPsec (Internet Protocol security). IPv6 supporters often claim that this will improve overall security on the Internet. Since IPsec for IPv4 is optional, proprietary VPN solutions are ubiquitous. However, I believe, the main reason why IPsec deployments are rare is because configuration is relatively complicated. Thus, I doubt somehow that we will see significantly more IPsec deployments because of IPv6.

But what is most disappointing for me is that IPv6 doesn’t encrypt all kinds of IP traffic. While IPsec implementation is mandatory for IPv6, IPsec deployment is not. Besides, IPsec is essentially a solution for securing connections among sites; it is not a P2P encryption solution

In my view, it is unbelievable that we are now introducing a new network protocol with a huge amount of effort but will still send data in clear text across the Internet. The inventors of IPv4 couldn’t foresee that secure data transmission would be an issue since their protocol was just intended to allow data transfers between educational institutions. No one really could imagine that the whole planet will use this form of communication in the future.

The IPv6 creators had the chance to correct this shortcoming of the Internet protocol and ensure that any kind of network traffic is encrypted by default. It is really a pity that they didn’t use this once-in-a-lifetime chance.

DHCP is short for Dynamic host configuration protocol

(Simplified) automatic address assignment

This is perhaps one of the features that will affect the work of Windows admins the most. Much of the documentation talks of “simplified” address assignment, but I somehow think this new feature will cause confusion among admins in the beginning. In an IPv4 network, a computer’s automatic address assignment means that a DHCP server is involved.

IPv6 still knows DHCP-based address assignment (also called stateful address configuration), but now hosts can also configure themselves with IPv6 addresses (stateless address configuration). There are two types of stateless configurations. Hosts can derive an IP address from a prefix (the first part of an IPv6 address that belongs to your organization) advertised by a local router, and they can assign themselves so-called link-local addresses (addresses that are not routed), which they can use to communicate with other nodes on the link (local network). Scary, isn’t it?

Neighbor discovery

The Internet Control Message Protocol for IPv6 (ICMPv6) will replace the Address Resolution Protocol (ARP).

You probably know that ARP is used to determine the link layer address (MAC address in the case of Ethernet) from the IP address.

The main problem of ARP is that it uses broadcasts, which disturbs all hosts on the link (LAN).

By contrast, IPv6 uses Neighbor Solicitation multicast messages for neighbor discovery.

Instead of sending a broadcast message to all nodes on the link, only the so-called solicited node multicast IPv6 address is contacted.

The first 104 bits of the solicited node multicast are fixed (FF02::1:FF00:0/104), and the last 24 bits are equivalent to the last 24 bits of the IP address that has to be resolved.

Since only nodes that share the last 24 bits in their IP address will listen to the solicited node address, fewer hosts are disturbed.

Extensibility

This is my favorite new IPv6 feature.

While the IPv4 header only supports 40 bytes for options, the size of the IPv6 extensions is only constrained by the size of the IPv6 packet.

IPv6 supports multiple so-called extensions headers that can be added after the IPv6 header.

These extensions headers have no maximum size, which makes future enhancements of the protocol quite flexible.

My hope is that this feature will be used for mandatory encryption of all IP packets.

Next, I will introduce the IPv6 address syntax.

IPv6 tutorial 3 New features: IPsec and LAN features的更多相关文章

  1. IPv6 tutorial 2 New features: Routing

    https://4sysops.com/archives/ipv6-part-2-new-features-routing/ Routing路由选择 In the last post of my IP ...

  2. IPv6 tutorial – Part 8: Special addresses

    https://4sysops.com/archives/ipv6-tutorial-part-8-special-addresses/ The special IPv6 addresses disc ...

  3. IPv6 tutorial – Part 7: Zone ID and unique local IPv6 unicast addresses

    The zone ID is used to distinguish ambiguous link-local and site-local addresses. Unique local IPv6 ...

  4. IPv6 tutorial – Part 6: Site-local addresses and link-local addresses

    https://4sysops.com/archives/ipv6-tutorial-part-6-site-local-addresses-and-link-local-addresses/ In ...

  5. IPv6 tutorial 4 IPv6 address syntax

    https://4sysops.com/archives/ipv6-tutorial-part-4-ipv6-address-syntax/ Now that you know about the n ...

  6. IPv6 tutorial 1 Get started now

    https://4sysops.com/archives/ipv6-part-1-get-started-now/ You’ve probably heard the news that the In ...

  7. IPv6 tutorial – Part 5: Address types and global unicast addresses

    https://4sysops.com/archives/ipv6-tutorial-part-5-address-types-and-global-unicast-addresses/ In my ...

  8. C# 6.0 Features , C# 7.0 Features

    1 1 1 C# 6.0 Features http://stackoverflow.com/documentation/c%23/24/c-sharp-6-0-features#t=20160828 ...

  9. [转]Advanced Oracle SQL Developer Features

    本文转自:http://www.oracle.com/technetwork/cn/server-storage/linux/sqldev-adv-otn-092384.html Advanced O ...

随机推荐

  1. WCF编程系列(七)信道及信道工厂

    WCF编程系列(七)信道及信道工厂   信道及信道栈 前面已经提及过,WCF中客户端与服务端的交互都是通过消息来进行的.消息从客户端传送到服务端会经过多个处理动作,在WCF编程模型中,这些动作是按层 ...

  2. 第十四篇、Ajax与Json

    1.Ajax的核心知识 1.1 XMLHttpRequest对象 function loadName(){ var xmlHttp; if(window.XMLHttpRequest){ xmlHtt ...

  3. JavaScript基础-面向对象编程<1>

    1.1 函数与对象  1.定义函数的方式定义类 定义类的方法: function class1(){ //类成员的定义及构造函数部分 } class1既是一个函数,也是一个类. 使用 new 操作符获 ...

  4. 10_HTTP协议_入门知识

    [什么是HTTP协议] 对 浏览器客户端 和  服务器端之间的数据传输的格式规范. 客户端连上web服务器后,若想获得web服务器中的某个web资源,需遵循一定的通讯格式,HTTP协议用于定义客户端与 ...

  5. POJ 1099 Square Ice

    Square Ice Description Square Ice is a two-dimensional arrangement of water molecules H2O, with oxyg ...

  6. [leetcode] 398. Random Pick Index

    我是链接 看到这道题,想到做的几道什么洗牌的题,感觉自己不是很熟,但也就是rand()函数的调用,刚开始用map<int, vector<int >>来做,tle,后来就想着直 ...

  7. 08_rlCoachKin自主编译,调试

    为了知道参数的意思,以及为了从头建立一个项目,我从使用QTCreator来单独建立项目(当然也可以直接使用源代码中建立好的VS项目). 其实也推荐 VS2010调试 如果是用自带的VS项目,那么我们需 ...

  8. git 使用小结

    git git是一个分布式版本控制系统,主要用于多人协作.可以将自己的代码托管到github上. 常用的几个命令 git pull 拉取别人的修改到本地,如果拉取内容和本地所作的修改存在冲突,git会 ...

  9. 在Mac OS X中搭建STM32开发环境(1)

    本文原创于http://www.cnblogs.com/humaoxiao,非法转载者请自重! 本文方法必须好用!绝不坑爹!看了N多英文资料才搞明白的,适用于STM32F4DISCOVERY评估板,带 ...

  10. 云盾正常扫描云服务器的IP是什么

    问题:云盾正常扫描云服务器的IP是什么?   解答:云盾扫描云服务器的的IP段固定为    42.120.145.0/24 110.75.105.0/24 110.75.185.0/24 110.75 ...