A, IPv6
IP is the core protocol of the Internet . But with the development of the Internet, by the year 2011, IPv4 32-bit address has been exhausted.
Simply measures to address IP address exhaustion is the new version of the IP protocol larger address space - IPv6 .
1.IPv6 changes
- Larger address space : IPv6 IP address will be expanded to 128
- Extended address hierarchy : Since the address space is large enough, IPv6 addresses can be divided into more levels
- Flexible header format : IPv6 defines a number of optional extension headers , provides more functionality and improve the performance of the router
- Improved options : IPv6 options allow data packets with control information in the payload within
- Allowing the agreement to continue to expand
- Plug and Play Support : IPv6 DHCP is not required
- Support for pre-allocation of resources
- 8 byte alignment
2.IPv6 datagram format
IPv6 datagrams has two major components: base header and payload . Allowed payload by zero or more extension header , followed by a data portion.
Note: The extension headers are not basic header.
Compared to IPv4 datagrams Review: Cancel header length, service type, total length, ID, protocol, testing and options field; TTL renamed hop limit .
Each base header fields are as follows:
- Version : four bits indicating the protocol version, corresponding to the IPv6 to 6;
- Traffic class : 8 bits, prioritized datagram;
- Reference numeral flow : 20 accounted for, all belonging to the same stream of data packets with the same flow label, a router with the stream of the specified guaranteed quality of service;
- Payload Length : 16 accounted for, the total number of bytes specified IPv6 packet header in addition to the outside;
- Next Header : 8 bits, corresponding to the protocol and optional fields for IPv4:
the IPv6 is not extended when the header, this field corresponds to the protocol field, indicating that the data should be delivered which protocol upper layer;
have the extended header, the field identification the next extension header type;
due to the expansion header in the payload , the router does not need to process, thus greatly improving the processing efficiency of the router. ; - Hop Limit : 8 bits, preventing datagrams circles exist indefinitely in the network, the TTL field is equivalent to the original;
- Source and destination addresses : each 128-bit, IPv6 address specifies the source and destination hosts.
RFC-2460 standard defines six extension header: ① hop routing option ② ③ ④ slice identification Encapsulating Security Payload ⑤ ⑥ destination option
3.IPv6 address
IPv6 datagram destination address may be one of the following three basic types of addresses:
● Unicast : conventional peer communication
● Multicast : a communication, many of the destination host is set for each computer
● Anycast : new IPv6 increase. The end is a group of computers, but only a delivery of them, usually the most recent one
IPv6 hosts and routers are referred to as nodes , each node may have multiple ports. IPv6 to each interface is assigned an IP address. A node can have multiple addresses, wherein each address as the destination address of the node.
Since there are 128-bit IPv6 address, using the dotted decimal format is not convenient. IPv6 uses the colon hexadecimal notation :
● each of a set of 16-bit binary, hexadecimal is converted into four groups were used, " : " separated.
● If the first few hexadecimal digits 0, 0 can be omitted, but keep at least one; as 0000 can be written as 0; 000A can be written as A;
● allows the use of zero compression : a string of consecutive zeros It may be substituted by a double colon, but only once an address zero compression. Eg. 1: 0: 0: 0: 0: 0:. 1: 0 -> ::. 1. 1: 0
● the conversion phase from IPv4 to IPv6, the last two digits (32) may be used in dotted decimal , can be combined use of zero compression, such as 192.168.1.1 :::
● CIDR notation can still use the slash
Here is the IPv6 address classification:
- Unspecified address : 16 byte address are all zero, may be abbreviated as two colons ::, only the IP address is not configured as a source address of a host, only one
- Loopback address : the first 15 bytes 0, 1 of the last byte of the address, may be abbreviated as :: 1 loopback address and IPv4 similar effect, only a
- Multicast Address : Function and the same IPv4, accounting for the total number of address 1/256
- Link-local unicast address : Some networks using the TCP / IP protocol but not connected to the Internet, the network address of such hosts may use another local communication
- Global Unicast addresses : the most used category. There are currently more divided method
4.IPv4 transition to IPv6
Due to the size of the Internet is very large, one-time replacement of the new agreement is not feasible. We can only use IPv4 to IPv6 transition gradual evolution methods. To this end, the new IPv6 system must be capable of backward compatibility . At present, there are two strategies to IPv6 transition:
● Dual stack
Dual stack transition phase, while a portion of the junction with the IPv4 protocol stack and IPv6 stack two protocol stacks, the system can simultaneously communicate with IPv4 and IPv6. Dual stack node referred to as the IPv4 / the IPv6 , indicating that it has two IP addresses.
Dual-stack node by Domain Name System (DNS) query IP protocol version used by the destination host.
When forwarding dual stack node to which the data packet to a different protocol version of the network will be the data packet header into a corresponding IP protocol version ; but in this transformation, if the IPv4 to IPv6 transition first, and then converted back IPv6 datagram will result in some fields can not be restored , such as the flow label field; information loss is inevitable in this strategy.
● Tunneling
Tunneling is about to enter an IPv6 datagram is an IPv4 network, the IPv6 packet as a data portion, encapsulated into a new IPv4 datagram . This allows IPv4 network smooth transmission of the data reported. When IPv4 datagram leaving the network, and then obtaining the original IPv6 packet, the IPv6 protocol stack to the node.
Note: This policy still needs some hosts to install dual stack .
5.ICMPv6
IPv6 does not guarantee reliable delivery of datagrams, and therefore still need IPv6 ICMP protocol error feedback information. The new version of ICMP protocol is ICMPv6 .
ARP ARP and Internet Group Management Protocol IGMP functions have been merged into the ICMPv6.
ICMPv6 is a message-oriented protocol. It uses messages to report errors, get information, to detect neighbors, manage multicast traffic.
Here is the ICMPv6 packet classification:
Second, virtual private network VPN
1. private address
Before landing in IPv6, IP address shortage, a mechanism to apply to the IP address of the host institutions are often far less than the number owned; sometimes, organizations do not want all the hosts connected to the Internet. If the hosts use the TCP / IP protocol, these hosts may be assigned its own internal IP address , which is used only within the effective mechanism of local addresses .
But the hosts assigned a local address once Internet access, it could lead advent of the Internet the same two IP addresses , address generation ambiguity .
To solve this problem, RFC-1918 standard specifies a number of private addresses , these addresses are only used for internal communication mechanism, and can not be used for Internet communications; in the Internet router, the destination address of the datagram is a local private addresses all not forward . The following are three private addresses:
● 10.0.0.0 to 10.255.255.255 (10.0.0.0/8, also known as block 24, corresponds to a class A address)
● 172.16.0.0 to 172.31.255.255 (172.16.0.0/16 , also known as a block 20, equivalent to 16 class B addresses)
● 192.168.0.0 to 192.168.255.255 (192.168.0.0/24, also known as 16-bit block address corresponding to a class C 256)
using the private IP address so interconnection network is called a local Internet or private networks . Since this address is used only within the mechanism, so called private IP addresses reusable address。
2. Virtual Private Network VPN
Sometimes sectoral distribution of a wide range of agencies, and often need to exchange information among each other. Although at this time leased line, but higher costs. Another approach is to use technical means to the public Internet as a communication medium , this private network is a virtual private network .
Virtual private network remains a private network, because communication within the organization for such a network. For inter-agency communications security, Internet data must be encrypted .
"Virtual" means that the private network only in effect is a private network, but the data through the Internet rather than communication lines, and therefore is not actually a private network.
Virtual private networks try to use IP tunneling technology to achieve, as shown above:
different places and sector agencies need at least have a legitimate global IP address of the router. Router external port using a global IP address and internal port using the local address of the private network.
Place communication within the department and do not need the Internet. When the communication between the spaces, need to go through the Internet, the router will data packets sent by the host to be encrypted , and then as part of the data , add a new header , encapsulated in a new IP datagram in. This new datagram transmission through the Internet, the source address is the address of the sending router; destination address is the address of the receiving router, thus smoothly forward in the Internet; if the receiving router receives the datagram, the data decrypting portion removed, Reduced to a datagram sent by the source host , and then in place of forward and delivered within a private network .
This process, although the data reported through the public Internet, but the effect seems to be a dedicated online agency in the transmission.
In the virtual private network VPN is also divided into two categories:
● Intranet : a virtual private network configuration network belong to the same mechanism;
● Extranet : a network of virtual private network does not belong to the same mechanism, and some external means , For example, some partners.
3. External access VPN
Some individuals may need, the need for work in the private network within an organization in a place far away from the institution. Then you need remote access VPN .
Remote Access VPN allows individual host VPN software in connected to the Internet host of personal and company hosts established between the VPN tunnel , so as to ensure the confidentiality of individuals out of communication with the institution and allow individuals connected to the organization and the use of private networks.
Third, Network Address Translation (NAT)
In the case where the obtained IP address can not be allocated, the host in a private network wants to connect to the Internet, the most used solution is network address translation .
Step 1. Network Address Translation
Network Address Translation (NAT) require a dedicated network connection to the Internet router equipped with NAT software , the router is called NAT router .
At least an effective global IP address on the NAT router. When the host and Internet communications in all private network, the NAT router will need to convert the local address to a global IP address, and then communicate with the Internet.
The figure is an illustration of network address translation.
- When the private network sends a packet to the host A Internet Host B, and the source IP address of the IP datagram address A;
- NAT router receives the data packets, and to replace the source IP address of the global IP address of NAT router;
- Datagram forwarding can be successfully converted on the Internet;
- After the host B receives the datagram, the IP address of the NAT router as the host A's IP address, and send back a reply;
- After the NAT router receives the reply, then the destination address of the datagram bit local address of Host A, forwarding and delivery;
- Finally, A to B successfully received a response sent back to complete the communication and the Internet.
2.NAT address translation table
NAT router NAT need to use NAT address translation table . The following is a NAT address conversion shows an example:
Each record represents two host within the private network and the Internet one communication .
If there are hosts in private networks, when a host is communicating with the Internet, a port NAT router was occupied up. In this case, IP address, the port can not be used by another host.
Thus, when the NAT router has N ports having a global IP address , the you can support N hosts simultaneously communicate with the Internet ;
if the number of hosts that is greater than the number of IP addresses worldwide , hosts in the private network must take turns using the global IP address of NAT .
3.NAPT address translation mechanism
In order to more effective use of the global IP address on the NAT router, the NAT translation table port number of the transport layer is also used on. As a result, multiple local host can use a global IP address, and communicate with the Internet.
NAT uses port numbers, also known as network address and port number conversion NAPT . The following table is NAPT address translation table:
the table, although with a different host using a global IP address, but because TCP port numbers are different, when the NAPT router receives the reply, can still be found in the data portion of an IP datagram TCP port number, and then forwarded to different local hosts based on port number.
IP Multicast
1. Basic Concepts
2. LAN hardware multicast
3.IP multicast protocol
(1) Internet Group Management Protocol
(2) Multicast Routing Protocol
Multiprotocol Label Switching the MPLS
1. works
(1) Basic operation process
(2) Forwarding Equivalence Class (FEC)
position and a header format 2.MPLS
