IPv6 tutorial 3 New features: IPsec and LAN features
https://4sysops.com/archives/ipv6-tutorial-part-3-new-features-ipsec-and-lan-features/
In the last post of this series, I discussed the new IPv6 features Quality of Service (QoS), hierarchical addressing, and the new address space. In this post, I talk about some of the new IPv6 features that are most relevant for Windows admins.
IPsec is short for Internet Protocol SecurityIPsec
Mandatory IPsec support
The IPv6 specification mandates support for IPsec (Internet Protocol security). IPv6 supporters often claim that this will improve overall security on the Internet. Since IPsec for IPv4 is optional, proprietary VPN solutions are ubiquitous. However, I believe, the main reason why IPsec deployments are rare is because configuration is relatively complicated. Thus, I doubt somehow that we will see significantly more IPsec deployments because of IPv6.
But what is most disappointing for me is that IPv6 doesn’t encrypt all kinds of IP traffic. While IPsec implementation is mandatory for IPv6, IPsec deployment is not. Besides, IPsec is essentially a solution for securing connections among sites; it is not a P2P encryption solution
In my view, it is unbelievable that we are now introducing a new network protocol with a huge amount of effort but will still send data in clear text across the Internet. The inventors of IPv4 couldn’t foresee that secure data transmission would be an issue since their protocol was just intended to allow data transfers between educational institutions. No one really could imagine that the whole planet will use this form of communication in the future.
The IPv6 creators had the chance to correct this shortcoming of the Internet protocol and ensure that any kind of network traffic is encrypted by default. It is really a pity that they didn’t use this once-in-a-lifetime chance.
DHCP is short for Dynamic host configuration protocol
(Simplified) automatic address assignment
This is perhaps one of the features that will affect the work of Windows admins the most. Much of the documentation talks of “simplified” address assignment, but I somehow think this new feature will cause confusion among admins in the beginning. In an IPv4 network, a computer’s automatic address assignment means that a DHCP server is involved.
IPv6 still knows DHCP-based address assignment (also called stateful address configuration), but now hosts can also configure themselves with IPv6 addresses (stateless address configuration). There are two types of stateless configurations. Hosts can derive an IP address from a prefix (the first part of an IPv6 address that belongs to your organization) advertised by a local router, and they can assign themselves so-called link-local addresses (addresses that are not routed), which they can use to communicate with other nodes on the link (local network). Scary, isn’t it?
Neighbor discovery
The Internet Control Message Protocol for IPv6 (ICMPv6) will replace the Address Resolution Protocol (ARP).
You probably know that ARP is used to determine the link layer address (MAC address in the case of Ethernet) from the IP address.
The main problem of ARP is that it uses broadcasts, which disturbs all hosts on the link (LAN).
By contrast, IPv6 uses Neighbor Solicitation multicast messages for neighbor discovery.
Instead of sending a broadcast message to all nodes on the link, only the so-called solicited node multicast IPv6 address is contacted.
The first 104 bits of the solicited node multicast are fixed (FF02::1:FF00:0/104), and the last 24 bits are equivalent to the last 24 bits of the IP address that has to be resolved.
Since only nodes that share the last 24 bits in their IP address will listen to the solicited node address, fewer hosts are disturbed.
Extensibility
This is my favorite new IPv6 feature.
While the IPv4 header only supports 40 bytes for options, the size of the IPv6 extensions is only constrained by the size of the IPv6 packet.
IPv6 supports multiple so-called extensions headers that can be added after the IPv6 header.
These extensions headers have no maximum size, which makes future enhancements of the protocol quite flexible.
My hope is that this feature will be used for mandatory encryption of all IP packets.
Next, I will introduce the IPv6 address syntax.
IPv6 tutorial 3 New features: IPsec and LAN features的更多相关文章
- IPv6 tutorial 2 New features: Routing
https://4sysops.com/archives/ipv6-part-2-new-features-routing/ Routing路由选择 In the last post of my IP ...
- IPv6 tutorial – Part 8: Special addresses
https://4sysops.com/archives/ipv6-tutorial-part-8-special-addresses/ The special IPv6 addresses disc ...
- IPv6 tutorial – Part 7: Zone ID and unique local IPv6 unicast addresses
The zone ID is used to distinguish ambiguous link-local and site-local addresses. Unique local IPv6 ...
- IPv6 tutorial – Part 6: Site-local addresses and link-local addresses
https://4sysops.com/archives/ipv6-tutorial-part-6-site-local-addresses-and-link-local-addresses/ In ...
- IPv6 tutorial 4 IPv6 address syntax
https://4sysops.com/archives/ipv6-tutorial-part-4-ipv6-address-syntax/ Now that you know about the n ...
- IPv6 tutorial 1 Get started now
https://4sysops.com/archives/ipv6-part-1-get-started-now/ You’ve probably heard the news that the In ...
- IPv6 tutorial – Part 5: Address types and global unicast addresses
https://4sysops.com/archives/ipv6-tutorial-part-5-address-types-and-global-unicast-addresses/ In my ...
- C# 6.0 Features , C# 7.0 Features
1 1 1 C# 6.0 Features http://stackoverflow.com/documentation/c%23/24/c-sharp-6-0-features#t=20160828 ...
- [转]Advanced Oracle SQL Developer Features
本文转自:http://www.oracle.com/technetwork/cn/server-storage/linux/sqldev-adv-otn-092384.html Advanced O ...
随机推荐
- Jquery inArray的使用
var typeList=["A","B","C","D"]; if ($.inArray("A", ...
- 使用 x3dom 框架及 WebGL 在浏览器上显示 3 维模型
如果需要在浏览器上显示 3D 画面的话, 现在一般会使用 WebGL, 典型的例如 three.js(http://mrdoob.github.com/three.js/), 但是 WebGL 对 ...
- 01线性表顺序存储_List--(线性表)
#include "stdio.h" #include "stdlib.h" #include "io.h" #include " ...
- OpenJudge/Poj 1979 Red and Black / OpenJudge 2816 红与黑
1.链接地址: http://bailian.openjudge.cn/practice/1979 http://poj.org/problem?id=1979 2.题目: 总时间限制: 1000ms ...
- width(),innerHTML(),outerHTML()
HTML代码: <div id="box"> <p>哈哈,随便写点内容</p> <p>删除的实例</p> <p&g ...
- jQuery 选择器(转)
jQuery 选择器 选择器 实例 选取 * $("*") 所有元素 #id $("#lastname") id="lastname" 的元 ...
- 三种读写XML的方法
XML文件是一种常用的文件格式,例如WinForm里面的app.config以及Web程序中的web.config文件,还有许多重要的场所都有它的身影.Xml是Internet环境中跨平台的,依赖于内 ...
- Cassandra1.2文档学习(7)—— 规划集群部署
数据参考:http://www.datastax.com/documentation/cassandra/1.2/webhelp/index.html#cassandra/architecture/a ...
- Modernizr.js介绍与使用
Modernizr帮助我们检测浏览器是否实现了某个feature,如果实现了那么开发人员就可以充分利用这个feature做一些工作,反之没有实现开发人员也好提供一个fallback.所以,我们要明白的 ...
- 用Delphi获取当前系统时间
在开发应用程序时往往需要获取当前系统时间.尽管Y2K似乎已经平安过去,但在我们新开发的应用程序中还是要谨慎处理“时间”问题. 在<融会贯通--Delphi4.0实战技巧>(以下简称“该书” ...